Edit tour

Windows Analysis Report
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK

Overview

General Information

Sample URL:	http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
Analysis ID:	1582855
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2256,i,15281777167265718556,12860661982955271464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social usering

Phishing

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected IP in URL: http://4.lkx91.michaelhuegel.com

Source: http://4.lkx91.michaelhuegel.com/

HTTP Parser: Number of links: 0

Source: http://4.lkx91.michaelhuegel.com/

HTTP Parser: Title: Coming Soon - wattsgroup.co.nz does not match URL

Source: http://4.lkx91.michaelhuegel.com/

HTTP Parser: Has password / email / username input fields

Source: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/about	HTTP Parser: No favicon
Source: http://4.lkx91.michaelhuegel.com/news	HTTP Parser: No favicon

Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="author".. found

Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://4.lkx91.michaelhuegel.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50003 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /about HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/about_styles.css HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://4.lkx91.michaelhuegel.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 4.lkx91.michaelhuegel.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://4.lkx91.michaelhuegel.com/newsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_49.3.dr, chromecache_48.3.dr

String found in binary or memory: <rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"> equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 4.lkx91.michaelhuegel.com
Source: global traffic	DNS traffic detected: DNS query: feeds.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: moxie.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: www.foxnews.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 492X-Ratelimit-Reset: 1735664773Date: Tue, 31 Dec 2024 16:09:45 GMTContent-Length: 0

Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: http://search.yahoo.com/mrss/
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2018/09/931/523/national-guar
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2023/01/931/523/AP23010674340
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2023/04/931/523/South-Korean-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/01/931/523/2023-12-31T23
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/11/931/523/vladimir-puti
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ap24346248179
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ap24365266151
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/azerbaijain-a
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/azerbaijan-ai
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/benjamin-neta
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/chinese-milit
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/cruise1.jpg?v
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/gettyimages-1
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/gettyimages-2
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/idf-southern-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/korea-crash1.
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/marcfamily.pn
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/netanyahu-in-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/screenshot-20
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/south-korea-c
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ukraine-soldi
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/whatsapp_imag
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://abcnews.go.com/International/russia-sets-new-drone-attack-record-overnight-ukraine/story?id=
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://apnews.com/article/russia-ukraine-budget-defense-spending-putin-drone-3a1a73c559b250ec26190e
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://apnews.com/article/russia-ukraine-war-north-korea-fe2506b30c4289a19a41c332f3dbe49c"
Source: chromecache_50.3.dr, chromecache_42.3.dr	String found in binary or memory: https://feeds.foxnews.com/foxnews/world
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://kyivindependent.com/ukraine-receives-first-1b-of-profits-from-frozen-russian-assets-from-the
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://media.defense.gov/2024/Dec/18/2003615520/-1/-1/0/MILITARY-AND-SECURITY-DEVELOPMENTS-INVOLVIN
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://mod.gov.ua/news/u-listopadi-rosijska-armiya-zaznala-najbilshih-vtrat-u-zhivij-sili-vid-pocha
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://moxie.foxnews.com/google-publisher/world.xml
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://pubsubhubbub.appspot.com/
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://thefederalist.com/2024/12/27/report-china-rapidly-builds-up-weapons-and-psychological-warfar
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.bloomberg.com/news/articles/2024-12-26/russia-rejects-trump-call-for-ukraine-truce-but-r
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.csis.org/analysis/what-ukraine-aid-package-and-what-does-it-mean-future-war"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxbusiness.com/fox-news-world/trudeau-brink-ally-finance-minister-abruptly-quits-over-t
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxbusiness.com/lifestyle/disney-cruise-line-no-longer-accepting-photocopies-guest-birth
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxbusiness.com/lifestyle/social-media-users-get-dramatic-carnival-cruise-ship-hits-ice-
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxbusiness.com/video/6366457430112"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/disasters"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/entertainment/events/in-court"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/health/heart-health"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/person/benjamin-netanyahu"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/person/joe-biden"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/politics"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/politics/defense"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/politics/foreign-policy/state-department"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/travel/general/airlines"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/travel/general/airports"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/travel/general/cruises"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/us/crime/drugs"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/us/crime/police-and-law-enforcement"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/us/military/national-guard"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/us/terror"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/us/us-regions/midwest/indiana"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/us/us-regions/southeast/florida"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/conflicts/syria">Syria
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/conflicts/ukraine"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/personalities/vladimir-putin"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/united-nations"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-politics"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/asia"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/china"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/iraq"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/israel"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/middle-east"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/middle-east/lebanon"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/russia"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/category/world/world-regions/south-korea"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/download"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/health"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/media"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/media/aviation-expert-casts-doubt-bird-strike-theory-deadly-south-korean-pla
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/media/trey-yingst-enters-abandoned-syrian-detention-site-search-missing-amer
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/media/trump-named-2024-time-person-year-after-winning-presidency-surviving-a
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/media/zelenskyy-fears-danger-ukraine-loses-unity-defeat-us-cuts-funds-1000-d
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/opinion/maos-america-bears-terrifying-resemblance-china-took-20-million-live
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/biden-administration-announces-500m-aid-package-ukraine"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/biden-harris-admin-rolls-out-another-4-28-billion-student-loan-hand
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/china-warns-us-stop-arming-taiwan-after-biden-approves-571m-militar
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad">As
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/house-passes-ukraine-aid-bill-gop-rebels-threaten-oust-johnson&quot
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/pentagon-plans-shrink-us-footprint-iraq-declines-say-how-much"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/state-attorneys-general-ask-scotus-uphold-tiktok-divest-ban-law-ami
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/us-slaps-sanctions-companies-tied-nord-stream-2-bid-squeeze-russia&
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/voters-react-after-biden-falsely-claimed-no-troops-had-died-under-h
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/politics/white-house-says-9th-telecoms-company-has-been-hacked-part-chinese-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/tech/air-force-showcases-how-artificial-intelligence-help-military-dominate-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/travel/flight-passenger-calls-fellow-flyers-bad-habit-shares-fix-problem&quo
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/us/elon-musk-says-us-needs-many-hypersonic-missiles-long-range-drones-anythi
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/video/6354117734112"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/video/6365387398112"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/american-teacher-jailed-russia-wrongfully-detained-state-department-fo
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/armed-survival-how-october-7-hamas-massacre-transformed-gun-culture-is
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/arrest-warrant-issued-impeached-south-korean-president-political-crisi
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/azerbaijan-airlines-blames-deadly-plane-crash-external-interference-ru
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/azerbaijan-president-accuses-russia-absurd-plane-crash-cover-up-says-f
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/china-directs-largest-military-build-up-since-1930s-nazi-germany-exper
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/china-unveils-worlds-largest-amphibious-warship"><strong&gt
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/collapse-syrias-assad-regime-renews-us-push-find-austin-tice">
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/court-issues-arrest-warrant-south-koreas-president-yoon
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/eyewitnesses-south-korea-plane-crash-recount-sparks-user-bird-strike
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/fall-of-syrias-bashar-assad-strategic-blow-to-iran-russia-experts-say&
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/g-7-summit-begins-leaders-back-deal-use-interest-russian-assets-ukrain
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/gop-rep-introduces-bipartisan-marc-fogel-act-pushing-state-dept-for-an
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/idf-reveals-4-reasons-why-killed-hezbollah-commander-fuad-shukr"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/idf-soldiers-accuse-un-peacekeepers-enabling-hezbollah-terrorists-amid
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israel-warns-go-after-lebanon-directly-cease-fire-hezbollah-collapses&
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-military-says-hezbollah-leader-hassan-nasrallah-killed-beirut-
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-official-reveals-how-to-truly-defeat-hezbollah
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-official-reveals-how-to-truly-defeat-hezbollah"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-pm-benjamin-netanyahu-completes-prostate-surgery-uti-diagnosis
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-pm-benjamin-netanyahu-undergo-surgery-pacemaker-implantation-h
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israeli-spy-network-uncovers-hezbollah-commanders-plans-marry-off-his-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/israels-benjamin-netanyahu-wishes-merry-christmas-christians-world&quo
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/kazakhstan-plane-crash-survivors-say-heard-bangs-before-aircraft-went-
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/man-vacation-family-goes-overboard-norwegian-cruise-ship-bahamas
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/national-guard-soldier-dies-days-after-christmas-non-combat-related-in
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/nato-appears-divided-pushing-biden-lift-strike-bans-ukrainian-offense&
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/nato-leaders-predict-era-2-defense-spending-probably-history-trump-rep
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-goes-against-doctors-orders-appears-israeli-parliament-after
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-testify-corruption-trial-amid-multiple-conflicts"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-undergo-hernia-surgery-full-anesthesia"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-undergo-major-surgery-after-uti-diagnosis
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/netanyahu-warns-houthis-amid-calls-israel-wipe-out-terror-leadership-d
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/north-korea-condemns-south-korea-fascist-dictatorship-after-martial-la
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/north-korea-vows-toughest-us-policy-vague-announcement
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/norwegian-epic-cruise-woman-overboard-mediterranean-sea"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/plane-veers-airport-runway-south-korea-deadly-crash
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/plane-veers-airport-runway-south-korea-deadly-crash"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/plane-veers-off-runway-crashes-fence-leaving-least-23-dead-report&quot
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/projectile-from-yemen-strikes-near-tel-aviv-injuring-more-than-dozen-o
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/putin-offers-pay-off-debts-recruitment-tool-war-against-ukraine
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/putin-promises-ask-assad-help-finding-austin-tice-following-letter-fro
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russia-batters-ukraine-power-grid-rising-concern-putin-order-ballistic
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russia-being-blamed-azerbaijan-airlines-plane-crashed-hundreds-miles-o
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russia-detains-suspect-accused-killing-high-ranking-general-moscow&quo
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russia-downplays-speculation-over-azerbaijan-airlines-crash"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russian-foreign-minister-blasts-ukraine-peace-deal-reportedly-floated-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russian-general-igor-kirillov-assistant-killed-by-explosive-device-mos
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russian-paramilitary-soldiers-killed-friendly-fire-attack-north-korean
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/russias-lavrov-baits-nato-hybrid-war-ukraine-they-want-fight"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/see-it-china-stuns-maiden-flight-sixth-generation-aircraft
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/soldier-killed-seriously-injured-vehicle-accident-poland-army-camp&quo
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-deadly-plane-crash-us-sends-investigators-country-still-re
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-imposes-travel-ban-president-yoon-over-martial-law-declara
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-lawmakers-vote-impeach-president-over-martial-law-declarat
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/south-korea-planes-final-moments-captured-video-before-hitting-concret
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/south-korean-president-apologizes-declaring-martial-law-ahead-impeachm
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/south-koreas-former-defense-minister-attempted-suicide-after-he-arrest
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/ukraine-how-war-shifted-2024
Source: chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/uncovering-atrocities-assad-regime-its-death-factory-hill
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/us-citizen-imprisoned-russia-given-new-15-year-sentence-wake-espionage
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/us-group-looks-kidnapped-americans-syria-after-fall-assad-regime-wont-
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/us-navy-ships-repel-attack-houthis-gulf-aden"><strong>&l
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/us-soldier-dead-noncombatant-incident-kuwait"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/us-warns-russia-potentially-aiding-north-koreas-nuclear-program-direct
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.foxnews.com/world/zelenskyy-lambastes-putin-christmas-strikes-what-could-more-inhumane&q
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.ft.com/content/da966006-88e5-4c25-9075-7c07c4702e06"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.nytimes.com/2024/12/27/world/middleeast/israel-lebanon-ceasefire"
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.nytimes.com/2024/12/29/world/middleeast/israel-hezbollah-nasrallah-assassination-intelli
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.president.gov.ua/en/news/volodimir-zelenskij-obgovoriv-prodovzhennya-pidtrimki-ukrayi-95
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.reuters.com/world/asia-pacific/azerbaijan-airlines-flight-was-downed-by-russian-air-defe
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.reuters.com/world/asia-pacific/who-is-kim-yong-hyun-ousted-south-korean-defence-minister
Source: chromecache_48.3.dr	String found in binary or memory: https://www.ukraineoversight.gov/Funding/#:~:text=Fiscal%20Year%20(FY)%202022%2D
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.understandingwar.org/backgrounder/ukraine-conflict-updates-june-1-september-30-2024&quot
Source: chromecache_49.3.dr, chromecache_48.3.dr	String found in binary or memory: https://www.wilsoncenter.org/blog-post/ukraine-quarterly-digest-april-june-2024"
Source: chromecache_48.3.dr	String found in binary or memory: https://www.wsj.com/world/probe-points-to-russian-air-defenses-causing-azerbaijan-airlines-crash-c96

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:50003 version: TLS 1.2

Source: classification engine

Classification label: mal52.win@16/17@14/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2256,i,15281777167265718556,12860661982955271464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2256,i,15281777167265718556,12860661982955271464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK	0%	Avira URL Cloud	safe
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK	100%	SlashNext	Fraudulent Website type: Phishing & Social usering

Source	Detection	Scanner	Label
http://4.lkx91.michaelhuegel.com/assets/styles.css	0%	Avira URL Cloud	safe
https://www.ukraineoversight.gov/Funding/#:~:text=Fiscal%20Year%20(FY)%202022%2D	0%	Avira URL Cloud	safe
https://www.president.gov.ua/en/news/volodimir-zelenskij-obgovoriv-prodovzhennya-pidtrimki-ukrayi-95	0%	Avira URL Cloud	safe
http://4.lkx91.michaelhuegel.com/assets/about_styles.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
4.lkx91.michaelhuegel.com	185.246.85.141	true	true	unknown
www.google.com	142.250.186.100	true	false	high
moxie.foxnews.com	unknown	unknown	false	high
www.foxnews.com	unknown	unknown	false	high
feeds.foxnews.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://4.lkx91.michaelhuegel.com/	false		unknown
http://4.lkx91.michaelhuegel.com/assets/styles.css	false	Avira URL Cloud: safe	unknown
http://4.lkx91.michaelhuegel.com/assets/about_styles.css	false	Avira URL Cloud: safe	unknown
http://4.lkx91.michaelhuegel.com/about	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.foxnews.com/world/uncovering-atrocities-assad-regime-its-death-factory-hill	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/us-group-looks-kidnapped-americans-syria-after-fall-assad-regime-wont-	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.nytimes.com/2024/12/29/world/middleeast/israel-hezbollah-nasrallah-assassination-intelli	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/world-regions/iraq"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/world-regions/china"	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/see-it-china-stuns-maiden-flight-sixth-generation-aircraft	chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/us-slaps-sanctions-companies-tied-nord-stream-2-bid-squeeze-russia&	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/russia-being-blamed-azerbaijan-airlines-plane-crashed-hundreds-miles-o	chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/house-passes-ukraine-aid-bill-gop-rebels-threaten-oust-johnson&quot	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/opinion/maos-america-bears-terrifying-resemblance-china-took-20-million-live	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ap24346248179	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.bloomberg.com/news/articles/2024-12-26/russia-rejects-trump-call-for-ukraine-truce-but-r	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/netanyahu-testify-corruption-trial-amid-multiple-conflicts"	chromecache_48.3.dr	false		high
https://www.foxnews.com/category/us/us-regions/southeast/florida"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/pentagon-plans-shrink-us-footprint-iraq-declines-say-how-much"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/south-korean-president-apologizes-declaring-martial-law-ahead-impeachm	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/g-7-summit-begins-leaders-back-deal-use-interest-russian-assets-ukrain	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/travel/flight-passenger-calls-fellow-flyers-bad-habit-shares-fix-problem&quo	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/soldier-killed-seriously-injured-vehicle-accident-poland-army-camp&quo	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/israels-benjamin-netanyahu-wishes-merry-christmas-christians-world&quo	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxbusiness.com/lifestyle/disney-cruise-line-no-longer-accepting-photocopies-guest-birth	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxbusiness.com/lifestyle/social-media-users-get-dramatic-carnival-cruise-ship-hits-ice-	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/us/crime/police-and-law-enforcement"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.reuters.com/world/asia-pacific/azerbaijan-airlines-flight-was-downed-by-russian-air-defe	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://apnews.com/article/russia-ukraine-war-north-korea-fe2506b30c4289a19a41c332f3dbe49c"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/israel-warns-go-after-lebanon-directly-cease-fire-hezbollah-collapses&	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/russian-foreign-minister-blasts-ukraine-peace-deal-reportedly-floated-	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/south-korea-lawmakers-vote-impeach-president-over-martial-law-declarat	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/health/heart-health"	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/us-navy-ships-repel-attack-houthis-gulf-aden"><strong>&l	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/idf-reveals-4-reasons-why-killed-hezbollah-commander-fuad-shukr"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/netanyahu-warns-houthis-amid-calls-israel-wipe-out-terror-leadership-d	chromecache_48.3.dr	false		high
https://www.foxnews.com/category/person/joe-biden"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/11/931/523/vladimir-puti	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxbusiness.com/fox-news-world/trudeau-brink-ally-finance-minister-abruptly-quits-over-t	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/china-warns-us-stop-arming-taiwan-after-biden-approves-571m-militar	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/israeli-spy-network-uncovers-hezbollah-commanders-plans-marry-off-his-	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/putin-offers-pay-off-debts-recruitment-tool-war-against-ukraine	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/national-guard-soldier-dies-days-after-christmas-non-combat-related-in	chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/chinese-milit	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/politics"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/gop-rep-introduces-bipartisan-marc-fogel-act-pushing-state-dept-for-an	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/media/trey-yingst-enters-abandoned-syrian-detention-site-search-missing-amer	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/person/benjamin-netanyahu"	chromecache_48.3.dr	false		high
https://www.nytimes.com/2024/12/27/world/middleeast/israel-lebanon-ceasefire"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/video/6365387398112"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/biden-harris-admin-rolls-out-another-4-28-billion-student-loan-hand	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/idf-finds-hezbollah-weapons-cache-underground-tunnel-video	chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/state-attorneys-general-ask-scotus-uphold-tiktok-divest-ban-law-ami	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/american-teacher-jailed-russia-wrongfully-detained-state-department-fo	chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/ukraine-soldi	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://thefederalist.com/2024/12/27/report-china-rapidly-builds-up-weapons-and-psychological-warfar	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/russia-detains-suspect-accused-killing-high-ranking-general-moscow&quo	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/south-korea-planes-final-moments-captured-video-before-hitting-concret	chromecache_48.3.dr	false		high
https://www.reuters.com/world/asia-pacific/who-is-kim-yong-hyun-ousted-south-korean-defence-minister	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/whatsapp_imag	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/entertainment/events/in-court"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/russias-lavrov-baits-nato-hybrid-war-ukraine-they-want-fight"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2018/09/931/523/national-guar	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://pubsubhubbub.appspot.com/	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/us-warns-russia-potentially-aiding-north-koreas-nuclear-program-direct	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/politics/foreign-policy/state-department"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/united-nations"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world"	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/azerbaijan-airlines-blames-deadly-plane-crash-external-interference-ru	chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/here-who-vying-power-syria-after-fall-bashar-al-assad">As	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/netanyahu-undergo-major-surgery-after-uti-diagnosis	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/north-korea-vows-toughest-us-policy-vague-announcement	chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/korea-crash1.	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/us-soldier-dead-noncombatant-incident-kuwait"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/politics/biden-administration-announces-500m-aid-package-ukraine"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/kazakhstan-plane-crash-survivors-say-heard-bangs-before-aircraft-went-	chromecache_48.3.dr	false		high
https://www.president.gov.ua/en/news/volodimir-zelenskij-obgovoriv-prodovzhennya-pidtrimki-ukrayi-95	chromecache_49.3.dr, chromecache_48.3.dr	false	Avira URL Cloud: safe	unknown
https://www.foxnews.com/media/zelenskyy-fears-danger-ukraine-loses-unity-defeat-us-cuts-funds-1000-d	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.ukraineoversight.gov/Funding/#:~:text=Fiscal%20Year%20(FY)%202022%2D	chromecache_48.3.dr	false	Avira URL Cloud: safe	unknown
https://www.foxnews.com/world/ukraine-how-war-shifted-2024	chromecache_48.3.dr	false		high
http://search.yahoo.com/mrss/	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/marcfamily.pn	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/world-regions/israel"	chromecache_48.3.dr	false		high
https://www.foxnews.com/media/trump-named-2024-time-person-year-after-winning-presidency-surviving-a	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2023/01/931/523/AP23010674340	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/disasters"	chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/world-regions/middle-east"	chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/world-regions/south-korea"	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/israeli-pm-benjamin-netanyahu-completes-prostate-surgery-uti-diagnosis	chromecache_48.3.dr	false		high
https://www.foxnews.com/world/collapse-syrias-assad-regime-renews-us-push-find-austin-tice">	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/us/elon-musk-says-us-needs-many-hypersonic-missiles-long-range-drones-anythi	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world	chromecache_48.3.dr	false		high
https://abcnews.go.com/International/russia-sets-new-drone-attack-record-overnight-ukraine/story?id=	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/us/military/national-guard"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/category/world/conflicts/syria">Syria	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/health"	chromecache_49.3.dr, chromecache_48.3.dr	false		high
https://www.foxnews.com/world/south-korea-imposes-travel-ban-president-yoon-over-martial-law-declara	chromecache_48.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
185.246.85.141	4.lkx91.michaelhuegel.com	France	21409	IKOULAFR	true

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582855
Start date and time:	2024-12-31 17:08:47 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Potential for more IOCs and behavior
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@16/17@14/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.78, 142.251.168.84, 216.58.212.174, 172.217.18.14, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 192.229.221.95, 217.20.57.19, 142.250.181.238, 216.58.206.78, 142.250.185.238, 142.250.186.106, 172.217.18.10, 142.250.74.202, 142.250.186.138, 172.217.18.106, 142.250.185.138, 172.217.16.138, 142.250.185.234, 142.250.186.42, 142.250.181.234, 142.250.186.170, 142.250.185.170, 142.250.185.202, 216.58.206.42, 142.250.185.106, 142.250.184.202, 142.250.185.206, 216.58.206.67, 172.217.16.206, 142.250.185.78, 184.28.90.27, 13.107.246.45, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, j.sni.global.fastly.net, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK

Input	Output
URL: http://4.lkx91.michaelhuegel.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": true, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://4.lkx91.michaelhuegel.com
URL: http://4.lkx91.michaelhuegel.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple countdown timer and email subscription functionality, which are common and benign web development practices. There are no indicators of high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is focused on updating the countdown display and handling a basic email subscription form submission, which are typical and expected behaviors for a website countdown or launch page." }
const launchDate = new Date('2025-12-31T00:00:00').getTime(); const daysElement = document.getElementById('days'); const hoursElement = document.getElementById('hours'); const minutesElement = document.getElementById('minutes'); const secondsElement = document.getElementById('seconds'); function updateCountdown() { const currentTime = new Date().getTime(); const timeRemaining = launchDate - currentTime; const days = Math.floor(timeRemaining / (1000 * 60 * 60 * 24)); const hours = Math.floor((timeRemaining % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60)); const minutes = Math.floor((timeRemaining % (1000 * 60 * 60)) / (1000 * 60)); const seconds = Math.floor((timeRemaining % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(2, '0'); secondsElement.textContent = seconds.toString().padStart(2, '0'); } function submitForm(event) { event.preventDefault(); const email = document.getElementById('email').value; document.getElementById('subscription-message').textContent = `Thank you for subscribing, ${email}!`; } updateCountdown(); setInterval(updateCountdown, 1000);
URL: http://4.lkx91.michaelhuegel.com/news?q=IP%20provi... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be a legitimate RSS feed reader that fetches and displays news items from the Fox News World RSS feed. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code uses standard web APIs like `fetch` and `DOMParser` to retrieve and parse the RSS feed, and it displays the news items in a straightforward manner on the page. Overall, this script is likely benign and poses a low risk." }
const fetchRSSFeed = async (url) => { const response = await fetch(url); const text = await response.text(); const parser = new DOMParser(); const xml = parser.parseFromString(text, "application/xml"); return xml; }; const displayNewsItems = (xml) => { const newsItemsContainer = document.getElementById("news-items"); const items = xml.querySelectorAll("item"); items.forEach((item) => { const titleElement = item.querySelector("title"); const guidElement = item.querySelector("guid"); const descriptionElement = item.querySelector("description"); const contentElement = item.querySelector("content\\:encoded"); const title = titleElement ? titleElement.textContent : "Untitled"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentElement.textContent : "No content available."; const newsItem = document.createElement("div"); newsItem.classList.add("news-item"); newsItem.innerHTML = ` <h2><a href="${guid}" target="_blank">${title}</a></h2> <p>${description}</p> <div>${content}</div> `; newsItemsContainer.appendChild(newsItem); }); }; (async () => { const foxNewsWorldRSSFeed = "https://feeds.foxnews.com/foxnews/world"; const xml = await fetchRSSFeed(foxNewsWorldRSSFeed); displayNewsItems(xml); document.getElementById("msg").textContent = new URLSearchParams(window.location.search).get("q"); })();
URL: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Netanyahu goes against doctor's orders, appears in Israeli parliament after surgery", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["3dbc3u@yjztl.co"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["3dbc3u@yjztl.co"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": "3dbc3u@yjztl.co", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["ooyhvn@lukhddv.co"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["ooyhvn@lukhddv.co"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["ooyhvn@lukhddqv.co"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["d1ucj@yfywvma.net"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["d1ucj@yfywvma.net"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/about Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://4.lkx91.michaelhuegel.com/news Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://4.lkx91.michaelhuegel.com/about Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://4.lkx91.michaelhuegel.com/news Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3195
Entropy (8bit):	4.5774179129707075
Encrypted:	false
SSDEEP:	48:vu+C1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuT1Yd6ygx4cA2
MD5:	0ED0D9CFCE1D0BBEC965DFF0BF6FF8AB
SHA1:	F800035B2B5AA2C890A187733CC74BE14DB9A2E5
SHA-256:	1589479C8620C06190C102AB49A0A09E400D1937782983705DD1B4FBC723A83A
SHA-512:	7F159E57E3FF086C70EEB6892088FE06B1EFB67C9EF304517AA48977F1D6F1B498DFCF1D4290DD11259656E7C5F014C24F83BE8EF1CAABB85E29A3F533DD2246
Malicious:	false
Reputation:	low
URL:	http://4.lkx91.michaelhuegel.com/news
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - wattsgroup.co.nz </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:ho

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2877
Entropy (8bit):	4.859680281553471
Encrypted:	false
SSDEEP:	48:Z5JJpI4LLIk6ddLHJy8A3SXUV/ot5CjsEn+yxw4Dj7jvj:r3LLIk6T9yvGssE5x7
MD5:	D789D413AACD394D5DD0F75C7CEDF95A
SHA1:	CC82AE047F1B66343F8488FE0A017AD1960054DA
SHA-256:	59BF80ABE64AEE9944DCBA2930967833C0A96914420E48EF1F94E7136EB171F7
SHA-512:	D2BA473C0CC9B83DF0F903CCC8E48C074D7EF8302A45514BF085A542D3C3199E1F217C3B53D9A2405D64D57F19451EAC1CC4F5FE5AFC9DE375BB91DA2B582798
Malicious:	false
Reputation:	low
URL:	http://4.lkx91.michaelhuegel.com/
Preview:	.............<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Coming Soon - wattsgroup.co.nz</title>.. <link rel="stylesheet" href="/assets/styles.css">..</head>.<body>.<div class="container">. <h1>Our Website is Coming Soon!</h1>. <p>We are working hard to give you the best experience. Stay tuned!</p>. <div class="countdown">. <div class="countdown-item">. <span id="days">00</span>. <label>Days</label>. </div>. <div class="countdown-item">. <span id="hours">00</span>. <label>Hours</label>. </div>. <div class="countdown-item">. <span id="minutes">00</span>. <label>Minutes</label>. </div>. <div class="countdown-item">. <span id="seconds">00</span>. <label>Seconds</label>. </div>. </div>.. <form id="subscription-form" onsubmit

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	714
Entropy (8bit):	4.640934656505668
Encrypted:	false
SSDEEP:	12:U068a0fvM2SMGRDGW4Q1bTNKqkFk80MFr+jF35PHtXFGSECp3t6FGSECpa6FGSEI:UkvMuGRKePcV1YF3LX8SECVt68SEC06l
MD5:	4BE8EF55271B17CF4B27C93F9C21044F
SHA1:	9D0DA00EC2C6BD31D3EECCF4F97B9D9DFB409822
SHA-256:	48796E60D0E2924366A3E3BBFC06A948C1D631AB0B8DFA27E2CA9F8EE58053E7
SHA-512:	B7ACE1CA1DE39D61154D26C0306AA5EF64E64C08FA1B15EE406CA887D23D59DF30A3FC73E143C8C87B5F71291F9B918DE207DEF1C77AF91046C7564E60CE4517
Malicious:	false
Reputation:	low
URL:	http://4.lkx91.michaelhuegel.com/assets/about_styles.css
Preview:	body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. width: 80%;. margin: auto;. overflow: hidden;. padding: 0 2rem;. background-color: #fff;. padding: 2rem;. border-radius: 5px;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);.}..h1 {. font-size: 2rem;. color: #333;. margin-bottom: 1rem;.}..p {. font-size: 1rem;. color: #333;. margin-bottom: 1rem;.}..ul {. font-size: 1rem;. color: #333;. margin-bottom: 1rem;. padding-left: 1.5rem;.}..li {. margin-bottom: 0.5rem;.}.

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HoUinYn:IUyY
MD5:	903747EA4323C522742842A52CE710C9
SHA1:	9F806EA4288867A31A4AD53AC171AA4029DF182B
SHA-256:	4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
SHA-512:	EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSEAmC6EcvaJfRhBIFDYOoWz0=?alt=proto
Preview:	CgkKBw2DqFs9GgA=

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	4.7130828204283555
Encrypted:	false
SSDEEP:	24:UkvMuGRKe7+U6eSEMDSaGvMdufqGmnoSPfzS7pvMugQrYFv0CGSTYFUL9MtDY3Ss:Uk9w7x9sHGgufRNkz09fcFMCGJFUL9MO
MD5:	1FB5EDFEA0AF10D301EFCD56738BA30A
SHA1:	1AAC6EB08825AD63AC334CFF1F816CC9ECA71219
SHA-256:	161D0961994DD86814FAFBA6EDD6FA7A75D17B19B2E60E1EE01ADAA9EA19DADC
SHA-512:	A0C3F78B663E01D24DDD53AF6D0D1E3E9DD743C3E4CB6FC8F45588BCC37AB3923A2992505C4842D9E451692A7E7495155F58BFED056BCFE57E02204603F962DD
Malicious:	false
Reputation:	low
URL:	http://4.lkx91.michaelhuegel.com/assets/styles.css
Preview:	body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. background-color: #ffffff;. padding: 30px;. border-radius: 10px;. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);. text-align: center;.}..h1 {. font-size: 36px;. margin-bottom: 20px;. color: #333;.}..p {. font-size: 18px;. color: #777;. margin-bottom: 40px;.}...countdown {. display: flex;. justify-content: center;. margin-bottom: 40px;.}...countdown-item {. display: inline-block;. margin: 0 10px;.}...countdown-item span {. font-size: 24px;. color: #444;.}...countdown-item label {. display: block;. font-size: 14px;. color: #999;.}..form {. display: flex;. justify-content: center;. align-items: center;. flex-direction: column;.}..input[type="email"] {. font-size: 16px;. padding: 10px;. border: 1px sol

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (454), with CRLF line terminators
Category:	downloaded
Size (bytes):	2176
Entropy (8bit):	4.633464119861773
Encrypted:	false
SSDEEP:	48:FrRUUtfTbGHdPJQLwVXjpG6qkdZA98zE9bH2Mjn9TAc:9WUtrbG9bVXsNyA98zEEMjn9TH
MD5:	ECAA183EFB1A465A09483E3F07A8D9FC
SHA1:	2A896975215454ADAEA4AE94F50B8A7E858061C9
SHA-256:	C4534B8F7160919D02D7181081898ADB7F03243DC42A257697B42102239B2B3D
SHA-512:	054E275BFE8A6204E6E01A15109F4F39EBAAA611F725B9F59ABCD7F5603B4F67CF3E7314F5555EA9E773B6729E8CBF67915D3F875C096442882D46D5DEFDD97B
Malicious:	false
Reputation:	low
URL:	http://4.lkx91.michaelhuegel.com/about
Preview:	........................<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>About Us - wattsgroup.co.nz</title>.. <link rel="stylesheet" href="/assets/about_styles.css">..</head>..<body>..<div class="container">.. <h1>About Our Email Marketing Agency</h1>.. <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p>.. <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster customer loyalty, and increase

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (14998)
Category:	downloaded
Size (bytes):	192011
Entropy (8bit):	4.821645713750209
Encrypted:	false
SSDEEP:	3072:Fmg2nGByFHx09G+FSM2RIHCqK7LMrDu8nMGu0mwvs6GMLKv2Ea9GYq/Rxn84lgkq:Fmg2nGAFHxWG+FSM2RIHCqK7LMrDu8nN
MD5:	C189EA716269A8E7682070EB0D75914E
SHA1:	BF51E9F30E40DA1AE339A8491B87E2674E3FEDCA
SHA-256:	034F2C3BFC229F96893F6EB02EC76CE3CE647373B5EEF070CB40007C47472385
SHA-512:	AE32E52AE6F632C4768B2AC82C3DE3EF557DF4439E8CFE357CD35E71872A66B9EC112CAD0DB1DE203679D6873981D31D186DB8F2C533E3C0D6F4A58110A83685
Malicious:	false
Reputation:	low
URL:	https://moxie.foxnews.com/google-publisher/world.xml
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0">. <channel>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. <description>See the latest world news and international news on Fox News. Learn all about the news happening around the world.</description>. <copyright>Copyright 2024 FOX News Network</copyright>. <language>en-us</language>. <pubDate>Tue, 31 Dec 2024 10:47:42 -0500</pubDate>. <image>. <url>https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png</url>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. </image>. <atom:link rel="self" href="https://moxie.foxnew

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 text, with very long lines (14998)
Category:	dropped
Size (bytes):	192011
Entropy (8bit):	4.821645713750209
Encrypted:	false
SSDEEP:	3072:Fmg2nGByFHx09G+FSM2RIHCqK7LMrDu8nMGu0mwvs6GMLKv2Ea9GYq/Rxn84lgkq:Fmg2nGAFHxWG+FSM2RIHCqK7LMrDu8nN
MD5:	C189EA716269A8E7682070EB0D75914E
SHA1:	BF51E9F30E40DA1AE339A8491B87E2674E3FEDCA
SHA-256:	034F2C3BFC229F96893F6EB02EC76CE3CE647373B5EEF070CB40007C47472385
SHA-512:	AE32E52AE6F632C4768B2AC82C3DE3EF557DF4439E8CFE357CD35E71872A66B9EC112CAD0DB1DE203679D6873981D31D186DB8F2C533E3C0D6F4A58110A83685
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0">. <channel>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. <description>See the latest world news and international news on Fox News. Learn all about the news happening around the world.</description>. <copyright>Copyright 2024 FOX News Network</copyright>. <language>en-us</language>. <pubDate>Tue, 31 Dec 2024 10:47:42 -0500</pubDate>. <image>. <url>https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png</url>. <title>Latest World News on Fox News</title>. <link>https://www.foxnews.com/world</link>. </image>. <atom:link rel="self" href="https://moxie.foxnew

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	3195
Entropy (8bit):	4.5774179129707075
Encrypted:	false
SSDEEP:	48:vu+C1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuT1Yd6ygx4cA2
MD5:	0ED0D9CFCE1D0BBEC965DFF0BF6FF8AB
SHA1:	F800035B2B5AA2C890A187733CC74BE14DB9A2E5
SHA-256:	1589479C8620C06190C102AB49A0A09E400D1937782983705DD1B4FBC723A83A
SHA-512:	7F159E57E3FF086C70EEB6892088FE06B1EFB67C9EF304517AA48977F1D6F1B498DFCF1D4290DD11259656E7C5F014C24F83BE8EF1CAABB85E29A3F533DD2246
Malicious:	false
Reputation:	low
URL:	http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK
Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - wattsgroup.co.nz </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-item a:ho

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:09:32.629641056 CET	49673	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:32.629651070 CET	49674	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:32.942128897 CET	49672	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:38.069792032 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:38.069842100 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:38.069920063 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:38.071192980 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:38.071213007 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:38.856287956 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:38.856388092 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:38.923758030 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:38.923826933 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:38.924143076 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:39.076654911 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:39.076716900 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:39.076725006 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:39.076941013 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:39.119335890 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:39.246880054 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:39.247016907 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:39.247127056 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:39.249752045 CET	49708	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:39.249771118 CET	443	49708	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.050095081 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.050208092 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.050427914 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.050985098 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.051001072 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.237814903 CET	49673	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:42.237816095 CET	49674	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:42.550323009 CET	49672	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:42.832309961 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.832400084 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.836646080 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.836663008 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.836981058 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.839399099 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.839399099 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.839399099 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:42.839417934 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:42.883371115 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:43.011323929 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:43.011445045 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:43.011723995 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:43.011982918 CET	49717	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:09:43.011996984 CET	443	49717	40.113.110.67	192.168.2.6
Dec 31, 2024 17:09:43.574985027 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:43.575037956 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:43.575110912 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:43.575426102 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:43.575439930 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:44.210196018 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:44.210530996 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:44.210551977 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:44.211409092 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:44.211472988 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:44.212758064 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:44.212816954 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:44.252635002 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:44.252659082 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:44.263133049 CET	443	49704	173.222.162.64	192.168.2.6
Dec 31, 2024 17:09:44.263259888 CET	49704	443	192.168.2.6	173.222.162.64
Dec 31, 2024 17:09:44.299511909 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:44.947804928 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:44.950629950 CET	49721	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:44.952645063 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:44.952924013 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:44.953166008 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:44.955482960 CET	80	49721	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:44.955564976 CET	49721	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:44.957930088 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:45.585747957 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:45.585771084 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:45.585783005 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:45.585829973 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:45.686065912 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:45.690882921 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:45.868716002 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:09:45.916757107 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:09:54.111195087 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:54.111278057 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:09:54.111377001 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:55.613751888 CET	49718	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:09:55.613765955 CET	443	49718	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:04.059295893 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:04.064330101 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.242289066 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.242302895 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.242312908 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.242325068 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.242347002 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:04.242405891 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:04.300560951 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:04.305382013 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.483573914 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.483597040 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:04.483748913 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:05.927474976 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:05.927499056 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:05.927581072 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:05.928119898 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:05.928132057 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.717807055 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.717896938 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.722662926 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.722672939 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.722901106 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.724904060 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.724976063 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.724981070 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.725135088 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.767334938 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.899691105 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.899755001 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.900317907 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.901120901 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:06.901133060 CET	443	49856	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:06.901148081 CET	49856	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:16.149558067 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:16.155189991 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:16.332134008 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:16.332150936 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:16.332220078 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:16.374958992 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:16.379792929 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:16.558602095 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:16.609306097 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:28.048697948 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:28.053544044 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:28.231224060 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:28.231245041 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:28.231259108 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:28.231405020 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:28.286015987 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:29.956679106 CET	49721	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:29.961652040 CET	80	49721	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:30.112217903 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.112297058 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:30.112369061 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.112960100 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.112974882 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:30.892226934 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:30.892440081 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.894517899 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.894535065 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:30.894768953 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:30.896512032 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.896567106 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.896573067 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:30.896716118 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:30.939357042 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:31.066689014 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:31.066816092 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:31.066967010 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:31.067116022 CET	49997	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:31.067135096 CET	443	49997	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:39.939393997 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:39.944295883 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:40.122255087 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:40.122271061 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:40.122282028 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:40.122354984 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:43.617198944 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:43.617233038 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:43.617306948 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:43.617573977 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:43.617590904 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:44.277476072 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:44.277785063 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:44.277801037 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:44.278261900 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:44.278574944 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:44.278660059 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:44.331451893 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:45.193404913 CET	49721	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:45.198542118 CET	80	49721	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:45.198600054 CET	49721	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:51.970356941 CET	50002	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:51.972450018 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:51.975392103 CET	80	50002	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:51.975553036 CET	50002	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:51.977271080 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:52.155493021 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:52.155510902 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:52.155524969 CET	80	49720	185.246.85.141	192.168.2.6
Dec 31, 2024 17:10:52.155688047 CET	49720	80	192.168.2.6	185.246.85.141
Dec 31, 2024 17:10:54.197432041 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:54.197510004 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:54.197722912 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:55.614658117 CET	50001	443	192.168.2.6	142.250.186.100
Dec 31, 2024 17:10:55.614687920 CET	443	50001	142.250.186.100	192.168.2.6
Dec 31, 2024 17:10:58.793355942 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:58.793414116 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:58.793500900 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:58.794122934 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:58.794137001 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.587810993 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.587932110 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.589881897 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.589903116 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.590152979 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.592154980 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.592209101 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.592219114 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.592354059 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.635340929 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.763906956 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.764034986 CET	443	50003	40.113.110.67	192.168.2.6
Dec 31, 2024 17:10:59.764102936 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.764322996 CET	50003	443	192.168.2.6	40.113.110.67
Dec 31, 2024 17:10:59.764343023 CET	443	50003	40.113.110.67	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:09:39.400790930 CET	53	65368	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:39.416217089 CET	53	64597	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:40.473176956 CET	53	61634	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:43.566420078 CET	60541	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:43.566772938 CET	63841	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:43.573447943 CET	53	63841	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:43.573465109 CET	53	60541	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:44.923250914 CET	50630	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:44.923511028 CET	58702	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:44.940376043 CET	53	50630	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:44.940587997 CET	53	58702	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:45.635438919 CET	49531	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:45.635617971 CET	60775	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:45.642908096 CET	53	60775	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:46.242630959 CET	52208	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:46.243078947 CET	57032	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:46.265008926 CET	53	57032	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:47.153644085 CET	52235	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:47.153856993 CET	64175	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:47.177618027 CET	53	64175	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:47.699551105 CET	64061	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:47.699696064 CET	58050	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:09:47.721434116 CET	53	58050	1.1.1.1	192.168.2.6
Dec 31, 2024 17:09:57.527211905 CET	53	49243	1.1.1.1	192.168.2.6
Dec 31, 2024 17:10:04.520934105 CET	53	57163	1.1.1.1	192.168.2.6
Dec 31, 2024 17:10:16.580084085 CET	53	64203	1.1.1.1	192.168.2.6
Dec 31, 2024 17:10:38.903127909 CET	53	60862	1.1.1.1	192.168.2.6
Dec 31, 2024 17:10:39.294094086 CET	53	55955	1.1.1.1	192.168.2.6
Dec 31, 2024 17:10:50.401289940 CET	54953	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:10:50.401587009 CET	65434	53	192.168.2.6	1.1.1.1
Dec 31, 2024 17:10:50.424635887 CET	53	65434	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Dec 31, 2024 17:10:50.424758911 CET	192.168.2.6	1.1.1.1	c246	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 17:09:43.566420078 CET	192.168.2.6	1.1.1.1	0xb14e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:43.566772938 CET	192.168.2.6	1.1.1.1	0x724a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 31, 2024 17:09:44.923250914 CET	192.168.2.6	1.1.1.1	0xbcd0	Standard query (0)	4.lkx91.michaelhuegel.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:44.923511028 CET	192.168.2.6	1.1.1.1	0x936d	Standard query (0)	4.lkx91.michaelhuegel.com	65	IN (0x0001)	false
Dec 31, 2024 17:09:45.635438919 CET	192.168.2.6	1.1.1.1	0x2986	Standard query (0)	feeds.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:45.635617971 CET	192.168.2.6	1.1.1.1	0x30fa	Standard query (0)	feeds.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 17:09:46.242630959 CET	192.168.2.6	1.1.1.1	0x513e	Standard query (0)	moxie.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:46.243078947 CET	192.168.2.6	1.1.1.1	0x2b47	Standard query (0)	moxie.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 17:09:47.153644085 CET	192.168.2.6	1.1.1.1	0x162c	Standard query (0)	moxie.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:47.153856993 CET	192.168.2.6	1.1.1.1	0x4de7	Standard query (0)	moxie.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 17:09:47.699551105 CET	192.168.2.6	1.1.1.1	0xf432	Standard query (0)	www.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:47.699696064 CET	192.168.2.6	1.1.1.1	0x7cb7	Standard query (0)	www.foxnews.com	65	IN (0x0001)	false
Dec 31, 2024 17:10:50.401289940 CET	192.168.2.6	1.1.1.1	0xe7ec	Standard query (0)	www.foxnews.com	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:10:50.401587009 CET	192.168.2.6	1.1.1.1	0x2597	Standard query (0)	www.foxnews.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 17:09:43.573447943 CET	1.1.1.1	192.168.2.6	0x724a	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 31, 2024 17:09:43.573465109 CET	1.1.1.1	192.168.2.6	0xb14e	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:44.940376043 CET	1.1.1.1	192.168.2.6	0xbcd0	No error (0)	4.lkx91.michaelhuegel.com		185.246.85.141	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:09:45.642908096 CET	1.1.1.1	192.168.2.6	0x30fa	No error (0)	feeds.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:45.643893003 CET	1.1.1.1	192.168.2.6	0x2986	No error (0)	feeds.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:46.265008926 CET	1.1.1.1	192.168.2.6	0x2b47	No error (0)	moxie.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:46.266002893 CET	1.1.1.1	192.168.2.6	0x513e	No error (0)	moxie.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:47.177618027 CET	1.1.1.1	192.168.2.6	0x4de7	No error (0)	moxie.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:47.178025961 CET	1.1.1.1	192.168.2.6	0x162c	No error (0)	moxie.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:47.721434116 CET	1.1.1.1	192.168.2.6	0x7cb7	No error (0)	www.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:09:47.723121881 CET	1.1.1.1	192.168.2.6	0xf432	No error (0)	www.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:10:50.408907890 CET	1.1.1.1	192.168.2.6	0xe7ec	No error (0)	www.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:10:50.424635887 CET	1.1.1.1	192.168.2.6	0x2597	No error (0)	www.foxnews.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

4.lkx91.michaelhuegel.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49720	185.246.85.141	80	4344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 17:09:44.953166008 CET	510	OUT	GET /news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:09:45.585747957 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 493 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:09:45 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - wattsgroup.co.nz </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
Dec 31, 2024 17:09:45.585771084 CET	1236	IN	Data Raw: 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox N
Dec 31, 2024 17:09:45.585783005 CET	1001	IN	Data Raw: 65 64 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 20 20 20 20 Data Ascii: ed"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentE
Dec 31, 2024 17:09:45.686065912 CET	464	OUT	GET /favicon.ico HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:09:45.868716002 CET	258	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 492 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:09:45 GMT Content-Length: 0
Dec 31, 2024 17:10:04.059295893 CET	554	OUT	GET / HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:04.242289066 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 491 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:10:04 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
Dec 31, 2024 17:10:04.242302895 CET	224	IN	Data Raw: 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 Data Ascii: "subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p>
Dec 31, 2024 17:10:04.242312908 CET	1236	IN	Data Raw: 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6e 65 77 73 22 3e 46 6f 78 20 4e 65 77 73 3c 2f 61 3e 0a 20 20 20 20 3c 62 72 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 61 62 6f 75 74 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 20 61 Data Ascii: </form> <a href="news">Fox News</a> <br> <a href="about">Learn more about our email marketing agency</a> <br> <a href="opt-out">Unsubscribe from our newsletter</a> <br> <a href="privacy">Privacy Policy</a></div>
Dec 31, 2024 17:10:04.242325068 CET	459	IN	Data Raw: 6f 53 74 72 69 6e 67 28 29 2e 70 61 64 53 74 61 72 74 28 32 2c 20 27 30 27 29 3b 0a 20 20 20 20 20 20 20 20 73 65 63 6f 6e 64 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 73 65 63 6f 6e 64 73 2e 74 6f 53 74 72 69 6e 67 28 Data Ascii: oString().padStart(2, '0'); secondsElement.textContent = seconds.toString().padStart(2, '0'); } function submitForm(event) { event.preventDefault(); const email = document.getElementById('email').value;
Dec 31, 2024 17:10:04.300560951 CET	354	OUT	GET /assets/styles.css HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://4.lkx91.michaelhuegel.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:04.483573914 CET	1236	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 1435 Content-Type: text/css; charset=utf-8 Last-Modified: Wed, 25 Dec 2024 14:04:36 GMT Date: Tue, 31 Dec 2024 16:10:04 GMT Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED] Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
Dec 31, 2024 17:10:04.483597040 CET	384	IN	Data Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
Dec 31, 2024 17:10:16.149558067 CET	489	OUT	GET /about HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.lkx91.michaelhuegel.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:16.332134008 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 490 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:10:16 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 62 6f 75 74 20 55 73 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 62 6f 75 74 5f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 3c 68 31 3e 41 62 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>About Us - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/about_styles.css"></head><body><div class="container"> <h1>About Our Email Marketing Agency</h1> <p>Our email marketing agency specializes in creating effective and engaging email campaigns tailored to meet the unique needs of businesses of all sizes. With a team of experienced marketing professionals, we are dedicated to helping our clients achieve their marketing goals and drive growth through the power of email marketing.</p> <p>At our agency, we understand the importance of personalized, targeted email marketing strategies. By combining cutting-edge technology with data-driven insights and creative expertise, we deliver email campaigns that resonate with your audience, foster cu
Dec 31, 2024 17:10:16.332150936 CET	1217	IN	Data Raw: 73 74 6f 6d 65 72 20 6c 6f 79 61 6c 74 79 2c 20 61 6e 64 20 69 6e 63 72 65 61 73 65 20 63 6f 6e 76 65 72 73 69 6f 6e 73 2e 20 46 72 6f 6d 20 64 65 73 69 67 6e 69 6e 67 20 63 61 70 74 69 76 61 74 69 6e 67 20 65 6d 61 69 6c 20 74 65 6d 70 6c 61 74 Data Ascii: stomer loyalty, and increase conversions. From designing captivating email templates to crafting compelling subject lines, our comprehensive services cover every aspect of email marketing.</p> <p>Our services include:</p> <ul>
Dec 31, 2024 17:10:16.374958992 CET	365	OUT	GET /assets/about_styles.css HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://4.lkx91.michaelhuegel.com/about Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:16.558602095 CET	898	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 714 Content-Type: text/css; charset=utf-8 Last-Modified: Wed, 25 Dec 2024 14:04:36 GMT Date: Tue, 31 Dec 2024 16:10:16 GMT Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 77 69 64 74 68 3a 20 38 30 25 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 72 65 6d 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 72 65 6d 3b 0a 20 [TRUNCATED] Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { width: 80%; margin: auto; overflow: hidden; padding: 0 2rem; background-color: #fff; padding: 2rem; border-radius: 5px; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);}h1 { font-size: 2rem; color: #333; margin-bottom: 1rem;}p { font-size: 1rem; color: #333; margin-bottom: 1rem;}ul { font-size: 1rem; color: #333; margin-bottom: 1rem; padding-left: 1.5rem;}li { margin-bottom: 0.5rem;}
Dec 31, 2024 17:10:28.048697948 CET	489	OUT	GET / HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.lkx91.michaelhuegel.com/about Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:28.231224060 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 489 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:10:28 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=
Dec 31, 2024 17:10:28.231245041 CET	1236	IN	Data Raw: 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c 22 20 69 64 3d 22 Data Ascii: "subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p> </form> <a hre
Dec 31, 2024 17:10:28.231259108 CET	683	IN	Data Raw: 6e 67 20 25 20 28 31 30 30 30 20 2a 0a 20 20 20 20 20 20 20 20 20 20 20 20 36 30 29 29 20 2f 20 31 30 30 30 29 3b 0a 0a 20 20 20 20 20 20 20 20 64 61 79 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 64 61 79 73 2e 74 6f 53 Data Ascii: ng % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(
Dec 31, 2024 17:10:39.939393997 CET	488	OUT	GET /news HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.lkx91.michaelhuegel.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:40.122255087 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 488 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:10:40 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - wattsgroup.co.nz </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
Dec 31, 2024 17:10:40.122271061 CET	1236	IN	Data Raw: 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>Fox N
Dec 31, 2024 17:10:51.972450018 CET	488	OUT	GET / HTTP/1.1 Host: 4.lkx91.michaelhuegel.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://4.lkx91.michaelhuegel.com/news Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Dec 31, 2024 17:10:52.155493021 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 487 X-Ratelimit-Reset: 1735664773 Date: Tue, 31 Dec 2024 16:10:52 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 77 61 74 74 73 67 72 6f 75 70 2e 63 6f 2e 6e 7a 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 6e 67 20 53 6f 6f [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - wattsgroup.co.nz</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <form id=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49721	185.246.85.141	80	4344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 31, 2024 17:10:29.956679106 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:09:39 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 67 72 4e 42 62 61 78 62 6b 61 4c 41 48 35 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 61 31 32 36 66 32 31 65 38 62 32 62 37 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: MgrNBbaxbkaLAH53.1Context: 79a126f21e8b2b7b
2024-12-31 16:09:39 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 16:09:39 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4d 67 72 4e 42 62 61 78 62 6b 61 4c 41 48 35 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 61 31 32 36 66 32 31 65 38 62 32 62 37 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: MgrNBbaxbkaLAH53.2Context: 79a126f21e8b2b7b<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
2024-12-31 16:09:39 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 67 72 4e 42 62 61 78 62 6b 61 4c 41 48 35 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 39 61 31 32 36 66 32 31 65 38 62 32 62 37 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: MgrNBbaxbkaLAH53.3Context: 79a126f21e8b2b7b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 16:09:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 16:09:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 4d 52 52 58 77 58 55 30 30 4b 4d 45 79 4b 34 47 71 64 6a 32 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2MRRXwXU00KMEyK4Gqdj2Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49717	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:09:42 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 56 71 77 6a 73 58 47 49 55 4f 47 77 6b 69 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 37 30 35 34 32 39 66 33 62 34 31 33 64 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 8VqwjsXGIUOGwki2.1Context: f2705429f3b413dd
2024-12-31 16:09:42 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 16:09:42 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 38 56 71 77 6a 73 58 47 49 55 4f 47 77 6b 69 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 37 30 35 34 32 39 66 33 62 34 31 33 64 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 4a 45 77 36 79 75 66 42 6a 33 6f 4b 63 70 34 52 78 35 41 39 7a 48 61 77 69 71 31 69 64 78 72 4c 63 42 69 73 36 35 39 5a 78 43 4e 35 59 6d 48 7a 4c 56 4a 75 54 63 71 70 71 43 76 4d 46 49 72 4d 35 72 65 43 2f 79 56 6c 6c 78 69 2b 72 52 62 77 63 6f 78 30 66 41 74 34 37 48 66 63 53 41 57 52 30 55 4a 54 68 4d 7a 70 59 6a 6b 42 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 8VqwjsXGIUOGwki2.2Context: f2705429f3b413dd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARJEw6yufBj3oKcp4Rx5A9zHawiq1idxrLcBis659ZxCN5YmHzLVJuTcqpqCvMFIrM5reC/yVllxi+rRbwcox0fAt47HfcSAWR0UJThMzpYjkB
2024-12-31 16:09:42 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 56 71 77 6a 73 58 47 49 55 4f 47 77 6b 69 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 32 37 30 35 34 32 39 66 33 62 34 31 33 64 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 8VqwjsXGIUOGwki2.3Context: f2705429f3b413dd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 16:09:43 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 16:09:43 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 49 59 4f 72 5a 58 58 6f 55 61 39 53 78 6c 72 2f 53 38 70 33 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xIYOrZXXoUa9Sxlr/S8p3g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49856	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:10:06 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 59 61 38 41 63 44 6d 6d 6b 43 6a 67 70 53 42 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 32 35 37 35 32 30 39 38 30 62 34 37 62 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: bYa8AcDmmkCjgpSB.1Context: d8257520980b47b5
2024-12-31 16:10:06 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 16:10:06 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 59 61 38 41 63 44 6d 6d 6b 43 6a 67 70 53 42 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 32 35 37 35 32 30 39 38 30 62 34 37 62 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 4a 45 77 36 79 75 66 42 6a 33 6f 4b 63 70 34 52 78 35 41 39 7a 48 61 77 69 71 31 69 64 78 72 4c 63 42 69 73 36 35 39 5a 78 43 4e 35 59 6d 48 7a 4c 56 4a 75 54 63 71 70 71 43 76 4d 46 49 72 4d 35 72 65 43 2f 79 56 6c 6c 78 69 2b 72 52 62 77 63 6f 78 30 66 41 74 34 37 48 66 63 53 41 57 52 30 55 4a 54 68 4d 7a 70 59 6a 6b 42 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bYa8AcDmmkCjgpSB.2Context: d8257520980b47b5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARJEw6yufBj3oKcp4Rx5A9zHawiq1idxrLcBis659ZxCN5YmHzLVJuTcqpqCvMFIrM5reC/yVllxi+rRbwcox0fAt47HfcSAWR0UJThMzpYjkB
2024-12-31 16:10:06 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 59 61 38 41 63 44 6d 6d 6b 43 6a 67 70 53 42 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 38 32 35 37 35 32 30 39 38 30 62 34 37 62 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: bYa8AcDmmkCjgpSB.3Context: d8257520980b47b5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 16:10:06 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 16:10:06 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 69 55 31 6a 43 49 6e 66 30 57 30 71 77 46 71 58 4c 6a 39 44 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wiU1jCInf0W0qwFqXLj9DA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49997	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:10:30 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 49 44 32 39 71 31 39 55 45 79 6c 79 56 65 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 64 66 65 63 37 64 32 35 62 62 63 64 38 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: GID29q19UEylyVek.1Context: d3dfec7d25bbcd89
2024-12-31 16:10:30 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 16:10:30 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 49 44 32 39 71 31 39 55 45 79 6c 79 56 65 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 64 66 65 63 37 64 32 35 62 62 63 64 38 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 4a 45 77 36 79 75 66 42 6a 33 6f 4b 63 70 34 52 78 35 41 39 7a 48 61 77 69 71 31 69 64 78 72 4c 63 42 69 73 36 35 39 5a 78 43 4e 35 59 6d 48 7a 4c 56 4a 75 54 63 71 70 71 43 76 4d 46 49 72 4d 35 72 65 43 2f 79 56 6c 6c 78 69 2b 72 52 62 77 63 6f 78 30 66 41 74 34 37 48 66 63 53 41 57 52 30 55 4a 54 68 4d 7a 70 59 6a 6b 42 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GID29q19UEylyVek.2Context: d3dfec7d25bbcd89<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARJEw6yufBj3oKcp4Rx5A9zHawiq1idxrLcBis659ZxCN5YmHzLVJuTcqpqCvMFIrM5reC/yVllxi+rRbwcox0fAt47HfcSAWR0UJThMzpYjkB
2024-12-31 16:10:30 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 49 44 32 39 71 31 39 55 45 79 6c 79 56 65 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 33 64 66 65 63 37 64 32 35 62 62 63 64 38 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: GID29q19UEylyVek.3Context: d3dfec7d25bbcd89<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 16:10:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 16:10:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 47 79 49 66 35 32 76 36 45 36 4b 33 73 31 70 70 2f 50 53 43 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XGyIf52v6E6K3s1pp/PSCQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	50003	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:10:59 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 63 43 71 66 55 37 6d 6a 30 61 61 7a 46 63 66 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 64 33 38 65 37 61 66 39 30 65 31 63 63 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: FcCqfU7mj0aazFcf.1Context: b8d38e7af90e1cc5
2024-12-31 16:10:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-31 16:10:59 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 46 63 43 71 66 55 37 6d 6a 30 61 61 7a 46 63 66 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 64 33 38 65 37 61 66 39 30 65 31 63 63 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 4a 45 77 36 79 75 66 42 6a 33 6f 4b 63 70 34 52 78 35 41 39 7a 48 61 77 69 71 31 69 64 78 72 4c 63 42 69 73 36 35 39 5a 78 43 4e 35 59 6d 48 7a 4c 56 4a 75 54 63 71 70 71 43 76 4d 46 49 72 4d 35 72 65 43 2f 79 56 6c 6c 78 69 2b 72 52 62 77 63 6f 78 30 66 41 74 34 37 48 66 63 53 41 57 52 30 55 4a 54 68 4d 7a 70 59 6a 6b 42 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: FcCqfU7mj0aazFcf.2Context: b8d38e7af90e1cc5<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARJEw6yufBj3oKcp4Rx5A9zHawiq1idxrLcBis659ZxCN5YmHzLVJuTcqpqCvMFIrM5reC/yVllxi+rRbwcox0fAt47HfcSAWR0UJThMzpYjkB
2024-12-31 16:10:59 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 46 63 43 71 66 55 37 6d 6a 30 61 61 7a 46 63 66 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 38 64 33 38 65 37 61 66 39 30 65 31 63 63 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: FcCqfU7mj0aazFcf.3Context: b8d38e7af90e1cc5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-31 16:10:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-31 16:10:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 36 78 4f 58 37 51 31 32 45 36 6f 76 58 44 6c 43 6c 5a 34 39 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: C6xOX7Q12E6ovXDlClZ49g.0Payload parsing failed.

Target ID:	1
Start time:	11:09:33
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:09:37
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2256,i,15281777167265718556,12860661982955271464,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	11:09:43
Start date:	31/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2196, Parent PID: 380

General

Windows Analysis Report
http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCK