Edit tour

Windows Analysis Report
https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXI

Overview

General Information

Sample URL:	https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUN
Analysis ID:	1580112
Infos:

Detection

HTMLPhisher, KnowBe4

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish10

Yara detected KnowBe4 simulated phishing

HTML body contains low number of good links

No HTML title found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1988,i,6699881340216569343,6692458490416922373,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_54	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author
1.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.0.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security
2.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
2.1.pages.csv	JoeSecurity_KnowBe4	Yara detected KnowBe4 simulated phishing	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3c	Avira URL Cloud: Label: phishing
Source: https://oops.yourgunnalovetraining.com/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	Avira URL Cloud: Label: malware
Source: https://oops.yourgunnalovetraining.com/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	Avira URL Cloud: Label: malware
Source: https://oops.yourgunnalovetraining.com/favicon.ico	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_54, type: DROPPED

Yara detected KnowBe4 simulated phishing

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 2.1.pages.csv, type: HTML

Source: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=

HTTP Parser: Number of links: 0

HTTP Parser: HTML title missing

HTTP Parser: <input type="password" .../> found

HTTP Parser: No favicon

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580 HTTP/1.1Host: spamchallenge.msftemail.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0= HTTP/1.1Host: oops.yourgunnalovetraining.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1Host: oops.yourgunnalovetraining.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: oops.yourgunnalovetraining.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1Host: oops.yourgunnalovetraining.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oops.yourgunnalovetraining.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oops.yourgunnalovetraining.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: spamchallenge.msftemail.com
Source: global traffic	DNS traffic detected: DNS query: oops.yourgunnalovetraining.com
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: img.freepik.com
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net

Source: chromecache_54.2.dr	String found in binary or memory: http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b977
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b97e
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b97f
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b984
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b988
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b995
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b998
Source: chromecache_60.2.dr	String found in binary or memory: http://typekit.com/eulas/00000000000000007735b99c
Source: chromecache_54.2.dr	String found in binary or memory: https://img.freepik.com/premium-photo/business-woman-ceo-standing-office-arms-crossed-pose_146508-65
Source: chromecache_50.2.dr	String found in binary or memory: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3c
Source: chromecache_60.2.dr	String found in binary or memory: https://p.typekit.net/p.css?s=1&k=zhs8hwa&ht=tk&f=40407.40409.40411.40415.40522.40523.40528.40529&a=
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/5205f7/00000000000000007735b998/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/5205f7/00000000000000007735b998/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/5205f7/00000000000000007735b998/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/52b15f/00000000000000007735b977/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/52b15f/00000000000000007735b977/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/52b15f/00000000000000007735b977/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/6b07ca/00000000000000007735b99c/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/6b07ca/00000000000000007735b99c/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/6b07ca/00000000000000007735b99c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/74b049/00000000000000007735b97f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/74b049/00000000000000007735b97f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/74b049/00000000000000007735b97f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/9edcf7/00000000000000007735b988/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/9edcf7/00000000000000007735b988/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/9edcf7/00000000000000007735b988/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/b43e5b/00000000000000007735b984/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/b43e5b/00000000000000007735b984/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/b43e5b/00000000000000007735b984/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/dde969/00000000000000007735b995/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/dde969/00000000000000007735b995/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/dde969/00000000000000007735b995/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/f23782/00000000000000007735b97e/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/f23782/00000000000000007735b97e/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_60.2.dr	String found in binary or memory: https://use.typekit.net/af/f23782/00000000000000007735b97e/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: chromecache_54.2.dr	String found in binary or memory: https://use.typekit.net/zhs8hwa.css

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: classification engine

Classification label: mal64.phis.win@17/22@16/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1988,i,6699881340216569343,6692458490416922373,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1988,i,6699881340216569343,6692458490416922373,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3c	100%	Avira URL Cloud	phishing
https://oops.yourgunnalovetraining.com/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	100%	Avira URL Cloud	malware
https://oops.yourgunnalovetraining.com/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	100%	Avira URL Cloud	malware
https://oops.yourgunnalovetraining.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
oops.yourgunnalovetraining.com	54.165.133.35	true	false	high
www.google.com	216.58.208.228	true	false	high
landing.training.knowbe4.com	3.224.166.12	true	false	high
use.typekit.net	unknown	unknown	false	high
p.typekit.net	unknown	unknown	false	high
img.freepik.com	unknown	unknown	false	high
spamchallenge.msftemail.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580	false		high
https://oops.yourgunnalovetraining.com/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js	false	Avira URL Cloud: malware	unknown
https://oops.yourgunnalovetraining.com/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css	false	Avira URL Cloud: malware	unknown
https://oops.yourgunnalovetraining.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=#	false		unknown
https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://typekit.com/eulas/00000000000000007735b99c	chromecache_60.2.dr	false		high
https://use.typekit.net/af/dde969/00000000000000007735b995/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/9edcf7/00000000000000007735b988/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/b43e5b/00000000000000007735b984/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/dde969/00000000000000007735b995/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b97e	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b97f	chromecache_60.2.dr	false		high
https://use.typekit.net/af/74b049/00000000000000007735b97f/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/6b07ca/00000000000000007735b99c/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/74b049/00000000000000007735b97f/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://p.typekit.net/p.css?s=1&k=zhs8hwa&ht=tk&f=40407.40409.40411.40415.40522.40523.40528.40529&a=	chromecache_60.2.dr	false		high
https://use.typekit.net/af/5205f7/00000000000000007735b998/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b988	chromecache_60.2.dr	false		high
https://img.freepik.com/premium-photo/business-woman-ceo-standing-office-arms-crossed-pose_146508-65	chromecache_54.2.dr	false		high
https://use.typekit.net/af/f23782/00000000000000007735b97e/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/52b15f/00000000000000007735b977/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/6b07ca/00000000000000007735b99c/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/b43e5b/00000000000000007735b984/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/9edcf7/00000000000000007735b988/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b984	chromecache_60.2.dr	false		high
https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3c	chromecache_50.2.dr	false	Avira URL Cloud: phishing	unknown
https://use.typekit.net/zhs8hwa.css	chromecache_54.2.dr	false		high
https://use.typekit.net/af/52b15f/00000000000000007735b977/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/52b15f/00000000000000007735b977/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/5205f7/00000000000000007735b998/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/f23782/00000000000000007735b97e/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/5205f7/00000000000000007735b998/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/74b049/00000000000000007735b97f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/f23782/00000000000000007735b97e/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b977	chromecache_60.2.dr	false		high
https://use.typekit.net/af/6b07ca/00000000000000007735b99c/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/b43e5b/00000000000000007735b984/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b998	chromecache_60.2.dr	false		high
http://typekit.com/eulas/00000000000000007735b995	chromecache_60.2.dr	false		high
https://use.typekit.net/af/9edcf7/00000000000000007735b988/30/a?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high
https://use.typekit.net/af/dde969/00000000000000007735b995/30/d?primer=7cdcb44be4a7db8877ffa5c0007b8	chromecache_60.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.165.133.35	oops.yourgunnalovetraining.com	United States	14618	AMAZON-AESUS	false
3.224.166.12	landing.training.knowbe4.com	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.208.228	www.google.com	United States	15169	GOOGLEUS	false
34.195.197.181	unknown	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580112
Start date and time:	2024-12-24 00:20:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@17/22@16/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.238, 64.233.161.84, 172.217.19.227, 172.217.17.46, 142.250.181.142, 2.19.198.51, 2.19.198.58, 23.32.238.210, 23.32.238.192, 217.20.58.101, 23.32.238.211, 23.32.238.235, 142.250.181.106, 172.217.17.42, 172.217.17.74, 172.217.19.170, 142.250.181.138, 142.250.181.74, 172.217.21.42, 172.217.19.234, 172.217.19.202, 142.250.181.42, 192.229.221.95, 217.20.58.99, 172.217.17.35, 23.218.208.109, 20.12.23.50, 13.107.246.63
Excluded domains from analysis (whitelisted): fs.microsoft.com, freepik.com.edgesuite.net, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, a1874.dscg1.akamai.net, fe3cr.delivery.mp.microsoft.com, p.typekit.net-stls-v3.edgesuite.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, use-stls.adobe.com.edgesuite.net, update.googleapis.com, a359.dscd.akamai.net, clients.l.google.com, a1988.dscg1.akamai.net
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://spamchallenge.msftemail.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://spamchallenge.msftemail.com
URL: https://oops.yourgunnalovetraining.com/assets/appl... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any aggressive or obfuscated behavior. Overall, this script is likely benign and used for legitimate web development purposes." }
/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[i.call(e)]\|\|"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|v(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==i.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i\|\|11===i?e.textContent:9===i?e.documentElement.textContent:3===i\|\|4===i?e.nodeValue:n},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|\|e).documentElement;return!l.test(t\|\|n&&n.nodeName\|\|"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){va
URL: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Validate", "text_input_field_labels": [ "Email address", "Account number" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1 Model: Joe Sandbox AI	{ "brands": [ "Southwest Mobile Storage Finance" ] }
	{ "brands": [ "Southwest Mobile Storage Finance" ] }
URL: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1 Model: Joe Sandbox AI	```json{ "legit_domain": "southwestmobilestorage.com", "classification": "unknown", "reasons": [ "The URL 'oops.yourgunnalovetraining.com' does not match the legitimate domain for 'Southwest Mobile Storage Finance'.", "The domain 'yourgunnalovetraining.com' is unusual and not associated with any known brand.", "The presence of 'oops' as a subdomain is suspicious and often used in phishing attempts.", "The brand 'Southwest Mobile Storage Finance' is not well-known, making it difficult to verify its legitimate domain.", "The URL structure and domain name do not align with typical corporate or brand domains." ], "riskscore": 8}
URL: oops.yourgunnalovetraining.com Brands: Southwest Mobile Storage Finance Input Fields: Email address, Account number
URL: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Validate", "text_input_field_labels": [ "Email address", "Account number" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1 Model: Joe Sandbox AI	{ "brands": [ "Southwest Mobile Storage Finance" ] }
	{ "brands": [ "Southwest Mobile Storage Finance" ] }
URL: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1 Model: Joe Sandbox AI	```json{ "legit_domain": "southwestmobilestorage.com", "classification": "unknown", "reasons": [ "The URL 'oops.yourgunnalovetraining.com' does not match the legitimate domain for 'Southwest Mobile Storage Finance'.", "The domain 'yourgunnalovetraining.com' is unusual and not associated with any known brand.", "The presence of 'oops' as a subdomain is suspicious and often used in phishing attempts.", "The brand 'Southwest Mobile Storage Finance' is not well-known, making it difficult to verify its legitimate domain.", "The URL structure and domain name do not align with typical corporate or financial institutions." ], "riskscore": 8}
URL: oops.yourgunnalovetraining.com Brands: Southwest Mobile Storage Finance Input Fields: Email address, Account number

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (440)
Category:	downloaded
Size (bytes):	494
Entropy (8bit):	5.8943099005724
Encrypted:	false
SSDEEP:	12:3R+xC9NOkCETvXVWdurZpe4sRH0BtOHyjVbBeSe4AEdeIQL:3jq/EzIMpe3RHKMyjVb8PNEkj
MD5:	9CE5C4386C2ED281497D2F47F46BC8EB
SHA1:	C0761D12E7E3F65A5F0B6E9AA9D7A367DCF20CBC
SHA-256:	40835A67F327D233FBEEBE744547425A9E666C2463B4E7F38F64A20177D2B429
SHA-512:	AAA45D7BA2EB24863D787C4BAE1CDF6F2F1D79250C1B0A3190E1F4EAA13727799830B372627AFF588168165BC7395A279F949D3ED05C903CCB0C62F2BE4551FF
Malicious:	false
Reputation:	low
URL:	https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580
Preview:	<html>. <head>. <script>window.location.href = 'https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=';</script>. </head>. <body>. </body>.</html>.

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, AVIF Image
Category:	downloaded
Size (bytes):	14123
Entropy (8bit):	7.976920932471635
Encrypted:	false
SSDEEP:	384:r9JViSlcNiskvBWVYWjwgqbwu9Hum7yghEJJbRxD:57wmvAqMu9OLRd
MD5:	53CF2536C148E6CE8A94D3D12645CE85
SHA1:	9700FE1C7C392E71B5099672509F583F82FCE2D1
SHA-256:	4A71D66CAAE38401807025E8F49E7E17E0B389443D4ADA842A94758A6AE00FB1
SHA-512:	E58DA6A2AC546F8744BE2443B83FE7CB3ACC6B3A1E180E4BCF419F7DD2148D9551EE389875D0A6C7B1B38C45AD3C04CB19430D4E1121407F7CEAC2EFE8130591
Malicious:	false
Reputation:	low
URL:	https://img.freepik.com/premium-photo/business-woman-ceo-standing-office-arms-crossed-pose_146508-6505.jpg
Preview:	....ftypavif....avifmif1miaf....meta.......!hdlr........pict.................pitm........."iloc....D@..................6....#iinf..........infe........av01....jiprp...Kipco....colrnclx...........av1C........ispe.......r........pixi............ipma.................6%mdat.....f'.......2.l.@...A@.4......G..U.....V..H.`..Lu.x[s....p..G.IH..A]t.X"..o...U..\.0J.Z...G1".....Tdko..D...]d.^...H.Qgb..M...f..y{Z....F.f.On...6.w....J....9!<R<_V..h..h..Lv..Q].=...h...[.0=....Hx.kfqk..,...yM..M.L.%.!j...M.6R.{?..C..vdC.f.qJ.$..n,w"...T...w..MBs..../.....l>....Cu.....W.]o..^l..2..`a....fW....OU.......l.T...2.).2=.sA;.'."dp.....\....E9.~#..c.8....:...0.DU`....../..>.O..7c[...s&F...I.e.........#.\|.j.8..kE.7.!=[......R[...n..@...!..W....Q.=..`.j..=......l.l.d...5.....q.R.4.6b\|...g..2..^....z......O>Q.I..UIq..j1.1....)H.1{....O.q"...."]..af<d...f;..P....sb...h...H2......O...r...".w.{5..7.\?.\.i...*{..?....u.....] .P../...d..R..3..!.....S..yd\/`....N 8R...Z\...%

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.378783493486175
Encrypted:	false
SSDEEP:	3:qinPt:qyPt
MD5:	4C42AB4890733A2B01B1B3269C4855E7
SHA1:	5B68BFE664DCBC629042EA45C23954EEF1A9F698
SHA-256:	F69E8FC1414A82F108CFA0725E5211AF1865A9CEA342A5F01E6B2B5ABE47E010
SHA-512:	0631C6EFD555699CB2273107FE5AF565FEC2234344E2D412C23E4EE43C6D721CB2B058764622E44FD544D840FF64D7C866565E280127C701CAAB0A48C35D4F5C
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwm4jh3Db7kc-BIFDYOoWz0SBQ3OQUx6?alt=proto
Preview:	ChIKBw2DqFs9GgAKBw3OQUx6GgA=

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19528, version 1.0
Category:	downloaded
Size (bytes):	19528
Entropy (8bit):	7.988749817997857
Encrypted:	false
SSDEEP:	384:7KYEPBGlW2Z2aUcvvYVbrEpzc0zchJ6DBaJiTVGWqa0I:F4UI23vvYVKw0z43ETg3a7
MD5:	A4A77ECD30A02C05F455E5D63A8D9916
SHA1:	28263E31416C42052D753BE314422F808609F762
SHA-256:	9D9EA9CEB3C34A236A9D39BBED407519F00880DDD310376BCC723E58A2301127
SHA-512:	86B59CDB29924214383652DE9908F1CE959A3AB21D9A9573517699523B2EDB7522B18D889D86A3F00AD5EF4085FB5074D579D9EE27EEDE495187ACA552DE6496
Malicious:	false
Reputation:	low
URL:	https://use.typekit.net/af/74b049/00000000000000007735b97f/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Preview:	wOF2......LH..........K.........................?DYNA.c...?GDYN.-.......`..N...\|..j..x..6.$..t. .....X...u.l.....!............M.../....?..3p\.u.W:s.r...D/.I....d... +X.K...K..e.$(.4].....y.'.(..e.e.H.&/b....".....4.............a!X..uJM.M.e..5..Z.QQ..l.K.!.....2..p!D.&4}".K..3..p.;}.F..3.%..vm+...s......._n..:... ...[...blt.....l......%.b....Q.w..'z..`.QW^.g......+..L."..`h...]#J..@L..[.[k.....M3.W..S..S@!.:....-.uY..l_".,....&...f....\|m.;..O.K.atbr.e.y'..W..@S.]N..%)o...J@...o....Z....[;O.g.G.....l.H.I.&'M1s.5O..G........../;.,9?c..........%j.c....s..[..o...[45..P2g..-.`...o2.....c..L.$=._...%..-U......rE............?...c`..;..`.^....Jo..).....z...?.k.Hi........}{.-;..{o.....bmO...fv.i....g...]...G;=(.*.....@.....v.q.v..>=.no.~.j.>@u.S.u...p\.K..:ZN.F..-tZv..%.....hZ8,.u.i....G..){.3E@..z....%...8.......p....!<..%x.......Q?p......>.).b....Ga.........f.\W....k..+..Wg9..&.g.P]..z...8...I......1"...(..5.a.1Z.EG.Y.m;...\...`l.3

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (560)
Category:	downloaded
Size (bytes):	7888
Entropy (8bit):	5.4625119581264725
Encrypted:	false
SSDEEP:	192:ObttrmOi+6qR+ks+G/R/Xo5HW5DR6WHKWsODu:Ovmp+6yfs+C/Xo5HW5DRhHKWsODu
MD5:	CBFA9E32254C723FEFC5CE72279E6D67
SHA1:	0692580B92D8ADB466A23B561DDCCBBC60186470
SHA-256:	4E336D7D6F61D9C94C96DB59073F6FCA0A8A80F2C79E68D6E7BA8946532C69B9
SHA-512:	63E3A78482F00BD97D9A63D1883A862051A21B132AAA5CEFD9C568EC7A91E34CAF73CF7381A2BB776D5B598488C704C53F2A7219B21D4F835CA049096521F785
Malicious:	false
Reputation:	low
URL:	https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact support@knowbe4.com." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>. <meta name="robots" content="noindex, nofollow" />.. <head>. <script src="/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js"></script>.. <link rel="stylesheet" href="/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css" media="all" />.. </head>. .<meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1">..<script class="jsbin" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></scrip

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	380848
Entropy (8bit):	5.202109831427653
Encrypted:	false
SSDEEP:	3072:sHNwcv9VBQpLl88SMBQ47GKYQa8ITLYI9fB8NJOD3EAjV2Uc9M1U+/uz+rSLyCAV:sHWK9VC78UBQ47GKXIvd9sOVAqtNX
MD5:	67A0C4DBD69561F3226243034423F1ED
SHA1:	88C1B5C7EBBFA24D8196290206BF544F28EEB406
SHA-256:	74B9F1CFE7CAD31AE1C1901200890B76676E6D92AC817641F5EF9BFD552F2110
SHA-512:	D5326C46E2FC443AA0C75DB573B39957514BD025235ADB5F16797133394E1AFD0A6458B38DA8220BF7558333E8F2334532FBCC4CD9DD4DD5811AAC403B498542
Malicious:	false
Reputation:	low
URL:	https://oops.yourgunnalovetraining.com/assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5
Entropy (8bit):	1.5219280948873621
Encrypted:	false
SSDEEP:	3:U8n:U8n
MD5:	83D24D4B43CC7EEF2B61E66C95F3D158
SHA1:	F0CAFC285EE23BB6C28C5166F305493C4331C84D
SHA-256:	1C0FF118A4290C99F39C90ABB38703A866E47251B23CCA20266C69C812CCAFEB
SHA-512:	E6E84563D3A55767F8E5F36C4E217A0768120D6E15CE4D01AA63D36AF7EC8D20B600CE96DCC56DE91EC7E55E83A8267BADDD68B61447069B82ABDB2E92C6ACB6
Malicious:	false
Reputation:	low
URL:	https://p.typekit.net/p.css?s=1&k=zhs8hwa&ht=tk&f=40407.40409.40411.40415.40522.40523.40528.40529&a=103706968&app=typekit&e=css
Preview:	/**/.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1471
Entropy (8bit):	4.754611179426391
Encrypted:	false
SSDEEP:	24:y40r8CQo40agx40mC400XLaR404hZYmx40vGk40vG/I40vGhH40VhZ40UrCmn:xdDgCFEiBZgnTOHTn
MD5:	15E89F9684B18EC43EE51F8D62A787C3
SHA1:	9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
SHA-256:	16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
SHA-512:	79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
Malicious:	false
Reputation:	low
URL:	https://oops.yourgunnalovetraining.com/assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css
Preview:	/* line 1, app/assets/stylesheets/landing-watermark.scss /..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../ line 4, app/assets/stylesheets/landing-watermark.scss /..watermark.left {. left: 0;.}../ line 7, app/assets/stylesheets/landing-watermark.scss /..watermark.right {. right: 0;.}../ line 10, app/assets/stylesheets/landing-watermark.scss /..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../ line 15, app/assets/stylesheets/landing-watermark.scss /..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../ line 24, app/assets/stylesheets/landing-watermark.scss /.#template_sei .watermark.left {. margin-left: -10px;.}../ li

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 626x417, components 3
Category:	dropped
Size (bytes):	45652
Entropy (8bit):	7.9773265636873
Encrypted:	false
SSDEEP:	768:h1C1Cz8Z/fnsFvkPeb7x5DhR7f06hV4aEKaJ7xylakDNVD2TFSNkf6UaNAUoR+gd:ho1Czm//sv1h5DD7Ro+aJ9yllXDEekC2
MD5:	8708552A02FF3B31F0BC291641E5EB7D
SHA1:	2C275CABD85A1C73E40828CB80358560839CCB15
SHA-256:	8BC4E19A9EA18ED008B99170D3F92C8207B652FCB1C4D5713B04797E0C51294D
SHA-512:	381D7B04B57F05E078D42AE7669DB835CBBAF1A14B0162AF5A54F6C4BFCF577A20B2E005F9501092615029F249E9E6235A3690BF8323579FA7179AED2945492D
Malicious:	false
Reputation:	low
Preview:	......JFIF..............ICC_PROFILE.......lcms....mntrRGB XYZ .........).9acspAPPL...................................-lcms................................................desc.......^cprt...\....wtpt...h....bkpt...\|....rXYZ........gXYZ........bXYZ........rTRC.......@gTRC.......@bTRC.......@desc........c2..................................................................................text....FB..XYZ ...............-XYZ ...........3....XYZ ......o...8.....XYZ ......b.........XYZ ......$.........curv...............c...k...?.Q.4!.).2.;.F.Qw].kpz....\|.i.}...0.................................................................! !,,;...........................................................! !,,;........r.."..........8......................................................................".z..<.Nu.~.d.)...}...o...\|.pQ.+.;..u.Q.;............o.8c.OHjP..7....N....zZ........Jo....KO.l....v.J.:.(...l.T...<...;..NNEt..b.`'..U....PSMT.D...fk........'u....pn...pt/.....~........\....*[..hG..a..

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19404, version 1.0
Category:	downloaded
Size (bytes):	19404
Entropy (8bit):	7.989684738207384
Encrypted:	false
SSDEEP:	384:oyVxqplqqlO9U0cHLQN+hopXEaXP8qNQCR2el+04xUp+e0dnt:oyLGHlOkHLQpUMEYRRVXKUpYt
MD5:	9298BF244BBB18C05A10A477073D87B0
SHA1:	5CF95B591A337FCC8B94A0887C8818419444E6B6
SHA-256:	FF93863C00AC954D1E4925EF871CAAC849093A4BAB1F612CB7B3D39D68F7D673
SHA-512:	B734180FD3234B9D2B45464EDD01FEAB3642B1289A80CD0D660367BC6FDDEFDC48368B4AC98A808D384072BE3B127889EAE0E8E8D0592C5CFC7A1A78D0F4A713
Malicious:	false
Reputation:	low
URL:	https://use.typekit.net/af/dde969/00000000000000007735b995/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Preview:	wOF2......K...........Kf........................?DYNA.c...?GDYN.-..B....`..N......7..x..6.$..t. .....X......8..\|....V.G.&..PU...n.....~........:\|..Jg.Z..?..e:.@R.....d..t.~RtIQe...........M...YqD........L.3..[ ..m.O....W..=.f..;.o...&...q..1..1c...u.O..Q\|".l...1.,.....4D...."j..b7.....[...2CJe."'9@..jl...&.+....G..m.;aug$.Fa...&$.$.S.....`O..a..?..LX..+bx~.=.mL.hR@.-@.OK( ...F..m:Q'....E]...r......g...u4.B...@..a..~1....')....Rs.[t...G.p.#+..J..\|..*;.?...Da..HWjz^.w.R.={..9.$..`....1K@.....;+...Z...f..b..r....N.N.wv....3......6.....Q.A.......^..R&(.(]...!.2...X4.:.E..rQV.B...o>..}.. .8>...?."....WP1...gGM.x.._.v.....-\...}......w.!x....+..v..`.......[.\|......+K..\...[...w...Vbzw.....~3G..on....1.tk.W.H..........? n...Mp..[..p....x.7_.n5Q..:....n{h8....u.-.e....:-..n.Ln.p...7...Hm.C.Aqv...c.E@..z....%...8.......p....!<..%xi.......Q?p.&...m.>.!.b.L.....J.....x.f(_...O..5U..U....._..3....\.\.Y.[O.$.WT.J}t.....Z..x............\|\.jJwh06...`.x.!

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (516)
Category:	downloaded
Size (bytes):	6264
Entropy (8bit):	5.211839181885143
Encrypted:	false
SSDEEP:	96:pbzQadZM9Pl6MLMTM3fWf+fBMQMyM0MZugtJ:p5ZMuMLMTM3fWf+fBMQMyM0MZueJ
MD5:	216F0CE7EE923D5D0736930AAE6E0683
SHA1:	6964818F4192E155AD9565A25A9A9F7B5CA8D4F3
SHA-256:	1AEF5FBC25BFAE6C53991092A487AC5B977F886901C30CC1999B18E9F32CEC07
SHA-512:	CC79FE30CB26DB62AA9EE2B039CC9EC2C94685C7FFED81E9F4C0828BDBD88D9838799E8C7CB2EBB33427C6998583618AF7F0F04CE9BE9BDF29090EEDFA737021
Malicious:	false
Reputation:	low
URL:	https://use.typekit.net/zhs8hwa.css
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . noto-sans:. * - http://typekit.com/eulas/00000000000000007735b977. * - http://typekit.com/eulas/00000000000000007735b97f. * - http://typekit.com/eulas/00000000000000007735b988. * - http://typekit.com/eulas/00000000000000007735b995. * noto-sans-extracondensed:. * - http://typekit.com/eulas/00000000000000007735b97e. * - http://typekit.com/eulas/00000000000000007735b984. * - http://typekit.com/eulas/00000000000000007735b998. * - http://typekit.com/eulas/00000000000000007735b99c. . . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. /./{"last_published":"2023-11-22 15:53:04 UTC"}*/..@import url("https://p.typekit.net/p.css?s=1&k=zhs8hwa&ht=tk&f=40407.40409.40411.40415.40522.40523.40528.40529&a=103706968&app=ty

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2024 00:21:18.231837988 CET	49675	443	192.168.2.4	173.222.162.32
Dec 24, 2024 00:21:23.403420925 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:23.403515100 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:23.403594017 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:23.403844118 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:23.403883934 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:25.101926088 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:25.102185011 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:25.102247953 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:25.103255987 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:25.103373051 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:25.104242086 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:25.104317904 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:25.156363964 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:25.156399012 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:25.201325893 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:25.600944042 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:25.601008892 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:25.601218939 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:25.601402044 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:25.601500034 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:25.601567984 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:25.601747036 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:25.601777077 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:25.601989985 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:25.602025986 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.347527027 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.347810984 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.347847939 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.348932981 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.348997116 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.353612900 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.353688955 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.353862047 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.353878975 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.356232882 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.356405973 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.356430054 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.357666016 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.357728004 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.358623981 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.358694077 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.405097961 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.405220032 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.405229092 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.451761007 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.903855085 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.903950930 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:27.904061079 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.905046940 CET	49740	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:21:27.905078888 CET	443	49740	3.224.166.12	192.168.2.4
Dec 24, 2024 00:21:28.342602968 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:28.342648029 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:28.342706919 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:28.343147039 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:28.343257904 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:28.343336105 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:28.343337059 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:28.343348980 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:28.343560934 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:28.343596935 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.084294081 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.084602118 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.084656954 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.084923983 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.085055113 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.085119009 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.085145950 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.085194111 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.085547924 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.085611105 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.085751057 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.085798025 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.086210012 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.086257935 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.087174892 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.087246895 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.087408066 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.087474108 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.087501049 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.087518930 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.136104107 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.136107922 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:30.136125088 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:30.185337067 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:31.988693953 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:31.988724947 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:31.988732100 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:31.988812923 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:31.988857985 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:31.993298054 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:31.993298054 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:32.008752108 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:32.008757114 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:32.008819103 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:32.009589911 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:32.009959936 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:32.010009050 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:32.051331997 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:32.298125029 CET	49744	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:32.298170090 CET	443	49744	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.241290092 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.241786003 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.241848946 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.242275953 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.243201971 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.243299007 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.243793011 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.287355900 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.317478895 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.317507982 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.317578077 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.317641973 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.317749977 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.317806005 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.322396040 CET	49743	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.322433949 CET	443	49743	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.879496098 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.879522085 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.879537106 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.879678965 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.879729986 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.879793882 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.934216976 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.934236050 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.934334993 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:33.934370995 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:33.934426069 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.084270000 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.084294081 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.084352970 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.084386110 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.084417105 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.084456921 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.115582943 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.115598917 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.115664005 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.115690947 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.115736961 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.147805929 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.147823095 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.147896051 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.147918940 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.147979021 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.194000006 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.194036961 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.194072962 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.194087982 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.194116116 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.194135904 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.283091068 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.283109903 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.283185005 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.283211946 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.283262968 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.304770947 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.304785967 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.304842949 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.304868937 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.304913044 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.326881886 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.326896906 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.326946020 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.326967955 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.326988935 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.327008963 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.339342117 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.339355946 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.339421988 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.339442968 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.339495897 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.461437941 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.461457968 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.461512089 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.461541891 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.461570024 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.461589098 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.474234104 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.474256039 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.474304914 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.474329948 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.474359989 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.474581003 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.484920025 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.484935045 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.485003948 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.485028028 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.485095024 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.497282028 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.497298956 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.497370958 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.497385025 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.497432947 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.509532928 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.509548903 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.509610891 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.509629011 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.509674072 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.521250010 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.521287918 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.521323919 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.521344900 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.521373034 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.521392107 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.533319950 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.533337116 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.533405066 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.533421993 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.533472061 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.573282957 CET	49723	80	192.168.2.4	199.232.214.172
Dec 24, 2024 00:21:34.648974895 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.648998022 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.649049044 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.649085045 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.649111032 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.649143934 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.657340050 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.657355070 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.657407999 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.657423019 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.657466888 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.667464972 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.667480946 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.667520046 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.667536974 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.667562008 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.667579889 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.677803040 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.677819014 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.677872896 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.677890062 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.677937984 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.685182095 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.685197115 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.685252905 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.685271025 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.685297012 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.685314894 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.694341898 CET	80	49723	199.232.214.172	192.168.2.4
Dec 24, 2024 00:21:34.694417953 CET	49723	80	192.168.2.4	199.232.214.172
Dec 24, 2024 00:21:34.695260048 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.695275068 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.695338011 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.695358992 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.695405006 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.696772099 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.696854115 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.696858883 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.696913958 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.697129965 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.697164059 CET	443	49746	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:34.697185040 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.697220087 CET	49746	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:34.838197947 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:34.838280916 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:34.838414907 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:34.844854116 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:34.844938040 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:34.845022917 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:34.845227003 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:34.845262051 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:35.971599102 CET	49738	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:21:35.971628904 CET	443	49738	216.58.208.228	192.168.2.4
Dec 24, 2024 00:21:36.600029945 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.600243092 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.600282907 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.600816965 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.600881100 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.601809025 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.601865053 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.602088928 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.602175951 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.602238894 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.602253914 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.655545950 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.979636908 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979662895 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979671955 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979688883 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979696989 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979700089 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979743004 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.979774952 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:36.979816914 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:36.979840994 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.133399963 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.133438110 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.133477926 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.133496046 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.133553982 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.184662104 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.184683084 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.184746981 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.184762955 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.184809923 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.224246025 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.224266052 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.224359035 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.224379063 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.224438906 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.336869001 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.336895943 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.336966991 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.336981058 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.337009907 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.337028980 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.359143019 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.359179020 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.359211922 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.359225035 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.359253883 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.359287977 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.362689018 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.362742901 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.387252092 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.387268066 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.387352943 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.387367010 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.387429953 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.404923916 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.404966116 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.405019045 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.405036926 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.405060053 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.405098915 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.518845081 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.518870115 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.518949986 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.518978119 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.519031048 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.534595013 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.534609079 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.534676075 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.534689903 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.534734964 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.551783085 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.551798105 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.551882982 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.551901102 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.551951885 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.568491936 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.568507910 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.568578959 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.568591118 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.568648100 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.584279060 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.584294081 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.584373951 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.584386110 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.584445000 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.601319075 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.601334095 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.601408958 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.601421118 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.601475000 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.616117954 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.616132021 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.616208076 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.616225958 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.616286039 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.699759960 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.699774981 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.699862003 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.699875116 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.699939966 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.712971926 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.712985992 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.713057041 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.713068962 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.713123083 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.723881960 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.723896027 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.723965883 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.723978043 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.724030972 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.735549927 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.735575914 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.735657930 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.735670090 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.735728979 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.746522903 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.746536016 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.746604919 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.746617079 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.746663094 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.756499052 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.756513119 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.756578922 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.756591082 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.756639957 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.767096043 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.767111063 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.767189026 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.767200947 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.767256975 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.776381969 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.776395082 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.776463985 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.776475906 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.776524067 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.889095068 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.889146090 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.889185905 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:37.889194965 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.889245987 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.889652967 CET	49752	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:37.889683008 CET	443	49752	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:39.323220015 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:39.323268890 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:39.323334932 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:39.323636055 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:39.323653936 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.540019035 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.540333986 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:40.540385962 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.540771008 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.541184902 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:40.541260958 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.541361094 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:40.587373972 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.986480951 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.986548901 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:40.986624002 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:41.009452105 CET	49759	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:41.009474039 CET	443	49759	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:41.067122936 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:41.067214966 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:41.067338943 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:41.069777012 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:41.069816113 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.287988901 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.288321018 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:42.288367987 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.288748980 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.289114952 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:42.289196968 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.289263010 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:42.335330963 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.732078075 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.732168913 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:42.732263088 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:42.732718945 CET	49761	443	192.168.2.4	34.195.197.181
Dec 24, 2024 00:21:42.732754946 CET	443	49761	34.195.197.181	192.168.2.4
Dec 24, 2024 00:21:48.302664995 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:48.302771091 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:48.302861929 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:48.310447931 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:48.310482979 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:49.528055906 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:49.532855988 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:49.532910109 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:49.534162045 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:49.546273947 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:21:49.546468973 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:21:49.590120077 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:22:12.419276953 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:22:12.419297934 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:22:21.631191969 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:22:21.631278992 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:22:21.631373882 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:22:21.982023001 CET	49741	443	192.168.2.4	3.224.166.12
Dec 24, 2024 00:22:21.982047081 CET	443	49741	3.224.166.12	192.168.2.4
Dec 24, 2024 00:22:22.308856010 CET	49724	80	192.168.2.4	199.232.214.172
Dec 24, 2024 00:22:22.430291891 CET	80	49724	199.232.214.172	192.168.2.4
Dec 24, 2024 00:22:22.430371046 CET	49724	80	192.168.2.4	199.232.214.172
Dec 24, 2024 00:22:23.325764894 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:23.325786114 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:23.325860023 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:23.326102018 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:23.326111078 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:25.016429901 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:25.016746998 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:25.016761065 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:25.017081022 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:25.017489910 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:25.017540932 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:25.059174061 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:34.559274912 CET	49762	443	192.168.2.4	54.165.133.35
Dec 24, 2024 00:22:34.559345961 CET	443	49762	54.165.133.35	192.168.2.4
Dec 24, 2024 00:22:34.717408895 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:34.717466116 CET	443	49796	216.58.208.228	192.168.2.4
Dec 24, 2024 00:22:34.717565060 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:35.989511967 CET	49796	443	192.168.2.4	216.58.208.228
Dec 24, 2024 00:22:35.989550114 CET	443	49796	216.58.208.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 24, 2024 00:21:19.194818974 CET	53	63962	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:19.325366020 CET	53	55859	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:22.033601046 CET	53	56220	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:23.263333082 CET	51456	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:23.263489008 CET	59277	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:23.401720047 CET	53	51456	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:23.402381897 CET	53	59277	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:25.094115973 CET	54130	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:25.094769001 CET	61070	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:25.599989891 CET	53	61070	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:25.600147963 CET	53	54130	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:27.939649105 CET	56927	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:27.939806938 CET	58939	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:28.341177940 CET	53	58939	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:28.341892004 CET	53	56927	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:29.957789898 CET	138	138	192.168.2.4	192.168.2.255
Dec 24, 2024 00:21:32.009246111 CET	60840	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:32.009246111 CET	60101	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:32.009579897 CET	52916	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:32.009967089 CET	54163	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.170663118 CET	53340	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.170811892 CET	61525	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.703917027 CET	60498	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.704057932 CET	54756	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.725164890 CET	63544	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.725301027 CET	56926	53	192.168.2.4	1.1.1.1
Dec 24, 2024 00:21:34.843106985 CET	53	60498	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:34.844398022 CET	53	54756	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:37.118000031 CET	53	54670	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:39.014631033 CET	53	49402	1.1.1.1	192.168.2.4
Dec 24, 2024 00:21:57.853782892 CET	53	52258	1.1.1.1	192.168.2.4
Dec 24, 2024 00:22:18.807944059 CET	53	63006	1.1.1.1	192.168.2.4
Dec 24, 2024 00:22:20.402072906 CET	53	54615	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 24, 2024 00:21:32.250194073 CET	192.168.2.4	1.1.1.1	c268	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 24, 2024 00:21:23.263333082 CET	192.168.2.4	1.1.1.1	0xeba5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:23.263489008 CET	192.168.2.4	1.1.1.1	0xcc22	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 24, 2024 00:21:25.094115973 CET	192.168.2.4	1.1.1.1	0x5a77	Standard query (0)	spamchallenge.msftemail.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:25.094769001 CET	192.168.2.4	1.1.1.1	0xf544	Standard query (0)	spamchallenge.msftemail.com	65	IN (0x0001)	false
Dec 24, 2024 00:21:27.939649105 CET	192.168.2.4	1.1.1.1	0x6b88	Standard query (0)	oops.yourgunnalovetraining.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:27.939806938 CET	192.168.2.4	1.1.1.1	0x2878	Standard query (0)	oops.yourgunnalovetraining.com	65	IN (0x0001)	false
Dec 24, 2024 00:21:32.009246111 CET	192.168.2.4	1.1.1.1	0x2bc7	Standard query (0)	use.typekit.net	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:32.009246111 CET	192.168.2.4	1.1.1.1	0xa109	Standard query (0)	use.typekit.net	65	IN (0x0001)	false
Dec 24, 2024 00:21:32.009579897 CET	192.168.2.4	1.1.1.1	0xe9b9	Standard query (0)	img.freepik.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:32.009967089 CET	192.168.2.4	1.1.1.1	0x10b0	Standard query (0)	img.freepik.com	65	IN (0x0001)	false
Dec 24, 2024 00:21:34.170663118 CET	192.168.2.4	1.1.1.1	0xa690	Standard query (0)	img.freepik.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.170811892 CET	192.168.2.4	1.1.1.1	0x1feb	Standard query (0)	img.freepik.com	65	IN (0x0001)	false
Dec 24, 2024 00:21:34.703917027 CET	192.168.2.4	1.1.1.1	0x7389	Standard query (0)	oops.yourgunnalovetraining.com	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.704057932 CET	192.168.2.4	1.1.1.1	0x9532	Standard query (0)	oops.yourgunnalovetraining.com	65	IN (0x0001)	false
Dec 24, 2024 00:21:34.725164890 CET	192.168.2.4	1.1.1.1	0xf046	Standard query (0)	p.typekit.net	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.725301027 CET	192.168.2.4	1.1.1.1	0xd931	Standard query (0)	p.typekit.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 24, 2024 00:21:23.401720047 CET	1.1.1.1	192.168.2.4	0xeba5	No error (0)	www.google.com		216.58.208.228	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:23.402381897 CET	1.1.1.1	192.168.2.4	0xcc22	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 24, 2024 00:21:25.599989891 CET	1.1.1.1	192.168.2.4	0xf544	No error (0)	spamchallenge.msftemail.com	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	spamchallenge.msftemail.com	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	landing.training.knowbe4.com		3.224.166.12	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	landing.training.knowbe4.com		34.199.69.9	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	landing.training.knowbe4.com		44.205.103.65	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	landing.training.knowbe4.com		52.5.40.63	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:25.600147963 CET	1.1.1.1	192.168.2.4	0x5a77	No error (0)	landing.training.knowbe4.com		54.165.133.35	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:28.341892004 CET	1.1.1.1	192.168.2.4	0x6b88	No error (0)	oops.yourgunnalovetraining.com		54.165.133.35	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:28.341892004 CET	1.1.1.1	192.168.2.4	0x6b88	No error (0)	oops.yourgunnalovetraining.com		44.205.103.65	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:28.341892004 CET	1.1.1.1	192.168.2.4	0x6b88	No error (0)	oops.yourgunnalovetraining.com		3.224.166.12	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:28.341892004 CET	1.1.1.1	192.168.2.4	0x6b88	No error (0)	oops.yourgunnalovetraining.com		52.5.40.63	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:28.341892004 CET	1.1.1.1	192.168.2.4	0x6b88	No error (0)	oops.yourgunnalovetraining.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:28.341892004 CET	1.1.1.1	192.168.2.4	0x6b88	No error (0)	oops.yourgunnalovetraining.com		34.199.69.9	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:32.148915052 CET	1.1.1.1	192.168.2.4	0xe9b9	No error (0)	img.freepik.com	freepik.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:32.154231071 CET	1.1.1.1	192.168.2.4	0xa109	No error (0)	use.typekit.net	use-stls.adobe.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:32.155236006 CET	1.1.1.1	192.168.2.4	0x2bc7	No error (0)	use.typekit.net	use-stls.adobe.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:32.250027895 CET	1.1.1.1	192.168.2.4	0x10b0	No error (0)	img.freepik.com	freepik.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:34.312345982 CET	1.1.1.1	192.168.2.4	0x1feb	No error (0)	img.freepik.com	freepik.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:34.312642097 CET	1.1.1.1	192.168.2.4	0xa690	No error (0)	img.freepik.com	freepik.com.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:34.843106985 CET	1.1.1.1	192.168.2.4	0x7389	No error (0)	oops.yourgunnalovetraining.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.843106985 CET	1.1.1.1	192.168.2.4	0x7389	No error (0)	oops.yourgunnalovetraining.com		44.205.103.65	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.843106985 CET	1.1.1.1	192.168.2.4	0x7389	No error (0)	oops.yourgunnalovetraining.com		3.224.166.12	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.843106985 CET	1.1.1.1	192.168.2.4	0x7389	No error (0)	oops.yourgunnalovetraining.com		34.199.69.9	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.843106985 CET	1.1.1.1	192.168.2.4	0x7389	No error (0)	oops.yourgunnalovetraining.com		54.165.133.35	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.843106985 CET	1.1.1.1	192.168.2.4	0x7389	No error (0)	oops.yourgunnalovetraining.com		52.5.40.63	A (IP address)	IN (0x0001)	false
Dec 24, 2024 00:21:34.863497019 CET	1.1.1.1	192.168.2.4	0xf046	No error (0)	p.typekit.net	p.typekit.net-stls-v3.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 24, 2024 00:21:34.864562988 CET	1.1.1.1	192.168.2.4	0xd931	No error (0)	p.typekit.net	p.typekit.net-stls-v3.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

spamchallenge.msftemail.com

https:

oops.yourgunnalovetraining.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	3.224.166.12	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:27 UTC	1018	OUT	GET /XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580 HTTP/1.1 Host: spamchallenge.msftemail.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:27 UTC	574	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 494 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"40835a67f327d233fbeebe744547425a" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: dde7267b-10ad-46e7-87c2-d8c3ee31825a X-Runtime: 0.101622 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-12-23 23:21:27 UTC	494	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6f 6f 70 73 2e 79 6f 75 72 67 75 6e 6e 61 6c 6f 76 65 74 72 61 69 6e 69 6e 67 2e 63 6f 6d 2f 70 61 67 65 73 2f 33 37 37 62 64 38 34 30 35 31 65 63 2f 58 64 45 64 33 62 44 56 42 55 7a 5a 4f 51 55 77 7a 55 6d 78 7a 52 57 56 4c 55 33 68 75 4b 30 4a 71 62 58 46 74 5a 48 41 33 63 55 6c 76 63 58 68 6e 52 6c 68 57 61 46 42 61 53 44 4a 49 4d 6e 4d 79 59 56 4e 30 4d 47 70 47 4e 47 4e 33 63 30 51 31 4e 45 30 78 4d 55 70 47 54 33 4a 75 54 32 78 4f 61 56 5a 4b 63 7a 6c 51 4c 32 56 42 57 45 39 73 61 30 70 52 4e 32 56 75 55 45 52 56 54 6c 46 57 4d 6b 64 6d 4e 6a 5a 6f 55 6c 56 34 53 47 Data Ascii: <html> <head> <script>window.location.href = 'https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	54.165.133.35	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:30 UTC	1406	OUT	GET /pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0= HTTP/1.1 Host: oops.yourgunnalovetraining.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:31 UTC	832	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:31 GMT Content-Type: text/html; charset=utf-8 Content-Length: 7888 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade Link: </assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css>; rel=preload; as=style; nopush,</assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js>; rel=preload; as=script; nopush ETag: W/"4e336d7d6f61d9c94c96db59073f6fca" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: adc6fd12-e246-46e8-8a42-786fe7f12d5f X-Runtime: 1.434690 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-12-23 23:21:31 UTC	7888	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 49 4d 50 4f 52 54 41 4e 54 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 70 61 67 65 20 69 73 20 70 61 72 74 20 6f 66 20 61 20 73 69 6d 75 6c 61 74 65 64 20 70 68 69 73 68 69 6e 67 20 61 74 74 61 63 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <meta name="IMPORTANT" content="This page is part of a simulated phishing attac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	54.165.133.35	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:32 UTC	1004	OUT	GET /assets/landing-watermark-8487e36eef1bec74f06631f19fea0aa171c208e2976373cda5bd0a4b9e230903.css HTTP/1.1 Host: oops.yourgunnalovetraining.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:33 UTC	263	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:33 GMT Content-Type: text/css Content-Length: 1471 Connection: close Last-Modified: Thu, 19 Dec 2024 18:38:00 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-12-23 23:21:33 UTC	1471	IN	Data Raw: 2f 2a 20 6c 69 6e 65 20 31 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 74 65 72 6d 61 72 6b 2e 73 63 73 73 20 2a 2f 0a 2e 77 61 74 65 72 6d 61 72 6b 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 20 20 20 20 2d 6d 73 2d 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 74 62 2d 72 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 77 72 69 74 69 6e 67 2d 6d 6f 64 65 3a 20 76 65 72 74 69 63 61 6c 2d 72 6c 3b 0a 20 20 74 65 78 74 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 20 73 69 64 65 77 61 79 73 3b 0a 7d 0a 0a 2f 2a 20 6c 69 6e 65 20 34 2c 20 61 70 70 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 68 65 65 74 73 2f 6c 61 6e 64 69 6e 67 2d 77 61 Data Ascii: /* line 1, app/assets/stylesheets/landing-watermark.scss /.watermark { -webkit-writing-mode: vertical-rl; -ms-writing-mode: tb-rl; writing-mode: vertical-rl; text-orientation: sideways;}/ line 4, app/assets/stylesheets/landing-wa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	54.165.133.35	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:33 UTC	983	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: oops.yourgunnalovetraining.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:33 UTC	279	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:33 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Thu, 19 Dec 2024 18:38:00 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-12-23 23:21:33 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-12-23 23:21:33 UTC	16384	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2024-12-23 23:21:33 UTC	56	IN	Data Raw: 28 65 2c 6e 29 7c 7c 5f 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 63 65 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 Data Ascii: (e,n)\|\|_.access(e,n,{empty:ce.Callbacks("once memory").a
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 63 65 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 63 65 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 74 68 69 73 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 63 65 2e 71 75 65 75 65 28 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 Data Ascii: dd(function(){_.remove(e,[t+"queue",n])})})}}),ce.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?ce.queue(this[0],t):void 0===n?this:this.each(function(){var e=ce.queue(this,t,n);ce._queueHooks(this,t)
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 63 65 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 63 65 2e 63 6c 65 61 6e 44 61 74 61 28 53 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 63 65 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 Data Ascii: this.parentNode;ce.inArray(this,n)<0&&(ce.cleanData(Se(this)),t&&t.replaceChild(e,this))},n)}}),ce.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){ce.fn[e]=function(e){for(var t
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a 65 5b 74 5d 3d 6e 3a 69 26 26 22 67 65 74 22 69 6e 20 69 26 26 6e 75 6c 6c 21 3d 3d 28 72 3d 69 2e 67 65 74 28 65 2c 74 29 29 3f 72 3a 65 5b 74 5d 7d 2c 70 72 6f 70 48 6f 6f 6b 73 3a 7b 74 61 62 49 6e 64 65 78 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 63 65 2e 66 69 6e 64 2e 61 74 74 72 28 65 2c 22 74 61 62 69 6e 64 65 78 22 29 3b 72 65 74 75 72 6e 20 74 3f 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 62 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7c 7c 77 74 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 26 26 65 2e 68 72 65 66 3f 30 3a 2d 31 7d 7d 7d 2c 70 72 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 Data Ascii: (r=i.set(e,n,t))?r:e[t]=n:i&&"get"in i&&null!==(r=i.get(e,t))?r:e[t]},propHooks:{tabIndex:{get:function(e){var t=ce.find.attr(e,"tabindex");return t?parseInt(t,10):bt.test(e.nodeName)\|\|wt.test(e.nodeName)&&e.href?0:-1}}},propFix:{"for":"htmlFor","class":"
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 65 66 69 6c 74 65 72 28 22 6a 73 6f 6e 20 6a 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 5a 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 5a 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c Data Ascii: efilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Zt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Zt.test(e.data)&&"data");if(a\|\|"jsonp"===e.dataTypes[0])return r=e.jsonpCal
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 74 65 72 22 2c 69 5b 31 5d 3d 6c 2e 74 65 73 74 28 69 5b 31 5d 29 3f 69 5b 31 5d 3a 22 63 65 6e 74 65 72 22 2c 74 3d 68 2e 65 78 65 63 28 69 5b 30 5d 29 2c 65 3d 68 2e 65 78 65 63 28 69 5b 31 5d 29 2c 77 5b 74 68 69 73 5d 3d 5b 74 3f 74 5b 30 5d 3a 30 2c 65 3f 65 5b 30 5d 3a 30 5d 2c 75 5b 74 68 69 73 5d 3d 5b 63 2e 65 78 65 63 28 69 5b 30 5d 29 5b 30 5d 2c 63 2e 65 78 65 63 28 69 5b 31 5d 29 5b 30 5d 5d 7d 29 2c 31 3d 3d 3d 79 2e 6c 65 6e 67 74 68 26 26 28 79 5b 31 5d 3d 79 5b 30 5d 29 2c 22 72 69 67 68 74 22 3d 3d 3d 75 2e 61 74 5b 30 5d 3f 6d 2e 6c 65 66 74 2b 3d 70 3a 22 63 65 6e 74 65 72 22 3d 3d 3d 75 2e 61 74 5b 30 5d 26 26 28 6d 2e 6c 65 66 74 2b 3d 70 2f 32 29 2c 22 62 6f 74 74 6f 6d 22 3d 3d 3d 75 2e 61 74 5b 31 5d 3f 6d 2e 74 6f 70 2b 3d 66 3a Data Ascii: ter",i[1]=l.test(i[1])?i[1]:"center",t=h.exec(i[0]),e=h.exec(i[1]),w[this]=[t?t[0]:0,e?e[0]:0],u[this]=[c.exec(i[0])[0],c.exec(i[1])[0]]}),1===y.length&&(y[1]=y[0]),"right"===u.at[0]?m.left+=p:"center"===u.at[0]&&(m.left+=p/2),"bottom"===u.at[1]?m.top+=f:
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 66 66 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 2c 65 3d 74 68 69 73 2e 64 6f 63 75 6d 65 6e 74 5b 30 5d 3b 72 65 74 75 72 6e 22 61 62 73 6f 6c 75 74 65 22 3d 3d 3d 74 68 69 73 2e 63 73 73 50 6f 73 69 74 69 6f 6e 26 26 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 21 3d 3d 65 26 26 56 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 5b 30 5d 2c 74 68 69 73 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 5b 30 5d 29 26 26 28 74 2e 6c 65 66 74 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 6f 6c 6c 4c 65 66 74 28 29 2c 74 2e 74 6f 70 2b 3d 74 68 69 73 2e 73 63 72 6f 6c 6c 50 61 72 65 6e 74 2e 73 63 72 Data Ascii: ffset:function(){var t=this.offsetParent.offset(),e=this.document[0];return"absolute"===this.cssPosition&&this.scrollParent[0]!==e&&V.contains(this.scrollParent[0],this.offsetParent[0])&&(t.left+=this.scrollParent.scrollLeft(),t.top+=this.scrollParent.scr
2024-12-23 23:21:34 UTC	16384	IN	Data Raw: 74 2e 6f 66 66 73 65 74 28 29 2c 6e 5b 69 5d 2e 70 72 6f 70 6f 72 74 69 6f 6e 73 28 7b 77 69 64 74 68 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 57 69 64 74 68 2c 68 65 69 67 68 74 3a 6e 5b 69 5d 2e 65 6c 65 6d 65 6e 74 5b 30 5d 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7d 29 29 7d 7d 2c 64 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 3d 21 31 3b 72 65 74 75 72 6e 20 56 2e 65 61 63 68 28 28 56 2e 75 69 2e 64 64 6d 61 6e 61 67 65 72 2e 64 72 6f 70 70 61 62 6c 65 73 5b 74 2e 6f 70 74 69 6f 6e 73 2e 73 63 6f 70 65 5d 7c 7c 5b 5d 29 2e 73 6c 69 63 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 69 6f 6e 73 26 26 28 21 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 64 69 73 61 62 6c 65 64 26 26 74 68 Data Ascii: t.offset(),n[i].proportions({width:n[i].element[0].offsetWidth,height:n[i].element[0].offsetHeight}))}},drop:function(t,e){var i=!1;return V.each((V.ui.ddmanager.droppables[t.options.scope]\|\|[]).slice(),function(){this.options&&(!this.options.disabled&&th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49752	34.195.197.181	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:36 UTC	440	OUT	GET /assets/application-237cb5c4f318687625f8ccf2f42de3fc20238bfe267384653491a6bba8c8f6f5.js HTTP/1.1 Host: oops.yourgunnalovetraining.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:36 UTC	279	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:36 GMT Content-Type: application/javascript Content-Length: 380848 Connection: close Last-Modified: Thu, 19 Dec 2024 18:38:00 GMT Vary: accept-encoding Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2024-12-23 23:21:36 UTC	16105	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-12-23 23:21:37 UTC	10519	IN	Data Raw: 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 Data Ascii: Name)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe(e,"input")&&"button"===e.type\|\|fe(e,"button")},text:function(e){var t;return fe(e,"input")&&"text"===e.type&&(null==(t=e.getAttribute("type"))\|\|"text"===t.toLowerCase())},fir
2024-12-23 23:21:37 UTC	16384	IN	Data Raw: 67 75 6d 65 6e 74 73 29 2c 74 68 69 73 7d 2c 22 63 61 74 63 68 22 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 74 68 65 6e 28 6e 75 6c 6c 2c 65 29 7d 2c 70 69 70 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 69 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 63 65 2e 44 65 66 65 72 72 65 64 28 66 75 6e 63 74 69 6f 6e 28 72 29 7b 63 65 2e 65 61 63 68 28 6f 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 76 28 69 5b 74 5b 34 5d 5d 29 26 26 69 5b 74 5b 34 5d 5d 3b 73 5b 74 5b 31 5d 5d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6e 26 26 6e 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 3b 65 26 26 76 28 65 2e 70 72 6f 6d 69 73 65 29 3f 65 2e 70 72 6f 6d 69 73 65 28 29 2e 70 72 6f 67 Data Ascii: guments),this},"catch":function(e){return a.then(null,e)},pipe:function(){var i=arguments;return ce.Deferred(function(r){ce.each(o,function(e,t){var n=v(i[t[4]])&&i[t[4]];s[t[1]](function(){var e=n&&n.apply(this,arguments);e&&v(e.promise)?e.promise().prog
2024-12-23 23:21:37 UTC	16384	IN	Data Raw: 67 65 74 54 6f 75 63 68 65 73 3a 21 30 2c 74 6f 45 6c 65 6d 65 6e 74 3a 21 30 2c 74 6f 75 63 68 65 73 3a 21 30 2c 77 68 69 63 68 3a 21 30 7d 2c 63 65 2e 65 76 65 6e 74 2e 61 64 64 50 72 6f 70 29 2c 63 65 2e 65 61 63 68 28 7b 66 6f 63 75 73 3a 22 66 6f 63 75 73 69 6e 22 2c 62 6c 75 72 3a 22 66 6f 63 75 73 6f 75 74 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 72 2c 69 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 69 66 28 43 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 29 7b 76 61 72 20 74 3d 5f 2e 67 65 74 28 74 68 69 73 2c 22 68 61 6e 64 6c 65 22 29 2c 6e 3d 63 65 2e 65 76 65 6e 74 2e 66 69 78 28 65 29 3b 6e 2e 74 79 70 65 3d 22 66 6f 63 75 73 69 6e 22 3d 3d 3d 65 2e 74 79 70 65 3f 22 66 6f 63 75 73 22 3a 22 62 6c 75 72 22 2c 6e 2e 69 73 53 69 6d 75 6c 61 74 65 64 3d Data Ascii: getTouches:!0,toElement:!0,touches:!0,which:!0},ce.event.addProp),ce.each({focus:"focusin",blur:"focusout"},function(r,i){function o(e){if(C.documentMode){var t=_.get(this,"handle"),n=ce.event.fix(e);n.type="focusin"===e.type?"focus":"blur",n.isSimulated=
2024-12-23 23:21:37 UTC	16384	IN	Data Raw: 69 6e 20 74 2c 70 3d 74 68 69 73 2c 64 3d 7b 7d 2c 68 3d 65 2e 73 74 79 6c 65 2c 67 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 65 65 28 65 29 2c 76 3d 5f 2e 67 65 74 28 65 2c 22 66 78 73 68 6f 77 22 29 3b 66 6f 72 28 72 20 69 6e 20 6e 2e 71 75 65 75 65 7c 7c 28 6e 75 6c 6c 3d 3d 28 61 3d 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 65 2c 22 66 78 22 29 29 2e 75 6e 71 75 65 75 65 64 26 26 28 61 2e 75 6e 71 75 65 75 65 64 3d 30 2c 73 3d 61 2e 65 6d 70 74 79 2e 66 69 72 65 2c 61 2e 65 6d 70 74 79 2e 66 69 72 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 75 6e 71 75 65 75 65 64 7c 7c 73 28 29 7d 29 2c 61 2e 75 6e 71 75 65 75 65 64 2b 2b 2c 70 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 70 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e Data Ascii: in t,p=this,d={},h=e.style,g=e.nodeType&&ee(e),v=_.get(e,"fxshow");for(r in n.queue\|\|(null==(a=ce._queueHooks(e,"fx")).unqueued&&(a.unqueued=0,s=a.empty.fire,a.empty.fire=function(){a.unqueued\|\|s()}),a.unqueued++,p.always(function(){p.always(function(){a.
2024-12-23 23:21:37 UTC	13491	IN	Data Raw: 22 2c 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 26 26 76 2e 61 63 63 65 70 74 73 5b 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 5d 3f 76 2e 61 63 63 65 70 74 73 5b 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 5d 2b 28 22 2a 22 21 3d 3d 76 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 3f 22 2c 20 22 2b 7a 74 2b 22 3b 20 71 3d 30 2e 30 31 22 3a 22 22 29 3a 76 2e 61 63 63 65 70 74 73 5b 22 2a 22 5d 29 2c 76 2e 68 65 61 64 65 72 73 29 54 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 69 2c 76 2e 68 65 61 64 65 72 73 5b 69 5d 29 3b 69 66 28 76 2e 62 65 66 6f 72 65 53 65 6e 64 26 26 28 21 31 3d 3d 3d 76 2e 62 65 66 6f 72 65 53 65 6e 64 2e 63 61 6c 6c 28 79 2c 54 2c 76 29 7c 7c 68 29 29 72 65 74 75 72 6e 20 54 2e 61 62 6f 72 74 28 29 3b 69 66 28 75 3d 22 61 62 6f 72 Data Ascii: ",v.dataTypes[0]&&v.accepts[v.dataTypes[0]]?v.accepts[v.dataTypes[0]]+(""!==v.dataTypes[0]?", "+zt+"; q=0.01":""):v.accepts[""]),v.headers)T.setRequestHeader(i,v.headers[i]);if(v.beforeSend&&(!1===v.beforeSend.call(y,T,v)\|\|h))return T.abort();if(u="abor
2024-12-23 23:21:37 UTC	2893	IN	Data Raw: 65 74 2e 65 78 74 65 6e 64 28 7b 7d 2c 69 29 3a 74 5b 65 5d 3d 69 29 3b 72 65 74 75 72 6e 20 74 7d 2c 56 2e 77 69 64 67 65 74 2e 62 72 69 64 67 65 3d 66 75 6e 63 74 69 6f 6e 28 6f 2c 65 29 7b 76 61 72 20 61 3d 65 2e 70 72 6f 74 6f 74 79 70 65 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 7c 7c 6f 3b 56 2e 66 6e 5b 6f 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 74 3d 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 69 2c 73 3d 72 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 2c 6e 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 74 3f 74 68 69 73 2e 6c 65 6e 67 74 68 7c 7c 22 69 6e 73 74 61 6e 63 65 22 21 3d 3d 69 3f 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 65 3d 56 2e 64 61 74 61 28 74 68 69 73 2c 61 29 3b Data Ascii: et.extend({},i):t[e]=i);return t},V.widget.bridge=function(o,e){var a=e.prototype.widgetFullName\|\|o;V.fn[o]=function(i){var t="string"==typeof i,s=r.call(arguments,1),n=this;return t?this.length\|\|"instance"!==i?this.each(function(){var t,e=V.data(this,a);
2024-12-23 23:21:37 UTC	16384	IN	Data Raw: 26 26 28 69 3d 56 28 73 2e 67 65 74 28 29 29 2c 74 68 69 73 2e 5f 72 65 6d 6f 76 65 43 6c 61 73 73 28 73 2c 65 29 2c 69 2e 61 64 64 43 6c 61 73 73 28 74 68 69 73 2e 5f 63 6c 61 73 73 65 73 28 7b 65 6c 65 6d 65 6e 74 3a 69 2c 6b 65 79 73 3a 65 2c 63 6c 61 73 73 65 73 3a 74 2c 61 64 64 3a 21 30 7d 29 29 29 7d 2c 5f 73 65 74 4f 70 74 69 6f 6e 44 69 73 61 62 6c 65 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 68 69 73 2e 5f 74 6f 67 67 6c 65 43 6c 61 73 73 28 74 68 69 73 2e 77 69 64 67 65 74 28 29 2c 74 68 69 73 2e 77 69 64 67 65 74 46 75 6c 6c 4e 61 6d 65 2b 22 2d 64 69 73 61 62 6c 65 64 22 2c 6e 75 6c 6c 2c 21 21 74 29 2c 74 26 26 28 74 68 69 73 2e 5f 72 65 6d 6f 76 65 43 6c 61 73 73 28 74 68 69 73 2e 68 6f 76 65 72 61 62 6c 65 2c 6e 75 6c 6c 2c 22 75 69 2d Data Ascii: &&(i=V(s.get()),this._removeClass(s,e),i.addClass(this._classes({element:i,keys:e,classes:t,add:!0})))},_setOptionDisabled:function(t){this._toggleClass(this.widget(),this.widgetFullName+"-disabled",null,!!t),t&&(this._removeClass(this.hoverable,null,"ui-
2024-12-23 23:21:37 UTC	13491	IN	Data Raw: 69 3d 65 2e 61 63 74 69 76 65 45 6c 65 6d 65 6e 74 7d 63 61 74 63 68 28 74 29 7b 69 3d 65 2e 62 6f 64 79 7d 72 65 74 75 72 6e 28 69 3d 69 7c 7c 65 2e 62 6f 64 79 29 2e 6e 6f 64 65 4e 61 6d 65 7c 7c 28 69 3d 65 2e 62 6f 64 79 29 2c 69 7d 2c 56 2e 75 69 2e 73 61 66 65 42 6c 75 72 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 26 26 22 62 6f 64 79 22 21 3d 3d 74 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 26 26 56 28 74 29 2e 74 72 69 67 67 65 72 28 22 62 6c 75 72 22 29 7d 3b 56 2e 77 69 64 67 65 74 28 22 75 69 2e 64 72 61 67 67 61 62 6c 65 22 2c 56 2e 75 69 2e 6d 6f 75 73 65 2c 7b 76 65 72 73 69 6f 6e 3a 22 31 2e 31 33 2e 32 22 2c 77 69 64 67 65 74 45 76 65 6e 74 50 72 65 66 69 78 3a 22 64 72 61 67 22 2c 6f 70 74 69 6f 6e 73 3a 7b 61 64 Data Ascii: i=e.activeElement}catch(t){i=e.body}return(i=i\|\|e.body).nodeName\|\|(i=e.body),i},V.ui.safeBlur=function(t){t&&"body"!==t.nodeName.toLowerCase()&&V(t).trigger("blur")};V.widget("ui.draggable",V.ui.mouse,{version:"1.13.2",widgetEventPrefix:"drag",options:{ad
2024-12-23 23:21:37 UTC	16384	IN	Data Raw: 73 69 74 69 6f 6e 3d 6e 2e 5f 67 65 6e 65 72 61 74 65 50 6f 73 69 74 69 6f 6e 28 69 2c 21 30 29 2c 6e 2e 5f 74 72 69 67 67 65 72 28 22 66 72 6f 6d 53 6f 72 74 61 62 6c 65 22 2c 69 29 2c 6e 2e 64 72 6f 70 70 65 64 3d 21 31 2c 56 2e 65 61 63 68 28 6e 2e 73 6f 72 74 61 62 6c 65 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 72 65 66 72 65 73 68 50 6f 73 69 74 69 6f 6e 73 28 29 7d 29 29 7d 29 7d 7d 29 2c 56 2e 75 69 2e 70 6c 75 67 69 6e 2e 61 64 64 28 22 64 72 61 67 67 61 62 6c 65 22 2c 22 63 75 72 73 6f 72 22 2c 7b 73 74 61 72 74 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 69 29 7b 76 61 72 20 73 3d 56 28 22 62 6f 64 79 22 29 2c 69 3d 69 2e 6f 70 74 69 6f 6e 73 3b 73 2e 63 73 73 28 22 63 75 72 73 6f 72 22 29 26 26 28 69 2e 5f 63 75 72 73 6f 72 3d 73 2e Data Ascii: sition=n._generatePosition(i,!0),n._trigger("fromSortable",i),n.dropped=!1,V.each(n.sortables,function(){this.refreshPositions()}))})}}),V.ui.plugin.add("draggable","cursor",{start:function(t,e,i){var s=V("body"),i=i.options;s.css("cursor")&&(i._cursor=s.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49759	54.165.133.35	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:40 UTC	968	OUT	GET /favicon.ico HTTP/1.1 Host: oops.yourgunnalovetraining.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://oops.yourgunnalovetraining.com/pages/377bd84051ec/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0= Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:40 UTC	253	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:40 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Thu, 19 Dec 2024 18:39:49 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49761	34.195.197.181	443	2920	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-23 23:21:42 UTC	365	OUT	GET /favicon.ico HTTP/1.1 Host: oops.yourgunnalovetraining.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-23 23:21:42 UTC	253	IN	HTTP/1.1 200 OK Date: Mon, 23 Dec 2024 23:21:42 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Thu, 19 Dec 2024 18:39:49 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5344, Parent PID: 1544

General

Target ID:	0
Start time:	18:21:13
Start date:	23/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2920, Parent PID: 5344

General

Target ID:	2
Start time:	18:21:17
Start date:	23/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1988,i,6699881340216569343,6692458490416922373,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6484, Parent PID: 1544

General

Target ID:	3
Start time:	18:21:24
Start date:	23/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://spamchallenge.msftemail.com/XdEd3bDVBUzZOQUwzUmxzRWVLU3huK0JqbXFtZHA3cUlvcXhnRlhWaFBaSDJIMnMyYVN0MGpGNGN3c0Q1NE0xMUpGT3JuT2xOaVZKczlQL2VBWE9sa0pRN2VuUERVTlFWMkdmNjZoUlV4SGhDaFJQR2RQNGg2UVRmaUNIVFM2cVl4WXBaTTNCMTg4eS9XU1RyNEJ1R2VsdVdPN0JBaWZtUWRWb25EN3pIdkgyNGRYaHhjRHFWNnJ6NWFuREk4N3Q5WmdUOXIwNFYxeDA9LS1FQ0krTzhnQnV6bDJBd2tOLS1vZDl3bzRPTTR5Nk4wandOR3dTZDd3PT0=?cid=2315281580"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior