Edit tour

Windows Analysis Report
https://urlz.fr/r1TD

Overview

General Information

Sample URL:	https://urlz.fr/r1TD
Analysis ID:	1467880
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2460,i,5162128387195293770,17291697451212001631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4452 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urlz.fr/r1TD" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

String found in binary or memory: <div id="partenaires"><a href="https://convertall.com/fr/convertisseur-pdf" title="Convertisseur PDF gratuit" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-cf-modified-04614967c3e055ef5d7398c9->Convertir en PDF</a> - <a href="https://casinobonusca.com/fr/" title="Casinobonusca" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-cf-modified-04614967c3e055ef5d7398c9->Casinobonusca</a> - <a href="https://cpstest.click/fr" title="Testez a quelle vitesse vous cliquez" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-cf-modified-04614967c3e055ef5d7398c9->Click Test</a> - <a title="Convertisseur YouTube MP3" href="https://notube.lol/fr/youtube-app-v133" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-cf-modified-04614967c3e055ef5d7398c9->Convertisseur YouTube MP3</a> - <a title="Trouver un serveur Minecraft" href="https://serveur-prive.net/minecraft" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-cf-modified-04614967c3e055ef5d7398c9->Serveur Minecraft gratuit</a> - <a title="Localiser mon ip" href="https://ipcost.com/fr" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-cf-modified-04614967c3e055ef5d7398c9->Localiser ip</a> - <a href="http://www.zupimages.net/" title="H equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: urlz.fr
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 382Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 22:25:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89e287cb5fad7c8a-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Jul 2024 22:25:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=86400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89e287cf8ae77ce7-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_107.2.dr	String found in binary or memory: http://www.zupimages.net/
Source: chromecache_107.2.dr	String found in binary or memory: https://casinobonusca.com/fr/
Source: chromecache_107.2.dr	String found in binary or memory: https://cmp.quantcast.com
Source: chromecache_107.2.dr	String found in binary or memory: https://convertall.com/fr/convertisseur-pdf
Source: chromecache_107.2.dr	String found in binary or memory: https://cpstest.click/fr
Source: chromecache_107.2.dr	String found in binary or memory: https://ipcost.com/fr
Source: chromecache_107.2.dr	String found in binary or memory: https://notube.lol/fr/youtube-app-v133
Source: chromecache_107.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1581144506541376
Source: chromecache_107.2.dr	String found in binary or memory: https://serveur-prive.net/minecraft
Source: chromecache_107.2.dr	String found in binary or memory: https://twitter.com/URLzFR
Source: chromecache_107.2.dr	String found in binary or memory: https://urlz.fr/
Source: chromecache_107.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-162669458-1

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60670 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60671
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60670
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 23.212.194.8:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.212.194.8:443 -> 192.168.2.7:49712 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@21/4@6/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2460,i,5162128387195293770,17291697451212001631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urlz.fr/r1TD"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2460,i,5162128387195293770,17291697451212001631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://urlz.fr/r1TD	0%	Avira URL Cloud	safe
https://urlz.fr/r1TD	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://serveur-prive.net/minecraft	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX	0%	Avira URL Cloud	safe
https://urlz.fr/favicon.ico	0%	Avira URL Cloud	safe
https://twitter.com/URLzFR	0%	Avira URL Cloud	safe
https://cpstest.click/fr	0%	Avira URL Cloud	safe
https://convertall.com/fr/convertisseur-pdf	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc	0%	Avira URL Cloud	safe
https://ipcost.com/fr	0%	Avira URL Cloud	safe
http://www.zupimages.net/	0%	Avira URL Cloud	safe
https://cmp.quantcast.com	0%	Avira URL Cloud	safe
https://urlz.fr/	0%	Avira URL Cloud	safe
https://notube.lol/fr/youtube-app-v133	100%	Avira URL Cloud	malware
https://casinobonusca.com/fr/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
urlz.fr	104.21.234.214	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://urlz.fr/favicon.ico	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc	false	Avira URL Cloud: safe	unknown
https://urlz.fr/r1TD	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://convertall.com/fr/convertisseur-pdf	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://cpstest.click/fr	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/URLzFR	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://serveur-prive.net/minecraft	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://cmp.quantcast.com	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
http://www.zupimages.net/	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://ipcost.com/fr	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://notube.lol/fr/youtube-app-v133	chromecache_107.2.dr	false	Avira URL Cloud: malware	unknown
https://urlz.fr/	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown
https://casinobonusca.com/fr/	chromecache_107.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
104.21.234.214	urlz.fr	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467880
Start date and time:	2024-07-05 00:24:22 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://urlz.fr/r1TD
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@21/4@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 172.217.23.110, 74.125.133.84, 34.104.35.123, 13.85.23.86, 2.19.126.137, 2.19.126.163, 13.95.31.18, 52.165.164.15, 20.166.126.56, 142.250.186.99, 131.107.255.255
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, time.windows.com, a767.dspw65.akamai.net, dns.msftncsi.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://urlz.fr/r1TD

Input	Output
URL: https://urlz.fr/r1TD Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage are '404 Not Found', which does not contain a login form, does not create a sense of urgency, or contain a CAPTCHA."]}
Title: 404 Not Found OCR: 404 Not Found

URL: https://urlz.fr/r1TD Model: Perplexity: mixtral-8x7b-instruct

{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage are '404 Not Found', which does not contain a login form, does not create a sense of urgency, or contain a CAPTCHA."]}

Title: 404 Not Found OCR: 404 Not Found

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1688), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.0460493634935535
Encrypted:	false
SSDEEP:	192:NBuK2saoJ7JkGSqMPCbKGsmZkVwNXyz3liHXH7:XuRsTJ7q56K3mZ0wNCz3li3H7
MD5:	FBDDB9E5EE4984B5DF89F71A5EC9DB4C
SHA1:	855770245241393037414C30A4F4A0AD655B66C4
SHA-256:	A3DB3F7FEF5B10B50B8D5B8B6171809CF7928790A91A735BBAE9D5B13FBAE3FD
SHA-512:	F20E2926BDD970501B505558A135098B8C4DC5521E33D6128923B7D49BA2E6DCE8C294993191635E57D3A8580233998194D611395AB7CB86F6B8956F6D1C2D13
Malicious:	false
Reputation:	low
URL:	https://urlz.fr/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">.<head>.<title>R.ducteur de lien / Minimiseur d'URL [Raccourcir un lien]</title>.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<link type="text/css" rel="stylesheet" media="screen" href="/style.css" />.<link type="image/x-icon" rel="shortcut icon" href="/images/favicon.ico" />.<script type="04614967c3e055ef5d7398c9-text/javascript" src="/scripts.js"></script>..<script type="04614967c3e055ef5d7398c9-text/javascript" async="true">.. (function() {.. var host = 'www.themoneytizer.com';.. var element = document.createElement('script');.. var firstScript = document.getElementsByTagName('script')[0];.. var url = 'https://cmp.quantcast.com'.. .concat('/choice/', '6Fv0cGNfc_bw8', '/', host, '/choice.js');.. var uspTries = 0;.. var uspTriesLimit = 3;

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	145
Entropy (8bit):	4.3382637030117746
Encrypted:	false
SSDEEP:	3:qVvzLURObOb0qHXbvxL4AqWrKb0GklITULLP61IWKBc4NGL33:qFzLIkObRHXLx0AqWObtklIgLP8IWKqT
MD5:	434BB1998B2CDCC59686812AE708A9DE
SHA1:	85BACAABECFA829116FD086046C1FE810397F73E
SHA-256:	7A6FD962B4686F8277823B26CDA79726EE97ABC0C7F649225EB3C35DF2949FE4
SHA-512:	B8640BDC2DFE75F26A419685300A5316DFFDAA7B03935A06016EAB2C0871F074A86BCE9C378730E3B4AC81EBFB7A991D2F7A90971166470BAB1B02F5245B425E
Malicious:	false
Reputation:	low
URL:	https://urlz.fr/r1TD
Preview:	<html>.<head><title>404 Not Found</title></head>.<body>.<center><h1>404 Not Found</h1></center>.<hr><center>nginx</center>.</body>.</html>.......

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 00:25:10.032077074 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:10.344270945 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:10.781888962 CEST	49675	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:10.781900883 CEST	49674	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:10.922430038 CEST	49672	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:10.953663111 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:12.156778097 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:14.578669071 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:18.058820009 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.058859110 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.058967113 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.059403896 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.059417009 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.061774969 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.061806917 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.061872959 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.062170029 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.062181950 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.541419983 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.542139053 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.544153929 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.544167995 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.544286966 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.544313908 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.545197010 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.545263052 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.545501947 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.545557022 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.546595097 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.546660900 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.547034979 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.547125101 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.547378063 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.547384977 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.588629961 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:25:18.595468998 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.595473051 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.595483065 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.636647940 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.899734020 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.899846077 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.899910927 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.902976036 CEST	49704	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:18.903006077 CEST	443	49704	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:18.919157982 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:18.919193983 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:18.919253111 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:18.919977903 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:18.919994116 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:18.971381903 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:25:19.232358932 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.272516012 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.377820015 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:19.405426979 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.454458952 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.454476118 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.455374002 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.455470085 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.457396030 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.457453966 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.457752943 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.457761049 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.502846003 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.586448908 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.586523056 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.586581945 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.590709925 CEST	49708	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.590729952 CEST	443	49708	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.591486931 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.591535091 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.591650963 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.591919899 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:19.591933966 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:19.639147997 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639198065 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639230967 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639246941 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.639275074 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639317989 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.639324903 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639808893 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639837027 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639849901 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.639857054 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.639892101 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.639898062 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.640899897 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.640983105 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.640990019 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.641011953 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.641052961 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.688590050 CEST	49705	443	192.168.2.7	104.21.234.214
Jul 5, 2024 00:25:19.688611031 CEST	443	49705	104.21.234.214	192.168.2.7
Jul 5, 2024 00:25:19.719101906 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:25:20.081702948 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.087007046 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:20.087028027 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.087341070 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.106218100 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:20.106343031 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.107240915 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:20.148511887 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.239883900 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.239989042 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.240087032 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:20.243855000 CEST	49709	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:25:20.243870974 CEST	443	49709	35.190.80.1	192.168.2.7
Jul 5, 2024 00:25:20.390863895 CEST	49675	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:20.390872002 CEST	49674	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:20.537184000 CEST	49672	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:20.720967054 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:20.721013069 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:20.723215103 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:20.723754883 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:20.723767996 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.221148968 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:25:21.406421900 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.449166059 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:21.449193001 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.450220108 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.450232983 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.450304985 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:21.496716022 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:21.496813059 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.549279928 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:21.549292088 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:21.596158028 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:22.040318966 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:22.040369987 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:22.040457010 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:22.043833017 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:22.043848991 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:22.742892027 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:22.742988110 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:22.748955011 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:22.748975039 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:22.749201059 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:22.824971914 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:22.868510962 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.040327072 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.040396929 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.040502071 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.041059017 CEST	49711	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.041074991 CEST	443	49711	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.146857977 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.146891117 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.149045944 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.150116920 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.150131941 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.819317102 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.819391012 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.820713043 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.820719004 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.820955992 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:23.822143078 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:23.864500046 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:24.115073919 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:24.115168095 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:24.115228891 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:24.139031887 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:24.139055967 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:24.139069080 CEST	49712	443	192.168.2.7	23.212.194.8
Jul 5, 2024 00:25:24.139075994 CEST	443	49712	23.212.194.8	192.168.2.7
Jul 5, 2024 00:25:24.244043112 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:25:28.985760927 CEST	49671	443	192.168.2.7	204.79.197.203
Jul 5, 2024 00:25:30.204499006 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:25:31.303317070 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:31.303395987 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:31.303672075 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:31.480806112 CEST	49698	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:31.482736111 CEST	49714	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:31.482775927 CEST	443	49714	104.98.116.138	192.168.2.7
Jul 5, 2024 00:25:31.483027935 CEST	49714	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:31.483640909 CEST	49714	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:31.483659029 CEST	443	49714	104.98.116.138	192.168.2.7
Jul 5, 2024 00:25:31.488019943 CEST	443	49698	104.98.116.138	192.168.2.7
Jul 5, 2024 00:25:32.724318027 CEST	443	49714	104.98.116.138	192.168.2.7
Jul 5, 2024 00:25:32.724575996 CEST	443	49714	104.98.116.138	192.168.2.7
Jul 5, 2024 00:25:32.724658012 CEST	49714	443	192.168.2.7	104.98.116.138
Jul 5, 2024 00:25:32.743912935 CEST	49710	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:25:32.743948936 CEST	443	49710	142.250.185.132	192.168.2.7
Jul 5, 2024 00:25:39.242042065 CEST	60666	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:39.247284889 CEST	53	60666	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:39.247364044 CEST	60666	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:39.247473001 CEST	60666	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:39.252562046 CEST	53	60666	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:39.718046904 CEST	53	60666	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:39.719955921 CEST	60666	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:39.726376057 CEST	53	60666	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:39.726453066 CEST	60666	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:42.110047102 CEST	49677	443	192.168.2.7	20.50.201.200
Jul 5, 2024 00:26:19.164043903 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.164087057 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.164151907 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.164378881 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.164395094 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.649735928 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.655070066 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.655102968 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.655430079 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.665126085 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.665191889 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.665657043 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.708520889 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.793529034 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.793596029 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.793644905 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.934648991 CEST	60670	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.934701920 CEST	443	60670	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.935980082 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.936017036 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:19.936095953 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.936820984 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:19.936835051 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.411679983 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.412090063 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:20.412101984 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.412453890 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.412905931 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:20.413151026 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:20.413158894 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.413239956 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.455241919 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:20.547323942 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.547991991 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.548082113 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:20.557514906 CEST	60671	443	192.168.2.7	35.190.80.1
Jul 5, 2024 00:26:20.557539940 CEST	443	60671	35.190.80.1	192.168.2.7
Jul 5, 2024 00:26:20.756696939 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:20.756772041 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:20.756889105 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:20.757292032 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:20.757308960 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:21.428463936 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:21.428806067 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:21.428838968 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:21.429182053 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:21.430264950 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:21.430351973 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:21.470711946 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:31.355123043 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:31.355201960 CEST	443	60672	142.250.185.132	192.168.2.7
Jul 5, 2024 00:26:31.355262041 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:32.739620924 CEST	60672	443	192.168.2.7	142.250.185.132
Jul 5, 2024 00:26:32.739650011 CEST	443	60672	142.250.185.132	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 5, 2024 00:25:16.558129072 CEST	53	53737	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:16.569020033 CEST	53	54019	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:18.045361042 CEST	63762	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:18.045494080 CEST	53174	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:18.056176901 CEST	53	63762	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:18.056612968 CEST	53	53174	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:18.082283020 CEST	53	62785	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:18.902143002 CEST	49637	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:18.902324915 CEST	49514	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:18.910631895 CEST	53	49637	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:18.911744118 CEST	53	49514	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:20.707403898 CEST	52036	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:20.707890987 CEST	58622	53	192.168.2.7	1.1.1.1
Jul 5, 2024 00:25:20.714983940 CEST	53	52036	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:20.715714931 CEST	53	58622	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:23.449923038 CEST	123	123	192.168.2.7	20.101.57.9
Jul 5, 2024 00:25:24.008023024 CEST	123	123	20.101.57.9	192.168.2.7
Jul 5, 2024 00:25:25.048209906 CEST	123	123	192.168.2.7	20.101.57.9
Jul 5, 2024 00:25:25.225346088 CEST	123	123	20.101.57.9	192.168.2.7
Jul 5, 2024 00:25:35.200005054 CEST	53	62190	1.1.1.1	192.168.2.7
Jul 5, 2024 00:25:39.241647005 CEST	53	61527	1.1.1.1	192.168.2.7
Jul 5, 2024 00:26:15.840614080 CEST	53	60561	1.1.1.1	192.168.2.7
Jul 5, 2024 00:26:19.070427895 CEST	138	138	192.168.2.7	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 5, 2024 00:25:18.045361042 CEST	192.168.2.7	1.1.1.1	0x607d	Standard query (0)	urlz.fr	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:18.045494080 CEST	192.168.2.7	1.1.1.1	0x7263	Standard query (0)	urlz.fr	65	IN (0x0001)	false
Jul 5, 2024 00:25:18.902143002 CEST	192.168.2.7	1.1.1.1	0xb9e1	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:18.902324915 CEST	192.168.2.7	1.1.1.1	0x6505	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jul 5, 2024 00:25:20.707403898 CEST	192.168.2.7	1.1.1.1	0x6175	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:20.707890987 CEST	192.168.2.7	1.1.1.1	0x44a6	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 5, 2024 00:25:18.056176901 CEST	1.1.1.1	192.168.2.7	0x607d	No error (0)	urlz.fr	104.21.234.214	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:18.056176901 CEST	1.1.1.1	192.168.2.7	0x607d	No error (0)	urlz.fr	104.21.234.215	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:18.056612968 CEST	1.1.1.1	192.168.2.7	0x7263	No error (0)	urlz.fr		65	IN (0x0001)	false
Jul 5, 2024 00:25:18.910631895 CEST	1.1.1.1	192.168.2.7	0xb9e1	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:20.714983940 CEST	1.1.1.1	192.168.2.7	0x6175	No error (0)	www.google.com	142.250.185.132	A (IP address)	IN (0x0001)	false
Jul 5, 2024 00:25:20.715714931 CEST	1.1.1.1	192.168.2.7	0x44a6	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

urlz.fr

https:

a.nel.cloudflare.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49704	104.21.234.214	443	7096	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:25:18 UTC	654	OUT	GET /r1TD HTTP/1.1 Host: urlz.fr Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:25:18 UTC	552	IN	HTTP/1.1 404 Not Found Date: Thu, 04 Jul 2024 22:25:18 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89e287cb5fad7c8a-EWR alt-svc: h3=":443"; ma=86400
2024-07-04 22:25:18 UTC	151	IN	Data Raw: 39 31 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0a 0a 0a 0a 0a 0a 0d 0a Data Ascii: 91<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
2024-07-04 22:25:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49705	104.21.234.214	443	7096	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:25:19 UTC	574	OUT	GET /favicon.ico HTTP/1.1 Host: urlz.fr Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://urlz.fr/r1TD Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:25:19 UTC	601	IN	HTTP/1.1 404 Not Found Date: Thu, 04 Jul 2024 22:25:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=86400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89e287cf8ae77ce7-EWR alt-svc: h3=":443"; ma=86400
2024-07-04 22:25:19 UTC	768	IN	Data Raw: 32 66 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 52 c3 a9 64 75 63 74 65 75 72 20 64 65 20 6c 69 65 6e 20 2f 20 4d 69 6e 69 6d 69 73 65 75 72 20 64 27 55 52 4c 20 5b 52 61 63 63 6f 75 72 63 69 72 20 75 6e 20 6c 69 65 6e 5d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 Data Ascii: 2f49<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Rducteur de lien / Minimiseur d'URL [Raccourcir un lien]</title><meta http-equ
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 72 69 70 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 27 73 63 72 69 70 74 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 73 3a 2f 2f 63 6d 70 2e 71 75 61 6e 74 63 61 73 74 2e 63 6f 6d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 63 6f 6e 63 61 74 28 27 2f 63 68 6f 69 63 65 2f 27 2c 20 27 36 46 76 30 63 47 4e 66 63 5f 62 77 38 27 2c 20 27 2f 27 2c 20 68 6f 73 74 2c 20 27 2f 63 68 6f 69 63 65 2e 6a 73 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 73 70 54 72 69 65 73 20 3d 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 73 70 54 72 69 65 73 4c 69 6d 69 74 20 3d 20 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 65 6c 65 6d 65 Data Ascii: ript = document.getElementsByTagName('script')[0]; var url = 'https://cmp.quantcast.com' .concat('/choice/', '6Fv0cGNfc_bw8', '/', host, '/choice.js'); var uspTries = 0; var uspTriesLimit = 3; eleme
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 61 72 67 73 5b 30 5d 20 3d 3d 3d 20 27 73 65 74 47 64 70 72 41 70 70 6c 69 65 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 67 73 2e 6c 65 6e 67 74 68 20 3e 20 33 20 26 26 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 67 73 5b 32 5d 20 3d 3d 3d 20 32 20 26 26 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 6f 66 20 61 72 67 73 5b 33 5d 20 3d 3d 3d 20 27 62 6f 6f 6c 65 61 6e 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 67 64 70 72 41 70 70 6c 69 65 73 20 3d 20 61 72 67 73 5b 33 5d 3b 0d 0a 20 Data Ascii: } else if (args[0] === 'setGdprApplies') { if ( args.length > 3 && args[2] === 2 && typeof args[3] === 'boolean' ) { gdprApplies = args[3];
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 6f 61 64 20 3d 20 6a 73 6f 6e 2e 5f 5f 74 63 66 61 70 69 43 61 6c 6c 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 70 61 79 6c 6f 61 64 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 5f 5f 74 63 66 61 70 69 28 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 79 6c 6f 61 64 2e 63 6f 6d 6d 61 6e 64 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 79 6c 6f 61 64 2e 76 65 72 73 69 6f 6e 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 28 72 65 74 56 61 6c 75 65 2c 20 73 75 63 63 65 73 73 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 72 65 74 75 72 6e 4d 73 67 20 3d 20 7b 0d 0a 20 20 20 Data Ascii: oad = json.__tcfapiCall; if (payload) { window.__tcfapi( payload.command, payload.version, function(retValue, success) { var returnMsg = {
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 28 27 6d 65 73 73 61 67 65 27 2c 20 70 6f 73 74 4d 65 73 73 61 67 65 45 76 65 6e 74 48 61 6e 64 6c 65 72 2c 20 66 61 6c 73 65 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 7d 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 6d 61 6b 65 53 74 75 62 28 29 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 73 70 53 74 75 62 46 75 6e 63 74 69 6f 6e 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 61 72 67 20 3d 20 61 72 67 75 6d 65 6e 74 73 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 5f 5f 75 73 70 61 70 69 20 21 3d 3d 20 75 73 70 53 74 75 62 46 75 6e 63 74 69 6f 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: ('message', postMessageEventHandler, false); } }; makeStub(); var uspStubFunction = function() { var arg = arguments; if (typeof window.__uspapi !== uspStubFunction) {
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 20 74 69 6e 79 2c 20 62 69 74 2c 20 70 61 72 74 61 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 69 64 65 6e 74 69 66 69 65 72 2d 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 75 72 6c 7a 2e 66 72 2f 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 6f 74 64 2d 66 71 46 57 5a 5a 49 49 62 5a 71 69 31 6b 64 34 69 69 46 68 52 68 69 2d 65 73 76 43 2d 74 4f 59 2d 49 68 44 55 63 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f Data Ascii: tiny, bit, partage" /><meta name="robots" content="index, follow, all" /><meta name="identifier-url" content="https://urlz.fr/" /><meta name="google-site-verification" content="Fotd-fqFWZZIIbZqi1kd4iiFhRhi-esvC-tOY-IhDUc" /></head><body><div id="co
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 3c 66 6f 72 6d 20 69 64 3d 22 73 75 62 6d 69 74 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 20 61 63 74 69 6f 6e 3d 22 2f 22 3e 0a 3c 64 69 76 20 69 64 3d 22 63 61 64 72 65 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6e 6f 74 69 66 69 63 61 74 69 6f 6e 22 3e 3c 73 70 61 6e 20 69 64 3d 22 62 6c 69 6e 6b 22 3e 3c 69 6d 67 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 20 3a 20 2d 33 70 78 3b 22 20 73 72 63 3d 22 2f 69 6d 61 67 65 73 2f 65 72 72 65 75 72 2e 70 6e 67 22 20 61 6c 74 20 2f 3e 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 20 3a 20 72 65 64 3b 22 3e 4c 61 20 70 61 67 65 20 6e 27 65 78 69 73 74 65 20 70 61 73 20 6f 75 20 6e 27 65 78 69 73 74 65 20 70 6c 75 73 2e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0a 3c Data Ascii: <form id="submit" method="post" action="/"><div id="cadre"><div id="notification"><span id="blink"><img style="margin-bottom : -3px;" src="/images/erreur.png" alt /> <span style="color : red;">La page n'existe pas ou n'existe plus.</span></span></div><
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 74 20 73 72 63 3d 22 2f 2f 61 64 73 2e 74 68 65 6d 6f 6e 65 79 74 69 7a 65 72 2e 63 6f 6d 2f 73 2f 67 65 6e 2e 6a 73 3f 74 79 70 65 3d 36 22 20 74 79 70 65 3d 22 30 34 36 31 34 39 36 37 63 33 65 30 35 35 65 66 35 64 37 33 39 38 63 39 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 64 73 2e 74 68 65 6d 6f 6e 65 79 74 69 7a 65 72 2e 63 6f 6d 2f 73 2f 72 65 71 75 65 73 74 66 6f 72 6d 2e 6a 73 3f 73 69 74 65 49 64 3d 31 35 30 35 36 26 66 6f 72 6d 61 74 49 64 3d 36 22 20 74 79 70 65 3d 22 30 34 36 31 34 39 36 37 63 33 65 30 35 35 65 66 35 64 37 33 39 38 63 39 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 64 69 76 3e 0a 3c 62 72 2f 3e 3c 64 Data Ascii: t src="//ads.themoneytizer.com/s/gen.js?type=6" type="04614967c3e055ef5d7398c9-text/javascript"></script><script src="//ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=6" type="04614967c3e055ef5d7398c9-text/javascript"></script></div><br/><d
2024-07-04 22:25:19 UTC	1369	IN	Data Raw: 6e 20 66 61 6c 73 65 3b 22 20 64 61 74 61 2d 63 66 2d 6d 6f 64 69 66 69 65 64 2d 30 34 36 31 34 39 36 37 63 33 65 30 35 35 65 66 35 64 37 33 39 38 63 39 2d 3e 43 6c 69 63 6b 20 54 65 73 74 3c 2f 61 3e 20 2d 20 3c 61 20 74 69 74 6c 65 3d 22 43 6f 6e 76 65 72 74 69 73 73 65 75 72 20 59 6f 75 54 75 62 65 20 4d 50 33 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 6f 74 75 62 65 2e 6c 6f 6c 2f 66 72 2f 79 6f 75 74 75 62 65 2d 61 70 70 2d 76 31 33 33 22 20 6f 6e 63 6c 69 63 6b 3d 22 69 66 20 28 21 77 69 6e 64 6f 77 2e 5f 5f 63 66 52 4c 55 6e 62 6c 6f 63 6b 48 61 6e 64 6c 65 72 73 29 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 74 68 69 73 2e 68 72 65 66 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 20 64 61 74 61 2d Data Ascii: n false;" data-cf-modified-04614967c3e055ef5d7398c9->Click Test</a> - <a title="Convertisseur YouTube MP3" href="https://notube.lol/fr/youtube-app-v133" onclick="if (!window.__cfRLUnblockHandlers) return false; window.open(this.href); return false;" data-
2024-07-04 22:25:19 UTC	393	IN	Data Raw: 66 69 67 27 2c 20 27 55 41 2d 31 36 32 36 36 39 34 35 38 2d 31 27 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 61 67 65 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69 63 61 74 69 6f 6e 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 6a 73 2f 61 64 73 62 79 67 6f 6f 67 6c 65 2e 6a 73 3f 63 6c 69 65 6e 74 3d 63 61 2d 70 75 62 2d 31 35 38 31 31 34 34 35 30 36 35 34 31 33 37 36 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 74 79 70 65 3d 22 30 34 36 31 34 39 36 37 63 33 65 30 35 35 65 66 35 64 37 33 39 38 63 39 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f Data Ascii: fig', 'UA-162669458-1');</script><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1581144506541376" crossorigin="anonymous" type="04614967c3e055ef5d7398c9-text/javascript"></script><script src="/cdn-cgi/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49708	35.190.80.1	443	7096	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:25:19 UTC	514	OUT	OPTIONS /report/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://urlz.fr Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:25:19 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Thu, 04 Jul 2024 22:25:19 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49709	35.190.80.1	443	7096	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:25:20 UTC	464	OUT	POST /report/v4?s=CGL4Nxg11L%2FyAdVfH6x7x9ZCJlaQja0steU6io7SdjXGoGhIxhTmBssr1j97ENbF2PgLFFgkRrOAwF04JUx%2B3kFY9nYjfMt%2FHVXqTauQ8ERDrVvPk9mkLDQc HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 382 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:25:20 UTC	382	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 34 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 33 34 2e 32 31 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 75 72 6c 7a 2e 66 72 2f 72 31 54 44 22 2c 22 Data Ascii: [{"age":1,"body":{"elapsed_time":842,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.234.214","status_code":404,"type":"http.error"},"type":"network-error","url":"https://urlz.fr/r1TD","
2024-07-04 22:25:20 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 04 Jul 2024 22:25:20 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49711	23.212.194.8	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:25:22 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 22:25:23 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=31058 Date: Thu, 04 Jul 2024 22:25:22 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49712	23.212.194.8	443

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:25:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-04 22:25:24 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=31061 Date: Thu, 04 Jul 2024 22:25:24 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-04 22:25:24 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	60670	35.190.80.1	443	7096	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:26:19 UTC	518	OUT	OPTIONS /report/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://urlz.fr Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:26:19 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Thu, 04 Jul 2024 22:26:19 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	60671	35.190.80.1	443	7096	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-04 22:26:20 UTC	468	OUT	POST /report/v4?s=YQNCvpSY7zluMdmUj%2FbVGruRTC1D51w9TyjzJsgzgkLVcmj%2BRVp%2FUlzAIN0B5eswXDl309oOaoNnOmhcXt6peXKI%2FsuPSniuAcc3JSxycX0pU%2FXZxt1kPsLX HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 413 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-04 22:26:20 UTC	413	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 39 35 32 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 30 39 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 75 72 6c 7a 2e 66 72 2f 72 31 54 44 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 32 33 34 2e 32 31 34 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a Data Ascii: [{"age":59523,"body":{"elapsed_time":409,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://urlz.fr/r1TD","sampling_fraction":1.0,"server_ip":"104.21.234.214","status_code":404,"type":"http.error"},"type":"network-error","url":
2024-07-04 22:26:20 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 04 Jul 2024 22:26:20 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	18:25:10
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:25:15
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2460,i,5162128387195293770,17291697451212001631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:25:17
Start date:	04/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://urlz.fr/r1TD"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.194.8
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /r1TD HTTP/1.1Host: urlz.frConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: urlz.frConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://urlz.fr/r1TDAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://urlz.fr/r1TD

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 4856, Parent PID: 5792

General

Chronological Activities

Analysis Process: chrome.exePID: 7096, Parent PID: 4856

General

Chronological Activities

Analysis Process: chrome.exePID: 4452, Parent PID: 5792

General

Chronological Activities

Disassembly

Windows Analysis Report
https://urlz.fr/r1TD