Edit tour

Windows Analysis Report
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y

Overview

General Information

Sample URL:	http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y
Analysis ID:	1448089
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/cssContent-Length: 950Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "aa0-618f597da042b-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipX-Powered-By: PleskLinData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 56 db 6e db 38 10 7d f7 57 0c 5a 04 6d 03 4b 91 64 ca 17 e5 65 8b c5 62 db 97 c5 be ed 33 25 52 36 1b 4a 14 48 d9 71 b6 f0 bf 2f 29 91 ba 3b c0 36 06 72 99 19 cd cc 39 73 66 94 a7 47 f8 5d 54 6f 92 1d 4f 35 84 87 c3 c1 8b 82 08 f9 f0 0f 4d ff 96 42 c1 f7 b2 a6 b2 c4 35 13 25 e6 f0 67 91 7e f3 e1 2b e7 d0 3c a0 40 52 45 e5 85 12 1f 1e 9f 56 a7 ba e0 f0 73 05 fa 4b 5c a8 cc b9 78 f5 de 12 50 99 14 9c 3f 37 f6 4c 70 21 13 f8 18 04 41 6b c8 45 59 27 80 82 00 b6 91 1f 3f 3c 85 3e 82 0f df 28 bf d0 9a 65 18 fe a2 67 fa 61 0d 9d 61 0d 5f 25 c3 7c 0d 0a 97 ca d3 b5 59 de e6 f1 5e 69 fa c2 6a af a6 d7 da 53 ec 5f ea 61 f2 e3 ac 74 ee 30 08 1e 6c 4c a1 de f7 bb 1c b8 f2 4e 1a 1f 37 18 3d db 72 2d 75 c5 0a 4b 5a d6 cf ab db 2a 15 e4 6d 3d 44 7c a2 26 7a 98 ae 60 a5 37 b6 b6 8f d9 07 0a 2c 8f ac 4c 60 40 44 d3 98 0e f6 37 92 16 ad 39 c5 d9 cb 51 8a 73 49 34 6b 79 9e 2f d0 78 5b 61 9b 32 3b 4b 65 ec 95 60 66 6c 6d 6c 83 98 d0 4c c8 66 8a 09 94 a2 a4 e3 34 11 3a ec e9 66 5a f0 0e 72 9c e0 ac 66 17 ba d6 bf 9d cc 9c 6d f1 59 1d 9d 82 4a ce a6 c5 c2 fd 9e 90 43 6b 13 e7 da 04 34 24 dc 56 a7 50 33 1a 4d e9 31 1f 3f ee 08 71 69 10 42 03 e2 5e 2d cf c8 e9 ca a4 ed d9 6f b3 c3 cf 21 cb 91 8f 4c 52 b8 35 35 87 9e 8d bf b5 1e 9f 4a 29 a4 26 82 50 47 b1 2d 9f a3 dd 2e 8e 67 a3 db 77 7d ce 1b a8 74 15 87 2a f4 23 1d a9 61 eb 22 95 cf 29 26 36 ff 48 06 db 39 ea 3c c6 5b d4 c0 71 bc a7 e2 6a 1e 60 e5 31 d1 61 7a ee 3a 81 b6 3d 8f 54 69 59 71 e5 5b ec ce 9a 0a a9 27 95 8c ff f4 6a 51 e9 1e aa 2b 28 c1 19 81 8f 84 10 53 d7 af f0 d1 91 41 98 aa 38 d6 2b ee 36 a7 ab db 7b f4 ce e5 9c 5e e7 1e 63 5d 5c 94 cb a9 ab 93 a4 34 17 72 56 2e e5 22 7b 71 c4 34 88 13 f8 f4 69 bc c4 86 16 53 a2 83 e5 3a 31 92 0a 01 ed 50 65 cb 2f 1a 47 7b b7 d9 6b b5 e5 70 96 fc 73 73 ee a4 af 2e c7 2f 10 07 0f b0 d5 34 96 c2 93 b4 a2 b8 9e 6d 50 3b 48 84 1e 00 9f 6b d1 c0 2a 30 2b 2d 9e 79 ab e1 b4 d5 50 7f 76 ee a0 2c 98 86 c3 b7 73 eb 98 ae 30 21 8d 23 0c cc b0 63 f7 ed 3d d2 5b bd 13 aa 6f 36 ab cc 1a ff 8f 56 47 4d 36 d9 4e 94 57 9e b9 16 a2 54 80 a7 53 64 65 b3 23 83 61 3a 21 46 bd ea a2 0d de 11 3a 56 af 3b 08 dd 8f 09 5e 6b 0e 3b ac ef 9c c0 ee e6 9b 23 c7 5a 6f e0 47 b1 02 8a 95 8d b9 e7 9b 21 7c ff 1e f6 45 47 e2 1a 22 ec ae 8b 39 f4 b7 d5 6f 05 25 0c c3 e7 02 5f bd 57 46 ea 53 72 88 0f d5 f5 8b ad b0 b0 22 c3 91 78 95 a4 b9 1e 28 ed 74 18 04 4e de 6e 52 5e 8a 15 53 33 d7 40 c2 95 70 d0 8d dc 51 c7 e9 ad 6d a1 95 73 cf 7d 6c 2f e7 52 f3 b0 db 4e bb 1f b6 3d 90 98 90 ac 59 6a cd a6 79 eb f3 e7 c5 28 c2 24 cd 1c b7 b2 18 85 39 0e 06 31 9a dc 73 51 4e f0 df f1 df 7e 89 e0 28 be 4b f0 c4 b5 4c b0 51 ad 87 fc fe 25 b2 78 4e c2 ed 56 ef 47 7b 50 e6 93 80

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/styles.css HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=yAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/server.svg HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://a3d27715.physioprogram.it/error_docs/styles.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=yAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error_docs/server.svg HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: a3d27715.physioprogram.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: a3d27715.physioprogram.it
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 808Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "328-618f597da042b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 17:14:52 GMTContent-Type: text/htmlContent-Length: 808Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "328-618f597da042b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 54 68 69 73 20 70 61 67 65 20 65 69 74 68 65 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 2c 20 6f 72 20 69 74 20 6d 6f 76 65 64 20 73 6f 6d 65 77 68 65 72 65 20 65 6c 73 65 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 27 May 2024 17:15:04 GMTContent-Type: text/htmlContent-Length: 795Connection: keep-aliveLast-Modified: Tue, 21 May 2024 12:02:33 GMTETag: "31b-618f597d9f48b"Accept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 3c 68 31 3e 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 63 6f 64 65 22 3e 34 30 33 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 68 32 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 6c 65 61 64 22 3e 59 6f 75 20 64 6f 20 6e 6f 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 64 6f 63 75 6d 65 6e 74 2e 3c 2f 70 3e 0a 20 20 20 20 3c 68 72 2f 3e 0a 20 20 20 20 3c 70 3e 54 68 61 74 27 73 20 77 68 61 74 20 79 6f 75 20 63 61 6e 20 64 6f 3c 2f 70 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 6c 70 2d 61 63 74 69 6f 6e 73 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 3b 22 3e 52 65 6c 6f 61 64 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 3b 22 3e 42 61 63 6b 20 74 6f 20 50 72 65 76 69 6f 75 73 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 48 6f 6d 65 20 50 61 67 65 3c 2f 61 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>403 Forbidden</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 52274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52274

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/11@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://a3d27715.physioprogram.it/error_docs/server.svg	0%	Avira URL Cloud	safe
http://a3d27715.physioprogram.it/error_docs/styles.css	0%	Avira URL Cloud	safe
http://a3d27715.physioprogram.it/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
a3d27715.physioprogram.it	91.222.173.92	true	false	unknown
www.google.com	142.250.185.164	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://a3d27715.physioprogram.it/error_docs/styles.css	false	Avira URL Cloud: safe	unknown
http://a3d27715.physioprogram.it/error_docs/server.svg	false	Avira URL Cloud: safe	unknown
http://a3d27715.physioprogram.it/	false		unknown
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y	false		unknown
http://a3d27715.physioprogram.it/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
91.222.173.92	a3d27715.physioprogram.it	Ukraine	39249	KICUA-ASGI	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1448089
Start date and time:	2024-05-27 19:13:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/11@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: http://a3d27715.physioprogram.it/

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.78, 173.194.76.84, 142.250.185.131, 34.104.35.123, 40.68.123.157, 199.232.210.172, 192.229.221.95, 20.166.126.56, 13.85.23.206, 13.95.31.18, 131.107.255.255, 142.250.186.163
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Input	Output
URL: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "The text does not contain any form fields for a username or password.", "The text does not contain any submit button for a login form.", "The text indicates a server error and a page not found message, not a login form." ] }
Server Error 404 Page Not Found This page either doesn't exist, or it moved somewhere else. That's what you can do Reload Page Back to Previous Page Home Page
URL: http://a3d27715.physioprogram.it/ Model: Perplexity: mixtral-8x7b-instruct	{ "loginform": false, "reasons": [ "The text 'Server Error 403 Forbidden' indicates that the user does not have permission to access the page, which is not related to a login form.", "The text does not contain any form fields or prompts for a username or password.", "The text only contains links to reload the page, go back to the previous page, or go to the home page." ] }
Server Error 403 Forbidden You do not have permission to access this document That's what you can do Reload Page Back to Previous Page Home Page

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	808
Entropy (8bit):	4.9078093738349065
Encrypted:	false
SSDEEP:	24:hYj0XJU5DgGeRpbufLUwDdVJUSdEj7RtiKAo1Mc:PS5gGe/uTUwhVJJEjCKN1h
MD5:	A943672A32297727BAB01C3E76977550
SHA1:	3A667C4B7A457EF6C586CC581D533C128737BF53
SHA-256:	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
SHA-512:	0965D415F3A0CEF31953702FDAE345D46FEFD72CE3C4C7A0255AEDE74A76E10B856892700529A444453A622793E0257248C5C99FAE17D5B0B9FD4118E208068C
Malicious:	false
Reputation:	low
URL:	http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>404 Not Found</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">404</div>. <h2>Page Not Found</h2>. <p class="lead">This page either doesn't exist, or it moved somewhere else.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	808
Entropy (8bit):	4.9078093738349065
Encrypted:	false
SSDEEP:	24:hYj0XJU5DgGeRpbufLUwDdVJUSdEj7RtiKAo1Mc:PS5gGe/uTUwhVJJEjCKN1h
MD5:	A943672A32297727BAB01C3E76977550
SHA1:	3A667C4B7A457EF6C586CC581D533C128737BF53
SHA-256:	B9347F234DC3C8D56E015E86D88A1400415DB8F7A5AD91F02B6A2323C10A4187
SHA-512:	0965D415F3A0CEF31953702FDAE345D46FEFD72CE3C4C7A0255AEDE74A76E10B856892700529A444453A622793E0257248C5C99FAE17D5B0B9FD4118E208068C
Malicious:	false
Reputation:	low
URL:	http://a3d27715.physioprogram.it/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>404 Not Found</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">404</div>. <h2>Page Not Found</h2>. <p class="lead">This page either doesn't exist, or it moved somewhere else.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	7416
Entropy (8bit):	4.434392137234273
Encrypted:	false
SSDEEP:	96:ZnZzYAxkMGgJYmXvOFPnRjvQSmoWV8euLVD/+2G4fVX/No8jZ81DfIf/fcfwfGfv:ZnZzY50io8e8Gqh8DAXk4+GMvX/2Ve
MD5:	1CC0945F8514ED0F47A5D9D513782BDD
SHA1:	D6989F342CDB9886F48A6D3DA3CB71353BBAB1EF
SHA-256:	F74B80306280CCF2DDC635EB09F5F36070EE5769365B0A7A53CA3747602EEBCB
SHA-512:	AE424891FCCBF85B3A06B6A74EB753FD129F51A8A516E671B2ECC2736FFA605F5888786ED8238A147FD5827DCBD3C0D8C12E079B8C1166E94AB49929CC7C656D
Malicious:	false
Reputation:	low
URL:	http://a3d27715.physioprogram.it/error_docs/server.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="228" height="692" viewBox="0 0 227.6 691.8"><path d="M63.5 567.1h102v108.4h-102V567.1z" fill="#FFF"/><path d="M114.7 567.3h50v108.4h-50V567.3z" fill="#858C93"/><path d="M6.1 290.9h216.6c1.7 0 3 1.3 3 3v344.7c0 1.7-1.3 3-3 3H6.1c-1.7 0-3-1.3-3-3V293.9C3.1 292.2 4.5 290.9 6.1 290.9z" fill="#23A7DE"/><path d="M116.2 290.9h108c0.8 0 1.5 1.3 1.5 3v344.7c0 1.7-0.7 3-1.5 3H116.2c-0.8 0-1.5-1.3-1.5-3V293.9C114.7 292.2 115.4 290.9 116.2 290.9z" fill="#1A8ECC"/><path d="M225.7 639.5L225.7 639.5c0 12.3-9.3 22.2-20.8 22.2H23.9c-11.5 0-20.8-9.9-20.8-22.2l0 0" fill="#2BC1FF"/><path d="M114.7 639.5v22.2h90.2c11.5 0 20.8-9.9 20.8-22.2H114.7z" fill="#20A4EA"/><path d="M179.1 611.9h34.6v14.8h-34.6V611.9z" fill="#6AFF07"/><path d="M10.8 673.9H218.8c3.9 0 7 3.1 7 6.9 0 3.8-3.1 6.9-7 6.9H10.8c-3.8 0-7-3.1-7-6.9C3.8 677 6.9 673.9 10.8 673.9z" fill="#EBEEF0"/><path d="M218.8 673.9H114.7v13.9H218.8c3.9 0 7-3.1 7-6.9C225.8 677 222.7 673.9 218.8 673.9z" fill="#A2A7

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	795
Entropy (8bit):	4.901566031798532
Encrypted:	false
SSDEEP:	24:hYj0XJU5DgBMbufinXigdSdEj7RtiKAo1Mc:PS5gKumihEjCKN1h
MD5:	09939A3F159A94DCECF3402CD0D22C5F
SHA1:	46D3A640B0C042D6FD95EB11471D207812673FFB
SHA-256:	57559551C35735C4ACD1EDE5A7D3DF31A3F9B55ACC087FDBB0811813B13D63D3
SHA-512:	B9C8E09EA772469C6076267A036CD90690D4BC7E798E83422001EA02E23DE1417AA33EDB2D53AA961BF7BA865787C01F411244F0C4B3830008AA90F75302D1B7
Malicious:	false
Reputation:	low
URL:	http://a3d27715.physioprogram.it/
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>403 Forbidden</title>. <link rel="stylesheet" href="/error_docs/styles.css">.</head>.<body>.<div class="page">. <div class="main">. <h1>Server Error</h1>. <div class="error-code">403</div>. <h2>Forbidden</h2>. <p class="lead">You do not have permission to access this document.</p>. <hr/>. <p>That's what you can do</p>. <div class="help-actions">. <a href="javascript:location.reload();">Reload Page</a>. <a href="javascript:history.back();">Back to Previous Page</a>. <a href="/">Home Page</a>. </div>. </div>.</div>.</body>.</html>

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	7416
Entropy (8bit):	4.434392137234273
Encrypted:	false
SSDEEP:	96:ZnZzYAxkMGgJYmXvOFPnRjvQSmoWV8euLVD/+2G4fVX/No8jZ81DfIf/fcfwfGfv:ZnZzY50io8e8Gqh8DAXk4+GMvX/2Ve
MD5:	1CC0945F8514ED0F47A5D9D513782BDD
SHA1:	D6989F342CDB9886F48A6D3DA3CB71353BBAB1EF
SHA-256:	F74B80306280CCF2DDC635EB09F5F36070EE5769365B0A7A53CA3747602EEBCB
SHA-512:	AE424891FCCBF85B3A06B6A74EB753FD129F51A8A516E671B2ECC2736FFA605F5888786ED8238A147FD5827DCBD3C0D8C12E079B8C1166E94AB49929CC7C656D
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="228" height="692" viewBox="0 0 227.6 691.8"><path d="M63.5 567.1h102v108.4h-102V567.1z" fill="#FFF"/><path d="M114.7 567.3h50v108.4h-50V567.3z" fill="#858C93"/><path d="M6.1 290.9h216.6c1.7 0 3 1.3 3 3v344.7c0 1.7-1.3 3-3 3H6.1c-1.7 0-3-1.3-3-3V293.9C3.1 292.2 4.5 290.9 6.1 290.9z" fill="#23A7DE"/><path d="M116.2 290.9h108c0.8 0 1.5 1.3 1.5 3v344.7c0 1.7-0.7 3-1.5 3H116.2c-0.8 0-1.5-1.3-1.5-3V293.9C114.7 292.2 115.4 290.9 116.2 290.9z" fill="#1A8ECC"/><path d="M225.7 639.5L225.7 639.5c0 12.3-9.3 22.2-20.8 22.2H23.9c-11.5 0-20.8-9.9-20.8-22.2l0 0" fill="#2BC1FF"/><path d="M114.7 639.5v22.2h90.2c11.5 0 20.8-9.9 20.8-22.2H114.7z" fill="#20A4EA"/><path d="M179.1 611.9h34.6v14.8h-34.6V611.9z" fill="#6AFF07"/><path d="M10.8 673.9H218.8c3.9 0 7 3.1 7 6.9 0 3.8-3.1 6.9-7 6.9H10.8c-3.8 0-7-3.1-7-6.9C3.8 677 6.9 673.9 10.8 673.9z" fill="#EBEEF0"/><path d="M218.8 673.9H114.7v13.9H218.8c3.9 0 7-3.1 7-6.9C225.8 677 222.7 673.9 218.8 673.9z" fill="#A2A7

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 2720
Category:	downloaded
Size (bytes):	950
Entropy (8bit):	7.796442451303865
Encrypted:	false
SSDEEP:	24:XABD7ppXRK0lTZVUoxvJ1xV5NaKwn6s4oKlnKHv/i:XABD7p5I0GSJ19k6I2CXi
MD5:	1F3E0A4E0CF11D6A41C2A0AFC9BF8297
SHA1:	A4E4D9FD9AFF3A4257FD361FC9E1AA59C058C9FA
SHA-256:	22820325F701ED1F092A796A3BF25878C941FB26537C4DEC3C9FE6AB7161CE88
SHA-512:	6E84DD33D192DC693ED780F936AB18A6FA728AC13289D337F671E5A06E1D5351C1FACB5B8ED683248EBF7C4EFB56D68D223319CDD0237E9045B18FEDE1E87C8F
Malicious:	false
Reputation:	low
URL:	http://a3d27715.physioprogram.it/error_docs/styles.css
Preview:	...........V.n.8.}.W.Z.m.K.d...e..b...3%R6.J.H.q../)..;.6.r....9sf..G.]To..O5..........M..B......5.%..g.~..+..<.@RE.....V....s..K\..x...P...?7.Lp!....Ak.EY'......?<.>...(..e...g.a..a._%.\|.....Y...^i..j....S._.a..t.0..lL.......N..7.=.r-u..KZ.....m=D\|.&z..`.7......,..L`@D...7...9...Q.sI4ky./.x[a.2;Ke.`flml...L.f......4.:..fZ..r..f.....m.Y...J......Ck....4$.V.P3.M.1.?..qi.B..^-......o...!..LR.55.......J).&.PG.-.....g..w}...t...#..a."..)&6.H..9.<.[..q...j.`.1.az.:..=.TiYq.[....'....jQ...+(......S...A..8.+.6...{...^..c]\.....4.rV.."{q.4....i...S...:1....Pe./.G{..k..p..ss.../.....4......mP;H....k..*0+-.y...P.v.,...s.0!.#..c..=.[...o6.....VGM6.N.W....T..Sde.#.a:!F.....:V.;...^k.;.....#.Zo.G.......!\|...EG..".9...o.%...._.WF.Sr........".x....(.t..N.nR^..S3.@.p..Q..m..s.}l/.R..N...=....Yj.y....(.$......9..1..sQN....~..(.K..L.Q....%.xN..V.G{P..G.......C._..3\.`....ow/.~.{.y..`...U........\|.....

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 19:14:41.609517097 CEST	49678	443	192.168.2.4	104.46.162.224
May 27, 2024 19:14:43.140614986 CEST	49675	443	192.168.2.4	173.222.162.32
May 27, 2024 19:14:51.813028097 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:51.818103075 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:51.818198919 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:51.818341017 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:51.823236942 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:51.845599890 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:51.850975990 CEST	80	49736	91.222.173.92	192.168.2.4
May 27, 2024 19:14:51.851461887 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:52.429474115 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:52.450867891 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:52.457122087 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:52.631679058 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:52.631700039 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:52.631751060 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:52.742742062 CEST	49675	443	192.168.2.4	173.222.162.32
May 27, 2024 19:14:52.821597099 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:52.826652050 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:52.833477974 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:52.838525057 CEST	80	49736	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001048088 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001072884 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001085997 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001097918 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001111031 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001125097 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001136065 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001148939 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.001157999 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.001219034 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.001219034 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.015255928 CEST	80	49736	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.057234049 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.166821003 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.173928022 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.174022913 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.174314022 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.180160999 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.800810099 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.800873041 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.800910950 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.800947905 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.800983906 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.801008940 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.801008940 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.801018000 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.801057100 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:14:53.801177025 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.843353987 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:14:53.975811005 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:53.975837946 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:53.975900888 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:53.979329109 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:53.979341030 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:54.686512947 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:54.732714891 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:54.892148018 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:54.892162085 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:54.896034002 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:54.896116972 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:54.986586094 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:54.986668110 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:54.986763000 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:54.988537073 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:54.988574982 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:55.415368080 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:55.415924072 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:55.467170000 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:55.467185974 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:14:55.513957977 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:14:55.656400919 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:55.656502962 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.388312101 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.388401985 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.389493942 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.435976982 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.573426962 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.614542961 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.771128893 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.771291971 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.771358967 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.771441936 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.771441936 CEST	49741	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.771485090 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.771524906 CEST	443	49741	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.817759037 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.817812920 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:56.817894936 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.818211079 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:56.818242073 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.461649895 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.461885929 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:57.643750906 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:57.643836021 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.644867897 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.646441936 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:57.686537027 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.832627058 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.832802057 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.832873106 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:57.834018946 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:57.834059954 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:14:57.834086895 CEST	49742	443	192.168.2.4	184.28.90.27
May 27, 2024 19:14:57.834101915 CEST	443	49742	184.28.90.27	192.168.2.4
May 27, 2024 19:15:03.813869953 CEST	49672	443	192.168.2.4	173.222.162.32
May 27, 2024 19:15:03.813957930 CEST	443	49672	173.222.162.32	192.168.2.4
May 27, 2024 19:15:03.978801966 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:03.984277010 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:15:04.162159920 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:15:04.207935095 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:04.574434042 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:15:04.574605942 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:15:04.574781895 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:04.737401009 CEST	49740	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:04.737432003 CEST	443	49740	142.250.185.164	192.168.2.4
May 27, 2024 19:15:09.430381060 CEST	52271	53	192.168.2.4	1.1.1.1
May 27, 2024 19:15:09.435566902 CEST	53	52271	1.1.1.1	192.168.2.4
May 27, 2024 19:15:09.435787916 CEST	52271	53	192.168.2.4	1.1.1.1
May 27, 2024 19:15:09.435787916 CEST	52271	53	192.168.2.4	1.1.1.1
May 27, 2024 19:15:09.440745115 CEST	53	52271	1.1.1.1	192.168.2.4
May 27, 2024 19:15:09.975470066 CEST	53	52271	1.1.1.1	192.168.2.4
May 27, 2024 19:15:09.976212025 CEST	52271	53	192.168.2.4	1.1.1.1
May 27, 2024 19:15:09.981663942 CEST	53	52271	1.1.1.1	192.168.2.4
May 27, 2024 19:15:09.981730938 CEST	52271	53	192.168.2.4	1.1.1.1
May 27, 2024 19:15:38.029963017 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:38.035099030 CEST	80	49736	91.222.173.92	192.168.2.4
May 27, 2024 19:15:38.811212063 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:38.816478968 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:15:49.171194077 CEST	49735	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:49.317756891 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:15:54.198344946 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:54.198379993 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:15:54.198446035 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:54.198705912 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:54.198719978 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:15:54.881711006 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:15:54.882617950 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:54.882648945 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:15:54.883770943 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:15:54.884972095 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:54.885143042 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:15:54.936745882 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:15:58.033201933 CEST	80	49736	91.222.173.92	192.168.2.4
May 27, 2024 19:15:58.033267021 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:58.799052000 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:15:58.799114943 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:59.926549911 CEST	49739	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:59.926625013 CEST	49736	80	192.168.2.4	91.222.173.92
May 27, 2024 19:15:59.931803942 CEST	80	49739	91.222.173.92	192.168.2.4
May 27, 2024 19:15:59.931849003 CEST	80	49736	91.222.173.92	192.168.2.4
May 27, 2024 19:16:00.671317101 CEST	49723	80	192.168.2.4	93.184.221.240
May 27, 2024 19:16:00.671612024 CEST	49724	80	192.168.2.4	93.184.221.240
May 27, 2024 19:16:00.678623915 CEST	80	49723	93.184.221.240	192.168.2.4
May 27, 2024 19:16:00.678690910 CEST	49723	80	192.168.2.4	93.184.221.240
May 27, 2024 19:16:00.679136992 CEST	80	49724	93.184.221.240	192.168.2.4
May 27, 2024 19:16:00.679227114 CEST	49724	80	192.168.2.4	93.184.221.240
May 27, 2024 19:16:04.804806948 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:16:04.804878950 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:16:04.804939032 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:16:05.922925949 CEST	52274	443	192.168.2.4	142.250.185.164
May 27, 2024 19:16:05.922950029 CEST	443	52274	142.250.185.164	192.168.2.4
May 27, 2024 19:16:09.171937943 CEST	80	49735	91.222.173.92	192.168.2.4
May 27, 2024 19:16:09.172034979 CEST	49735	80	192.168.2.4	91.222.173.92

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 27, 2024 19:14:49.691171885 CEST	53	60218	1.1.1.1	192.168.2.4
May 27, 2024 19:14:49.692055941 CEST	53	59113	1.1.1.1	192.168.2.4
May 27, 2024 19:14:51.087589025 CEST	53	62237	1.1.1.1	192.168.2.4
May 27, 2024 19:14:51.698734999 CEST	64636	53	192.168.2.4	1.1.1.1
May 27, 2024 19:14:51.698734999 CEST	50944	53	192.168.2.4	1.1.1.1
May 27, 2024 19:14:51.760921955 CEST	53	64636	1.1.1.1	192.168.2.4
May 27, 2024 19:14:51.787230968 CEST	53	50944	1.1.1.1	192.168.2.4
May 27, 2024 19:14:53.092196941 CEST	62640	53	192.168.2.4	1.1.1.1
May 27, 2024 19:14:53.094822884 CEST	62271	53	192.168.2.4	1.1.1.1
May 27, 2024 19:14:53.161696911 CEST	53	62640	1.1.1.1	192.168.2.4
May 27, 2024 19:14:53.166138887 CEST	53	62271	1.1.1.1	192.168.2.4
May 27, 2024 19:14:53.928837061 CEST	60459	53	192.168.2.4	1.1.1.1
May 27, 2024 19:14:53.929059982 CEST	57956	53	192.168.2.4	1.1.1.1
May 27, 2024 19:14:53.938050032 CEST	53	60459	1.1.1.1	192.168.2.4
May 27, 2024 19:14:53.938091993 CEST	53	57956	1.1.1.1	192.168.2.4
May 27, 2024 19:15:08.779397011 CEST	53	60502	1.1.1.1	192.168.2.4
May 27, 2024 19:15:09.429850101 CEST	53	53508	1.1.1.1	192.168.2.4
May 27, 2024 19:15:12.145554066 CEST	138	138	192.168.2.4	192.168.2.255
May 27, 2024 19:15:27.542818069 CEST	53	52921	1.1.1.1	192.168.2.4
May 27, 2024 19:15:49.319972992 CEST	53	52578	1.1.1.1	192.168.2.4
May 27, 2024 19:15:50.008375883 CEST	53	58225	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 27, 2024 19:14:51.698734999 CEST	192.168.2.4	1.1.1.1	0xc70e	Standard query (0)	a3d27715.physioprogram.it	A (IP address)	IN (0x0001)	false
May 27, 2024 19:14:51.698734999 CEST	192.168.2.4	1.1.1.1	0x757	Standard query (0)	a3d27715.physioprogram.it	65	IN (0x0001)	false
May 27, 2024 19:14:53.092196941 CEST	192.168.2.4	1.1.1.1	0xdb99	Standard query (0)	a3d27715.physioprogram.it	A (IP address)	IN (0x0001)	false
May 27, 2024 19:14:53.094822884 CEST	192.168.2.4	1.1.1.1	0xbd9c	Standard query (0)	a3d27715.physioprogram.it	65	IN (0x0001)	false
May 27, 2024 19:14:53.928837061 CEST	192.168.2.4	1.1.1.1	0x644b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 27, 2024 19:14:53.929059982 CEST	192.168.2.4	1.1.1.1	0xca3	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 27, 2024 19:14:51.760921955 CEST	1.1.1.1	192.168.2.4	0xc70e	No error (0)	a3d27715.physioprogram.it		91.222.173.92	A (IP address)	IN (0x0001)	false
May 27, 2024 19:14:53.161696911 CEST	1.1.1.1	192.168.2.4	0xdb99	No error (0)	a3d27715.physioprogram.it		91.222.173.92	A (IP address)	IN (0x0001)	false
May 27, 2024 19:14:53.938050032 CEST	1.1.1.1	192.168.2.4	0x644b	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
May 27, 2024 19:14:53.938091993 CEST	1.1.1.1	192.168.2.4	0xca3	No error (0)	www.google.com			65	IN (0x0001)	false
May 27, 2024 19:15:06.993545055 CEST	1.1.1.1	192.168.2.4	0xd211	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
May 27, 2024 19:15:06.993545055 CEST	1.1.1.1	192.168.2.4	0xd211	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
May 27, 2024 19:15:07.496442080 CEST	1.1.1.1	192.168.2.4	0x2492	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 27, 2024 19:15:07.496442080 CEST	1.1.1.1	192.168.2.4	0x2492	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

a3d27715.physioprogram.it

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	91.222.173.92	80	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 27, 2024 19:14:51.818341017 CEST	488	OUT	GET /ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y HTTP/1.1 Host: a3d27715.physioprogram.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 27, 2024 19:14:52.429474115 CEST	1051	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 27 May 2024 17:14:52 GMT Content-Type: text/html Content-Length: 808 Connection: keep-alive Last-Modified: Tue, 21 May 2024 12:02:33 GMT ETag: "328-618f597da042b" Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"> <h1>Server Error</h1> <div class="error-code">404</div> <h2>Page Not Found</h2> <p class="lead">This page either doesn't exist, or it moved somewhere else.</p> <hr/> <p>That's what you can do</p> <div class="help-actions"> <a href="javascript:location.reload();">Reload Page</a> <a href="javascript:history.back();">Back to Previous Page</a> <a href="/">Home Page</a> </div> </div></div></body></html>
May 27, 2024 19:14:52.450867891 CEST	406	OUT	GET /error_docs/styles.css HTTP/1.1 Host: a3d27715.physioprogram.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 27, 2024 19:14:52.631679058 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 May 2024 17:14:52 GMT Content-Type: text/css Content-Length: 950 Connection: keep-alive Last-Modified: Tue, 21 May 2024 12:02:33 GMT ETag: "aa0-618f597da042b-gzip" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip X-Powered-By: PleskLin Data Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 56 db 6e db 38 10 7d f7 57 0c 5a 04 6d 03 4b 91 64 ca 17 e5 65 8b c5 62 db 97 c5 be ed 33 25 52 36 1b 4a 14 48 d9 71 b6 f0 bf 2f 29 91 ba 3b c0 36 06 72 99 19 cd cc 39 73 66 94 a7 47 f8 5d 54 6f 92 1d 4f 35 84 87 c3 c1 8b 82 08 f9 f0 0f 4d ff 96 42 c1 f7 b2 a6 b2 c4 35 13 25 e6 f0 67 91 7e f3 e1 2b e7 d0 3c a0 40 52 45 e5 85 12 1f 1e 9f 56 a7 ba e0 f0 73 05 fa 4b 5c a8 cc b9 78 f5 de 12 50 99 14 9c 3f 37 f6 4c 70 21 13 f8 18 04 41 6b c8 45 59 27 80 82 00 b6 91 1f 3f 3c 85 3e 82 0f df 28 bf d0 9a 65 18 fe a2 67 fa 61 0d 9d 61 0d 5f 25 c3 7c 0d 0a 97 ca d3 b5 59 de e6 f1 5e 69 fa c2 6a af a6 d7 da 53 ec 5f ea 61 f2 e3 ac 74 ee 30 08 1e 6c 4c a1 de f7 bb 1c b8 f2 4e 1a 1f 37 18 3d db 72 2d 75 c5 0a 4b 5a d6 cf ab db 2a 15 e4 6d 3d 44 7c a2 26 7a 98 ae 60 a5 37 b6 b6 8f d9 07 0a 2c 8f ac 4c 60 40 44 d3 98 0e f6 37 92 16 ad 39 c5 d9 cb 51 8a 73 49 34 6b 79 9e 2f d0 78 5b 61 9b 32 3b 4b 65 ec 95 60 66 6c 6d 6c 83 98 d0 4c c8 66 8a 09 94 a2 a4 e3 34 11 3a ec e9 66 5a f0 0e [TRUNCATED] Data Ascii: Vn8}WZmKdeb3%R6JHq/);6r9sfG]ToO5MB5%g~+<@REVsK\xP?7Lp!AkEY'?<>(egaa_%\|Y^ijS_at0lLN7=r-uKZm=D\|&z`7,L`@D79QsI4ky/x[a2;Ke`flmlLf4:fZrfmYJCk4$VP3M1?qiB^-o!LR55J)&PG-.gw}t#a")&6H9<[qj`1az:=TiYq['jQ+(SA8+6{^c]\4rV."{q4iS:1Pe/G{kpss./4mP;Hk*0+-yPv,s0!#c=[o6VGM6NWTSde#a:!F:V;^k;#ZoG!\|EG"9o%_WFSr"x(tNnR^S3@pQms}l/RN=Yjy($91sQN~(KLQ%xNVG{PGC_3\`ow/~{
May 27, 2024 19:14:52.631700039 CEST	25	IN	Data Raw: 9d 79 a3 dd 60 de b3 b7 ac 55 ca a2 8c 9c f3 f6 1f 03 18 7c 19 a0 0a 00 00 Data Ascii: y`U\|
May 27, 2024 19:14:52.821597099 CEST	425	OUT	GET /error_docs/server.svg HTTP/1.1 Host: a3d27715.physioprogram.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://a3d27715.physioprogram.it/error_docs/styles.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 27, 2024 19:14:53.001048088 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 May 2024 17:14:52 GMT Content-Type: image/svg+xml Content-Length: 7416 Connection: keep-alive Last-Modified: Tue, 21 May 2024 12:02:33 GMT ETag: "1cf8-618f597d9f48b" Accept-Ranges: bytes X-Powered-By: PleskLin Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 32 38 22 20 68 65 69 67 68 74 3d 22 36 39 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 32 37 2e 36 20 36 39 31 2e 38 22 3e 3c 70 61 74 68 20 64 3d 22 4d 36 33 2e 35 20 35 36 37 2e 31 68 31 30 32 76 31 30 38 2e 34 68 2d 31 30 32 56 35 36 37 2e 31 7a 22 20 66 69 6c 6c 3d 22 23 46 46 46 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 34 2e 37 20 35 36 37 2e 33 68 35 30 76 31 30 38 2e 34 68 2d 35 30 56 35 36 37 2e 33 7a 22 20 66 69 6c 6c 3d 22 23 38 35 38 43 39 33 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 36 2e 31 20 32 39 30 2e 39 68 32 31 36 2e 36 63 31 2e 37 20 30 20 33 20 31 2e 33 20 33 20 33 76 33 34 34 2e 37 63 30 20 31 2e 37 2d 31 2e 33 20 33 2d 33 20 33 48 36 2e 31 63 2d 31 2e 37 20 30 2d 33 2d 31 2e 33 2d 33 2d 33 56 32 39 33 2e 39 43 33 2e 31 20 32 39 32 2e 32 20 34 2e 35 20 32 39 30 2e 39 20 36 2e 31 20 32 39 30 2e 39 7a 22 20 66 69 6c 6c 3d 22 23 32 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="228" height="692" viewBox="0 0 227.6 691.8"><path d="M63.5 567.1h102v108.4h-102V567.1z" fill="#FFF"/><path d="M114.7 567.3h50v108.4h-50V567.3z" fill="#858C93"/><path d="M6.1 290.9h216.6c1.7 0 3 1.3 3 3v344.7c0 1.7-1.3 3-3 3H6.1c-1.7 0-3-1.3-3-3V293.9C3.1 292.2 4.5 290.9 6.1 290.9z" fill="#23A7DE"/><path d="M116.2 290.9h108c0.8 0 1.5 1.3 1.5 3v344.7c0 1.7-0.7 3-1.5 3H116.2c-0.8 0-1.5-1.3-1.5-3V293.9C114.7 292.2 115.4 290.9 116.2 290.9z" fill="#1A8ECC"/><path d="M225.7 639.5L225.7 639.5c0 12.3-9.3 22.2-20.8 22.2H23.9c-11.5 0-20.8-9.9-20.8-22.2l0 0" fill="#2BC1FF"/><path d="M114.7 639.5v22.2h90.2c11.5 0 20.8-9.9 20.8-22.2H114.7z" fill="#20A4EA"/><path d="M179.1 611.9h34.6v14.8h-34.6V611.9z" fill="#6AFF07"/><path d="M10.8 673.9H218.8c3.9 0 7 3.1 7 6.9 0 3.8-3.1 6.9-7 6.9H10.8c-3.8 0-7-3.1-7-6.9C3.8 677 6.9 673.9 10.8 673.9z" fill="#EBEEF0"/><path d="M218.8 673.9H114.7v13.9H218.8c3.9 0 7-3.1 7-6.9C225.8 677 222.7 6
May 27, 2024 19:14:53.001072884 CEST	224	IN	Data Raw: 37 33 2e 39 20 32 31 38 2e 38 20 36 37 33 2e 39 7a 22 20 66 69 6c 6c 3d 22 23 41 32 41 37 41 43 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 32 32 2e 37 20 32 38 38 2e 39 48 36 2e 31 63 2d 31 2e 37 20 30 2d 33 20 31 2e 33 2d 33 20 33 76 34 63 30 2d Data Ascii: 73.9 218.8 673.9z" fill="#A2A7AC"/><path d="M222.7 288.9H6.1c-1.7 0-3 1.3-3 3v4c0-1.7 1.3-3 3-3h216.6c1.7 0 3 1.3 3 3v-4C225.7 290.2 224.4 288.9 222.7 288.9z" fill="#A5E4F6"/><path d="M3.1 454.1h222.6v7.4H3.1V454.1z" fill="#
May 27, 2024 19:14:53.001085997 CEST	1236	IN	Data Raw: 32 30 39 39 44 30 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 2e 31 20 34 35 32 2e 31 68 32 32 32 2e 36 76 37 2e 34 48 33 2e 31 56 34 35 32 2e 31 7a 22 20 66 69 6c 6c 3d 22 23 31 43 44 37 46 46 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 34 2e 37 Data Ascii: 2099D0"/><path d="M3.1 452.1h222.6v7.4H3.1V452.1z" fill="#1CD7FF"/><path d="M114.7 454.1h111v7.4H114.7V454.1z" fill="#1882BF"/><path d="M114.7 452.1h111v7.4H114.7V452.1z" fill="#14B7EA"/><path d="M3.1 444.7h76.1v14.8H3.1V444.7z" fill="#71E9FF"
May 27, 2024 19:14:53.001097918 CEST	1236	IN	Data Raw: 6f 66 66 73 65 74 3d 22 30 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 44 31 45 44 46 46 22 2f 3e 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 31 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 41 35 45 33 46 45 22 2f 3e 3c 2f 6c 69 6e 65 61 72 47 72 Data Ascii: offset="0" stop-color="#D1EDFF"/><stop offset="1" stop-color="#A5E3FE"/></linearGradient><path d="M58.5 11.6c-14.4 9.5-30.9 27.7-24.6 59.8C14.4 76.8 0 94.4 0 115.6c0 25.3 20.3 45.8 45.4 45.8h136.8c25.1 0 45.4-20.5 45.4-45.8 0-20.9-12.6-37.6-32
May 27, 2024 19:14:53.001111031 CEST	1236	IN	Data Raw: 34 2e 32 20 33 2e 37 20 34 2e 33 56 31 39 37 2e 31 7a 4d 36 35 2e 36 20 32 30 36 2e 37 63 30 20 30 20 30 20 30 2e 31 2d 30 2e 31 20 30 2e 31 20 30 20 30 20 30 2d 30 2e 31 2d 30 2e 31 2d 30 2e 31 76 30 2e 32 63 2d 31 2e 33 20 31 2e 36 2d 35 2e 33 Data Ascii: 4.2 3.7 4.3V197.1zM65.6 206.7c0 0 0 0.1-0.1 0.1 0 0 0-0.1-0.1-0.1v0.2c-1.3 1.6-5.3 6.6-5.3 10.5 -0.1 4 3 6.1 5.3 6.1v0c0 0 0 0 0.1 0 0 0 0 0 0.1 0v0c2.3-0.1 5.4-2.2 5.3-6.1 -0.1-3.9-4-8.9-5.3-10.5V206.7zM140.2 248.3c0 0 0 0 0.1 0 0 0 0 0 0.1 0
May 27, 2024 19:14:53.001125097 CEST	672	IN	Data Raw: 30 20 30 20 30 20 30 20 30 2e 31 20 30 20 30 20 30 20 30 20 30 20 30 2e 31 20 30 76 30 63 32 2e 33 2d 30 2e 31 20 35 2e 34 2d 32 2e 32 20 35 2e 33 2d 36 2e 31 20 2d 30 2e 31 2d 33 2e 39 2d 34 2d 38 2e 39 2d 35 2e 33 2d 31 30 2e 35 56 32 35 39 2e Data Ascii: 0 0 0 0 0.1 0 0 0 0 0 0.1 0v0c2.3-0.1 5.4-2.2 5.3-6.1 -0.1-3.9-4-8.9-5.3-10.5V259.8zM154.3 200.7v-0.1c0 0 0 0 0 0.1 0 0 0 0 0-0.1v0.1c-0.9 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0 0 0 0 0 0s0 0 0 0v0c1.7-0.1 3.9-1.6 3.8-4.5C158.1 205.6
May 27, 2024 19:14:53.001136065 CEST	1236	IN	Data Raw: 20 31 2e 32 2d 33 2e 38 20 34 2e 39 2d 33 2e 39 20 37 2e 37 20 2d 30 2e 31 20 32 2e 39 20 32 2e 32 20 34 2e 35 20 33 2e 39 20 34 2e 35 76 30 63 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 76 30 63 31 2e 37 2d 30 2e 31 20 Data Ascii: 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0 0 0 0 0 0 0 0 0 0 0 0v0c1.7-0.1 3.9-1.6 3.8-4.5 -0.1-2.9-2.9-6.5-3.8-7.7V188.2zM48.5 237.8c0 0 0 0 0 0.1 0 0 0 0 0-0.1v0.1c-0.9 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0 0 0 0 0 0 0 0 0
May 27, 2024 19:14:53.001148939 CEST	606	IN	Data Raw: 2e 31 76 30 2e 31 63 2d 30 2e 39 20 31 2e 32 2d 33 2e 38 20 34 2e 39 2d 33 2e 39 20 37 2e 37 20 2d 30 2e 31 20 32 2e 39 20 32 2e 32 20 34 2e 35 20 33 2e 39 20 34 2e 35 76 30 63 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 Data Ascii: .1v0.1c-0.9 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0 0 0 0 0 0 0 0 0 0 0 0v0c1.7-0.1 3.9-1.6 3.8-4.5 -0.1-2.9-2.9-6.5-3.8-7.7V262.7zM142.3 271.5c0 0 0 0 0 0.1 0 0 0 0 0-0.1v0.1c-0.9 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0 0 0
May 27, 2024 19:15:03.978801966 CEST	440	OUT	GET / HTTP/1.1 Host: a3d27715.physioprogram.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 27, 2024 19:15:04.162159920 CEST	1038	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Mon, 27 May 2024 17:15:04 GMT Content-Type: text/html Content-Length: 795 Connection: keep-alive Last-Modified: Tue, 21 May 2024 12:02:33 GMT ETag: "31b-618f597d9f48b" Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>403 Forbidden</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"> <h1>Server Error</h1> <div class="error-code">403</div> <h2>Forbidden</h2> <p class="lead">You do not have permission to access this document.</p> <hr/> <p>That's what you can do</p> <div class="help-actions"> <a href="javascript:location.reload();">Reload Page</a> <a href="javascript:history.back();">Back to Previous Page</a> <a href="/">Home Page</a> </div> </div></div></body></html>
May 27, 2024 19:15:49.171194077 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49736	91.222.173.92	80	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 27, 2024 19:14:52.833477974 CEST	442	OUT	GET /favicon.ico HTTP/1.1 Host: a3d27715.physioprogram.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 27, 2024 19:14:53.015255928 CEST	1051	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 27 May 2024 17:14:52 GMT Content-Type: text/html Content-Length: 808 Connection: keep-alive Last-Modified: Tue, 21 May 2024 12:02:33 GMT ETag: "328-618f597da042b" Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 65 72 72 6f 72 5f 64 6f 63 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 61 67 65 22 3e 0a 20 20 3c 64 69 76 20 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <link rel="stylesheet" href="/error_docs/styles.css"></head><body><div class="page"> <div class="main"> <h1>Server Error</h1> <div class="error-code">404</div> <h2>Page Not Found</h2> <p class="lead">This page either doesn't exist, or it moved somewhere else.</p> <hr/> <p>That's what you can do</p> <div class="help-actions"> <a href="javascript:location.reload();">Reload Page</a> <a href="javascript:history.back();">Back to Previous Page</a> <a href="/">Home Page</a> </div> </div></div></body></html>
May 27, 2024 19:15:38.029963017 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	91.222.173.92	80	5820	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 27, 2024 19:14:53.174314022 CEST	299	OUT	GET /error_docs/server.svg HTTP/1.1 Host: a3d27715.physioprogram.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 27, 2024 19:14:53.800810099 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 May 2024 17:14:53 GMT Content-Type: image/svg+xml Content-Length: 7416 Connection: keep-alive Last-Modified: Tue, 21 May 2024 12:02:33 GMT ETag: "1cf8-618f597d9f48b" Accept-Ranges: bytes X-Powered-By: PleskLin Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 32 32 38 22 20 68 65 69 67 68 74 3d 22 36 39 32 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 32 37 2e 36 20 36 39 31 2e 38 22 3e 3c 70 61 74 68 20 64 3d 22 4d 36 33 2e 35 20 35 36 37 2e 31 68 31 30 32 76 31 30 38 2e 34 68 2d 31 30 32 56 35 36 37 2e 31 7a 22 20 66 69 6c 6c 3d 22 23 46 46 46 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 31 34 2e 37 20 35 36 37 2e 33 68 35 30 76 31 30 38 2e 34 68 2d 35 30 56 35 36 37 2e 33 7a 22 20 66 69 6c 6c 3d 22 23 38 35 38 43 39 33 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 36 2e 31 20 32 39 30 2e 39 68 32 31 36 2e 36 63 31 2e 37 20 30 20 33 20 31 2e 33 20 33 20 33 76 33 34 34 2e 37 63 30 20 31 2e 37 2d 31 2e 33 20 33 2d 33 20 33 48 36 2e 31 63 2d 31 2e 37 20 30 2d 33 2d 31 2e 33 2d 33 2d 33 56 32 39 33 2e 39 43 33 2e 31 20 32 39 32 2e 32 20 34 2e 35 20 32 39 30 2e 39 20 36 2e 31 20 32 39 30 2e 39 7a 22 20 66 69 6c 6c 3d 22 23 32 [TRUNCATED] Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="228" height="692" viewBox="0 0 227.6 691.8"><path d="M63.5 567.1h102v108.4h-102V567.1z" fill="#FFF"/><path d="M114.7 567.3h50v108.4h-50V567.3z" fill="#858C93"/><path d="M6.1 290.9h216.6c1.7 0 3 1.3 3 3v344.7c0 1.7-1.3 3-3 3H6.1c-1.7 0-3-1.3-3-3V293.9C3.1 292.2 4.5 290.9 6.1 290.9z" fill="#23A7DE"/><path d="M116.2 290.9h108c0.8 0 1.5 1.3 1.5 3v344.7c0 1.7-0.7 3-1.5 3H116.2c-0.8 0-1.5-1.3-1.5-3V293.9C114.7 292.2 115.4 290.9 116.2 290.9z" fill="#1A8ECC"/><path d="M225.7 639.5L225.7 639.5c0 12.3-9.3 22.2-20.8 22.2H23.9c-11.5 0-20.8-9.9-20.8-22.2l0 0" fill="#2BC1FF"/><path d="M114.7 639.5v22.2h90.2c11.5 0 20.8-9.9 20.8-22.2H114.7z" fill="#20A4EA"/><path d="M179.1 611.9h34.6v14.8h-34.6V611.9z" fill="#6AFF07"/><path d="M10.8 673.9H218.8c3.9 0 7 3.1 7 6.9 0 3.8-3.1 6.9-7 6.9H10.8c-3.8 0-7-3.1-7-6.9C3.8 677 6.9 673.9 10.8 673.9z" fill="#EBEEF0"/><path d="M218.8 673.9H114.7v13.9H218.8c3.9 0 7-3.1 7-6.9C225.8 677 222.7 6
May 27, 2024 19:14:53.800873041 CEST	1236	IN	Data Raw: 37 33 2e 39 20 32 31 38 2e 38 20 36 37 33 2e 39 7a 22 20 66 69 6c 6c 3d 22 23 41 32 41 37 41 43 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 32 32 32 2e 37 20 32 38 38 2e 39 48 36 2e 31 63 2d 31 2e 37 20 30 2d 33 20 31 2e 33 2d 33 20 33 76 34 63 30 2d Data Ascii: 73.9 218.8 673.9z" fill="#A2A7AC"/><path d="M222.7 288.9H6.1c-1.7 0-3 1.3-3 3v4c0-1.7 1.3-3 3-3h216.6c1.7 0 3 1.3 3 3v-4C225.7 290.2 224.4 288.9 222.7 288.9z" fill="#A5E4F6"/><path d="M3.1 454.1h222.6v7.4H3.1V454.1z" fill="#2099D0"/><path d="M
May 27, 2024 19:14:53.800910950 CEST	1236	IN	Data Raw: 74 68 20 64 3d 22 4d 31 31 34 2e 37 20 33 36 32 2e 31 68 31 31 31 76 37 2e 34 48 31 31 34 2e 37 56 33 36 32 2e 31 7a 22 20 66 69 6c 6c 3d 22 23 31 34 42 37 45 41 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 33 2e 31 20 33 35 34 2e 37 68 37 36 2e 31 76 Data Ascii: th d="M114.7 362.1h111v7.4H114.7V362.1z" fill="#14B7EA"/><path d="M3.1 354.7h76.1v14.8H3.1V354.7z" fill="#71E9FF"/><linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="113.8" y1="4.7" x2="113.8" y2="165.1"><stop offset="0" stop-col
May 27, 2024 19:14:53.800947905 CEST	1236	IN	Data Raw: 20 30 20 30 20 30 76 30 63 31 2e 36 2d 30 2e 31 20 33 2e 37 2d 31 2e 35 20 33 2e 37 2d 34 2e 33 20 2d 30 2e 31 2d 32 2e 37 2d 32 2e 38 2d 36 2e 32 2d 33 2e 37 2d 37 2e 33 56 31 39 37 2e 39 7a 4d 31 39 37 2e 38 20 31 39 37 2e 31 63 30 20 30 20 30 Data Ascii: 0 0 0v0c1.6-0.1 3.7-1.5 3.7-4.3 -0.1-2.7-2.8-6.2-3.7-7.3V197.9zM197.8 197.1c0 0 0 0 0 0 0 0 0 0 0 0v0c1.6-0.1 3.7-1.5 3.7-4.3 0-2.7-2.8-6.2-3.7-7.3v-0.1c0 0 0 0 0 0.1 0 0 0 0 0-0.1v0.1c-0.9 1.1-3.6 4.6-3.7 7.3 -0.1 2.7 2.1 4.2 3.7 4.3V197.1zM
May 27, 2024 19:14:53.800983906 CEST	1236	IN	Data Raw: 33 20 36 2e 36 2d 35 2e 33 20 31 30 2e 35 20 2d 30 2e 31 20 34 20 33 20 36 2e 31 20 35 2e 33 20 36 2e 31 76 30 63 30 20 30 20 30 20 30 20 30 2e 31 20 30 20 30 20 30 20 30 20 30 20 30 2e 31 20 30 76 30 63 32 2e 33 2d 30 2e 31 20 35 2e 34 2d 32 2e Data Ascii: 3 6.6-5.3 10.5 -0.1 4 3 6.1 5.3 6.1v0c0 0 0 0 0.1 0 0 0 0 0 0.1 0v0c2.3-0.1 5.4-2.2 5.3-6.1 -0.1-3.9-4-8.9-5.3-10.5V208.5zM112.3 259.8c0 0 0 0.1-0.1 0.1 0 0 0-0.1-0.1-0.1v0.2c-1.3 1.6-5.3 6.6-5.3 10.5 -0.1 4 3 6.1 5.3 6.1v0c0 0 0 0 0.1 0 0 0 0
May 27, 2024 19:14:53.801018000 CEST	1236	IN	Data Raw: 20 30 2d 30 2e 31 76 30 2e 31 63 2d 30 2e 39 20 31 2e 32 2d 33 2e 38 20 34 2e 39 2d 33 2e 39 20 37 2e 37 20 2d 30 2e 31 20 32 2e 39 20 32 2e 32 20 34 2e 35 20 33 2e 39 20 34 2e 35 76 30 63 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 20 30 Data Ascii: 0-0.1v0.1c-0.9 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0 0 0 0 0 0 0 0 0 0 0 0v0c1.7-0.1 3.9-1.6 3.8-4.5 -0.1-2.9-2.9-6.5-3.8-7.7V214.7zM174.5 188.2c0 0 0 0 0 0.1 0 0 0 0 0-0.1v0.1c-0.9 1.2-3.8 4.9-3.9 7.7 -0.1 2.9 2.2 4.5 3.9 4.5v0c0
May 27, 2024 19:14:53.801057100 CEST	266	IN	Data Raw: 68 20 64 3d 22 4d 31 33 36 2e 31 20 31 30 34 2e 37 6c 2d 31 36 2e 31 20 33 39 2e 35 68 33 31 2e 39 6c 2d 36 37 2e 36 20 34 34 2e 31 20 31 35 2e 38 2d 34 34 2e 31 48 37 35 2e 37 6c 31 36 2e 31 2d 33 39 2e 36 4c 31 33 36 2e 31 20 31 30 34 2e 37 7a Data Ascii: h d="M136.1 104.7l-16.1 39.5h31.9l-67.6 44.1 15.8-44.1H75.7l16.1-39.6L136.1 104.7z" fill="#FFC000"/><polygon points="120 144.1 118.8 147.1 147.4 147.1 152 144.1 " fill="#FFEB00"/><polygon points="90.5 107.5 134.9 107.7 136.1 104.7 91.8 104.5 "
May 27, 2024 19:15:38.811212063 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 17:14:56 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 17:14:56 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=168858 Date: Mon, 27 May 2024 17:14:56 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-05-27 17:14:57 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-27 17:14:57 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=168940 Date: Mon, 27 May 2024 17:14:57 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-27 17:14:57 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Target ID:	0
Start time:	13:14:45
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:14:48
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=2124,i,11095427607011043748,2826880530286857159,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	13:14:51
Start date:	27/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y	HTTP Parser: No favicon
Source: http://a3d27715.physioprogram.it/	HTTP Parser: No favicon

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4924, Parent PID: 5040

General

Chronological Activities

Analysis Process: chrome.exePID: 5820, Parent PID: 4924

General

Chronological Activities

Analysis Process: chrome.exePID: 6480, Parent PID: 5040

General

Windows Analysis Report
http://a3d27715.physioprogram.it/ser?id=ferolmet.it&e=ef878189&h=69001653&f=n&p=y