Edit tour

Windows Analysis Report
https://gldkzr-lpqw.buzz/scriΡt/ut.js?cb%5C=1735764124690

Overview

General Information

Sample URL:	https://gldkzr-lpqw.buzz/scriΡt/ut.js?cb%5C=1735764124690
Analysis ID:	1583289
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,9109360031769375128,13631614003221125968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://gldkzr-lpqw.buzz/favicon.ico

Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690

Joe Sandbox AI: Score: 9 Reasons: The brand 'Salesforce' is a well-known brand with a legitimate domain of 'salesforce.com'., The URL 'gldkzr-lpqw.buzz' does not match the legitimate domain name associated with Salesforce., The domain 'gldkzr-lpqw.buzz' contains random characters and an unusual domain extension '.buzz', which are common indicators of phishing., There is no clear association between the brand 'Salesforce' and the domain 'gldkzr-lpqw.buzz'. DOM: 0.0.pages.csv

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected Typosquatting in URL: https://gldkzr-lpqw.buzz

Source: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690

HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /script/ut.js?cb%5C=1735764124690 HTTP/1.1Host: gldkzr-lpqw.buzzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gldkzr-lpqw.buzzConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: gldkzr-lpqw.buzz
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=97gYLJjQckwbbO0fun9skdyfP4sxmIlVYpnGb5jTZtYKK%2BbEOkHVJ1meAJxTe%2Bj6W9xyfOZQ24gZiCLYj9HG78sdFJ61supfS2Lk%2FCiswJvZz59bYooSfW6NVh7Ib%2BzO9i3%2F HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 453Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 02 Jan 2025 10:06:02 GMTContent-Type: application/xml; charset=UTF-8Content-Length: 111Connection: closex-guploader-uploadid: AFiumC7wKN6bD2I12xbL6ADQdFHC0UOffZv1Cy7gl2f4PqtkqMTJT2WhOPrUgdiO6cs4xq-5gG3jWx8access-control-allow-origin: *expires: Thu, 02 Jan 2025 10:06:02 GMTCache-Control: private, max-age=0alt-svc: h3=":443"; ma=86400CF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97gYLJjQckwbbO0fun9skdyfP4sxmIlVYpnGb5jTZtYKK%2BbEOkHVJ1meAJxTe%2Bj6W9xyfOZQ24gZiCLYj9HG78sdFJ61supfS2Lk%2FCiswJvZz59bYooSfW6NVh7Ib%2BzO9i3%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fb9ef237aa20f75-EWRserver-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1463&rtt_var=564&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1198&delivery_rate=1913499&cwnd=221&unsent_bytes=0&cid=86d0e3054070dfb0&ts=748&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal68.phis.win@16/4@6/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,9109360031769375128,13631614003221125968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,9109360031769375128,13631614003221125968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
https://gldkzr-lpqw.buzz/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
gldkzr-lpqw.buzz	104.21.0.170	true	true	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.184.228	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://gldkzr-lpqw.buzz/favicon.ico	false	Avira URL Cloud: malware	unknown
https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690	true		unknown
https://a.nel.cloudflare.com/report/v4?s=97gYLJjQckwbbO0fun9skdyfP4sxmIlVYpnGb5jTZtYKK%2BbEOkHVJ1meAJxTe%2Bj6W9xyfOZQ24gZiCLYj9HG78sdFJ61supfS2Lk%2FCiswJvZz59bYooSfW6NVh7Ib%2BzO9i3%2F	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.0.170	gldkzr-lpqw.buzz	United States	13335	CLOUDFLARENETUS	true
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583289
Start date and time:	2025-01-02 11:05:00 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://gldkzr-lpqw.buzz/scriΡt/ut.js?cb%5C=1735764124690
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@16/4@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 142.250.186.46, 74.125.133.84, 142.250.185.206, 142.250.184.238, 142.250.181.238, 184.28.90.27, 4.175.87.197, 199.232.210.172, 192.229.221.95, 52.165.164.15, 142.250.184.206, 172.217.18.14, 142.250.185.142, 142.250.184.195, 172.217.16.206, 34.104.35.123, 142.250.185.174, 13.107.246.45
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690

Input	Output
URL: https://gldkzr-lpqw.buzz Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://gldkzr-lpqw.buzz
URL: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Click here to view document", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690 Model: Joe Sandbox AI	{ "brands": [ "Salesforce" ] }

URL: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690 Model: Joe Sandbox AI	```json{ "legit_domain": "salesforce.com", "classification": "wellknown", "reasons": [ "The brand 'Salesforce' is a well-known brand with a legitimate domain of 'salesforce.com'.", "The URL 'gldkzr-lpqw.buzz' does not match the legitimate domain name associated with Salesforce.", "The domain 'gldkzr-lpqw.buzz' contains random characters and an unusual domain extension '.buzz', which are common indicators of phishing.", "There is no clear association between the brand 'Salesforce' and the domain 'gldkzr-lpqw.buzz'." ], "riskscore": 9} Google indexed: False
URL: gldkzr-lpqw.buzz Brands: Salesforce Input Fields: unknown

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	111
Entropy (8bit):	4.62062991365628
Encrypted:	false
SSDEEP:	3:vFWWMNCmXyKgCC6beXqZj+PBMkmKqWWU667wtKPU9KgqLn:TM3i0b9ZjZvKtWRbtmBg6n
MD5:	E7A9350210B4DBA641F6020447C96045
SHA1:	581ACCEF4A8B7FBED97291FE7DD4E113F794EC80
SHA-256:	08142330655DEB1526DCC56795C92EB5C13012F75B599D5AC68DB4027953ED80
SHA-512:	2DCB8AD4EAC1B103DA4F806A49D7A0EFCC64D362865A18EFB257B45059BC1453D053136073009929415200F48F47B03F8E19E52A8AF7CB846AD081E0318586A2
Malicious:	false
Reputation:	low
URL:	https://gldkzr-lpqw.buzz/favicon.ico
Preview:	<?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65493), with no line terminators
Category:	downloaded
Size (bytes):	66473
Entropy (8bit):	5.420845938731438
Encrypted:	false
SSDEEP:	768:iQE05Mxp9f1Y1rHzeYXLQ0NfxnEszWKVXHAtKfx3xU3AHrW:iQt5Q9fe1bjXLQ073XAgUwH6
MD5:	4AFA2AC99F97331DC98263D49022A958
SHA1:	60BB7C7C45FF14E8DF86EF9E0B9A7A55A7D2BACA
SHA-256:	A4BEAEC54247A9A3CB97821ECDB68D39CACDCDCC62AE872C13C2CCA2D3D88E32
SHA-512:	709EA176F56B28264E1F66CD8B85226DDD4E3F1DDD654F44CA605DB34F21925E5A2D3ECB30155C3A31B5352E6CF8AC07D06CF7682A2B75A2F052B6F3116DB913
Malicious:	false
Reputation:	low
URL:	https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690
Preview:	!function(){var t={145:function(t,e,r){r(6104)},7412:function(t,e,r){t.exports=r(6201)},4071:function(t,e,r){r(2066)},4369:function(t,e,r){t.exports=r(2590)},8001:function(t,e,r){r(9640)},1879:function(t,e,r){t.exports=r(7010)},576:function(t,e,r){t.exports=r(7975)},6013:function(t,e,r){t.exports=r(8512)},7513:function(t,e,r){t.exports=r(4978)},7286:function(t,e,r){r(1478)},353:function(t,e,r){"use strict";r(3131),r(9819);var n=r(8088);t.exports=n.Array.from},2965:function(t,e,r){"use strict";r(4089),r(3070);var n=r(917);t.exports=n("Array","entries")},7083:function(t,e,r){"use strict";r(4509);var n=r(917);t.exports=n("Array","indexOf")},3027:function(t,e,r){"use strict";r(8429);var n=r(917);t.exports=n("Array","map")},1940:function(t,e,r){"use strict";r(6056);var n=r(8088);t.exports=n.Date.now},7265:function(t,e,r){"use strict";var n=r(5354),i=r(7083),o=Array.prototype;t.exports=function(t){var e=t.indexOf;return t===o\|\|n(o,t)&&e===o.indexOf?i:e}},8705:function(t,e,r){"use strict";var

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 2, 2025 11:05:45.017875910 CET	49675	443	192.168.2.4	173.222.162.32
Jan 2, 2025 11:05:54.674742937 CET	49675	443	192.168.2.4	173.222.162.32
Jan 2, 2025 11:05:58.796310902 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:58.796340942 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:58.796417952 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:58.797415018 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:58.797432899 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:59.432631969 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:59.433188915 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:59.433209896 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:59.434161901 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:59.434212923 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:59.435694933 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:59.435755968 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:59.486135960 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:05:59.486145020 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:05:59.533014059 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:00.699430943 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:00.699466944 CET	443	49739	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:00.699543953 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:00.700968981 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:00.700983047 CET	443	49739	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:00.741895914 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:00.741930008 CET	443	49740	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:00.741987944 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:00.742957115 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:00.742969036 CET	443	49740	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.331300974 CET	443	49740	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.331536055 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.331554890 CET	443	49740	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.332443953 CET	443	49740	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.332495928 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.333822966 CET	443	49739	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.333990097 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.333998919 CET	443	49739	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.334918022 CET	443	49739	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.334974051 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.677999973 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678000927 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678117037 CET	443	49740	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.678124905 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678231001 CET	49740	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678478956 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678514957 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.678597927 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678972960 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.678983927 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.681386948 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.681408882 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.681442976 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.681489944 CET	443	49739	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.681602001 CET	49739	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.681824923 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.681862116 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:01.681938887 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.682172060 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:01.682185888 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.136121035 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.137495995 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.153279066 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.153290987 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.153486967 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.153503895 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.154486895 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.154500008 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.154568911 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.154650927 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.160357952 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.160451889 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.160995960 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.161003113 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.161384106 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.161447048 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.206743002 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.206751108 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.206764936 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.251708031 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.266253948 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.266314030 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.266341925 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.266356945 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.266364098 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.266391039 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.266407967 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.266412973 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.266452074 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.266457081 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.267059088 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.267095089 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.267102003 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.267107964 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.267149925 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.270997047 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.321161032 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.321185112 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353039980 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353069067 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353095055 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353121996 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353146076 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353168964 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.353189945 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353213072 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.353353977 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353380919 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353415966 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353419065 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.353425980 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353480101 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353485107 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.353490114 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.353534937 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.354358912 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.354403973 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.354408979 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.354463100 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.354489088 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.354516029 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.354532003 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.354537010 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.354562998 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.355417013 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.355441093 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.355465889 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.355483055 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.355487108 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.355506897 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.400358915 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.403247118 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.403253078 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440002918 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440020084 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440037012 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440058947 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440085888 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440114975 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440120935 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440145969 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440150023 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440151930 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440150023 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440150023 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440174103 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440175056 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440186977 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440202951 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440217972 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440234900 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440248013 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.440278053 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.440299034 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.442187071 CET	49742	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.442195892 CET	443	49742	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.737749100 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.783327103 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.879657030 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.879825115 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.883232117 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.910259962 CET	49743	443	192.168.2.4	104.21.0.170
Jan 2, 2025 11:06:02.910278082 CET	443	49743	104.21.0.170	192.168.2.4
Jan 2, 2025 11:06:02.915258884 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:02.915364981 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:02.915436029 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:02.915668964 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:02.915703058 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.382989883 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.383408070 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.383466005 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.384363890 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.384454966 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.385555983 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.385627031 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.386020899 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.386039972 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.438863039 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.511281013 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.511348963 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.511406898 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.511790991 CET	49744	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.511822939 CET	443	49744	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.512537956 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.512583017 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.512789965 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.513087034 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.513117075 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.972687006 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.973365068 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.973392963 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.973766088 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.974406004 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:03.974473000 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:03.974715948 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:04.019351959 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:04.100791931 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:04.100868940 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:04.101082087 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:04.114424944 CET	49746	443	192.168.2.4	35.190.80.1
Jan 2, 2025 11:06:04.114454031 CET	443	49746	35.190.80.1	192.168.2.4
Jan 2, 2025 11:06:09.348752975 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:09.348829031 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:09.348867893 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:11.123652935 CET	49737	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:11.123699903 CET	443	49737	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:58.846451044 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:58.846482038 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:58.846544027 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:58.846752882 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:58.846765041 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:59.477401018 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:59.477730989 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:59.477741957 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:59.478018045 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:59.478312969 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:06:59.478368044 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:06:59.565282106 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:07:09.389542103 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:07:09.389600039 CET	443	49775	142.250.184.228	192.168.2.4
Jan 2, 2025 11:07:09.389671087 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:07:13.709525108 CET	49775	443	192.168.2.4	142.250.184.228
Jan 2, 2025 11:07:13.709552050 CET	443	49775	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 2, 2025 11:05:54.531764030 CET	53	52590	1.1.1.1	192.168.2.4
Jan 2, 2025 11:05:54.811770916 CET	53	50529	1.1.1.1	192.168.2.4
Jan 2, 2025 11:05:55.806082010 CET	53	62227	1.1.1.1	192.168.2.4
Jan 2, 2025 11:05:58.786751032 CET	62548	53	192.168.2.4	1.1.1.1
Jan 2, 2025 11:05:58.786926985 CET	60765	53	192.168.2.4	1.1.1.1
Jan 2, 2025 11:05:58.793586969 CET	53	60765	1.1.1.1	192.168.2.4
Jan 2, 2025 11:05:58.794478893 CET	53	62548	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:00.569936991 CET	60145	53	192.168.2.4	1.1.1.1
Jan 2, 2025 11:06:00.570151091 CET	65163	53	192.168.2.4	1.1.1.1
Jan 2, 2025 11:06:00.576903105 CET	53	60145	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:00.577182055 CET	53	65163	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:02.907860994 CET	64600	53	192.168.2.4	1.1.1.1
Jan 2, 2025 11:06:02.908267975 CET	63460	53	192.168.2.4	1.1.1.1
Jan 2, 2025 11:06:02.914669991 CET	53	64600	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:02.914803028 CET	53	63460	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:12.895988941 CET	53	61908	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:19.116940975 CET	138	138	192.168.2.4	192.168.2.255
Jan 2, 2025 11:06:46.752665997 CET	53	62879	1.1.1.1	192.168.2.4
Jan 2, 2025 11:06:58.570874929 CET	53	55069	1.1.1.1	192.168.2.4
Jan 2, 2025 11:07:14.340348005 CET	53	52449	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 2, 2025 11:07:08.097743034 CET	192.168.2.4	1.1.1.1	c28d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 2, 2025 11:05:58.786751032 CET	192.168.2.4	1.1.1.1	0x77fa	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:05:58.786926985 CET	192.168.2.4	1.1.1.1	0x6c5f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 2, 2025 11:06:00.569936991 CET	192.168.2.4	1.1.1.1	0xe06a	Standard query (0)	gldkzr-lpqw.buzz	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:00.570151091 CET	192.168.2.4	1.1.1.1	0x3819	Standard query (0)	gldkzr-lpqw.buzz	65	IN (0x0001)	false
Jan 2, 2025 11:06:02.907860994 CET	192.168.2.4	1.1.1.1	0x1fc1	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:02.908267975 CET	192.168.2.4	1.1.1.1	0xb405	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 2, 2025 11:05:58.793586969 CET	1.1.1.1	192.168.2.4	0x6c5f	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 2, 2025 11:05:58.794478893 CET	1.1.1.1	192.168.2.4	0x77fa	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:00.576903105 CET	1.1.1.1	192.168.2.4	0xe06a	No error (0)	gldkzr-lpqw.buzz		104.21.0.170	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:00.576903105 CET	1.1.1.1	192.168.2.4	0xe06a	No error (0)	gldkzr-lpqw.buzz		172.67.128.34	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:00.577182055 CET	1.1.1.1	192.168.2.4	0x3819	No error (0)	gldkzr-lpqw.buzz			65	IN (0x0001)	false
Jan 2, 2025 11:06:02.914669991 CET	1.1.1.1	192.168.2.4	0x1fc1	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:08.489974022 CET	1.1.1.1	192.168.2.4	0xbde7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:08.489974022 CET	1.1.1.1	192.168.2.4	0xbde7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:10.042031050 CET	1.1.1.1	192.168.2.4	0xbcb7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 11:06:10.042031050 CET	1.1.1.1	192.168.2.4	0xbcb7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:35.350847960 CET	1.1.1.1	192.168.2.4	0x9084	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 11:06:35.350847960 CET	1.1.1.1	192.168.2.4	0x9084	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:06:48.258655071 CET	1.1.1.1	192.168.2.4	0x6dc1	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 11:06:48.258655071 CET	1.1.1.1	192.168.2.4	0x6dc1	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:07:07.266064882 CET	1.1.1.1	192.168.2.4	0x46a7	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 11:07:07.266064882 CET	1.1.1.1	192.168.2.4	0x46a7	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 2, 2025 11:07:08.097683907 CET	1.1.1.1	192.168.2.4	0x46a7	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 2, 2025 11:07:08.097683907 CET	1.1.1.1	192.168.2.4	0x46a7	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

gldkzr-lpqw.buzz

https:

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49742	104.21.0.170	443	3736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 10:06:02 UTC	691	OUT	GET /script/ut.js?cb%5C=1735764124690 HTTP/1.1 Host: gldkzr-lpqw.buzz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 10:06:02 UTC	1260	IN	HTTP/1.1 200 OK Date: Thu, 02 Jan 2025 10:06:02 GMT Content-Type: text/javascript Content-Length: 66473 Connection: close x-goog-generation: 1733127707295818 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 66473 x-goog-hash: crc32c=VBET1w== x-goog-hash: md5=SvoqyZ+XMx3JgmPUkCKpWA== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * x-guploader-uploadid: AFiumC5svBOseapo3c6S0qjW8iJ6LrM5hDVZIzdkCnGSXo5UjdMkOZ4iBx4OwmJ7H7D77xBPVATbC7I access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Thu, 02 Jan 2025 10:32:52 GMT Cache-Control: public, max-age=14400 Age: 271 last-modified: Mon, 02 Dec 2024 08:21:47 GMT etag: "4afa2ac99f97331dc98263d49022a958" alt-svc: h3=":443"; ma=86400 CF-Cache-Status: HIT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7bxRu%2FMRdEm%2FqM4w1jC7arGsUbjxg6uHGmpGVUsTG2jiu1HCbD98FkXOL8ATQltU%2B9VkIXVmLEFHtriMGYlU8iC6XkJyUqanw1%2FJR5vQmmezCKhDKXWKCm%2Bxm9jXvJ2Ek4n2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb9ef1fde1ec33d-EWR
2025-01-02 10:06:02 UTC	216	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 35 33 35 26 6d 69 6e 5f 72 74 74 3d 31 35 30 34 26 72 74 74 5f 76 61 72 3d 35 38 36 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 37 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 34 30 26 72 65 63 76 5f 62 79 74 65 73 3d 31 32 36 39 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 39 34 31 34 38 39 26 63 77 6e 64 3d 31 33 38 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 32 30 30 39 32 61 31 63 64 30 30 33 34 31 31 61 26 74 73 3d 31 33 38 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1535&min_rtt=1504&rtt_var=586&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1269&delivery_rate=1941489&cwnd=138&unsent_bytes=0&cid=20092a1cd003411a&ts=138&x=0"
2025-01-02 10:06:02 UTC	1262	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 7b 31 34 35 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 72 28 36 31 30 34 29 7d 2c 37 34 31 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 74 2e 65 78 70 6f 72 74 73 3d 72 28 36 32 30 31 29 7d 2c 34 30 37 31 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 72 28 32 30 36 36 29 7d 2c 34 33 36 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 74 2e 65 78 70 6f 72 74 73 3d 72 28 32 35 39 30 29 7d 2c 38 30 30 31 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 72 28 39 36 34 30 29 7d 2c 31 38 37 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 74 2e 65 78 70 6f 72 74 73 3d 72 28 37 30 31 30 29 7d 2c 35 37 36 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 74 2e 65 78 70 6f 72 Data Ascii: !function(){var t={145:function(t,e,r){r(6104)},7412:function(t,e,r){t.exports=r(6201)},4071:function(t,e,r){r(2066)},4369:function(t,e,r){t.exports=r(2590)},8001:function(t,e,r){r(9640)},1879:function(t,e,r){t.exports=r(7010)},576:function(t,e,r){t.expor
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 28 6e 2e 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 2c 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 32 34 30 30 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 72 28 33 35 35 39 29 3b 76 61 72 20 6e 3d 72 28 38 30 38 38 29 3b 74 2e 65 78 70 6f 72 74 73 3d 6e 2e 70 61 72 73 65 49 6e 74 7d 2c 36 33 37 37 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 72 28 33 32 30 34 29 2c 69 3d 72 28 39 33 37 34 29 2c 6f 3d 54 79 70 65 45 72 72 6f 72 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 6e 28 74 29 29 72 65 74 75 72 6e 20 74 3b 74 68 72 6f 77 20 6e 65 77 20 6f 28 69 28 74 29 2b 22 20 69 73 20 6e 6f 74 20 61 20 66 75 6e 63 Data Ascii: (n.JSON.stringify,null,arguments)}},2400:function(t,e,r){"use strict";r(3559);var n=r(8088);t.exports=n.parseInt},6377:function(t,e,r){"use strict";var n=r(3204),i=r(9374),o=TypeError;t.exports=function(t){if(n(t))return t;throw new o(i(t)+" is not a func
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 73 29 7b 76 61 72 20 75 3d 6e 28 65 29 2c 61 3d 6f 28 75 29 3b 69 66 28 30 3d 3d 3d 61 29 72 65 74 75 72 6e 21 74 26 26 2d 31 3b 76 61 72 20 63 2c 66 3d 69 28 73 2c 61 29 3b 69 66 28 74 26 26 72 21 3d 72 29 7b 66 6f 72 28 3b 61 3e 66 3b 29 69 66 28 28 63 3d 75 5b 66 2b 2b 5d 29 21 3d 63 29 72 65 74 75 72 6e 21 30 7d 65 6c 73 65 20 66 6f 72 28 3b 61 3e 66 3b 66 2b 2b 29 69 66 28 28 74 7c 7c 66 20 69 6e 20 75 29 26 26 75 5b 66 5d 3d 3d 3d 72 29 72 65 74 75 72 6e 20 74 7c 7c 66 7c 7c 30 3b 72 65 74 75 72 6e 21 74 26 26 2d 31 7d 7d 3b 74 2e 65 78 70 6f 72 74 73 3d 7b 69 6e 63 6c 75 64 65 73 3a 73 28 21 30 29 2c 69 6e 64 65 78 4f 66 3a 73 28 21 31 29 7d 7d 2c 31 30 32 34 3a 66 75 6e 63 74 Data Ascii: (t){return function(e,r,s){var u=n(e),a=o(u);if(0===a)return!t&&-1;var c,f=i(s,a);if(t&&r!=r){for(;a>f;)if((c=u[f++])!=c)return!0}else for(;a>f;f++)if((t\|\|f in u)&&u[f]===r)return t\|\|f\|\|0;return!t&&-1}};t.exports={includes:s(!0),indexOf:s(!1)}},1024:funct
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 72 3d 74 2e 6c 65 6e 67 74 68 3b 69 66 28 72 3c 38 29 66 6f 72 28 76 61 72 20 73 2c 75 2c 61 3d 31 3b 61 3c 72 3b 29 7b 66 6f 72 28 75 3d 61 2c 73 3d 74 5b 61 5d 3b 75 26 26 65 28 74 5b 75 2d 31 5d 2c 73 29 3e 30 3b 29 74 5b 75 5d 3d 74 5b 2d 2d 75 5d 3b 75 21 3d 3d 61 2b 2b 26 26 28 74 5b 75 5d 3d 73 29 7d 65 6c 73 65 20 66 6f 72 28 76 61 72 20 63 3d 69 28 72 2f 32 29 2c 66 3d 6f 28 6e 28 74 2c 30 2c 63 29 2c 65 29 2c 6c 3d 6f 28 6e 28 74 2c 63 29 2c 65 29 2c 68 3d 66 2e 6c 65 6e 67 74 68 2c 70 3d 6c 2e 6c 65 6e 67 74 68 2c 76 3d 30 2c 64 3d 30 3b 76 3c 68 7c 7c 64 3c 70 3b 29 74 5b 76 2b 64 5d 3d 76 3c 68 26 26 64 3c 70 3f 65 28 66 5b 76 5d 2c 6c 5b 64 5d 29 3c 3d 30 3f 66 5b 76 2b 2b 5d 3a 6c 5b 64 2b 2b 5d 3a 76 Data Ascii: ion(t,e){var r=t.length;if(r<8)for(var s,u,a=1;a<r;){for(u=a,s=t[a];u&&e(t[u-1],s)>0;)t[u]=t[--u];u!==a++&&(t[u]=s)}else for(var c=i(r/2),f=o(n(t,0,c),e),l=o(n(t,c),e),h=f.length,p=l.length,v=0,d=0;v<h\|\|d<p;)t[v+d]=v<h&&d<p?e(f[v],l[d])<=0?f[v++]:l[d++]:v
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 29 28 22 74 6f 53 74 72 69 6e 67 54 61 67 22 29 2c 75 3d 4f 62 6a 65 63 74 2c 61 3d 22 41 72 67 75 6d 65 6e 74 73 22 3d 3d 3d 6f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 72 67 75 6d 65 6e 74 73 7d 28 29 29 3b 74 2e 65 78 70 6f 72 74 73 3d 6e 3f 6f 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 72 2c 6e 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 3f 22 55 6e 64 65 66 69 6e 65 64 22 3a 6e 75 6c 6c 3d 3d 3d 74 3f 22 4e 75 6c 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 28 72 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 74 5b 65 5d 7d 63 61 74 63 68 28 74 29 7b 7d 7d 28 65 3d 75 28 74 29 2c 73 29 29 3f 72 3a 61 3f 6f 28 65 29 3a 22 4f 62 6a 65 63 74 22 3d 3d 3d 28 6e 3d 6f 28 Data Ascii: )("toStringTag"),u=Object,a="Arguments"===o(function(){return arguments}());t.exports=n?o:function(t){var e,r,n;return void 0===t?"Undefined":null===t?"Null":"string"==typeof(r=function(t,e){try{return t[e]}catch(t){}}(e=u(t),s))?r:a?o(e):"Object"===(n=o(
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 4e 29 29 7d 29 29 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 75 28 6c 28 74 68 69 73 29 29 29 74 68 72 6f 77 20 6e 65 77 20 73 28 22 49 6e 76 61 6c 69 64 20 74 69 6d 65 20 76 61 6c 75 65 22 29 3b 76 61 72 20 74 3d 74 68 69 73 2c 65 3d 70 28 74 29 2c 72 3d 64 28 74 29 2c 6e 3d 65 3c 30 3f 22 2d 22 3a 65 3e 39 39 39 39 3f 22 2b 22 3a 22 22 3b 72 65 74 75 72 6e 20 6e 2b 6f 28 61 28 65 29 2c 6e 3f 36 3a 34 2c 30 29 2b 22 2d 22 2b 6f 28 6d 28 74 29 2b 31 2c 32 2c 30 29 2b 22 2d 22 2b 6f 28 68 28 74 29 2c 32 2c 30 29 2b 22 54 22 2b 6f 28 76 28 74 29 2c 32 2c 30 29 2b 22 3a 22 2b 6f 28 67 28 74 29 2c 32 2c 30 29 2b 22 3a 22 2b 6f 28 79 28 74 29 2c 32 2c 30 29 2b 22 2e 22 2b 6f 28 72 2c 33 2c 30 29 2b 22 5a 22 7d 3a 66 7d 2c 31 33 32 35 3a 66 75 6e 63 74 69 Data Ascii: N))}))?function(){if(!u(l(this)))throw new s("Invalid time value");var t=this,e=p(t),r=d(t),n=e<0?"-":e>9999?"+":"";return n+o(a(e),n?6:4,0)+"-"+o(m(t)+1,2,0)+"-"+o(h(t),2,0)+"T"+o(v(t),2,0)+":"+o(g(t),2,0)+":"+o(y(t),2,0)+"."+o(r,3,0)+"Z"}:f},1325:functi
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 4d 61 70 3a 30 2c 4e 6f 64 65 4c 69 73 74 3a 31 2c 50 61 69 6e 74 52 65 71 75 65 73 74 4c 69 73 74 3a 30 2c 50 6c 75 67 69 6e 3a 30 2c 50 6c 75 67 69 6e 41 72 72 61 79 3a 30 2c 53 56 47 4c 65 6e 67 74 68 4c 69 73 74 3a 30 2c 53 56 47 4e 75 6d 62 65 72 4c 69 73 74 3a 30 2c 53 56 47 50 61 74 68 53 65 67 4c 69 73 74 3a 30 2c 53 56 47 50 6f 69 6e 74 4c 69 73 74 3a 30 2c 53 56 47 53 74 72 69 6e 67 4c 69 73 74 3a 30 2c 53 56 47 54 72 61 6e 73 66 6f 72 6d 4c 69 73 74 3a 30 2c 53 6f 75 72 63 65 42 75 66 66 65 72 4c 69 73 74 3a 30 2c 53 74 79 6c 65 53 68 65 65 74 4c 69 73 74 3a 30 2c 54 65 78 74 54 72 61 63 6b 43 75 65 4c 69 73 74 3a 30 2c 54 65 78 74 54 72 61 63 6b 4c 69 73 74 3a 30 2c 54 6f 75 63 68 4c 69 73 74 3a 30 7d 7d 2c 34 32 37 34 3a 66 75 6e 63 74 69 6f Data Ascii: Map:0,NodeList:1,PaintRequestList:0,Plugin:0,PluginArray:0,SVGLengthList:0,SVGNumberList:0,SVGPathSegList:0,SVGPointList:0,SVGStringList:0,SVGTransformList:0,SourceBufferList:0,StyleSheetList:0,TextTrackCueList:0,TextTrackList:0,TouchList:0}},4274:functio
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 73 2e 6c 65 6e 67 74 68 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 6e 65 77 20 74 3b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 20 6e 65 77 20 74 28 72 29 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 6e 65 77 20 74 28 72 2c 6e 29 7d 72 65 74 75 72 6e 20 6e 65 77 20 74 28 72 2c 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 69 28 74 2c 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 3b 72 65 74 75 72 6e 20 65 2e 70 72 6f 74 6f 74 79 70 65 3d 74 2e 70 72 6f 74 6f 74 79 70 65 2c 65 7d 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 72 2c 69 2c 76 2c 64 2c 67 2c 6d 2c 79 2c 62 2c 77 2c 78 3d 74 2e 74 61 72 67 65 74 2c 53 3d 74 2e 67 6c 6f 62 61 6c 2c 4f 3d 74 2e 73 74 61 74 2c 4c 3d 74 2e 70 72 6f 74 6f 2c 41 3d 53 3f 6e 3a 4f 3f Data Ascii: s.length){case 0:return new t;case 1:return new t(r);case 2:return new t(r,n)}return new t(r,n,o)}return i(t,this,arguments)};return e.prototype=t.prototype,e};t.exports=function(t,e){var r,i,v,d,g,m,y,b,w,x=t.target,S=t.global,O=t.stat,L=t.proto,A=S?n:O?
2025-01-02 10:06:02 UTC	1369	IN	Data Raw: 78 70 6f 72 74 73 3d 6e 3f 69 2e 62 69 6e 64 28 69 29 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 2e 61 70 70 6c 79 28 69 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 36 35 31 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 72 28 37 38 39 33 29 2c 69 3d 72 28 35 36 37 34 29 2c 6f 3d 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2c 73 3d 6e 26 26 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 2c 75 3d 69 28 6f 2c 22 6e 61 6d 65 22 29 2c 61 3d 75 26 26 22 73 6f 6d 65 74 68 69 6e 67 22 3d 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2e 6e 61 6d 65 2c 63 3d 75 26 26 28 21 6e 7c 7c 6e 26 26 73 28 6f 2c 22 6e 61 6d 65 22 29 2e 63 6f 6e Data Ascii: xports=n?i.bind(i):function(){return i.apply(i,arguments)}},6519:function(t,e,r){"use strict";var n=r(7893),i=r(5674),o=Function.prototype,s=n&&Object.getOwnPropertyDescriptor,u=i(o,"name"),a=u&&"something"===function(){}.name,c=u&&(!n\|\|n&&s(o,"name").con

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49743	104.21.0.170	443	3736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 10:06:02 UTC	620	OUT	GET /favicon.ico HTTP/1.1 Host: gldkzr-lpqw.buzz Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 10:06:02 UTC	1005	IN	HTTP/1.1 403 Forbidden Date: Thu, 02 Jan 2025 10:06:02 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 111 Connection: close x-guploader-uploadid: AFiumC7wKN6bD2I12xbL6ADQdFHC0UOffZv1Cy7gl2f4PqtkqMTJT2WhOPrUgdiO6cs4xq-5gG3jWx8 access-control-allow-origin: * expires: Thu, 02 Jan 2025 10:06:02 GMT Cache-Control: private, max-age=0 alt-svc: h3=":443"; ma=86400 CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97gYLJjQckwbbO0fun9skdyfP4sxmIlVYpnGb5jTZtYKK%2BbEOkHVJ1meAJxTe%2Bj6W9xyfOZQ24gZiCLYj9HG78sdFJ61supfS2Lk%2FCiswJvZz59bYooSfW6NVh7Ib%2BzO9i3%2F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fb9ef237aa20f75-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1463&rtt_var=564&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1198&delivery_rate=1913499&cwnd=221&unsent_bytes=0&cid=86d0e3054070dfb0&ts=748&x=0"
2025-01-02 10:06:02 UTC	111	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 55 54 46 2d 38 27 3f 3e 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 2f 45 72 72 6f 72 3e Data Ascii: <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message></Error>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	35.190.80.1	443	3736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 10:06:03 UTC	539	OUT	OPTIONS /report/v4?s=97gYLJjQckwbbO0fun9skdyfP4sxmIlVYpnGb5jTZtYKK%2BbEOkHVJ1meAJxTe%2Bj6W9xyfOZQ24gZiCLYj9HG78sdFJ61supfS2Lk%2FCiswJvZz59bYooSfW6NVh7Ib%2BzO9i3%2F HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://gldkzr-lpqw.buzz Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 10:06:03 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Thu, 02 Jan 2025 10:06:03 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	35.190.80.1	443	3736	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-02 10:06:03 UTC	480	OUT	POST /report/v4?s=97gYLJjQckwbbO0fun9skdyfP4sxmIlVYpnGb5jTZtYKK%2BbEOkHVJ1meAJxTe%2Bj6W9xyfOZQ24gZiCLYj9HG78sdFJ61supfS2Lk%2FCiswJvZz59bYooSfW6NVh7Ib%2BzO9i3%2F HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 453 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-02 10:06:03 UTC	453	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 36 38 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 67 6c 64 6b 7a 72 2d 6c 70 71 77 2e 62 75 7a 7a 2f 73 63 72 69 70 74 2f 75 74 2e 6a 73 3f 63 62 25 35 43 3d 31 37 33 35 37 36 34 31 32 34 36 39 30 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 30 2e 31 37 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 Data Ascii: [{"age":0,"body":{"elapsed_time":168,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690","sampling_fraction":1.0,"server_ip":"104.21.0.170","status_code":403,"type":"http.error"
2025-01-02 10:06:04 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Thu, 02 Jan 2025 10:06:03 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	05:05:48
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	05:05:52
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,9109360031769375128,13631614003221125968,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	05:05:59
Start date:	02/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://gldkzr-lpqw.buzz/scriΡt/ut.js?cb%5C=1735764124690

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3492, Parent PID: 744

General

Chronological Activities

Analysis Process: chrome.exePID: 3736, Parent PID: 3492

General

Chronological Activities

Analysis Process: chrome.exePID: 6884, Parent PID: 744

General

Chronological Activities

Disassembly

Windows Analysis Report
https://gldkzr-lpqw.buzz/scriΡt/ut.js?cb%5C=1735764124690