Windows Analysis Report
FRA.0038253.exe

Overview

General Information

Sample name:	FRA.0038253.exe
Analysis ID:	1445848
MD5:	b07b3994ad66a39937d9081eb64cd5f5
SHA1:	3fffe0fb2721f440909f99c5cb74d1d556ac45bb
SHA256:	53501f12261fc6003fb771379846bfc0bad23e331f0ccde984c431c22901881f
Infos:

Detection

FormBook, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Snort IDS alert for network traffic

Yara detected FormBook

Yara detected GuLoader

Found direct / indirect Syscall (likely to bypass EDR)

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Queues an APC in another process (thread injection)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses runas.exe to run programs with evaluated privileges

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/ https://asec.ahnlab.com/en/32149/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: FRA.0038253.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://www.tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY	Avira URL Cloud: Label: malware
Source: http://www.tycent520test.com/op6t/	Avira URL Cloud: Label: malware

Yara detected FormBook

Source: Yara match	File source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Uses 32bit PE files

Source: FRA.0038253.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 142.250.69.206:443 -> 192.168.11.30:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.33.97:443 -> 192.168.11.30:49794 version: TLS 1.2

Source: FRA.0038253.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: FRA.0038253.exe, 00000003.00000003.2871696616.000000003550B000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, runas.exe, 00000005.00000003.2963043943.0000000004307000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: FRA.0038253.exe, FRA.0038253.exe, 00000003.00000003.2871696616.000000003550B000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2985481380.00000000356B0000.00000040.00001000.00020000.00000000.sdmp, runas.exe, 00000005.00000003.2963043943.0000000004307000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 0_2_00405A19 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405A19
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 0_2_004065EA FindFirstFileA,FindClose,	0_2_004065EA
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 0_2_004027CF FindFirstFileA,	0_2_004027CF

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49796 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49797 -> 139.162.5.234:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49798 -> 139.162.5.234:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49800 -> 139.162.5.234:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49801 -> 34.149.87.45:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49802 -> 34.149.87.45:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49804 -> 34.149.87.45:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49805 -> 34.174.122.2:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49806 -> 34.174.122.2:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49808 -> 34.174.122.2:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49809 -> 47.243.134.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49810 -> 47.243.134.243:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49812 -> 47.243.134.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49813 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49814 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49816 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49817 -> 37.140.192.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49818 -> 37.140.192.90:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49820 -> 37.140.192.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49821 -> 185.76.64.170:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49822 -> 185.76.64.170:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49824 -> 185.76.64.170:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49825 -> 14.225.238.195:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49826 -> 14.225.238.195:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49828 -> 14.225.238.195:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49829 -> 91.195.240.123:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49830 -> 139.162.5.234:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49831 -> 139.162.5.234:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49833 -> 139.162.5.234:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49834 -> 34.149.87.45:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49835 -> 34.149.87.45:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49837 -> 34.149.87.45:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49838 -> 34.174.122.2:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49839 -> 34.174.122.2:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49841 -> 34.174.122.2:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49842 -> 47.243.134.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49843 -> 47.243.134.243:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49845 -> 47.243.134.243:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49846 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49847 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49849 -> 203.161.49.193:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49850 -> 37.140.192.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49851 -> 37.140.192.90:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49853 -> 37.140.192.90:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49854 -> 35.213.232.35:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.30:49855 -> 35.213.232.35:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.30:49857 -> 35.213.232.35:80

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 139.162.5.234 139.162.5.234
Source: Joe Sandbox View	IP Address: 203.161.49.193 203.161.49.193
Source: Joe Sandbox View	IP Address: 47.243.134.243 47.243.134.243

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: LINODE-APLinodeLLCUS LINODE-APLinodeLLCUS
Source: Joe Sandbox View	ASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
Source: Joe Sandbox View	ASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
Source: Joe Sandbox View	ASN Name: AS-REGRU AS-REGRU

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.l7aeh.usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.tycent520test.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.century21morenoycia.mxConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.facesofhoustontx.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.cngdesk.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.shortfox.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.ng-bo.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=2K+bizHsAgvfK4Jo/uhNk3UulAHtk/DKCDOKU6rtdoeHnbYDCZc/1AXytKkQw+QkOVrLH0jtXL2IhsFkUUnXJZ7gVE9SlKcPHqW4H/CrkavSbMd4d5+KoUM= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.curty.seConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.beersekes.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.l7aeh.usConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.tycent520test.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.century21morenoycia.mxConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.facesofhoustontx.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.cngdesk.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.shortfox.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.ng-bo.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /op6t/?nvddg=aEKUNFeJbfSYXwp4ZCE5pj6NM5Y9npuXTcZZ2VZLyy8DmHHct0wY69Uf2FlN/+Mr5yqkWwSEcnLthRGoVw08meHK6rNA3rJY5N4rrVRcMXWX5QnofEk8vUc=&iXoT=lfKx4XoXw4a8lZu HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.getgoodscrub.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: drive.google.com
Source: global traffic	DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic	DNS traffic detected: DNS query: www.l7aeh.us
Source: global traffic	DNS traffic detected: DNS query: www.tycent520test.com
Source: global traffic	DNS traffic detected: DNS query: www.baronbubbol.com
Source: global traffic	DNS traffic detected: DNS query: www.century21morenoycia.mx
Source: global traffic	DNS traffic detected: DNS query: www.vcayy.top
Source: global traffic	DNS traffic detected: DNS query: www.theertyuiergthjk.homes
Source: global traffic	DNS traffic detected: DNS query: www.facesofhoustontx.com
Source: global traffic	DNS traffic detected: DNS query: www.babyunitz.com
Source: global traffic	DNS traffic detected: DNS query: www.cngdesk.com
Source: global traffic	DNS traffic detected: DNS query: www.shortfox.top
Source: global traffic	DNS traffic detected: DNS query: www.ng-bo.online
Source: global traffic	DNS traffic detected: DNS query: www.86597.vip
Source: global traffic	DNS traffic detected: DNS query: www.curty.se
Source: global traffic	DNS traffic detected: DNS query: www.vicenc39-ns.store
Source: global traffic	DNS traffic detected: DNS query: www.beersekes.com
Source: global traffic	DNS traffic detected: DNS query: www.andywork.one
Source: global traffic	DNS traffic detected: DNS query: www.getgoodscrub.com
Source: global traffic	DNS traffic detected: DNS query: www.mustang777slot.net
Source: global traffic	DNS traffic detected: DNS query: www.miagronorte.com.ar

Source: unknown

HTTP traffic detected: POST /op6t/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enAccept-Encoding: gzip, deflate, brHost: www.tycent520test.comOrigin: http://www.tycent520test.comReferer: http://www.tycent520test.com/op6t/Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 202User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Data Raw: 6e 76 64 64 67 3d 7a 34 79 79 2b 72 68 2f 50 4f 41 30 68 30 49 48 63 57 47 74 2f 78 30 42 48 49 57 2f 2b 54 34 54 6b 59 62 32 4d 65 4e 62 4d 79 51 74 36 44 38 50 7a 78 57 67 59 36 6d 36 4d 2f 48 4c 61 61 51 42 42 62 66 79 50 61 52 48 58 63 41 64 49 71 37 71 65 44 37 79 62 54 69 2f 52 52 70 68 37 42 4a 4a 38 49 57 4b 66 6c 52 35 51 56 63 59 6e 77 4f 4d 32 4b 62 68 6a 6d 76 6a 79 5a 73 6f 47 31 78 45 4c 50 4e 6c 5a 73 53 79 37 34 4e 35 57 76 6d 63 4a 64 34 4d 75 2b 44 58 77 69 39 31 70 72 6e 79 63 48 34 44 72 55 6b 2f 76 73 6c 6d 2f 42 41 4e 62 2b 45 65 33 34 52 79 52 30 51 73 53 71 58 32 46 51 3d 3d Data Ascii: nvddg=z4yy+rh/POA0h0IHcWGt/x0BHIW/+T4TkYb2MeNbMyQt6D8PzxWgY6m6M/HLaaQBBbfyPaRHXcAdIq7qeD7ybTi/RRph7BJJ8IWKflR5QVcYnwOM2KbhjmvjyZsoG1xELPNlZsSy74N5WvmcJd4Mu+DXwi91prnycH4DrUk/vslm/BANb+Ee34RyR0QsSqX2FQ==

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716391913.2879038353616611341X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:31:53 GMTX-Served-By: cache-bfi-krnt7300043-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLrS/q53T25jsaPnfPkSVOt8m++C2XkuTvnlRFg2XiSDLVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716391915.9949035481464927455X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:31:55 GMTX-Served-By: cache-bfi-krnt7300056-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLpLkXwApeozbAp9OYhJGBzcG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716391918.6989036252325017526X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:31:58 GMTX-Served-By: cache-bfi-krnt7300080-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLquCTNcWTuCgj0HzMr4ZQgwm++C2XkuTvnlRFg2XiSDLVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 35 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:45 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:48 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:33:51 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:33:58 GMTContent-Type: text/htmlContent-Length: 197Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00 Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:34:01 GMTContent-Type: text/htmlContent-Length: 197Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00 Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:34:04 GMTContent-Type: text/htmlContent-Length: 197Connection: closeAccept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb ac 1a e3 a9 69 22 b4 84 26 a8 84 d4 83 47 7f d6 60 8c 54 29 ca eb db c2 c5 77 70 6f b3 fb ed cc f0 89 dc a5 e6 50 2a c8 cd a6 80 72 9f 14 3a 85 68 8a a8 95 c9 10 a5 91 e3 65 11 cf 10 d5 36 12 8c 07 2d 78 ae d6 d2 0b a3 4d a1 c4 72 b6 84 ad ed 20 b3 ef e6 c2 71 5c 32 8e 03 c4 93 9d 3c 84 bf b9 f8 61 bc 62 a6 26 68 e9 f5 26 d7 d1 05 f6 55 01 68 9f ab 0e a1 3f 3a 68 3c 7b 0d 2c d8 06 ba fa e6 c0 51 fb a1 36 f6 4e 95 b7 d3 a2 ef fb f8 44 d4 3a ba 93 8b cf f6 c1 51 87 d4 21 cf 27 84 9e ec 9f e7 0b e9 3b f3 94 de 01 00 00 Data Ascii: 0}i"&G`T)wpoP*r:he6-xMr q\2<ab&h&Uh?:h<{,Q6ND:Q!';
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:34:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccept-Ranges: bytesVary: Accept-Encoding,User-AgentData Raw: 32 36 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 31 3e 0a 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6f 70 36 74 2f 3f 78 32 3d 77 4e 32 78 59 26 61 6d 70 3b 6e 76 64 64 67 3d 59 63 74 58 67 77 53 63 33 42 46 48 33 36 79 46 39 79 73 33 64 6b 67 63 4e 4d 7a 4f 44 64 4d 41 67 35 55 72 4b 34 68 6f 4f 43 74 6b 55 38 65 75 36 6a 4a 74 67 4b 53 2b 37 39 56 6f 6f 6b 58 32 36 6b 62 71 37 6a 42 37 62 78 31 74 36 69 63 54 53 76 4e 48 68 6d 39 61 75 4b 39 4f 33 52 46 54 59 6c 4b 31 39 57 4f 36 50 52 36 56 31 52 50 76 4b 70 31 75 6c 6e 34 3d 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 0a 3c 48 52 3e 0a 3c 49 3e 77 77 77 2e 62 65 65 72 73 65 6b 65 73 2e 63 6f 6d 3c 2f 49 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0d 0a Data Ascii: 26a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4= was not found on this server.<HR><I>www.beersekes.com</I></BODY></HTML>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716392102.1269038556672615301X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:35:02 GMTX-Served-By: cache-bfi-krnt7300112-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLkPYl3Dc4B5QnXwwDz84vBQG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716392104.8279035854453713443X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:35:04 GMTX-Served-By: cache-bfi-krnt7300093-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLjYvXQYrV/LrhbkNY01ADWAG/hKs8AeY1T4OIbgnD+yxVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1716392107.534903909656384024X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 22 May 2024 15:35:07 GMTX-Served-By: cache-bfi-krnt7300097-BFIX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLuuWLGLAwvTMYA8ArAuxUdgm++C2XkuTvnlRFg2XiSDLVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:36:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 a9 2a bf 74 fd c0 72 6e 78 cf 84 7f 9b b3 95 e1 18 37 a6 d7 05 e0 a6 31 7f fb 66 65 06 46 67 b6 34 3c df 0c f4 ee bf ff fa fd 60 d4 0d ef 3a c6 ca d4 bb b7 96 79 b7 76 bd 00 d0 bb 4e 60 3a 50 ea ce 9a 07 4b 7d 6e de 5a 33 73 40 7e 70 96 63 05 96 61 0f fc 99 61 9b ba 98 05 e1 b9 d7 6e e0 a7 00 38 ae e5 cc cd 8f 50 2a b0 02 db 7c fb cf ff e3 7f fe 6f ff f3 7f fd e7 7f fd f3 ff fd e7 ff fd 3f ff f7 7f fe 57 07 2e fe c7 a9 73 ed af a7 70 f5 5f ff fc 7f fe f9 7f fd f3 7f e0 d5 9b 33 5a e1 8d 1f dc db 66 67 65 ce 2d 43 ef 1a b6 dd 7d 7b f6 cd c9 37 9f fb df c9 37 ff f8 aa d3 41 3a 3a 33 df ef f0 67 8e 3b 37 af 56 ee 7c 63 9b fe 19 dc 1a d8 ae 31 37 bd 33 c2 3e fe 37 ff fc 7c 66 bb 8e 39 ff 2b 14 78 6f 06 03 8d df f8 e6 85 78 79 92 ab ba 06 21 48 55 f7 bd 59 0c 22 5f 14 fe c5 e5 e6 96 1f 9c cd 7e f3 69 b1 6b 73 75 76 6d bb b3 0f 3e 1f c9 df d9 35 c8 de 4d f4 c5 63 dd 0e d2 01 54 fc e3 b9 99 d9 fa ef ec 2b 9e d2 f5 00 7c 58 db c6 fd 64 61 9b 1f a7 f8 31 98 5b 9e 39 0b 2c d7 99 cc 5c 7b b3 72 a6 64 18 4c 44 41 f8 7a ba b2 1c 3a 2a 26 b2 24 ac 3f 4e 97 a6 75 b3 0c e8 b3 b5 31 9f c3 68 9c a8 c3 f5 c7 8e d0 11 a6 2b c3 bb b1 9c 89 30 05 38 ae 37 f9 17 59 53 e0 ff e9 02 86 ca 44 94 a0 d0 8f 30 66 3c ee 5b 0f 46 17 f7 83 69 df 9a 81 35 33 3a 3f 99 1b 33 f9 c9 7d ef 99 e6 7b c3 f1 39 1f 3e 06 30 f6 ad c5 f4 da 98 7d b8 f1 dc 8d 33 9f fc cb 62 b1 98 0e ee cc eb 0f 56 30 08 8c f5 60 09 2d b2 b1 55 03 8a 36 f0 a0 de da f0 60 74 6e 51 e9 4c 1c 37 e8 f1 29 45 d3 ef 44 bc 70 41 ad 2c 6c f7 6e f0 71 b2 b4 e6 73 d3 d9 fe 81 0c c3 4e 2f a1 5b 14 24 65 fd b1 ff 90 86 50 03 60 1b 3e ba 42 d5 77 05 cd f8 00 2c 7a 40 70 09 eb 6e 97 d9 52 a6 e7 b9 1e 05 18 f1 54 d8 d1 f4 ab 95 e9 6c 06 58 18 3b 0e 9e cf cd 39 d7 bc ca c0 98 61 99 08 ed 20 70 d7 80 ba 19 13 ca e0 e6 00 6e 1b 36 41 44 59 3b 40 33 ca c9 db 25 15 99 d2 a9 11 30 1e 6b d0 aa 1d 4c 86 27 d6 e2 7e 70 ed b9 77 20 ba 57 b7 96 6f 5d db 59 98 aa d2 98 b8 1d 6d 2a e5 07 6b 4b 92 ce 71 af 2d db 1c 44 32 7d 45 25 9a 8b 1e fb 9b 6b 64 f1 95 bb 36 41 4b c7 a2 1f 09 fe 0e be 5c 2d 5c 17 06 ff 60 ee de 39 3b 05 b5 bc 21 3b 6a 55 b5 2f 24 bc a9 38 ed 02 d7 58 3c 4b 89 2a 81 cb 5b 49 b7 47 ca 9a 4c 55 db 32 5e 3e a0 0a 9f 88 a0 7f 8d 4d e0 4e f3 bd 92 02 96 ad 96 d5 48 5f 37 a5 26 03 ab 84 86 92
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 22 May 2024 15:36:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 35 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66

Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: FRA.0038253.exe, FRA.0038253.exe, 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000000.00000000.2068548890.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000003.00000000.2484943484.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: FRA.0038253.exe, 00000000.00000002.2675726026.000000000040A000.00000004.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000000.00000000.2068548890.000000000040A000.00000008.00000001.01000000.00000003.sdmp, FRA.0038253.exe, 00000003.00000000.2484943484.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: FRA.0038253.exe, 00000003.00000001.2485904531.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: FRA.0038253.exe, 00000003.00000001.2485904531.00000000005F2000.00000020.00000001.01000000.00000007.sdmp	String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: FRA.0038253.exe, 00000003.00000002.2971794189.000000000532D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2938213391.000000000532D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3
Source: FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&
Source: FRA.0038253.exe, 00000003.00000002.2971794189.000000000532D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2938213391.000000000532D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3P
Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/2
Source: FRA.0038253.exe, 00000003.00000002.2971981670.0000000005352000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000002.2971676746.00000000052E8000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2675158808.0000000005366000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2868413342.0000000005366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download
Source: FRA.0038253.exe, 00000003.00000002.2971676746.00000000052E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1sSTbdeAy6HZYgZE2D-KGpyeTtdrEakj3&export=download(
Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: FRA.0038253.exe, 00000003.00000003.2647988404.00000000053AC000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000536D000.00000004.00000020.00020000.00000000.sdmp, FRA.0038253.exe, 00000003.00000003.2647860234.000000000535E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443

Source: unknown	HTTPS traffic detected: 142.250.69.206:443 -> 192.168.11.30:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.33.97:443 -> 192.168.11.30:49794 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\FRA.0038253.exe

Code function: 0_2_004054D9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004054D9

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000005.00000002.7156623320.0000000004360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.7154033931.0000000000330000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.7156734462.00000000043A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2959029682.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.7155964174.00000000008E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.7156338070.0000000003A50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2986365523.0000000036400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Contains functionality to call native functions

Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357234E0 NtCreateMutant,LdrInitializeThunk,	3_2_357234E0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35722D10 NtQuerySystemInformation,LdrInitializeThunk,	3_2_35722D10
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35722B90 NtFreeVirtualMemory,LdrInitializeThunk,	3_2_35722B90
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35723C30 NtOpenProcessToken,	3_2_35723C30
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35723C90 NtOpenThread,	3_2_35723C90
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357238D0 NtGetContextThread,	3_2_357238D0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35724570 NtSuspendThread,	3_2_35724570

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\FRA.0038253.exe

Code function: 0_2_004033A2 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_004033A2

Creates files inside the system directory

Source: C:\Users\user\Desktop\FRA.0038253.exe

File created: C:\Windows\resources\0409

Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 0_2_00406973	0_2_00406973
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 0_2_70751B28	0_2_70751B28
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AF5C9	3_2_357AF5C9
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A75C6	3_2_357A75C6
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35785490	3_2_35785490
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3575D480	3_2_3575D480
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3579D646	3_2_3579D646
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3578D62C	3_2_3578D62C
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AF6F6	3_2_357AF6F6
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357636EC	3_2_357636EC
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3573717A	3_2_3573717A
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3578D130	3_2_3578D130
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356DF113	3_2_356DF113
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3570B1E0	3_2_3570B1E0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F51C0	3_2_356F51C0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A70F1	3_2_357A70F1
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356FB0D0	3_2_356FB0D0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3572508C	3_2_3572508C
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AF330	3_2_357AF330
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356E1380	3_2_356E1380
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A124C	3_2_357A124C
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356DD2EC	3_2_356DD2EC
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A7D4C	3_2_357A7D4C
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AFD27	3_2_357AFD27
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3578FDF4	3_2_3578FDF4
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F9DD0	3_2_356F9DD0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F3C60	3_2_356F3C60
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3570FCE0	3_2_3570FCE0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35789C98	3_2_35789C98
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356B1C9F	3_2_356B1C9F
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AFF63	3_2_357AFF63
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3576FF40	3_2_3576FF40
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A1FC6	3_2_357A1FC6
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A9ED2	3_2_357A9ED2
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F1EB2	3_2_356F1EB2
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356B99E8	3_2_356B99E8
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357359C0	3_2_357359C0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3570B870	3_2_3570B870
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35765870	3_2_35765870
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AF872	3_2_357AF872
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F9870	3_2_356F9870
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F3800	3_2_356F3800
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A78F3	3_2_357A78F3
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A18DA	3_2_357A18DA
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357698B2	3_2_357698B2
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AFB2E	3_2_357AFB2E
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3572DB19	3_2_3572DB19
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_35781B80	3_2_35781B80
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_3570FAA0	3_2_3570FAA0
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357AFA89	3_2_357AFA89
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357BA526	3_2_357BA526
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F0445	3_2_356F0445
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356F2760	3_2_356F2760
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_356FA760	3_2_356FA760
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: 3_2_357A6757	3_2_357A6757

Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: String function: 35725050 appears 34 times
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: String function: 35737BE4 appears 60 times
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: String function: 3576EF10 appears 36 times
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: String function: 3575E692 appears 52 times
Source: C:\Users\user\Desktop\FRA.0038253.exe	Code function: String function: 356DB910 appears 172 times

Source: FRA.0038253.exe, 00000003.00000003.2867931647.0000000035483000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FRA.0038253.exe
Source: FRA.0038253.exe, 00000003.00000002.2985481380.0000000035980000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs FRA.0038253.exe

Source: unknown	Process created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"
Source: C:\Users\user\Desktop\FRA.0038253.exe	Process created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Process created: C:\Windows\SysWOW64\runas.exe "C:\Windows\SysWOW64\runas.exe"
Source: C:\Windows\SysWOW64\runas.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\FRA.0038253.exe	Process created: C:\Users\user\Desktop\FRA.0038253.exe "C:\Users\user\Desktop\FRA.0038253.exe"	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Process created: C:\Windows\SysWOW64\runas.exe "C:\Windows\SysWOW64\runas.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: credui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\FRA.0038253.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\runas.exe TID: 1848	Thread sleep count: 120 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe TID: 1848	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe TID: 1848	Thread sleep count: 9593 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe TID: 1848	Thread sleep time: -19186000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464	Thread sleep time: -130000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464	Thread sleep count: 74 > 30	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe TID: 6464	Thread sleep time: -74000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\runas.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\runas.exe	Last function: Thread delayed

Source: FRA.0038253.exe, 00000003.00000003.2938213391.0000000005315000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: FRA.0038253.exe, 00000003.00000003.2868616234.0000000005355000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\FRA.0038253.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\FRA.0038253.exe	API call chain: ExitProcess graph end node

Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtCreateFile: Direct from: 0x779D2F0C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtAllocateVirtualMemory: Direct from: 0x779D3BBC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtSetInformationThread: Direct from: 0x779C6319	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtQueryInformationToken: Direct from: 0x779D2BCC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtOpenFile: Direct from: 0x779D2CEC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtReadVirtualMemory: Direct from: 0x779D2DAC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtAllocateVirtualMemory: Direct from: 0x779D480C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtWriteVirtualMemory: Direct from: 0x779D482C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtClose: Direct from: 0x779D2A8C
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtSetInformationThread: Direct from: 0x779D2A6C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtCreateKey: Direct from: 0x779D2B8C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtQueryAttributesFile: Direct from: 0x779D2D8C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtQueryVolumeInformationFile: Direct from: 0x779D2E4C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtDeviceIoControlFile: Direct from: 0x779D2A0C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtQuerySystemInformation: Direct from: 0x779D47EC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtAllocateVirtualMemory: Direct from: 0x779D2B0C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtOpenSection: Direct from: 0x779D2D2C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtProtectVirtualMemory: Direct from: 0x779C7A4E	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtDelayExecution: Direct from: 0x779D2CFC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtOpenKeyEx: Direct from: 0x779D2ABC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtQueryInformationProcess: Direct from: 0x779D2B46	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtResumeThread: Direct from: 0x779D2EDC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtProtectVirtualMemory: Direct from: 0x779D2EBC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtCreateUserProcess: Direct from: 0x779D363C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtSetInformationProcess: Direct from: 0x779D2B7C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtWriteVirtualMemory: Direct from: 0x779D2D5C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtNotifyChangeKey: Direct from: 0x779D3B4C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtAllocateVirtualMemory: Direct from: 0x779D2B1C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtResumeThread: Direct from: 0x779D35CC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtMapViewOfSection: Direct from: 0x779D2C3C	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtReadFile: Direct from: 0x779D29FC	Jump to behavior
Source: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe	NtQuerySystemInformation: Direct from: 0x779D2D1C	Jump to behavior

Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: NULL target: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\FRA.0038253.exe	Section loaded: NULL target: C:\Windows\SysWOW64\runas.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: NULL target: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: NULL target: C:\Program Files (x86)\HusdUokqcMINxYBlXpWPlQQkwhJtANoBYKBkdDMUffYMwoyZFdOVzihPMzjfShFeueCXMN\aqqPMpTRvveOzLCNSEwwpwdiQeo.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager(V
Source: aqqPMpTRvveOzLCNSEwwpwdiQeo.exe, 00000004.00000000.2882940818.0000000001AB1000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\runas.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.33.97	drive.usercontent.google.com	United States	15169	GOOGLEUS	false
139.162.5.234	tycent520test.com	Netherlands	63949	LINODE-APLinodeLLCUS	true
203.161.49.193	www.shortfox.top	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
47.243.134.243	www.cngdesk.com	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	true
37.140.192.90	www.ng-bo.online	Russian Federation	197695	AS-REGRU	true
14.225.238.195	www.beersekes.com	Viet Nam	135905	VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN	true
35.213.232.35	www.getgoodscrub.com	United States	19527	GOOGLE-2US	true
142.250.69.206	drive.google.com	United States	15169	GOOGLEUS	false
34.174.122.2	www.facesofhoustontx.com	United States	2686	ATGS-MMD-ASUS	true
34.149.87.45	td-ccm-neg-87-45.wixdns.net	United States	2686	ATGS-MMD-ASUS	true
91.195.240.123	www.l7aeh.us	Germany	47846	SEDO-ASDE	true
185.76.64.170	curty.se	Sweden	200719	MISSDOMAINSE	true

Name	Malicious	Antivirus Detection	Reputation
http://www.curty.se/op6t/?x2=wN2xY&nvddg=2K+bizHsAgvfK4Jo/uhNk3UulAHtk/DKCDOKU6rtdoeHnbYDCZc/1AXytKkQw+QkOVrLH0jtXL2IhsFkUUnXJZ7gVE9SlKcPHqW4H/CrkavSbMd4d5+KoUM=	true	Avira URL Cloud: safe	unknown
http://www.beersekes.com/op6t/?x2=wN2xY&nvddg=YctXgwSc3BFH36yF9ys3dkgcNMzODdMAg5UrK4hoOCtkU8eu6jJtgKS+79VookX26kbq7jB7bx1t6icTSvNHhm9auK9O3RFTYlK19WO6PR6V1RPvKp1uln4=	true	Avira URL Cloud: safe	unknown
http://www.l7aeh.us/op6t/?x2=wN2xY&nvddg=joKdiSi7KJbAbr0hs6/zjIJE4Behm4Eg2djH6+j8Qf7psFFLI9x7hyvntQ/EnvkMSFoG+HsqaOuOcF82SsMnr5xrxJqptXsvFzFrqoI6sGt4i0+JY4UwfJo=	true	Avira URL Cloud: safe	unknown
http://www.century21morenoycia.mx/op6t/	true	Avira URL Cloud: safe	unknown
http://www.shortfox.top/op6t/?nvddg=0Ny09Eq8ZBefbKkvkqaUMIZRDRlNq5VNIHijnsMzF4DJMnHDgghZ+20Zz3OB9IxSUXOfCxAz72VlILBCQfa8jvMelkWZW+WeIhBsswld1octwAWuto44rRQ=&x2=wN2xY	true	Avira URL Cloud: safe	unknown
http://www.century21morenoycia.mx/op6t/?nvddg=1X53ctdebY/A2eDtJqzL446hhD1I+nvyO5ulDREEvqgJJ1wskdyJ8sishyyYv1KZ95Yv7APwNDtcqTXRSGEguqmEKyboxWEzcfGHGWjx7gGV1XFCOYCNEPY=&x2=wN2xY	true	Avira URL Cloud: safe	unknown
http://www.shortfox.top/op6t/	true	Avira URL Cloud: safe	unknown
http://www.tycent520test.com/op6t/?nvddg=+6aS9fJbP9c9g0cefBC2hCdSY6eI42Bs0771KfpwNwRwjCkC9gP/ScKef//fPL1ZRbSBI6tgf+IRGYWXfXrYWSfcXSoVwh43zp6ZVipPdxItsiOM6ZnovEU=&x2=wN2xY	true	Avira URL Cloud: malware	unknown
http://www.getgoodscrub.com/op6t/	true	Avira URL Cloud: safe	unknown
http://www.curty.se/op6t/	true	Avira URL Cloud: safe	unknown
http://www.cngdesk.com/op6t/?x2=wN2xY&nvddg=B1nuqD59UoVahAAaaPrLlCdA9edg7gWIZ1BY+KXGwtiEVaDOMCSD80sEnTK1l1I1d32+6CzQNcHoayq10cGYYZnPmWF+i7E8hCdylepAFYAEUUK5dUTY9b4=	true	Avira URL Cloud: safe	unknown
http://www.facesofhoustontx.com/op6t/	true	Avira URL Cloud: safe	unknown
http://www.ng-bo.online/op6t/?x2=wN2xY&nvddg=QBE+WD5B6Jkt78kVGAOSUjwaMNkkuAvPxxlILtocCDSSbk2FnDvYucSHDfntlLOKDiDLv1Q+MrvgQctCdQiXEWmDWyfYVOljC1RMawJvJ4/x6B/DgtrXZJ0=	true	Avira URL Cloud: safe	unknown
http://www.ng-bo.online/op6t/	true	Avira URL Cloud: safe	unknown
http://www.getgoodscrub.com/op6t/?nvddg=aEKUNFeJbfSYXwp4ZCE5pj6NM5Y9npuXTcZZ2VZLyy8DmHHct0wY69Uf2FlN/+Mr5yqkWwSEcnLthRGoVw08meHK6rNA3rJY5N4rrVRcMXWX5QnofEk8vUc=&iXoT=lfKx4XoXw4a8lZu	true	Avira URL Cloud: safe	unknown
http://www.beersekes.com/op6t/	true	Avira URL Cloud: safe	unknown
http://www.cngdesk.com/op6t/	true	Avira URL Cloud: safe	unknown
http://www.tycent520test.com/op6t/	true	Avira URL Cloud: malware	unknown
http://www.facesofhoustontx.com/op6t/?x2=wN2xY&nvddg=BHIAQNMULh6XRL1bx9H5u1ZiIAZR91nuzdCSdKuFpLeK/J0eLacPvObCKir816qtvGKK6uKZvELi45NaX+Eep6GNrYofejB/V2VvbUmxnRNQoZSvM+S992o=	true	Avira URL Cloud: safe	unknown

ID:	1445848
Product:	CloudBasic
Start time:	17:27:33
Start date:	22.05.2024
Sample:	FRA.0038253.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS
MD5:	b07b3994ad66a39937d9081eb64cd5f5
SHA1:	3fffe0fb2721f440909f99c5cb74d1d556ac45bb
SHA256:	53501f12261fc6003fb771379846bfc0bad23e331f0ccde984c431c22901881f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\Chott151.pro	data	CDCEC2C558FA8A8E63AA5356507265B3	69423E82B8C5A9CE561BE425DE34E38FD348246E	E85B367006F230C3B2E29A11766CDA65A0582F9EAB4A601BDECEA7229B26D0FC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\Majesttiske.Tys	data	364A269FD74434764B105B858C744A25	165011DD3CD6BF08689CD1ADCA49B709540FB90A	4CED9FD0F138C541F54922E81E96EDAB706803AC5A69356D02A0DEAB5F632224
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\Sponsible.gum	data	15D9EACEF1E85CF33B6BDA50A20BB952	F970803C1192FC9E74F54F23124EA401522C70E1	9E381E8BE66B5E4B91462ED8FB919409595EB718E600F4327D864743EC899DDE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\aromatiseres.kny	data	8A71483589E505B551DAB3E14CAECF9F	D0FA3D65A453D2C274F3FA6C3318BD28DD34CD35	DCA1DCEFB8B08F47A8D82F1135F1B6E6EDFFDB70930A1227676EC4F7A1D9502A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\contraproposal.ber	data	A9E2CB65CC04E6C0F54609FB8B7CC0A4	159D40F96A5C58DD7FE2D93D2CFBE22E13EF530A	06AABA7BFAE63698E760B60D9C7CAD5C8A5A4A85595153C90C306A61C47A20F7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\mars\universaltang\reseek\overelaborates.txt	ASCII text, with CRLF line terminators	A351FC586F6D81C2D14B8ED97FA675FE	699ECB3F5C9409026082F83AD4F040151D285DB1	94D29FE8A4B016CB3AB9B3134B49911795198B3E1C16DF0D16E3C8F7B45ED2FE
C:\Users\user\AppData\Local\Temp\802G22IQD	SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 92, cookie 0x3a, schema 4, UTF-8, version-valid-for 3	BE092D0FC1A86091764AABD40B25CB9E	1372556BBC211898F393CC02C4285705AACAE3D7	3A83C0434C667BB30FD9D85D908E652A2569239BBD61079849F299409A48D545
C:\Users\user\AppData\Local\Temp\Settings.ini	ASCII text, with CRLF line terminators	F5FDC9A00B0149608E24C58FD5249EA4	E2D50A7CDC8E7A9F9CC9F86074AE23F86A32F841	12D2CA5CF65237CE9AC610E3A80AD20135A76D7E62C1FD92DED6CEA68F774C7C
C:\Users\user\AppData\Local\Temp\nspA3DD.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	12B140583E3273EE1F65016BECEA58C4	92DF24D11797FEFD2E1F8D29BE9DFD67C56C1ADA	014F1DFEB842CF7265A3644BC6903C592ABE9049BFC7396829172D3D72C4D042

Windows Analysis Report FRA.0038253.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
FRA.0038253.exe

Malware Threat Intel
Provided by