Edit tour

Windows Analysis Report
http://www.akagustos-kampanyasizlerle1.cloud/

Overview

General Information

Sample URL:	http://www.akagustos-kampanyasizlerle1.cloud/
Analysis ID:	1496228
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2328,i,17139168875402069000,727924801878504152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.akagustos-kampanyasizlerle1.cloud/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_103	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.akagustos-kampanyasizlerle1.cloud/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://www.akagustos-kampanyasizlerle1.cloud/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing
Source: https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing
Source: https://www.akagustos-kampanyasizlerle1.cloud/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_103, type: DROPPED

Source: https://www.akagustos-kampanyasizlerle1.cloud/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:51365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:51367 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:51361 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.akagustos-kampanyasizlerle1.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: www.akagustos-kampanyasizlerle1.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.akagustos-kampanyasizlerle1.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: www.akagustos-kampanyasizlerle1.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.akagustos-kampanyasizlerle1.cloudConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.akagustos-kampanyasizlerle1.cloud/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: www.akagustos-kampanyasizlerle1.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.akagustos-kampanyasizlerle1.cloudConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.akagustos-kampanyasizlerle1.cloud
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_103.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_103.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51365
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51363
Source: unknown	Network traffic detected: HTTP traffic on port 51377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51367
Source: unknown	Network traffic detected: HTTP traffic on port 51367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:51365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:51367 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@22/10@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2328,i,17139168875402069000,727924801878504152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.akagustos-kampanyasizlerle1.cloud/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2328,i,17139168875402069000,727924801878504152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.akagustos-kampanyasizlerle1.cloud/	100%	Avira URL Cloud	phishing
http://www.akagustos-kampanyasizlerle1.cloud/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing
https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://www.akagustos-kampanyasizlerle1.cloud/favicon.ico	100%	Avira URL Cloud	phishing
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.akagustos-kampanyasizlerle1.cloud	104.21.58.80	true	false	unknown
www.google.com	172.217.16.196	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.akagustos-kampanyasizlerle1.cloud/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: phishing	unknown
https://www.akagustos-kampanyasizlerle1.cloud/	false		unknown
https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_103.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_103.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.58.80	www.akagustos-kampanyasizlerle1.cloud	United States	13335	CLOUDFLARENETUS	false
172.67.157.249	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1496228
Start date and time:	2024-08-21 00:22:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.akagustos-kampanyasizlerle1.cloud/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@22/10@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 216.58.206.46, 64.233.166.84, 34.104.35.123, 52.165.165.26, 93.184.221.240, 20.242.39.171, 192.229.221.95, 142.250.186.163
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.akagustos-kampanyasizlerle1.cloud/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.089277264110367
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisfA2ZLimirR49PaQxJbGD:1j9jhjYjIK/Vo+tsxZOmirO9ieJGD
MD5:	1CA5816E355B4755FD77E7AB4148D234
SHA1:	75A3491F8A4553CFB3B69E29DAD44D641CD27479
SHA-256:	03BCD7B91693C81B3BD236BD44A622D9794BB48DAA6868BFDC9E35660633C126
SHA-512:	107EFBA7AFD0B765890658DA2D8AAE5E0284FB3F2B619BEC25BAD0CFBB525BAABA747F6C8CE14361EFC9FDCAC8A1A7AAA4C40CD77E0D3048BB84587EB5B23A24
Malicious:	false
Reputation:	low
URL:	https://www.akagustos-kampanyasizlerle1.cloud/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	4.328766538924409
Encrypted:	false
SSDEEP:	48:QwL+ah0QWs3z1gL9LSJN798lyBbr9bgozxXoAOg81XAHoctUjpeqeDzTCZmNV:QHaDxAiWSbq0S2Igepe9DT/
MD5:	650B28C6CF1B473AED15BA26BAD1DA92
SHA1:	63F99C1D32AB6387DB0F981F242FCEFCB875AC21
SHA-256:	1F7437E15BE65FCFD977E547E957DA7950167F957DEEAC877086E9B66C11BE87
SHA-512:	EE3C937542BDB10FC5A2BDF41FC6C89BFE699A870A69368F276963AF3EFBB711827E916DD05AA7E653524770F2E0BD0D38EE6A5E3B6C7255CAC1CD74930B7541
Malicious:	false
Reputation:	low
Preview:	...... .... .........(... ...@..... .........................................................YH8.YH8.YH8YH8lYH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8mYH8YG8.YH8.........................................................YH8.YH8.YH88YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH87YH8.YH8.........................................ZF6.XH8.YH8.YH8.YH8.YH8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.YH8.YH8.YH8.YH8.YH8.YF7.............................YG7.XI9.YH86YH8.YH8.YH8.[J8.hT;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.hT;.[J8.YH8.YH8.YH8.YH86XJ9.ZG7.....................ZG7.XI9.YH8BYH8.YH8.YH8.XG8.hT;..N..Q..Q..Q..Q..Q..Q..Q..Q..Q..Q..N.hT;.XG8.YH8.YH8.YH8.YH8AYH8.YG7.............YH8.YH8.YH86YH8.YH8.YH8.YH8.XG8.hT;..N..Q..Q..Q..Q..Q..Q..Q..Q..Q..Q..N.hT;.XG8.YH8.YH8.YH8.YH8.YH86YH8.YH8.........YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.[I8.gS:.iU:.jU;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.hT;.[J8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.....YH8.YG7.YH8.YH8.YH8.YH8.YH8.YH8.YH8.[J;.iZ

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	4.328766538924409
Encrypted:	false
SSDEEP:	48:QwL+ah0QWs3z1gL9LSJN798lyBbr9bgozxXoAOg81XAHoctUjpeqeDzTCZmNV:QHaDxAiWSbq0S2Igepe9DT/
MD5:	650B28C6CF1B473AED15BA26BAD1DA92
SHA1:	63F99C1D32AB6387DB0F981F242FCEFCB875AC21
SHA-256:	1F7437E15BE65FCFD977E547E957DA7950167F957DEEAC877086E9B66C11BE87
SHA-512:	EE3C937542BDB10FC5A2BDF41FC6C89BFE699A870A69368F276963AF3EFBB711827E916DD05AA7E653524770F2E0BD0D38EE6A5E3B6C7255CAC1CD74930B7541
Malicious:	false
Reputation:	low
URL:	https://www.akagustos-kampanyasizlerle1.cloud/favicon.ico
Preview:	...... .... .........(... ...@..... .........................................................YH8.YH8.YH8YH8lYH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8mYH8YG8.YH8.........................................................YH8.YH8.YH88YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH87YH8.YH8.........................................ZF6.XH8.YH8.YH8.YH8.YH8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.XG8.YH8.YH8.YH8.YH8.YH8.YF7.............................YG7.XI9.YH86YH8.YH8.YH8.[J8.hT;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.hT;.[J8.YH8.YH8.YH8.YH86XJ9.ZG7.....................ZG7.XI9.YH8BYH8.YH8.YH8.XG8.hT;..N..Q..Q..Q..Q..Q..Q..Q..Q..Q..Q..N.hT;.XG8.YH8.YH8.YH8.YH8AYH8.YG7.............YH8.YH8.YH86YH8.YH8.YH8.YH8.XG8.hT;..N..Q..Q..Q..Q..Q..Q..Q..Q..Q..Q..N.hT;.XG8.YH8.YH8.YH8.YH8.YH86YH8.YH8.........YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.[I8.gS:.iU:.jU;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.jV;.hT;.[J8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.YH8.....YH8.YG7.YH8.YH8.YH8.YH8.YH8.YH8.YH8.[J;.iZ

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 21, 2024 00:23:04.780527115 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 21, 2024 00:23:14.392887115 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 21, 2024 00:23:14.671186924 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:14.671235085 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:14.671302080 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:14.671488047 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:14.671499968 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.148560047 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.148891926 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.148922920 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.149961948 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.150026083 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.151046038 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.151127100 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.151209116 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.151215076 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.197937012 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.278372049 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.278417110 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.278444052 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.278467894 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.278467894 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.278489113 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.278513908 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.278546095 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.278599024 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.329066992 CEST	49735	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.329087973 CEST	443	49735	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.330049038 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.330096960 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.330162048 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.331079960 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:15.331094980 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.805811882 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:15.857114077 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.050911903 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.050930977 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.051369905 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.056772947 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.056898117 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.059892893 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.100507975 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162452936 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162491083 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162542105 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162561893 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.162566900 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162576914 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162620068 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162645102 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162789106 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162817001 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162830114 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.162830114 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.162830114 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.162844896 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.162875891 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.163208008 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.204222918 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.204242945 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.252820969 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.252872944 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.252887011 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.252907038 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.252948999 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.252954006 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.253474951 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.253515005 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.253515005 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.253525019 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.253562927 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.253570080 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.253592014 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.253631115 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.290817976 CEST	49738	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.290838957 CEST	443	49738	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.494988918 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.495100975 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.495187998 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.495846033 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.495882034 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.836811066 CEST	51361	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:16.842041969 CEST	53	51361	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:16.842108965 CEST	51361	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:16.842155933 CEST	51361	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:16.847038031 CEST	53	51361	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:16.965650082 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.965924025 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.965950966 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.966280937 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.966718912 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:16.966782093 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:16.966958046 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.012497902 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.115497112 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.115565062 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.115612984 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.116858959 CEST	49739	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.116878033 CEST	443	49739	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.339312077 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:17.339363098 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:17.339411974 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:17.340161085 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:17.340182066 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:17.341192961 CEST	53	51361	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:17.345952034 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.345983028 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.346040010 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.346431971 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.346442938 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.353801012 CEST	51361	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:17.359607935 CEST	53	51361	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:17.359647989 CEST	51361	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:17.644517899 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:17.644572020 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:17.646718979 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:17.655677080 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:17.655705929 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:17.701134920 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:17.701225996 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:17.701585054 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:17.704545975 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:17.704592943 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:17.811839104 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.812272072 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.812305927 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.812649012 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.817208052 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.817208052 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.817225933 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.817286968 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:17.863935947 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:17.985122919 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:18.028908014 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:18.034392118 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:18.034406900 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:18.035561085 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:18.035974979 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:18.047561884 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:18.047631979 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:18.092519045 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:18.092544079 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:18.138235092 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:18.182048082 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.182362080 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.182379961 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.183402061 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.183639050 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.184113026 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.184181929 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.184289932 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.191855907 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:18.191901922 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:18.191934109 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:18.191946983 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:18.191972017 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:18.192029953 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:18.192058086 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:18.192186117 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:18.192981005 CEST	51363	443	192.168.2.4	104.21.58.80
Aug 21, 2024 00:23:18.192996025 CEST	443	51363	104.21.58.80	192.168.2.4
Aug 21, 2024 00:23:18.224507093 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.232000113 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.232023954 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.280531883 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.303805113 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.303931952 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.307481050 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.307492018 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.307717085 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.307780027 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.307852983 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.307884932 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.323390961 CEST	51366	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.323416948 CEST	443	51366	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.348423958 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.388506889 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.578212023 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.578274012 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.578326941 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.579277992 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.579293966 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.579303026 CEST	51365	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.579308987 CEST	443	51365	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.746634960 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.746687889 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.746764898 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.747826099 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:18.747837067 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:18.962153912 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.962213039 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:18.962270021 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.962924957 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:18.962944984 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.410895109 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:19.410995960 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:19.422514915 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:19.422527075 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:19.422807932 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:19.424034119 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:19.452805996 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.456146955 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.456177950 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.456512928 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.457259893 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.457319021 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.457737923 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.468508005 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:19.504492044 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.604418993 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.604465961 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.604502916 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.604527950 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.604557991 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.604605913 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.604613066 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.604661942 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.608597040 CEST	51368	443	192.168.2.4	172.67.157.249
Aug 21, 2024 00:23:19.608613968 CEST	443	51368	172.67.157.249	192.168.2.4
Aug 21, 2024 00:23:19.690680981 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:19.690752983 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:19.690824986 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:19.706829071 CEST	51367	443	192.168.2.4	184.28.90.27
Aug 21, 2024 00:23:19.706856012 CEST	443	51367	184.28.90.27	192.168.2.4
Aug 21, 2024 00:23:27.893057108 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:27.893227100 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:23:27.893277884 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:28.957272053 CEST	51362	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:23:28.957298040 CEST	443	51362	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:17.343271971 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:17.343308926 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:17.343453884 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:17.343831062 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:17.343843937 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:17.983360052 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:17.983652115 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:17.983680964 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:17.984014988 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:17.984389067 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:17.984467983 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:18.029594898 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:27.900904894 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:27.900985003 CEST	443	51377	172.217.16.196	192.168.2.4
Aug 21, 2024 00:24:27.901073933 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:28.954632044 CEST	51377	443	192.168.2.4	172.217.16.196
Aug 21, 2024 00:24:28.954658985 CEST	443	51377	172.217.16.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 21, 2024 00:23:12.640588045 CEST	53	62388	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:12.652880907 CEST	53	56555	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:13.785826921 CEST	53	64412	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:14.543040037 CEST	64008	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:14.543258905 CEST	60459	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:14.638030052 CEST	53	64008	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:14.651539087 CEST	53	60459	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:14.654114962 CEST	50897	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:14.654242992 CEST	54678	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:14.663990974 CEST	53	50897	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:14.677005053 CEST	53	54678	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:16.836379051 CEST	53	63812	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:17.296603918 CEST	53269	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:17.296838045 CEST	64307	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:17.303695917 CEST	53	53269	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:17.303709984 CEST	53	64307	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:17.647561073 CEST	49815	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:17.647955894 CEST	62230	53	192.168.2.4	1.1.1.1
Aug 21, 2024 00:23:17.678533077 CEST	53	49815	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:17.806339025 CEST	53	62230	1.1.1.1	192.168.2.4
Aug 21, 2024 00:23:31.879558086 CEST	138	138	192.168.2.4	192.168.2.255
Aug 21, 2024 00:24:12.329169035 CEST	53	52935	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 21, 2024 00:23:14.677073956 CEST	192.168.2.4	1.1.1.1	c244	(Port unreachable)	Destination Unreachable
Aug 21, 2024 00:23:17.806494951 CEST	192.168.2.4	1.1.1.1	c244	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 21, 2024 00:23:14.543040037 CEST	192.168.2.4	1.1.1.1	0x2692	Standard query (0)	www.akagustos-kampanyasizlerle1.cloud	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:14.543258905 CEST	192.168.2.4	1.1.1.1	0xeee3	Standard query (0)	www.akagustos-kampanyasizlerle1.cloud	65	IN (0x0001)	false
Aug 21, 2024 00:23:14.654114962 CEST	192.168.2.4	1.1.1.1	0x3b13	Standard query (0)	www.akagustos-kampanyasizlerle1.cloud	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:14.654242992 CEST	192.168.2.4	1.1.1.1	0xcb3e	Standard query (0)	www.akagustos-kampanyasizlerle1.cloud	65	IN (0x0001)	false
Aug 21, 2024 00:23:17.296603918 CEST	192.168.2.4	1.1.1.1	0xb2b0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:17.296838045 CEST	192.168.2.4	1.1.1.1	0x6437	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 21, 2024 00:23:17.647561073 CEST	192.168.2.4	1.1.1.1	0xa51f	Standard query (0)	www.akagustos-kampanyasizlerle1.cloud	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:17.647955894 CEST	192.168.2.4	1.1.1.1	0x6c67	Standard query (0)	www.akagustos-kampanyasizlerle1.cloud	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 21, 2024 00:23:14.638030052 CEST	1.1.1.1	192.168.2.4	0x2692	No error (0)	www.akagustos-kampanyasizlerle1.cloud		104.21.58.80	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:14.638030052 CEST	1.1.1.1	192.168.2.4	0x2692	No error (0)	www.akagustos-kampanyasizlerle1.cloud		172.67.157.249	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:14.651539087 CEST	1.1.1.1	192.168.2.4	0xeee3	No error (0)	www.akagustos-kampanyasizlerle1.cloud			65	IN (0x0001)	false
Aug 21, 2024 00:23:14.663990974 CEST	1.1.1.1	192.168.2.4	0x3b13	No error (0)	www.akagustos-kampanyasizlerle1.cloud		104.21.58.80	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:14.663990974 CEST	1.1.1.1	192.168.2.4	0x3b13	No error (0)	www.akagustos-kampanyasizlerle1.cloud		172.67.157.249	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:14.677005053 CEST	1.1.1.1	192.168.2.4	0xcb3e	No error (0)	www.akagustos-kampanyasizlerle1.cloud			65	IN (0x0001)	false
Aug 21, 2024 00:23:17.303695917 CEST	1.1.1.1	192.168.2.4	0xb2b0	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:17.303709984 CEST	1.1.1.1	192.168.2.4	0x6437	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 21, 2024 00:23:17.678533077 CEST	1.1.1.1	192.168.2.4	0xa51f	No error (0)	www.akagustos-kampanyasizlerle1.cloud		172.67.157.249	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:17.678533077 CEST	1.1.1.1	192.168.2.4	0xa51f	No error (0)	www.akagustos-kampanyasizlerle1.cloud		104.21.58.80	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:23:17.806339025 CEST	1.1.1.1	192.168.2.4	0x6c67	No error (0)	www.akagustos-kampanyasizlerle1.cloud			65	IN (0x0001)	false
Aug 21, 2024 00:23:29.970415115 CEST	1.1.1.1	192.168.2.4	0x654f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 00:23:29.970415115 CEST	1.1.1.1	192.168.2.4	0x654f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 21, 2024 00:24:25.587657928 CEST	1.1.1.1	192.168.2.4	0xd177	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 21, 2024 00:24:25.587657928 CEST	1.1.1.1	192.168.2.4	0xd177	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.akagustos-kampanyasizlerle1.cloud

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	104.21.58.80	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:15 UTC	680	OUT	GET / HTTP/1.1 Host: www.akagustos-kampanyasizlerle1.cloud Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-20 22:23:15 UTC	579	IN	HTTP/1.1 200 OK Date: Tue, 20 Aug 2024 22:23:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V1LWzz6E5cI2X%2BWJWxnUiIbiK0fR3dFfKEMXt%2BsuFRrxGZqljQEzvF%2FHLzwmLDMHvWqysg6VnHx5xo09jZCe1%2BMVLw3ODXN%2BlOnPBRNgYMKdmqc6mu9nAhH9RTgLX1rZSR9y%2FA2IviGtv8btvbYniVIwFPmtHBx7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b65c968299c1a1f-EWR
2024-08-20 22:23:15 UTC	790	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-20 22:23:15 UTC	1369	IN	Data Raw: 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 Data Ascii: -css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = d
2024-08-20 22:23:15 UTC	1369	IN	Data Raw: 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 50 66 6a 36 4a 50 31 71 76 63 7a 36 46 43 6e 48 52 76 63 4b 48 30 55 76 6d 55 5f 35 52 44 56 50 58 6d 79 47 78 50 43 67 34 65 73 2d 31 37 32 34 31 39 32 35 39 35 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 Data Ascii: " enctype="text/plain"> <input type="hidden" name="atok" value="Pfj6JP1qvcz6FCnHRvcKH0UvmU_5RDVPXmyGxPCg4es-1724192595-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-management/phishing-a
2024-08-20 22:23:15 UTC	874	IN	Data Raw: 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 Data Ascii: ss="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" targ
2024-08-20 22:23:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	104.21.58.80	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:16 UTC	601	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: www.akagustos-kampanyasizlerle1.cloud Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.akagustos-kampanyasizlerle1.cloud/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-20 22:23:16 UTC	411	IN	HTTP/1.1 200 OK Date: Tue, 20 Aug 2024 22:23:16 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 13 Aug 2024 15:08:45 GMT ETag: "66bb76fd-5df3" Server: cloudflare CF-RAY: 8b65c96dad469e1a-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 21 Aug 2024 00:23:16 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-20 22:23:16 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-08-20 22:23:16 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	104.21.58.80	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:16 UTC	693	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: www.akagustos-kampanyasizlerle1.cloud Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.akagustos-kampanyasizlerle1.cloud/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-20 22:23:17 UTC	409	IN	HTTP/1.1 200 OK Date: Tue, 20 Aug 2024 22:23:17 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Mon, 19 Aug 2024 09:12:52 GMT ETag: "66c30c94-1c4" Server: cloudflare CF-RAY: 8b65c9739d0341d8-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 21 Aug 2024 00:23:17 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-20 22:23:17 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	51363	104.21.58.80	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:17 UTC	630	OUT	GET /favicon.ico HTTP/1.1 Host: www.akagustos-kampanyasizlerle1.cloud Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.akagustos-kampanyasizlerle1.cloud/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-20 22:23:18 UTC	737	IN	HTTP/1.1 200 OK Date: Tue, 20 Aug 2024 22:23:18 GMT Content-Type: image/x-icon Content-Length: 4286 Connection: close last-modified: Wed, 24 Jul 2024 10:19:52 GMT etag: "66a0d548-10be" x-content-type-options: nosniff Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2FZ6rEYqIkaJj5i%2ByrFgzcU4cYbC3Z64aFmZZ2OsOAErUsYmPywb0ans4ZXS77FKkzRYvdXlMdcQMRa2FQ%2F3a7zjablvlkjh7FUR4Cp%2BpwVwpSTVNrAduBN65hmeqUe7KiPXmYZKYTZDfLavovJ%2BZzbPc5XDNqRx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b65c978c8de0f46-EWR alt-svc: h3=":443"; ma=86400
2024-08-20 22:23:18 UTC	632	IN	Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 04 59 48 38 2a 59 48 38 6c 59 48 38 ad 59 48 38 d9 59 48 38 f2 59 48 38 fd 59 48 38 fd 59 48 38 f2 59 48 38 d9 59 48 38 ad 59 48 38 6d 59 48 38 2a 59 47 38 04 59 48 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 04 59 48 38 38 59 48 38 98 59 48 38 df 59 48 38 fb 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 Data Ascii: ( @ YH8YH8YH8YH8lYH8YH8YH8YH8YH8YH8YH8YH8YH8mYH8YG8YH8YH8YH8YH88YH8YH8YH8YH8YH8YH8YH8Y
2024-08-20 22:23:18 UTC	1369	IN	Data Raw: 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d7 b0 51 ff c7 a3 4e ff 68 54 3b ff 58 47 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 d8 59 48 38 41 59 48 38 00 59 47 37 00 00 00 00 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 00 59 48 38 36 59 48 38 d8 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 38 ff 68 54 3b ff c7 a3 4e ff d7 b0 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d7 b0 51 ff c7 a3 4e ff 68 54 3b ff 58 47 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 d8 59 48 38 36 59 48 38 00 59 48 38 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 1b 59 48 38 c1 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 5b 49 38 ff 67 53 3a ff 69 55 3a ff 6a 55 3b ff 6a 56 3b ff 6a Data Ascii: QQQQQQQNhT;XG8YH8YH8YH8YH8AYH8YG7YH8YH8YH86YH8YH8YH8YH8XG8hT;NQQQQQQQQQQNhT;XG8YH8YH8YH8YH8YH86YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8[I8gS:iU:jU;jV;j
2024-08-20 22:23:18 UTC	1369	IN	Data Raw: ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 36 ff 6d 5e 50 ff eb e9 e7 ff ff ff ff ff e8 e6 e3 ff cb c5 c0 ff bd b7 b0 ff bd b6 b0 ff cd c8 c3 ff e9 e7 e5 ff fe fe fe ff fc fc fb ff cd c8 c3 ff 72 63 56 ff 57 46 36 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 fd 59 48 38 fd 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 36 ff 6d 5e 50 ff eb e9 e8 ff fc fc fb ff 8e 83 78 ff 5a 49 39 ff 59 48 38 ff 59 48 38 ff 5c 4c 3c ff 6d 5e 50 ff a3 99 91 ff ec ea e8 ff ff ff ff ff d3 cf cb ff 68 59 4b ff 58 47 37 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 fd 59 48 38 f1 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 Data Ascii: YH8YH8YH8XG6m^PrcVWF6YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8XG6m^PxZI9YH8YH8\L<m^PhYKXG7YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH
2024-08-20 22:23:18 UTC	916	IN	Data Raw: 59 48 38 ff 59 48 38 c1 59 48 38 1b 59 48 38 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 00 59 48 38 36 59 48 38 d8 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 36 ff 6d 5e 50 ff eb e9 e7 ff ff ff ff ff e7 e5 e3 ff cb c6 c1 ff be b7 b1 ff bc b5 af ff ca c5 bf ff e8 e5 e3 ff fe fd fd ff fc fc fb ff cb c6 c1 ff 71 62 54 ff 58 46 36 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 d8 59 48 38 36 59 48 38 00 59 48 38 00 00 00 00 00 00 00 00 00 00 00 00 00 59 47 37 00 59 48 38 00 59 48 38 42 59 48 38 d9 59 48 38 ff 59 48 38 ff 58 47 37 ff 64 54 45 ff bc b5 ae ff e3 e0 de ff f4 f3 f2 ff fd fc fc ff ff ff ff ff ff ff ff ff fc fc fc ff f0 ef ed ff d1 cd c8 ff 97 8d 83 ff 62 52 43 ff 57 46 36 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 Data Ascii: YH8YH8YH8YH8YH8YH8YH86YH8YH8YH8YH8XG6m^PqbTXF6YH8YH8YH8YH8YH8YH86YH8YH8YG7YH8YH8BYH8YH8YH8XG7dTEbRCWF6YH8YH8YH8YH8YH8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	51366	172.67.157.249	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:18 UTC	407	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: www.akagustos-kampanyasizlerle1.cloud Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-20 22:23:18 UTC	409	IN	HTTP/1.1 200 OK Date: Tue, 20 Aug 2024 22:23:18 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 13 Aug 2024 15:08:45 GMT ETag: "66bb76fd-1c4" Server: cloudflare CF-RAY: 8b65c97b1d244286-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 21 Aug 2024 00:23:18 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-20 22:23:18 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	51365	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:18 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-20 22:23:18 UTC	495	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=152361 Date: Tue, 20 Aug 2024 22:23:18 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	51367	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:19 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-20 22:23:19 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=152342 Date: Tue, 20 Aug 2024 22:23:19 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-20 22:23:19 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	51368	172.67.157.249	443	3868	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-20 22:23:19 UTC	372	OUT	GET /favicon.ico HTTP/1.1 Host: www.akagustos-kampanyasizlerle1.cloud Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-20 22:23:19 UTC	746	IN	HTTP/1.1 200 OK Date: Tue, 20 Aug 2024 22:23:19 GMT Content-Type: image/x-icon Content-Length: 4286 Connection: close last-modified: Wed, 24 Jul 2024 10:19:52 GMT etag: "66a0d548-10be" x-content-type-options: nosniff Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TvQEZxCmGSIKNV8Axnj4SbzFKn2DQYIu4jWH9NipVIru2zgAT4iGrfnYSiU%2BEopHml35FJfvM5GafADTtR8iQ6Rf9qR7hDPQYjN33vjb2%2BHMl4T95eCWSB1dmLxlD%2BqeRI2QbS%2B503WBB4Wn%2F5ifK%2BpKJuwmKAGs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b65c9832e52c45e-EWR alt-svc: h3=":443"; ma=86400
2024-08-20 22:23:19 UTC	623	IN	Data Raw: 00 00 01 00 01 00 20 20 00 00 01 00 20 00 a8 10 00 00 16 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 20 00 00 00 00 00 00 10 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 04 59 48 38 2a 59 48 38 6c 59 48 38 ad 59 48 38 d9 59 48 38 f2 59 48 38 fd 59 48 38 fd 59 48 38 f2 59 48 38 d9 59 48 38 ad 59 48 38 6d 59 48 38 2a 59 47 38 04 59 48 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 04 59 48 38 38 59 48 38 98 59 48 38 df 59 48 38 fb 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 Data Ascii: ( @ YH8YH8YH8YH8lYH8YH8YH8YH8YH8YH8YH8YH8YH8mYH8YG8YH8YH8YH8YH88YH8YH8YH8YH8YH8YH8YH8Y
2024-08-20 22:23:19 UTC	1369	IN	Data Raw: af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d7 b0 51 ff c7 a3 4e ff 68 54 3b ff 58 47 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 d8 59 48 38 41 59 48 38 00 59 47 37 00 00 00 00 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 00 59 48 38 36 59 48 38 d8 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 38 ff 68 54 3b ff c7 a3 4e ff d7 b0 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d6 af 51 ff d7 b0 51 ff c7 a3 4e ff 68 54 3b ff 58 47 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 d8 59 48 38 36 59 48 38 00 59 48 38 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 1b 59 48 38 c1 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 5b 49 38 ff 67 53 3a ff 69 55 3a ff Data Ascii: QQQQQQQQQNhT;XG8YH8YH8YH8YH8AYH8YG7YH8YH8YH86YH8YH8YH8YH8XG8hT;NQQQQQQQQQQNhT;XG8YH8YH8YH8YH8YH86YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8[I8gS:iU:
2024-08-20 22:23:19 UTC	1369	IN	Data Raw: 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 36 ff 6d 5e 50 ff eb e9 e7 ff ff ff ff ff e8 e6 e3 ff cb c5 c0 ff bd b7 b0 ff bd b6 b0 ff cd c8 c3 ff e9 e7 e5 ff fe fe fe ff fc fc fb ff cd c8 c3 ff 72 63 56 ff 57 46 36 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 fd 59 48 38 fd 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 36 ff 6d 5e 50 ff eb e9 e8 ff fc fc fb ff 8e 83 78 ff 5a 49 39 ff 59 48 38 ff 59 48 38 ff 5c 4c 3c ff 6d 5e 50 ff a3 99 91 ff ec ea e8 ff ff ff ff ff d3 cf cb ff 68 59 4b ff 58 47 37 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 fd 59 48 38 f1 59 48 38 ff 59 Data Ascii: 8YH8YH8YH8YH8YH8XG6m^PrcVWF6YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8XG6m^PxZI9YH8YH8\L<m^PhYKXG7YH8YH8YH8YH8YH8YH8YH8YH8YH8YH8Y
2024-08-20 22:23:19 UTC	925	IN	Data Raw: ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 c1 59 48 38 1b 59 48 38 00 00 00 00 00 00 00 00 00 59 48 38 00 59 48 38 00 59 48 38 36 59 48 38 d8 59 48 38 ff 59 48 38 ff 59 48 38 ff 58 47 36 ff 6d 5e 50 ff eb e9 e7 ff ff ff ff ff e7 e5 e3 ff cb c6 c1 ff be b7 b1 ff bc b5 af ff ca c5 bf ff e8 e5 e3 ff fe fd fd ff fc fc fb ff cb c6 c1 ff 71 62 54 ff 58 46 36 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 ff 59 48 38 d8 59 48 38 36 59 48 38 00 59 48 38 00 00 00 00 00 00 00 00 00 00 00 00 00 59 47 37 00 59 48 38 00 59 48 38 42 59 48 38 d9 59 48 38 ff 59 48 38 ff 58 47 37 ff 64 54 45 ff bc b5 ae ff e3 e0 de ff f4 f3 f2 ff fd fc fc ff ff ff ff ff ff ff ff ff fc fc fc ff f0 ef ed ff d1 cd c8 ff 97 8d 83 ff 62 52 43 ff 57 46 36 ff 59 48 38 ff 59 48 38 ff 59 48 Data Ascii: YH8YH8YH8YH8YH8YH8YH8YH8YH86YH8YH8YH8YH8XG6m^PqbTXF6YH8YH8YH8YH8YH8YH86YH8YH8YG7YH8YH8BYH8YH8YH8XG7dTEbRCWF6YH8YH8YH

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5728, Parent PID: 6108

General

Target ID:	0
Start time:	18:23:07
Start date:	20/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3868, Parent PID: 5728

General

Target ID:	2
Start time:	18:23:10
Start date:	20/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2328,i,17139168875402069000,727924801878504152,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6408, Parent PID: 6108

General

Target ID:	3
Start time:	18:23:13
Start date:	20/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.akagustos-kampanyasizlerle1.cloud/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.akagustos-kampanyasizlerle1.cloud/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5728, Parent PID: 6108

General

Chronological Activities

Analysis Process: chrome.exePID: 3868, Parent PID: 5728

Windows Analysis Report
http://www.akagustos-kampanyasizlerle1.cloud/