Edit tour

Windows Analysis Report
http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13

Overview

General Information

Sample URL:	http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13
Analysis ID:	1582588
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2264,i,6959141928199606611,17228229175488000117,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected IP in URL: http://4.ehnf5.michaelhuegel.com

Source: http://4.ehnf5.michaelhuegel.com/

HTTP Parser: Number of links: 0

Source: http://4.ehnf5.michaelhuegel.com/

HTTP Parser: Title: Coming Soon - wattsgroup.co.nz does not match URL

Source: http://4.ehnf5.michaelhuegel.com/

HTTP Parser: Has password / email / username input fields

Source: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/t/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/about	HTTP Parser: No favicon
Source: http://4.ehnf5.michaelhuegel.com/news	HTTP Parser: No favicon

Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found

Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.ehnf5.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/t/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://4.ehnf5.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /about HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/about_styles.css HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://4.ehnf5.michaelhuegel.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 4.ehnf5.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.ehnf5.michaelhuegel.com/newsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_55.2.dr, chromecache_57.2.dr

String found in binary or memory: <rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"> equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 4.ehnf5.michaelhuegel.com
Source: global traffic	DNS traffic detected: DNS query: feeds.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: moxie.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: www.foxnews.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 498X-Ratelimit-Reset: 1735605442Date: Mon, 30 Dec 2024 23:37:22 GMTContent-Length: 0

Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: http://search.yahoo.com/mrss/
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2020/02/931/523/khamenei-trum
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/01/931/523/2023-12-31T23
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/11/931/523/vladimir-puti
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/144425_docume
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ap24346248179
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ap24365266151
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/azerbaijain-a
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/azerbaijan-ai
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/benjamin-neta
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/china-amphibi
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/chinese-milit
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/cruise1.jpg?v
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/gettyimages-1
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/gettyimages-2
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/idf-southern-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/israel-airstr
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/korea-crash1.
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/marcfamily.pn
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/memorial-azer
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/south-korea-c
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/south-korea-p
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/whatsapp_imag
Source: chromecache_56.2.dr, chromecache_54.2.dr	String found in binary or memory: https://feeds.foxnews.com/foxnews/world
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://media.defense.gov/2024/Dec/18/2003615520/-1/-1/0/MILITARY-AND-SECURITY-DEVELOPMENTS-INVOLVIN
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://moxie.foxnews.com/google-publisher/world.xml
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://pubsubhubbub.appspot.com/
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://thefederalist.com/2024/12/27/report-china-rapidly-builds-up-weapons-and-psychological-warfar
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxbusiness.com/lifestyle/disney-cruise-line-no-longer-accepting-photocopies-guest-birth
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxbusiness.com/lifestyle/social-media-users-get-dramatic-carnival-cruise-ship-hits-ice-
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxbusiness.com/video/6366457430112"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/disasters"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/health/heart-health"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/person/benjamin-netanyahu"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/person/joe-biden"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/politics/defense"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/politics/elections/democrats"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/politics/foreign-policy/state-department"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/tech/technologies/drones"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/tech/topics/military-tech"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/topic/anti-semitism">more
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/travel/general/airlines"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/travel/general/airports"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/travel/general/cruises"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/us/crime/drugs"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/us/crime/police-and-law-enforcement"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/us/military/navy"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/us/terror"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/us/us-regions/southeast/florida"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/conflicts/iran"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/conflicts/north-korea"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/conflicts/syria">Syria
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/conflicts/ukraine"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/personalities/vladimir-putin"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/united-nations"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-politics"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/asia"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/china"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/israel"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/israel">Israeli
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/middle-east"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/middle-east/lebanon"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/russia"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/south-korea"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/download"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/health"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/media/aviation-expert-casts-doubt-bird-strike-theory-deadly-south-korean-pla
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/media/trey-yingst-enters-abandoned-syrian-detention-site-search-missing-amer
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/media/zelenskyy-fears-danger-ukraine-loses-unity-defeat-us-cuts-funds-1000-d
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/opinion/maos-america-bears-terrifying-resemblance-china-took-20-million-live
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/2024-very-bad-year-iran">emphasizes
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/biden-harris-admin-rolls-out-another-4-28-billion-student-loan-hand
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/china-warns-us-stop-arming-taiwan-after-biden-approves-571m-militar
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad">As
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/hezbollah-chief-says-group-lost-arms-supply-route-from-iran-syrian-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/joe-biden-poses-hunters-chinese-business-associates-newly-surfaced-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/one-year-anniversary-oct-7-attacks-arrives-lasting-trauma-israelis-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/state-attorneys-general-ask-scotus-uphold-tiktok-divest-ban-law-ami
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/tiktok-divestment-could-deal-century-trump-house-china-committee-ch
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/politics/white-house-says-9th-telecoms-company-has-been-hacked-part-chinese-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/tech/air-force-showcases-how-artificial-intelligence-help-military-dominate-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/travel/flight-passenger-calls-fellow-flyers-bad-habit-shares-fix-problem&quo
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/us/elon-musk-says-us-needs-many-hypersonic-missiles-long-range-drones-anythi
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/us/more-republican-women-obtaining-firearms-gun-ownership-declines-male-demo
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/video/6354117734112"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/video/6365387398112"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/american-teacher-jailed-russia-wrongfully-detained-state-department-fo
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/armed-survival-how-october-7-hamas-massacre-transformed-gun-culture-is
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/azerbaijan-airlines-blames-deadly-plane-crash-external-interference-ru
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/azerbaijan-president-accuses-russia-absurd-plane-crash-cover-up-says-f
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/china-directs-largest-military-build-up-since-1930s-nazi-germany-exper
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/china-unveils-worlds-largest-amphibious-warship
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/china-unveils-worlds-largest-amphibious-warship"><strong&gt
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/collapse-syrias-assad-regime-renews-us-push-find-austin-tice">
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/eyewitnesses-south-korea-plane-crash-recount-sparks-engine-bird-strike
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/fall-of-syrias-bashar-assad-strategic-blow-to-iran-russia-experts-say&
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/gop-rep-introduces-bipartisan-marc-fogel-act-pushing-state-dept-for-an
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/idf-reveals-4-reasons-why-killed-hezbollah-commander-fuad-shukr"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/idf-soldiers-accuse-un-peacekeepers-enabling-hezbollah-terrorists-amid
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/iran-expands-weaponization-capabilities-critical-employing-nuclear-bom
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/iran-regime-immense-pressure-incoming-trump-admin-policies-regional-lo
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israel-eyes-iran-nuke-sites-amid-reports-trump-mulls-moves-block-tehra
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israel-war-see-photos-video-attack-aftermath">Hamas
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israel-warns-go-after-lebanon-directly-cease-fire-hezbollah-collapses&
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-military-says-hezbollah-leader-hassan-nasrallah-killed-beirut-
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-official-reveals-how-to-truly-defeat-hezbollah
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-official-reveals-how-to-truly-defeat-hezbollah"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-pm-benjamin-netanyahu-completes-prostate-surgery-uti-diagnosis
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-pm-benjamin-netanyahu-undergo-surgery-pacemaker-implantation-h
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-spy-network-uncovers-hezbollah-commanders-plans-marry-off-his-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/israels-benjamin-netanyahu-wishes-merry-christmas-christians-world&quo
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/kazakhstan-plane-crash-survivors-say-heard-bangs-before-aircraft-went-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/malaysia-agrees-resume-no-find-no-fee-hunt-flight-mh370-10-years-plane
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/man-vacation-family-goes-overboard-norwegian-cruise-ship-bahamas
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/more-than-30-dead-brazil-bus-truck-collision"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-testify-corruption-trial-amid-multiple-conflicts"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-undergo-hernia-surgery-full-anesthesia"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-undergo-major-surgery-after-uti-diagnosis
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-warns-houthis-amid-calls-israel-wipe-out-terror-leadership-d
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/north-korea-condemns-south-korea-fascist-dictatorship-after-martial-la
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/north-korea-vows-toughest-us-policy-vague-announcement
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/norwegian-epic-cruise-woman-overboard-mediterranean-sea"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/plane-veers-airport-runway-south-korea-deadly-crash
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/plane-veers-airport-runway-south-korea-deadly-crash"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/plane-veers-off-runway-crashes-fence-leaving-least-23-dead-report&quot
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/projectile-from-yemen-strikes-near-tel-aviv-injuring-more-than-dozen-o
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/putin-offers-pay-off-debts-recruitment-tool-war-against-ukraine
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/russia-being-blamed-azerbaijan-airlines-plane-crashed-hundreds-miles-o
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/russia-detains-suspect-accused-killing-high-ranking-general-moscow&quo
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/russia-downplays-speculation-over-azerbaijan-airlines-crash
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/russia-downplays-speculation-over-azerbaijan-airlines-crash"
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/russian-paramilitary-soldiers-killed-friendly-fire-attack-north-korean
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/see-it-china-stuns-maiden-flight-sixth-generation-aircraft
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-deadly-plane-crash-us-sends-investigators-country-still-re
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-imposes-travel-ban-president-yoon-over-martial-law-declara
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-lawmakers-vote-impeach-president-over-martial-law-declarat
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-planes-final-moments-captured-video-before-hitting-concret
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-korean-president-apologizes-declaring-martial-law-ahead-impeachm
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-koreas-former-defense-minister-attempted-suicide-after-he-arrest
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/south-koreas-opposition-controlled-national-assembly-votes-impeach-act
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/uncovering-atrocities-assad-regime-its-death-factory-hill
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/us-citizen-imprisoned-russia-given-new-15-year-sentence-wake-espionage
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/us-group-looks-kidnapped-americans-syria-after-fall-assad-regime-wont-
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/us-military-conducts-successful-airstrikes-houthi-rebel-forces-yemen&q
Source: chromecache_57.2.dr	String found in binary or memory: https://www.foxnews.com/world/us-navy-ships-repel-attack-houthis-gulf-aden"><strong>&l
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.ft.com/content/da966006-88e5-4c25-9075-7c07c4702e06"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.nytimes.com/2024/12/27/world/middleeast/israel-lebanon-ceasefire"
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.nytimes.com/2024/12/29/world/middleeast/israel-hezbollah-nasrallah-assassination-intelli
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.reuters.com/world/asia-pacific/azerbaijan-airlines-flight-was-downed-by-russian-air-defe
Source: chromecache_55.2.dr, chromecache_57.2.dr	String found in binary or memory: https://www.wsj.com/world/dozens-feared-dead-in-crash-after-passenger-flight-diverts-from-russia-fb2
Source: chromecache_57.2.dr	String found in binary or memory: https://www.wsj.com/world/probe-points-to-russian-air-defenses-causing-azerbaijan-airlines-crash-c96

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: classification engine

Classification label: mal52.win@16/21@12/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2264,i,6959141928199606611,17228229175488000117,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2264,i,6959141928199606611,17228229175488000117,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13	0%	Avira URL Cloud	safe
http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
http://4.ehnf5.michaelhuegel.com/favicon.ico	0%	Avira URL Cloud	safe
http://4.ehnf5.michaelhuegel.com/assets/styles.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.196	true	false	high
4.ehnf5.michaelhuegel.com	185.246.85.141	true	true	unknown
moxie.foxnews.com	unknown	unknown	false	high
www.foxnews.com	unknown	unknown	false	high
feeds.foxnews.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://4.ehnf5.michaelhuegel.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://4.ehnf5.michaelhuegel.com/assets/styles.css	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.foxnews.com/politics/joe-biden-poses-hunters-chinese-business-associates-newly-surfaced-	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/uncovering-atrocities-assad-regime-its-death-factory-hill	chromecache_57.2.dr	false	high
https://www.wsj.com/world/dozens-feared-dead-in-crash-after-passenger-flight-diverts-from-russia-fb2	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/south-koreas-opposition-controlled-national-assembly-votes-impeach-act	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/us-group-looks-kidnapped-americans-syria-after-fall-assad-regime-wont-	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.nytimes.com/2024/12/29/world/middleeast/israel-hezbollah-nasrallah-assassination-intelli	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/world-regions/china"	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/see-it-china-stuns-maiden-flight-sixth-generation-aircraft	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/russia-being-blamed-azerbaijan-airlines-plane-crashed-hundreds-miles-o	chromecache_57.2.dr	false	high
https://www.foxnews.com/opinion/maos-america-bears-terrifying-resemblance-china-took-20-million-live	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ap24346248179	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/netanyahu-testify-corruption-trial-amid-multiple-conflicts"	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/us/us-regions/southeast/florida"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/south-korean-president-apologizes-declaring-martial-law-ahead-impeachm	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/travel/flight-passenger-calls-fellow-flyers-bad-habit-shares-fix-problem&quo	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israels-benjamin-netanyahu-wishes-merry-christmas-christians-world&quo	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxbusiness.com/lifestyle/disney-cruise-line-no-longer-accepting-photocopies-guest-birth	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxbusiness.com/lifestyle/social-media-users-get-dramatic-carnival-cruise-ship-hits-ice-	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/us/crime/police-and-law-enforcement"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.reuters.com/world/asia-pacific/azerbaijan-airlines-flight-was-downed-by-russian-air-defe	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israel-warns-go-after-lebanon-directly-cease-fire-hezbollah-collapses&	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/hezbollah-chief-says-group-lost-arms-supply-route-from-iran-syrian-	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/south-korea-lawmakers-vote-impeach-president-over-martial-law-declarat	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/health/heart-health"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/us-navy-ships-repel-attack-houthis-gulf-aden"><strong>&l	chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/2024-very-bad-year-iran">emphasizes	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/idf-reveals-4-reasons-why-killed-hezbollah-commander-fuad-shukr"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/netanyahu-warns-houthis-amid-calls-israel-wipe-out-terror-leadership-d	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/person/joe-biden"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/11/931/523/vladimir-puti	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/china-warns-us-stop-arming-taiwan-after-biden-approves-571m-militar	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israeli-spy-network-uncovers-hezbollah-commanders-plans-marry-off-his-	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/putin-offers-pay-off-debts-recruitment-tool-war-against-ukraine	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/iran-regime-immense-pressure-incoming-trump-admin-policies-regional-lo	chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/chinese-milit	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/gop-rep-introduces-bipartisan-marc-fogel-act-pushing-state-dept-for-an	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/media/trey-yingst-enters-abandoned-syrian-detention-site-search-missing-amer	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/person/benjamin-netanyahu"	chromecache_57.2.dr	false	high
https://www.nytimes.com/2024/12/27/world/middleeast/israel-lebanon-ceasefire"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/video/6365387398112"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/tech/technologies/drones"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/biden-harris-admin-rolls-out-another-4-28-billion-student-loan-hand	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/malaysia-agrees-resume-no-find-no-fee-hunt-flight-mh370-10-years-plane	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video	chromecache_57.2.dr	false	high
https://www.foxnews.com/us/more-republican-women-obtaining-firearms-gun-ownership-declines-male-demo	chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/state-attorneys-general-ask-scotus-uphold-tiktok-divest-ban-law-ami	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/american-teacher-jailed-russia-wrongfully-detained-state-department-fo	chromecache_57.2.dr	false	high
https://thefederalist.com/2024/12/27/report-china-rapidly-builds-up-weapons-and-psychological-warfar	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/russia-detains-suspect-accused-killing-high-ranking-general-moscow&quo	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/south-korea-planes-final-moments-captured-video-before-hitting-concret	chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/whatsapp_imag	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/more-than-30-dead-brazil-bus-truck-collision"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://pubsubhubbub.appspot.com/	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/politics/foreign-policy/state-department"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/united-nations"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/azerbaijan-airlines-blames-deadly-plane-crash-external-interference-ru	chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad">As	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/netanyahu-undergo-major-surgery-after-uti-diagnosis	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/north-korea-vows-toughest-us-policy-vague-announcement	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/us/military/navy"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/korea-crash1.	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/israel-airstr	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/kazakhstan-plane-crash-survivors-say-heard-bangs-before-aircraft-went-	chromecache_57.2.dr	false	high
https://www.foxnews.com/media/zelenskyy-fears-danger-ukraine-loses-unity-defeat-us-cuts-funds-1000-d	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/tech/topics/military-tech"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/topic/anti-semitism">more	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says	chromecache_57.2.dr	false	high
http://search.yahoo.com/mrss/	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/marcfamily.pn	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/world-regions/israel"	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/disasters"	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/world-regions/middle-east"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/world-regions/south-korea"	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israeli-pm-benjamin-netanyahu-completes-prostate-surgery-uti-diagnosis	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/china-unveils-worlds-largest-amphibious-warship	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/collapse-syrias-assad-regime-renews-us-push-find-austin-tice">	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/us/elon-musk-says-us-needs-many-hypersonic-missiles-long-range-drones-anythi	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/conflicts/syria">Syria	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/politics/elections/democrats"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/health"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/world/south-korea-imposes-travel-ban-president-yoon-over-martial-law-declara	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/israeli-military-says-hezbollah-leader-hassan-nasrallah-killed-beirut-	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video"	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/azerbaijan-president-accuses-russia-absurd-plane-crash-cover-up-says-f	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/conflicts/ukraine"	chromecache_57.2.dr	false	high
https://www.foxnews.com/category/world/world-regions/middle-east/lebanon"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/south-korea-c	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/category/travel/general/airports"	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/memorial-azer	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.foxnews.com/politics/tiktok-divestment-could-deal-century-trump-house-china-committee-ch	chromecache_55.2.dr, chromecache_57.2.dr	false	high
https://www.wsj.com/world/probe-points-to-russian-air-defenses-causing-azerbaijan-airlines-crash-c96	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/south-korea-deadly-plane-crash-us-sends-investigators-country-still-re	chromecache_57.2.dr	false	high
https://www.foxnews.com/world/china-unveils-worlds-largest-amphibious-warship"><strong&gt	chromecache_55.2.dr, chromecache_57.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
185.246.85.141	4.ehnf5.michaelhuegel.com	France	21409	IKOULAFR	true

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582588
Start date and time:	2024-12-31 00:36:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@16/21@12/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.185.238, 173.194.76.84, 142.250.184.206, 142.250.181.238, 142.250.186.142, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 104.102.34.105, 2.18.64.35, 2.18.64.10, 199.232.214.172, 192.229.221.95, 142.250.185.142, 172.217.18.14, 172.217.18.10, 142.250.185.234, 216.58.206.42, 142.250.185.170, 142.250.186.74, 142.250.185.138, 142.250.181.234, 142.250.185.202, 142.250.74.202, 142.250.186.170, 142.250.185.106, 172.217.16.202, 142.250.186.42, 142.250.184.202, 142.250.186.138, 142.250.186.106, 142.250.184.238, 142.250.74.206, 172.217.16.195, 172.217.16.206, 184.28.90.27, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, j.sni.global.fastly.net, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, e8979.dscj.akamaiedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, www.foxnews.com.edgekey.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, moxie.foxnews.com.edgekey.net, e197183.dsca.akamaiedge.net
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13

Input	Output
URL: http://4.ehnf5.michaelhuegel.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": true, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://4.ehnf5.michaelhuegel.com
URL: http://4.ehnf5.michaelhuegel.com/t/4OqsxI2945YXZc3... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script sets a timeout to redirect the user to a URL with a suspicious query parameter after 1 second. This behavior is considered a moderate-risk indicator, as it could potentially lead to a redirect to a malicious or suspicious domain. The query parameter also suggests the content may be related to a blacklisted IP provider, which raises further concerns. While the intent is not entirely clear, the script's behavior warrants further investigation." }
setTimeout(function(){ window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3'); }, 1000);
URL: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including redirecting the user to a modified URL and checking for bot/crawler user agents. While the intent is not entirely clear, the combination of URL manipulation and conditional redirection warrants further investigation." }
let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");
URL: http://4.ehnf5.michaelhuegel.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple countdown timer and email subscription functionality, which are common and benign web development practices. There are no indicators of high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is focused on updating the countdown display and handling a basic email subscription form submission, which are typical and expected behaviors for a website countdown or launch page." }
const launchDate = new Date('2025-12-31T00:00:00').getTime(); const daysElement = document.getElementById('days'); const hoursElement = document.getElementById('hours'); const minutesElement = document.getElementById('minutes'); const secondsElement = document.getElementById('seconds'); function updateCountdown() { const currentTime = new Date().getTime(); const timeRemaining = launchDate - currentTime; const days = Math.floor(timeRemaining / (1000 * 60 * 60 * 24)); const hours = Math.floor((timeRemaining % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60)); const minutes = Math.floor((timeRemaining % (1000 * 60 * 60)) / (1000 * 60)); const seconds = Math.floor((timeRemaining % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(2, '0'); secondsElement.textContent = seconds.toString().padStart(2, '0'); } function submitForm(event) { event.preventDefault(); const email = document.getElementById('email').value; document.getElementById('subscription-message').textContent = `Thank you for subscribing, ${email}!`; } updateCountdown(); setInterval(updateCountdown, 1000);
URL: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provi... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be a legitimate RSS feed reader that fetches and displays news items from the Fox News World RSS feed. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code uses standard web APIs like `fetch` and `DOMParser` to retrieve and parse the RSS feed, and it displays the news items in a straightforward manner on the page. Overall, this script is likely benign and poses a low risk." }
const fetchRSSFeed = async (url) => { const response = await fetch(url); const text = await response.text(); const parser = new DOMParser(); const xml = parser.parseFromString(text, "application/xml"); return xml; }; const displayNewsItems = (xml) => { const newsItemsContainer = document.getElementById("news-items"); const items = xml.querySelectorAll("item"); items.forEach((item) => { const titleElement = item.querySelector("title"); const guidElement = item.querySelector("guid"); const descriptionElement = item.querySelector("description"); const contentElement = item.querySelector("content\\:encoded"); const title = titleElement ? titleElement.textContent : "Untitled"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentElement.textContent : "No content available."; const newsItem = document.createElement("div"); newsItem.classList.add("news-item"); newsItem.innerHTML = ` <h2><a href="${guid}" target="_blank">${title}</a></h2> <p>${description}</p> <div>${content}</div> `; newsItemsContainer.appendChild(newsItem); }); }; (async () => { const foxNewsWorldRSSFeed = "https://feeds.foxnews.com/foxnews/world"; const xml = await fetchRSSFeed(foxNewsWorldRSSFeed); displayNewsItems(xml); document.getElementById("msg").textContent = new URLSearchParams(window.location.search).get("q"); })();
URL: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Putin offers to pay off debts as recruitment tool in war against Ukraine", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["bh5ytv@fbpbv.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["bh5ytv@fbpbv.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["bh5ytv@fbpbv.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["wq2ghx@gbri.io"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["wq2ghx@gbri.io"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["wq2ghx@gbri.io"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["9nh2rv@tkmspvo.com"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["9nh2rv@tkmspvo.com"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/about Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.ehnf5.michaelhuegel.com/news Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.ehnf5.michaelhuegel.com/about Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://4.ehnf5.michaelhuegel.com/news Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	210
Entropy (8bit):	5.098105294030167
Encrypted:	false
SSDEEP:	6:uIRnXHFmmmJ0S2IcENFJKSK/xIcEo/VMCGYoVL:lXHAx6S2SRcJ9IL
MD5:	05DA576EB71641B10811A1AEF60A853D
SHA1:	5E7C7F426430C30209FE270AB129A9C0100BDEE9
SHA-256:	58B98E11D36F9689D4AF3C1CB3755528817709300FACF6D314C99CE91BD90B4B
SHA-512:	2DAC5452E42E24043F512741B01E08CDEE464771A13C2D38D3F9958F75FCEA079F67A7B704AC6753C0BAB02DFDDD434AE7024D4674E3A532A70D50C5D6A72937
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/t/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13
Preview:	<script>.setTimeout(function(){. window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; . console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');.}, 1000);.</script>.<p></p>.

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (398)
Category:	downloaded
Size (bytes):	458
Entropy (8bit):	5.131460290374407
Encrypted:	false
SSDEEP:	12:8AaJ+dAW1FTWoK9xGixFoBwdNDJNZUSbZkXCABHRsqq+7p:8bJOAWYragNvZUSuzRsqZp
MD5:	0A3E69B8B37A6DF0ACD7E7F5D9D3B854
SHA1:	680DE96CFE2AFF1B030BFBD4A7CFA2529993EA61
SHA-256:	0F3A07F36D6BDDEE418F7D7548BC165B09817E10764A359D2773388CDEC9FF8A
SHA-512:	9C5C0679E082A5776536835110B90436CD6531E3B2C4FC7A15BDCE7F550D6647447C904E68D660FAF81E39C108E17198830E8B133E86D8559180FA6FB5CE25C7
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13
Preview:	<script>.let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");.</script>..<p style="color:gray;">redirect...</p>.

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	4.7130828204283555
Encrypted:	false
SSDEEP:	24:UkvMuGRKe7+U6eSEMDSaGvMdufqGmnoSPfzS7pvMugQrYFv0CGSTYFUL9MtDY3Ss:Uk9w7x9sHGgufRNkz09fcFMCGJFUL9MO
MD5:	1FB5EDFEA0AF10D301EFCD56738BA30A
SHA1:	1AAC6EB08825AD63AC334CFF1F816CC9ECA71219
SHA-256:	161D0961994DD86814FAFBA6EDD6FA7A75D17B19B2E60E1EE01ADAA9EA19DADC
SHA-512:	A0C3F78B663E01D24DDD53AF6D0D1E3E9DD743C3E4CB6FC8F45588BCC37AB3923A2992505C4842D9E451692A7E7495155F58BFED056BCFE57E02204603F962DD
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/assets/styles.css
Preview:	body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. background-color: #ffffff;. padding: 30px;. border-radius: 10px;. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);. text-align: center;.}..h1 {. font-size: 36px;. margin-bottom: 20px;. color: #333;.}..p {. font-size: 18px;. color: #777;. margin-bottom: 40px;.}...countdown {. display: flex;. justify-content: center;. margin-bottom: 40px;.}...countdown-item {. display: inline-block;. margin: 0 10px;.}...countdown-item span {. font-size: 24px;. color: #444;.}...countdown-item label {. display: block;. font-size: 14px;. color: #999;.}..form {. display: flex;. justify-content: center;. align-items: center;. flex-direction: column;.}..input[type="email"] {. font-size: 16px;. padding: 10px;. border: 1px sol

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	714
Entropy (8bit):	4.640934656505668
Encrypted:	false
SSDEEP:	12:U068a0fvM2SMGRDGW4Q1bTNKqkFk80MFr+jF35PHtXFGSECp3t6FGSECpa6FGSEI:UkvMuGRKePcV1YF3LX8SECVt68SEC06l
MD5:	4BE8EF55271B17CF4B27C93F9C21044F
SHA1:	9D0DA00EC2C6BD31D3EECCF4F97B9D9DFB409822
SHA-256:	48796E60D0E2924366A3E3BBFC06A948C1D631AB0B8DFA27E2CA9F8EE58053E7
SHA-512:	B7ACE1CA1DE39D61154D26C0306AA5EF64E64C08FA1B15EE406CA887D23D59DF30A3FC73E143C8C87B5F71291F9B918DE207DEF1C77AF91046C7564E60CE4517
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/assets/about_styles.css
Preview:	body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. width: 80%;. margin: auto;. overflow: hidden;. padding: 0 2rem;. background-color: #fff;. padding: 2rem;. border-radius: 5px;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);.}..h1 {. font-size: 2rem;. color: #333;. margin-bottom: 1rem;.}..p {. font-size: 1rem;. color: #333;. margin-bottom: 1rem;.}..ul {. font-size: 1rem;. color: #333;. margin-bottom: 1rem;. padding-left: 1.5rem;.}..li {. margin-bottom: 0.5rem;.}.

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (454), with CRLF line terminators
Category:	downloaded
Size (bytes):	2176
Entropy (8bit):	4.633464119861773
Encrypted:	false
SSDEEP:	48:FrRUUtfTbGHdPJQLwVXjpG6qkdZA98zE9bH2Mjn9TAc:9WUtrbG9bVXsNyA98zEEMjn9TH
MD5:	ECAA183EFB1A465A09483E3F07A8D9FC
SHA1:	2A896975215454ADAEA4AE94F50B8A7E858061C9
SHA-256:	C4534B8F7160919D02D7181081898ADB7F03243DC42A257697B42102239B2B3D
SHA-512:	054E275BFE8A6204E6E01A15109F4F39EBAAA611F725B9F59ABCD7F5603B4F67CF3E7314F5555EA9E773B6729E8CBF67915D3F875C096442882D46D5DEFDD97B
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/about
Preview:	........................<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>About Us - wattsgroup.co.nz</title>.. <link rel="stylesheet" href="/assets/about_styles.css">..</head>..<body>..<div class="container">.. <h1>About Our Email Marketing Agency</h1>.. <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p>.. <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster customer loyalty, and increase

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3195
Entropy (8bit):	4.5774179129707075
Encrypted:	false
SSDEEP:	48:vu+C1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuT1Yd6ygx4cA2
MD5:	0ED0D9CFCE1D0BBEC965DFF0BF6FF8AB
SHA1:	F800035B2B5AA2C890A187733CC74BE14DB9A2E5
SHA-256:	1589479C8620C06190C102AB49A0A09E400D1937782983705DD1B4FBC723A83A
SHA-512:	7F159E57E3FF086C70EEB6892088FE06B1EFB67C9EF304517AA48977F1D6F1B498DFCF1D4290DD11259656E7C5F014C24F83BE8EF1CAABB85E29A3F533DD2246
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - wattsgroup.co.nz </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:ho

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (9165)
Category:	downloaded
Size (bytes):	191857
Entropy (8bit):	4.80203214111731
Encrypted:	false
SSDEEP:	3072:72Ea9GYq/Rxn84lgklyQ6jRSZjOFIMOOoU++N2NUzpy2JvSZ8dUJk/uA2IaVo8+g:72Ea9GY34WcdwRSZjOFIMOOoU++N2NUa
MD5:	291655614D00EE9A378647022E0EF8B5
SHA1:	56C103898DAD1BEA669E438BEE489CEDC22EC72C
SHA-256:	BEEC2A56FD2C6C8C821EEF3CE40FAF0DCC5D8EDC0A87B2B0F467AE089FF156AB
SHA-512:	3081AEFE2BB7B3A272D22F93DF4D577734AEF9743AD6EB658B17BD9BD5E25CFA177A773264C446606A2E9C47157145D967891D35977AED3A2923D47F284B4B29
Malicious:	false
Reputation:	low
URL:	https://moxie.foxnews.com/google-publisher/world.xml
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0">. <channel>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. <description>See the latest world news and international news on Fox News. Learn all about the news happening around the world.</description>. <copyright>Copyright 2024 FOX News Network</copyright>. <language>en-us</language>. <pubDate>Mon, 30 Dec 2024 18:07:03 -0500</pubDate>. <image>. <url>https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png</url>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. </image>. <atom:link rel="self" href="https://moxie.foxnew

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3195
Entropy (8bit):	4.5774179129707075
Encrypted:	false
SSDEEP:	48:vu+C1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuT1Yd6ygx4cA2
MD5:	0ED0D9CFCE1D0BBEC965DFF0BF6FF8AB
SHA1:	F800035B2B5AA2C890A187733CC74BE14DB9A2E5
SHA-256:	1589479C8620C06190C102AB49A0A09E400D1937782983705DD1B4FBC723A83A
SHA-512:	7F159E57E3FF086C70EEB6892088FE06B1EFB67C9EF304517AA48977F1D6F1B498DFCF1D4290DD11259656E7C5F014C24F83BE8EF1CAABB85E29A3F533DD2246
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/news
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - wattsgroup.co.nz </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:ho

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (9165)
Category:	dropped
Size (bytes):	191857
Entropy (8bit):	4.80203214111731
Encrypted:	false
SSDEEP:	3072:72Ea9GYq/Rxn84lgklyQ6jRSZjOFIMOOoU++N2NUzpy2JvSZ8dUJk/uA2IaVo8+g:72Ea9GY34WcdwRSZjOFIMOOoU++N2NUa
MD5:	291655614D00EE9A378647022E0EF8B5
SHA1:	56C103898DAD1BEA669E438BEE489CEDC22EC72C
SHA-256:	BEEC2A56FD2C6C8C821EEF3CE40FAF0DCC5D8EDC0A87B2B0F467AE089FF156AB
SHA-512:	3081AEFE2BB7B3A272D22F93DF4D577734AEF9743AD6EB658B17BD9BD5E25CFA177A773264C446606A2E9C47157145D967891D35977AED3A2923D47F284B4B29
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0">. <channel>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. <description>See the latest world news and international news on Fox News. Learn all about the news happening around the world.</description>. <copyright>Copyright 2024 FOX News Network</copyright>. <language>en-us</language>. <pubDate>Mon, 30 Dec 2024 18:07:03 -0500</pubDate>. <image>. <url>https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png</url>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. </image>. <atom:link rel="self" href="https://moxie.foxnew

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HoUinYn:IUyY
MD5:	903747EA4323C522742842A52CE710C9
SHA1:	9F806EA4288867A31A4AD53AC171AA4029DF182B
SHA-256:	4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
SHA-512:	EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAnQfaS0T6gq_xIFDYOoWz0=?alt=proto
Preview:	CgkKBw2DqFs9GgA=

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2877
Entropy (8bit):	4.859680281553471
Encrypted:	false
SSDEEP:	48:Z5JJpI4LLIk6ddLHJy8A3SXUV/ot5CjsEn+yxw4Dj7jvj:r3LLIk6T9yvGssE5x7
MD5:	D789D413AACD394D5DD0F75C7CEDF95A
SHA1:	CC82AE047F1B66343F8488FE0A017AD1960054DA
SHA-256:	59BF80ABE64AEE9944DCBA2930967833C0A96914420E48EF1F94E7136EB171F7
SHA-512:	D2BA473C0CC9B83DF0F903CCC8E48C074D7EF8302A45514BF085A542D3C3199E1F217C3B53D9A2405D64D57F19451EAC1CC4F5FE5AFC9DE375BB91DA2B582798
Malicious:	false
Reputation:	low
URL:	http://4.ehnf5.michaelhuegel.com/
Preview:	.............<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Coming Soon - wattsgroup.co.nz</title>.. <link rel="stylesheet" href="/assets/styles.css">..</head>.<body>.<div class="container">. <h1>Our Website is Coming Soon!</h1>. <p>We are working hard to give you the best experience. Stay tuned!</p>. <div class="countdown">. <div class="countdown-item">. <span id="days">00</span>. <label>Days</label>. </div>. <div class="countdown-item">. <span id="hours">00</span>. <label>Hours</label>. </div>. <div class="countdown-item">. <span id="minutes">00</span>. <label>Minutes</label>. </div>. <div class="countdown-item">. <span id="seconds">00</span>. <label>Seconds</label>. </div>. </div>.. <form id="subscription-form" onsubmit

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 00:37:06.960875988 CET	49675	443	192.168.2.4	173.222.162.32
Dec 31, 2024 00:37:20.312550068 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:20.312659025 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:20.312741041 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:20.313019991 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:20.313071966 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:20.952430964 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:20.952790022 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:20.952830076 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:20.953860044 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:20.953927994 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:20.955091953 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:20.955168962 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:21.006087065 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:21.006108999 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:21.052964926 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:22.142467022 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.143510103 CET	49740	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.147447109 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:22.147509098 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.147876978 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.148375034 CET	80	49740	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:22.148432970 CET	49740	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.152935982 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:22.753269911 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:22.793699980 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.833664894 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:22.839216948 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:23.009191990 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:23.055356979 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:23.815944910 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:23.820872068 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:24.087953091 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:24.129734039 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:25.166954994 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:25.171811104 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:25.341769934 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:25.341783047 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:25.341794014 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:25.341841936 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:25.385927916 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:30.893429995 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:30.893520117 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:30.893641949 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:31.258438110 CET	49737	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:37:31.258485079 CET	443	49737	142.250.185.196	192.168.2.4
Dec 31, 2024 00:37:40.394642115 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:40.399621964 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.578324080 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.578340054 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.578351021 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.578402042 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:40.624228954 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:40.706481934 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:40.711225033 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.881016016 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.881027937 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:40.881129980 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:52.435409069 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:52.440310955 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:52.610114098 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:52.610143900 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:52.610203981 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:52.622699022 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:37:52.627490044 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:52.797199965 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:37:52.851094961 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:04.423968077 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:04.428927898 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:04.598885059 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:04.598898888 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:04.598908901 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:04.599107027 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:07.162705898 CET	49740	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:07.167649031 CET	80	49740	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:16.250633001 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:16.255506039 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:16.425190926 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:16.425219059 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:16.425230026 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:16.425265074 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:16.473063946 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:20.367002010 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:20.367024899 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:20.367176056 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:20.367332935 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:20.367347002 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:21.003643036 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:21.003943920 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:21.003957033 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:21.004282951 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:21.004597902 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:21.004659891 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:21.053431034 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:23.258105040 CET	49740	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:23.263052940 CET	80	49740	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:23.263112068 CET	49740	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:28.205127001 CET	49853	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:28.206479073 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:28.210047960 CET	80	49853	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.210151911 CET	49853	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:28.211330891 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.464943886 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.464955091 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.464963913 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.464973927 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.464998007 CET	80	49739	185.246.85.141	192.168.2.4
Dec 31, 2024 00:38:28.465015888 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:28.465059042 CET	49739	80	192.168.2.4	185.246.85.141
Dec 31, 2024 00:38:30.912695885 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:30.912750006 CET	443	49804	142.250.185.196	192.168.2.4
Dec 31, 2024 00:38:30.912816048 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:31.259562016 CET	49804	443	192.168.2.4	142.250.185.196
Dec 31, 2024 00:38:31.259578943 CET	443	49804	142.250.185.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 00:37:16.582015991 CET	53	61109	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:16.598107100 CET	53	63001	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:17.628097057 CET	53	56126	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:20.304677963 CET	53027	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:20.304832935 CET	57863	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:20.311455011 CET	53	53027	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:20.311732054 CET	53	57863	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:22.111565113 CET	58460	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:22.112018108 CET	62681	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:22.125248909 CET	53	58460	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:22.146831036 CET	53	62681	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:25.364464998 CET	58102	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:25.364726067 CET	63535	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:25.385548115 CET	53	63535	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:26.239506960 CET	62668	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:26.240037918 CET	55713	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:27.611306906 CET	52850	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:27.611438036 CET	55082	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:30.368046045 CET	64236	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:30.368213892 CET	65482	53	192.168.2.4	1.1.1.1
Dec 31, 2024 00:37:34.578208923 CET	53	61581	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:36.090977907 CET	138	138	192.168.2.4	192.168.2.255
Dec 31, 2024 00:37:40.904228926 CET	53	60857	1.1.1.1	192.168.2.4
Dec 31, 2024 00:37:53.651331902 CET	53	50056	1.1.1.1	192.168.2.4
Dec 31, 2024 00:38:16.015898943 CET	53	53288	1.1.1.1	192.168.2.4
Dec 31, 2024 00:38:16.170955896 CET	53	50452	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 31, 2024 00:37:22.146960974 CET	192.168.2.4	1.1.1.1	c22b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 00:37:20.304677963 CET	192.168.2.4	1.1.1.1	0xa823	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:20.304832935 CET	192.168.2.4	1.1.1.1	0x6683	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 31, 2024 00:37:22.111565113 CET	192.168.2.4	1.1.1.1	0xdf14	Standard query (0)	4.ehnf5.michaelhuegel.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:22.112018108 CET	192.168.2.4	1.1.1.1	0xf009	Standard query (0)	4.ehnf5.michaelhuegel.com	65	IN (0x0001)	false
Dec 31, 2024 00:37:25.364464998 CET	192.168.2.4	1.1.1.1	0x89cd	Standard query (0)	feeds.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:25.364726067 CET	192.168.2.4	1.1.1.1	0xa7f	Standard query (0)	feeds.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 00:37:26.239506960 CET	192.168.2.4	1.1.1.1	0xbccb	Standard query (0)	moxie.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:26.240037918 CET	192.168.2.4	1.1.1.1	0xefcd	Standard query (0)	moxie.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 00:37:27.611306906 CET	192.168.2.4	1.1.1.1	0x7aff	Standard query (0)	moxie.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:27.611438036 CET	192.168.2.4	1.1.1.1	0x2cd0	Standard query (0)	moxie.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 00:37:30.368046045 CET	192.168.2.4	1.1.1.1	0xbf68	Standard query (0)	www.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:30.368213892 CET	192.168.2.4	1.1.1.1	0xea3	Standard query (0)	www.foxnews.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 00:37:20.311455011 CET	1.1.1.1	192.168.2.4	0xa823	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:20.311732054 CET	1.1.1.1	192.168.2.4	0x6683	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 31, 2024 00:37:22.125248909 CET	1.1.1.1	192.168.2.4	0xdf14	No error (0)	4.ehnf5.michaelhuegel.com		185.246.85.141	A (IP address)	IN (0x0001)	false
Dec 31, 2024 00:37:25.385548115 CET	1.1.1.1	192.168.2.4	0xa7f	No error (0)	feeds.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:25.386015892 CET	1.1.1.1	192.168.2.4	0x89cd	No error (0)	feeds.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:26.274513006 CET	1.1.1.1	192.168.2.4	0xefcd	No error (0)	moxie.foxnews.com	moxie.foxnews.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:26.274580002 CET	1.1.1.1	192.168.2.4	0xbccb	No error (0)	moxie.foxnews.com	moxie.foxnews.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:27.636142015 CET	1.1.1.1	192.168.2.4	0x7aff	No error (0)	moxie.foxnews.com	moxie.foxnews.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:27.640001059 CET	1.1.1.1	192.168.2.4	0x2cd0	No error (0)	moxie.foxnews.com	moxie.foxnews.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:30.375627995 CET	1.1.1.1	192.168.2.4	0xbf68	No error (0)	www.foxnews.com	www.foxnews.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 00:37:30.375988007 CET	1.1.1.1	192.168.2.4	0xea3	No error (0)	www.foxnews.com	www.foxnews.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

4.ehnf5.michaelhuegel.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	185.246.85.141	80	2828	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 00:37:22.147876978 CET	501	OUT	GET /4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:22.753269911 CET	710	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 499 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:37:22 GMT Content-Length: 458 Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED] Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>
Dec 31, 2024 00:37:22.833664894 CET	455	OUT	GET /favicon.ico HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:23.009191990 CET	258	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 498 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:37:22 GMT Content-Length: 0
Dec 31, 2024 00:37:23.815944910 CET	608	OUT	GET /t/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:24.087953091 CET	462	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 497 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:37:24 GMT Content-Length: 210 Data Raw: 3c 73 63 72 69 70 74 3e 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 3b 20 0a 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 29 3b 0a 7d 2c 20 31 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a Data Ascii: <script>setTimeout(function(){ window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');}, 1000);</script><p></p>
Dec 31, 2024 00:37:25.166954994 CET	596	OUT	GET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/t/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:25.341769934 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 496 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:37:25 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - wattsgroup.co.nz </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
Dec 31, 2024 00:37:25.341783047 CET	1236	IN	Data Raw: 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox N
Dec 31, 2024 00:37:25.341794014 CET	1001	IN	Data Raw: 65 64 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 20 20 20 20 Data Ascii: ed"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentE
Dec 31, 2024 00:37:40.394642115 CET	533	OUT	GET / HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:40.578324080 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 495 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:37:40 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
Dec 31, 2024 00:37:40.578340054 CET	1236	IN	Data Raw: 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 Data Ascii: "subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p> </form> <a hre
Dec 31, 2024 00:37:40.578351021 CET	683	IN	Data Raw: 6e 67 20 25 20 28 31 30 30 30 20 2a 0a 20 20 20 20 20 20 20 20 20 20 20 20 36 30 29 29 20 2f 20 31 30 30 30 29 3b 0a 0a 20 20 20 20 20 20 20 20 64 61 79 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 64 61 79 73 2e 74 6f 53 Data Ascii: ng % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(
Dec 31, 2024 00:37:40.706481934 CET	354	OUT	GET /assets/styles.css HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://4.ehnf5.michaelhuegel.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:40.881016016 CET	1236	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 1435 Content-Type: text/css; charset=utf-8 Last-Modified: Wed, 25 Dec 2024 14:04:36 GMT Date: Mon, 30 Dec 2024 23:37:40 GMT Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED] Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
Dec 31, 2024 00:37:40.881027937 CET	384	IN	Data Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
Dec 31, 2024 00:37:52.435409069 CET	489	OUT	GET /about HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:52.610114098 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 494 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:37:52 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 62 6f 75 74 20 55 73 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 62 6f 75 74 5f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 3c 68 31 3e 41 62 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>About Us - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/about_styles.css"></head><body><div class="container"> <h1>About Our Email Marketing Agency</h1> <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p> <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster cu
Dec 31, 2024 00:37:52.610143900 CET	1217	IN	Data Raw: 73 74 6f 6d 65 72 20 6c 6f 79 61 6c 74 79 2c 20 61 6e 64 20 69 6e 63 72 65 61 73 65 20 63 6f 6e 76 65 72 73 69 6f 6e 73 2e 20 46 72 6f 6d 20 64 65 73 69 67 6e 69 6e 67 20 63 61 70 74 69 76 61 74 69 6e 67 20 65 6d 61 69 6c 20 74 65 6d 70 6c 61 74 Data Ascii: stomer loyalty, and increase conversions. From designing captivating email templates to crafting compelling subject lines, our comprehensive services cover every aspect of email marketing.</p> <p>Our services include:</p> <ul>
Dec 31, 2024 00:37:52.622699022 CET	365	OUT	GET /assets/about_styles.css HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://4.ehnf5.michaelhuegel.com/about Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:37:52.797199965 CET	898	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 714 Content-Type: text/css; charset=utf-8 Last-Modified: Wed, 25 Dec 2024 14:04:36 GMT Date: Mon, 30 Dec 2024 23:37:52 GMT Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 38 30 25 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 72 65 6d 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 72 65 6d 3b 0a 20 [TRUNCATED] Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { width: 80%; margin: auto; overflow: hidden; padding: 0 2rem; background-color: #fff; padding: 2rem; border-radius: 5px; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);}h1 { font-size: 2rem; color: #333; margin-bottom: 1rem;}p { font-size: 1rem; color: #333; margin-bottom: 1rem;}ul { font-size: 1rem; color: #333; margin-bottom: 1rem; padding-left: 1.5rem;}li { margin-bottom: 0.5rem;}
Dec 31, 2024 00:38:04.423968077 CET	489	OUT	GET / HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/about Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:38:04.598885059 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 493 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:38:04 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
Dec 31, 2024 00:38:04.598898888 CET	1236	IN	Data Raw: 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 Data Ascii: "subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p> </form> <a hre
Dec 31, 2024 00:38:04.598908901 CET	683	IN	Data Raw: 6e 67 20 25 20 28 31 30 30 30 20 2a 0a 20 20 20 20 20 20 20 20 20 20 20 20 36 30 29 29 20 2f 20 31 30 30 30 29 3b 0a 0a 20 20 20 20 20 20 20 20 64 61 79 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 64 61 79 73 2e 74 6f 53 Data Ascii: ng % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(
Dec 31, 2024 00:38:16.250633001 CET	488	OUT	GET /news HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:38:16.425190926 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 492 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:38:16 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - wattsgroup.co.nz </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
Dec 31, 2024 00:38:16.425219059 CET	1236	IN	Data Raw: 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox N
Dec 31, 2024 00:38:16.425230026 CET	1001	IN	Data Raw: 65 64 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 20 20 20 20 Data Ascii: ed"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentE
Dec 31, 2024 00:38:28.206479073 CET	488	OUT	GET / HTTP/1.1 Host: 4.ehnf5.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.ehnf5.michaelhuegel.com/news Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 00:38:28.464943886 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 491 X-Ratelimit-Reset: 1735605442 Date: Mon, 30 Dec 2024 23:38:28 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	185.246.85.141	80	2828	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 00:38:07.162705898 CET	6	OUT	Data Raw: 00 Data Ascii:

Target ID:	0
Start time:	18:37:11
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:37:14
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=2264,i,6959141928199606611,17228229175488000117,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:37:20
Start date:	30/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2084, Parent PID: 4020

General

Windows Analysis Report
http://4.ehnf5.michaelhuegel.com/4OqsxI2945YXZc313iyclbcrqjn981XVWUREZAVLOLNZO2481UPMZ15664q13