Edit tour

Windows Analysis Report
http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10

Overview

General Information

Sample URL:	http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10
Analysis ID:	1586352
Tags:	urlscan
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2028,i,11434675489695704821,6903413596824268969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 489X-Ratelimit-Reset: 1736383453Date: Wed, 08 Jan 2025 23:46:51 GMTContent-Length: 0

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://topmarktingplace.com
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://topmarktingplace.com

Source: http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10	HTTP Parser: No favicon
Source: http://topmarktingplace.com/t/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10	HTTP Parser: No favicon
Source: http://topmarktingplace.com/news?q=This%20link%20is%20locked!	HTTP Parser: No favicon
Source: http://topmarktingplace.com/news?q=This%20link%20is%20locked!	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/	HTTP Parser: No favicon
Source: http://topmarktingplace.com/about	HTTP Parser: No favicon
Source: http://topmarktingplace.com/news	HTTP Parser: No favicon

Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="author".. found

Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found
Source: http://topmarktingplace.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:54073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:54196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:54200 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Source: global traffic	HTTP traffic detected: GET /4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news?q=This%20link%20is%20locked! HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/t/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/news?q=This%20link%20is%20locked!Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://topmarktingplace.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /about HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/about_styles.css HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://topmarktingplace.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/aboutAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: topmarktingplace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://topmarktingplace.com/newsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_52.3.dr, chromecache_53.3.dr	String found in binary or memory: <content:encoded><p>Authorities in Mexico are offering state protection to famed regional Mexican singer Natanael Cano and other artists after <a href="https://www.foxnews.com/category/topic/mexican-cartel-violence" target="_blank" rel="noopener">a drug cartel in northern Mexico</a> publicly threatened them, prosecutors confirmed to The Associated Press on Tuesday.</p><p>Photos of a banner threatening the lives of Cano, a singer of corridos, a musical genre often linked to drug cartel violence, and several other artists in the Sonora region circulated on social media over the weekend.</p><p>The banner appeared to be signed by "Jalisco Matasalas" a group within a faction of the Sinaloa Cartel known as the "Chapitos," which sowed terror in northern Mexico in recent months in a bloody power struggle. The gang accused the singers of "financially helping" a rival gang known as "Salazares."</p><p><a href="https://www.foxnews.com/us/ice-removes-notorious-drug-cartel-leader-from-us" target="_blank" rel="noopener"><strong>ICE REMOVES NOTORIOUS DRUG CARTEL LEADER FROM US</strong></a></p><p>"This is the last time you will receive a warning, just in time for you to cut the crap. Mind your own business," the banner read. "If you don't heed this warning, you will be shot."</p><p>The Sonoran Prosecutor's Office on Tuesday told the AP that the threatening message was found hanging from a school and that they had opened an investigation.</p><p>Allan de la Rosa, a spokesperson for the prosecutors, said authorities offered state protection to the artists to "prevent any aggression related to the direct threat displayed on the banner." He did not elaborate on the nature of the protection.</p><p>Cano's communications team did not immediately respond to a request for comment.</p><p>Corridos, made up of ballads from <a href="https://www.foxnews.com/category/world/world-regions/location-mexico" target="_blank" rel="noopener">northern Mexico</a>, is a musical genre that has long been linked to drug violence, but they also depict the harsh realities many Mexicans face living under narco violence. The genre, along with Mexican regional music, is experiencing a resurgence with younger artists like Cano and Peso Pluma blending classic styles with other genres like trap music.</p><p>Over the past five years, streaming of Mexican music has grown 400% on Spotify and in 2023 Mexican artist Peso Pluma bested Taylor Swift as the most streamed artist on YouTube.</p><p>Such artists have long faced sharp criticisms from authorities and threats from drug gangs.</p><p>In 2023, Peso Pluma equals www.yout
Source: chromecache_52.3.dr, chromecache_53.3.dr	String found in binary or memory: <a href="https://www.youtube.com/watch?v=Dck8eZCpglc" target="_blank" rel="nofollow noopener">90-minute interview</a> with popular podcast host Jordan Peterson.</p><p><a href="https://www.foxnews.com/world/canadas-trudeau-announces-resignation-following-party-pressure-amid-criticisms-trump-budget-handling" target="_blank" rel="noopener"><strong>CANADA equals www.youtube.com (Youtube)
Source: chromecache_52.3.dr, chromecache_53.3.dr	String found in binary or memory: <a href="https://www.youtube.com/watch?v=Dtf1Afdz-jg" target="_blank" rel="nofollow noopener">CTV News</a>, before Christmas.</p><p>The incoming Trump administration will almost assuredly deal with a Poilievre government as the Conservatives are poised to win the next Canadian election, which could come as early as this spring. When the House of Commons resumes sitting on March 24, the opposition parties are likely to defeat the minority Liberal government in a vote of no-confidence, which would trigger a national vote.</p><p>In his Peterson interview, Poilievre acknowledged that Trump equals www.youtube.com (Youtube)
Source: chromecache_52.3.dr, chromecache_53.3.dr	String found in binary or memory: <rss xmlns:media="http://search.yahoo.com/mrss/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"> equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: topmarktingplace.com
Source: global traffic	DNS traffic detected: DNS query: feeds.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: moxie.foxnews.com
Source: global traffic	DNS traffic detected: DNS query: www.foxnews.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54200
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54073
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54196
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 54199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2028,i,11434675489695704821,6903413596824268969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2028,i,11434675489695704821,6903413596824268969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

IP	Domain	Country	ASN	ASN Name	Malicious
185.126.115.108	topmarktingplace.com	Ukraine	41018	OMNILANCEhttpomnilancecomUA	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

IP
192.168.2.8
192.168.2.16
192.168.2.7
192.168.2.6

Name	IP	Active	Malicious	Reputation
topmarktingplace.com	185.126.115.108	true	false	high
www.google.com	142.250.184.228	true	false	high
moxie.foxnews.com	unknown	unknown	false	high
www.foxnews.com	unknown	unknown	false	high
feeds.foxnews.com	unknown	unknown	false	high

Name	Source	Malicious	Reputation
https://www.foxnews.com/politics/trumps-tariff-threats-go-beyond-trade-agreement-advance-american-in	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/wife-us-hostage-keith-siegel-holiday-miracle-we-need-get-them-back&quo	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2025/01/931/523/tibet-earthqu	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/topic/venezuelan-political-crisis"	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/kim-jong-uns-big-guns-spotted-russian-front-lines-report	chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/china"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/venezuelan-dictator-deploys-bizarre-distraction-country-remains-turmoi	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/at-least-6-workers-killed-more-trapped-in-india-mine-collapse"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/elephant-rips-handler-half-thailand-working-extreme-heat-report"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/us/iranian-men-charged-connection-fatal-drone-strike-killed-three-us-soldier	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/tech/china-rolls-out-its-crime-fighting-ball-chase-down-criminals"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/us/utah-brothers-survive-avalanche-after-one-pulls-other-out-snow-burial&quo	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/us/st-louis-zoo-elephant-dies-lost-dog-agitates-herd"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/health/cdc-monitoring-possible-spike-hmpv-cases-china"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/biden-administration-imposes-sanctions-against-venezuelan-president	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/world-economic-forum-kick-davos-switzerland-global-elites-likely-face-	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.jpost.com/breaking-news/article-836258"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/elon-musk-demands-uk-act-grooming-gang-scandal-amid-growing-calls-prob	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/uk-pm-starmer-hits-back-against-musk-attacks-child-grooming-gangs&quot	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/venezuelan-opposition-leader-who-claimed-victory-over-maduro-meets-bid	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/venezuelas-maduro-start-third-term-office-amid-rigged-election-blatant	chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/location-mexico"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/canadian-ministers-head-florida-talks-incoming-trump-administration	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.voanews.com/a/us-says-forces-struck-houthi-weapons-stores-in-yemen-/7929429.html"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/person/joe-biden"	chromecache_53.3.dr	false	high
https://www.reuters.com/world/middle-east/iran-dramatically-increasing-enrichment-near-bomb-grade-ia	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://global.fncstatic.com/static/orion/styles/img/fox-news/logos/fox-news-desktop.png	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxbusiness.com/fox-news-world/trudeau-brink-ally-finance-minister-abruptly-quits-over-t	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/canadian-finance-minister-resigns-trudeau-governments-popularity-floun	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.understandingwar.org/backgrounder/russian-offensive-campaign-assessment-january-6-2025&q	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/israelis-look-trump-amid-debate-gazas-future-going-enable-things-were-	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/earthquake-50-miles-from-mount-everest-leaves-least-95-dead-tibet	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/israel-launches-strikes-yemen-houthi-military-targets-idf-says"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/person/benjamin-netanyahu"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2025/01/931/523/west-bank-att	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/trump-weighs-political-turmoil-great-state-canada-trolls-governor-j	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/trudeau-isnt-snowballs-chance-hell-canada-become-part-us	chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/trump-trudeau	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/iran-hides-missile-drone-program-under-guise-commercial-front-evade-sa	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/georgian-pm-praises-countrys-protest-crackdown-despite-us-condemnation	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/trump-plans-reverse-bidens-ban-oil-gas-drilling-us-coast"	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/manchester-asian-grooming-scandal"	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/mexico-offers-protection-famed-singer-after-drug-cartel-death-threats	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/qatar-returns-hamas-israel-negotiations-trump-envoy-looks-make-inroads	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/09/931/523/AP24241789084	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.reuters.com/world/americas/special-election-loss-adds-misery-cahttps://www.reuters.com/w	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/media/justin-trudeaus-resignation-met-gleeful-reaction-from-conservatives-on	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/trump-says-us-subsidies-canada-make-no-sense-suggests-canadians-wan	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/congo-execute-170-people-convicted-armed-robbery-official-says	chromecache_53.3.dr	false	high
https://www.bbc.com/news/articles/c86wz0vd1dwo"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/3-americans-congo-sentenced-death-after-coup-attempt"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/3-killed-west-bank-shooting-spree-including-israeli-police-officer-rep	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/two-americans-arrested-venezuela-eve-maduro-inauguration-over-terroris	chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/trump-meets-italian-pm-giorgia-meloni-his-mar-a-lago-resort"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2024/12/931/523/trudeau-trump	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2025/01/931/523/mexico-natana	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://pubsubhubbub.appspot.com/	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/canada"	chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/uk-politics"	chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/italy"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/irans-nuclear-program-nearing-the-point-no-return-frances-macron-says&	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.timesofisrael.com/3-israelis-killed-8-wounded-in-west-bank-terror-shooting-idf-hunting-f	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://globalnews.ca/video/10279746/trudeau-says-poilievre-wants-to-make-canada-great-again-in-comp	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/13-young-miners-feared-dead-in-indias-remote-northeast"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/israeli-pm-office-denies-reports-hamas-has-list-hostages-release-event	chromecache_53.3.dr	false	high
https://www.foxnews.com/video/6366455260112"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/us-swaps-maduro-ally-venezuela-10-americans-including-fat-leonard&q	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/jake-sullivan-says-netanyahu-ready-do-deal-hamas-said-concede-israel-c	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/topic/mexican-cartel-violence"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
http://search.yahoo.com/mrss/	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/trump-suggests-canada-become-51st-state-after-trudeau-said-tariff-w	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/israel"	chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/who-giorgia-meloni-trump-hosts-italian-pm-mar-a-lago"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/us-sanctions-21-more-maduro-allies-accused-post-election-repression-ve	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/bipartisan-lawmakers-introduce-georgian-nightmare-non-recognition-act-	chromecache_53.3.dr	false	high
https://www.youtube.com/watch?v=Dck8eZCpglc"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/middle-east"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/politics/trump-trolling-canada-51st-state-could-boost-democrats-blue-state-b	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/video/6366709135112"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/world-regions/africa"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/iran-executes-over-1000-prisoners-2024-highest-total-30-years-report-s	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/us-strikes-underground-houthi-weapons-depots-used-hit-american-ships	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/uk-lawmakers-vote-against-inquiry-rape-gang-scandal-musk-keeps-up-pres	chromecache_53.3.dr	false	high
https://www.foxnews.com/category/world/mount-everest"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/travel/general/camping-hiking"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2025/01/931/523/afghanarrival	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/controversial-founder-french-far-right-jean-marie-le-pen-dies-aged-96	chromecache_53.3.dr	false	high
https://www.foxnews.com/world/ukraine-how-war-shifted-2024"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2025/01/931/523/472087173_116	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://x.com/Archer83Able/status/1857075934274171021">to	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/us/2-dead-after-search-sasquatch-washington-national-forest"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://a57.foxnews.com/static.foxnews.com/foxnews.com/content/uploads/2023/07/931/523/drc_flag.jpg?	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/category/politics/foreign-policy/human-rights"	chromecache_52.3.dr, chromecache_53.3.dr	false	high
https://www.foxnews.com/world/indias-capital-introduces-stricter-anti-pollution-measures-toxic-smog-	chromecache_52.3.dr, chromecache_53.3.dr	false	high

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1586352
Start date and time:	2025-01-09 00:45:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@16/21@16/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Input	Output
URL: http://topmarktingplace.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": false }
URL: http://topmarktingplace.com
URL: http://topmarktingplace.com/4vfVEJ42616owhy1324yhm... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including redirecting the user to a modified URL and checking for bot/crawler user agents. While the intent is not entirely clear, the combination of URL manipulation and conditional redirection warrants further investigation." }
let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");
URL: http://topmarktingplace.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be a simple countdown timer and email subscription functionality, which are common and benign web development practices. There are no indicators of high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code is straightforward and does not exhibit any suspicious or malicious characteristics." }
const launchDate = new Date('2023-05-01T00:00:00').getTime(); const daysElement = document.getElementById('days'); const hoursElement = document.getElementById('hours'); const minutesElement = document.getElementById('minutes'); const secondsElement = document.getElementById('seconds'); function updateCountdown() { const currentTime = new Date().getTime(); const timeRemaining = launchDate - currentTime; const days = Math.floor(timeRemaining / (1000 * 60 * 60 * 24)); const hours = Math.floor((timeRemaining % (1000 * 60 * 60 * 24)) / (1000 * 60 * 60)); const minutes = Math.floor((timeRemaining % (1000 * 60 * 60)) / (1000 * 60)); const seconds = Math.floor((timeRemaining % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(2, '0'); secondsElement.textContent = seconds.toString().padStart(2, '0'); } function submitForm(event) { event.preventDefault(); const email = document.getElementById('email').value; document.getElementById('subscription-message').textContent = `Thank you for subscribing, ${email}!`; } updateCountdown(); setInterval(updateCountdown, 1000);
URL: http://topmarktingplace.com/news?q=This%20link%20i... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be a simple RSS feed reader that fetches and displays news items from a given RSS feed URL. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is straightforward and does not exhibit any suspicious behavior. It is likely a legitimate implementation of an RSS feed display functionality." }
const fetchRSSFeed = async (url) => { const response = await fetch(url); const text = await response.text(); const parser = new DOMParser(); const xml = parser.parseFromString(text, "application/xml"); return xml; }; const displayNewsItems = (xml) => { const newsItemsContainer = document.getElementById("news-items"); const items = xml.querySelectorAll("item"); items.forEach((item) => { const titleElement = item.querySelector("title"); const guidElement = item.querySelector("guid"); const descriptionElement = item.querySelector("description"); const contentElement = item.querySelector("content\\:encoded"); const title = titleElement ? titleElement.textContent : "Untitled"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentElement.textContent : "No content available."; const newsItem = document.createElement("div"); newsItem.classList.add("news-item"); newsItem.innerHTML = `
URL: http://topmarktingplace.com/news?q=This%20link%20i... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript code appears to be a legitimate RSS feed reader that fetches and displays news items from the Fox News World RSS feed. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code uses standard web APIs like `fetch` and `DOMParser` to retrieve and parse the RSS feed, and it simply displays the news items on the page. This script is likely benign and poses a low risk." }
const fetchRSSFeed = async (url) => { const response = await fetch(url); const text = await response.text(); const parser = new DOMParser(); const xml = parser.parseFromString(text, "application/xml"); return xml; }; const displayNewsItems = (xml) => { const newsItemsContainer = document.getElementById("news-items"); const items = xml.querySelectorAll("item"); items.forEach((item) => { const titleElement = item.querySelector("title"); const guidElement = item.querySelector("guid"); const descriptionElement = item.querySelector("description"); const contentElement = item.querySelector("content\\:encoded"); const title = titleElement ? titleElement.textContent : "Untitled"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? contentElement.textContent : "No content available."; const newsItem = document.createElement("div"); newsItem.classList.add("news-item"); newsItem.innerHTML = ` <h2><a href="${guid}" target="_blank">${title}</a></h2> <p>${description}</p> <div>${content}</div> `; newsItemsContainer.appendChild(newsItem); }); }; (async () => { const foxNewsWorldRSSFeed = "https://feeds.foxnews.com/foxnews/world"; const xml = await fetchRSSFeed(foxNewsWorldRSSFeed); displayNewsItems(xml); document.getElementById("msg").textContent = new URLSearchParams(window.location.search).get("q"); })();
URL: http://topmarktingplace.com/t/4vfVEJ42616owhy1324y... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The script uses a setTimeout function to redirect the user to a news page with a suspicious query parameter after a 1-second delay. This behavior is considered a moderate risk, as it could potentially lead to a redirect to a malicious or suspicious domain. However, without more context about the script's purpose and the target domain, it's difficult to determine the true intent. Further investigation may be necessary." }
setTimeout(function(){ window.location.href = '/news?q=This link is locked!'; console.log('redirecting to /news?q=This link is locked!'); }, 1000);
URL: http://topmarktingplace.com/news?q=This%20link%20is%20locked! Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/news?q=This%20link%20is%20locked! Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://topmarktingplace.com/news?q=This%20link%20is%20locked! Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "UK lawmakers vote against inquiry into 'rape gang scandal' as Musk keeps up pressure", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/news?q=This%20link%20is%20locked! Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": [ "002afo@txgejyf.org" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": [ "002afo@txgejyf.org" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["q1hwnu@axizh.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["q1hwnu@axizh.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["q1hwnu@axizh.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["rmp1wk@msfi.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Our Website is Coming Soon!", "prominent_button_name": "Subscribe", "text_input_field_labels": ["rmp1wk@msfi.org"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/ Model: Joe Sandbox AI	{ "brands": [ "Fox News" ] }
	{ "brands": [ "Fox News" ] }
URL: http://topmarktingplace.com/about Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Click here to learn more about how our email marketing solutions can help your business grow and thrive.", "prominent_button_name": "Back to the main page", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/news Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "UK lawmakers vote against inquiry into 'rape gang scandal' as Musk keeps up pressure", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://topmarktingplace.com/about Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: http://topmarktingplace.com/news Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	182
Entropy (8bit):	4.87578959081985
Encrypted:	false
SSDEEP:	3:gH8IIRRQLGRFfHFwOkADFoCK0SffUCvZECavF/dLbGuQ87e/efUCvZECfvV/VMrt:uIRnXHFmmmJ0SHUCv6HvNJKSK/SUCv69
MD5:	E06B4BE56D710C6D17E246B065A39489
SHA1:	1833DFBD311276EE8B865D98FDA7D497A77917A9
SHA-256:	B3B13B0F84AC00011263AA2764FF4754B18A6BC422A63C45E8D22580FE253B4A
SHA-512:	3BC223937B55BEEBCAC542E12FAD65AA8797059FB42443F718F6084AADFC0E364435F82D26553874F1D2E886066F305F987674BEB4C4EC299838D4DBFFC8CE62
Malicious:	false
Reputation:	low
URL:	http://topmarktingplace.com/t/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10
Preview:	<script>.setTimeout(function(){. window.location.href = '/news?q=This link is locked!'; . console.log('redirecting to /news?q=This link is locked!');.}, 1000);.</script>.<p></p>.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 00:46:38.796672106 CET	49673	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:38.796758890 CET	49674	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:39.124799013 CET	49672	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:44.322529078 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:44.322577000 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:44.322649956 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:44.323602915 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:44.323616982 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.133315086 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.133394003 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.139554024 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.139578104 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.139864922 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.142280102 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.142447948 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.142456055 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.142666101 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.187324047 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.320822001 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.320909023 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:45.320987940 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.323844910 CET	49712	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:45.323860884 CET	443	49712	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:48.180423975 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.180473089 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.180598974 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.180856943 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.180871010 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.403978109 CET	49673	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:48.403980970 CET	49674	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:48.732096910 CET	49672	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:48.821374893 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.821696997 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.821726084 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.822793007 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.822875977 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.827833891 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.827970028 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.872735977 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:48.872747898 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:48.912997961 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:50.137101889 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.137249947 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.142097950 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:50.142113924 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:50.142172098 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.142199039 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.142410040 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.147149086 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:50.397041082 CET	443	49706	173.222.162.64	192.168.2.6
Jan 9, 2025 00:46:50.397418022 CET	49706	443	192.168.2.6	173.222.162.64
Jan 9, 2025 00:46:50.837742090 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:50.885418892 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.915062904 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:50.919940948 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:51.123801947 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:51.171209097 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:52.104707956 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:52.109560013 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:52.358005047 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:52.399923086 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:53.418755054 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:53.423641920 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:53.627875090 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:53.627895117 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:53.627935886 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:53.627943993 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:53.682076931 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:53.719547987 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:46:53.724297047 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:53.724343061 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:53.724451065 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:53.725083113 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:53.725100040 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:53.760384083 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:46:54.530715942 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.530908108 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.573040009 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.573076010 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.573457956 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.617316008 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.619293928 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.619354963 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.619369030 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.619525909 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.667331934 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.792599916 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.792718887 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.792891979 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.796715975 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:54.796730042 CET	443	49769	40.113.103.199	192.168.2.6
Jan 9, 2025 00:46:54.796746969 CET	49769	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:46:57.518640995 CET	53988	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:57.523483038 CET	53	53988	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:57.523654938 CET	53988	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:57.528486967 CET	53	53988	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:58.001954079 CET	53988	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:58.007200956 CET	53	53988	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:58.007251024 CET	53988	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:58.720314026 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:58.720376968 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:46:58.720423937 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:58.980433941 CET	49729	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:46:58.980477095 CET	443	49729	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:10.399343967 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:10.399394035 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:10.399462938 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:10.400099993 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:10.400111914 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.209659100 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.209743023 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.214807987 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.214816093 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.215060949 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.217015028 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.217089891 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.217096090 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.217231035 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.259337902 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.391860008 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.391963005 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.392226934 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.392393112 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:11.392406940 CET	443	54073	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:11.392416954 CET	54073	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:14.028431892 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:14.033632994 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.238542080 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.238554001 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.238565922 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.238596916 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.238617897 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:14.238682985 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:14.258105040 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:14.262942076 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.328219891 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.379590988 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:14.465226889 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.465241909 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:14.465293884 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:26.096894979 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:26.101720095 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:26.305362940 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:26.305382967 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:26.305517912 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:26.322050095 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:26.326975107 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:26.529993057 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:26.577559948 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:30.818449020 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:30.818495989 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:30.818593979 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:30.819194078 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:30.819211006 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.636418104 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.636488914 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.638710976 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.638721943 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.639022112 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.640976906 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.641040087 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.641045094 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.641169071 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.687329054 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.816828012 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.816921949 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:31.816978931 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.817249060 CET	54196	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:31.817270994 CET	443	54196	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:37.972162008 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:37.977086067 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:38.180834055 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:38.180879116 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:38.180891037 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:38.180902958 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:38.181153059 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:48.225322008 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:48.225383997 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:48.225595951 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:48.225747108 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:48.225759029 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:48.854059935 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:48.854415894 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:48.854444027 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:48.854825974 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:48.855184078 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:48.855247021 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:48.904387951 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:49.138088942 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:49.143100977 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:49.346329927 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:49.346379995 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:49.346391916 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:49.346472025 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:49.432882071 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:47:49.474813938 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:55.506067991 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:55.506119013 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:55.506216049 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:55.506843090 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:55.506854057 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.308407068 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.308768988 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.310933113 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.310945034 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.311199903 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.313440084 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.313503027 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.313510895 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.313651085 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.359325886 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.487159014 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.487335920 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:56.487482071 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.487771988 CET	54200	443	192.168.2.6	40.113.103.199
Jan 9, 2025 00:47:56.487783909 CET	443	54200	40.113.103.199	192.168.2.6
Jan 9, 2025 00:47:58.787667036 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:58.787734985 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:47:58.787810087 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:47:59.341617107 CET	49742	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:47:59.346529007 CET	80	49742	185.126.115.108	192.168.2.6
Jan 9, 2025 00:48:00.500438929 CET	54199	443	192.168.2.6	142.250.184.228
Jan 9, 2025 00:48:00.500478029 CET	443	54199	142.250.184.228	192.168.2.6
Jan 9, 2025 00:48:01.355576992 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:48:01.361534119 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:48:01.565315962 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:48:01.565474033 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:48:01.565484047 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:48:01.565643072 CET	49741	80	192.168.2.6	185.126.115.108
Jan 9, 2025 00:48:01.651875973 CET	80	49741	185.126.115.108	192.168.2.6
Jan 9, 2025 00:48:01.694509983 CET	49741	80	192.168.2.6	185.126.115.108

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 00:46:44.002157927 CET	53	60816	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:44.012315035 CET	53	52933	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:45.057655096 CET	53	62354	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:48.172039032 CET	54068	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:48.172343969 CET	59991	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:48.178908110 CET	53	59991	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:48.179480076 CET	53	54068	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:50.122953892 CET	51653	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:50.123387098 CET	50123	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:50.131530046 CET	53	51653	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:50.135665894 CET	53	50123	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:53.827104092 CET	57924	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:53.827297926 CET	59047	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:53.849829912 CET	53	59047	1.1.1.1	192.168.2.6
Jan 9, 2025 00:46:54.628757000 CET	63698	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:54.629185915 CET	58320	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:56.039458036 CET	64290	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:56.039606094 CET	55221	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:56.072393894 CET	51258	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:56.073051929 CET	52890	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:46:57.518095970 CET	53	63383	1.1.1.1	192.168.2.6
Jan 9, 2025 00:47:02.039350986 CET	53	54264	1.1.1.1	192.168.2.6
Jan 9, 2025 00:47:14.496270895 CET	53	59697	1.1.1.1	192.168.2.6
Jan 9, 2025 00:47:21.814028978 CET	53	61190	1.1.1.1	192.168.2.6
Jan 9, 2025 00:47:43.755953074 CET	53	64705	1.1.1.1	192.168.2.6
Jan 9, 2025 00:47:43.789824009 CET	53	60938	1.1.1.1	192.168.2.6
Jan 9, 2025 00:47:59.582216024 CET	60509	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:47:59.582371950 CET	62809	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:48:01.260298967 CET	53453	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:48:01.260494947 CET	53622	53	192.168.2.6	1.1.1.1
Jan 9, 2025 00:48:01.269562006 CET	53	53453	1.1.1.1	192.168.2.6
Jan 9, 2025 00:48:01.275091887 CET	53	53622	1.1.1.1	192.168.2.6

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 00:46:50.142410040 CET	499	OUT	GET /4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 HTTP/1.1 Host: topmarktingplace.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 00:46:50.837742090 CET	710	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 490 X-Ratelimit-Reset: 1736383453 Date: Wed, 08 Jan 2025 23:46:50 GMT Content-Length: 458 Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED] Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>
Jan 9, 2025 00:46:50.915062904 CET	448	OUT	GET /favicon.ico HTTP/1.1 Host: topmarktingplace.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 00:46:51.123801947 CET	258	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 489 X-Ratelimit-Reset: 1736383453 Date: Wed, 08 Jan 2025 23:46:51 GMT Content-Length: 0
Jan 9, 2025 00:46:52.104707956 CET	604	OUT	GET /t/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 HTTP/1.1 Host: topmarktingplace.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 00:46:52.358005047 CET	434	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 488 X-Ratelimit-Reset: 1736383453 Date: Wed, 08 Jan 2025 23:46:52 GMT Content-Length: 182 Data Raw: 3c 73 63 72 69 70 74 3e 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 6e 65 77 73 3f 71 3d 54 68 69 73 20 6c 69 6e 6b 20 69 73 20 6c 6f 63 6b 65 64 21 27 3b 20 0a 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 6e 65 77 73 3f 71 3d 54 68 69 73 20 6c 69 6e 6b 20 69 73 20 6c 6f 63 6b 65 64 21 27 29 3b 0a 7d 2c 20 31 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a Data Ascii: <script>setTimeout(function(){ window.location.href = '/news?q=This link is locked!'; console.log('redirecting to /news?q=This link is locked!');}, 1000);</script><p></p>
Jan 9, 2025 00:46:53.418755054 CET	573	OUT	GET /news?q=This%20link%20is%20locked! HTTP/1.1 Host: topmarktingplace.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://topmarktingplace.com/t/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 00:46:53.627875090 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 487 X-Ratelimit-Reset: 1736383453 Date: Wed, 08 Jan 2025 23:46:53 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 74 6f 70 6d 61 72 6b 74 69 6e 67 70 6c 61 63 65 2e 63 6f 6d 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - topmarktingplace.com </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
Jan 9, 2025 00:46:53.627895117 CET	1236	IN	Data Raw: 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="container"> <h1>F
Jan 9, 2025 00:46:53.627935886 CET	448	IN	Data Raw: 74 69 74 6c 65 64 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 67 75 69 64 20 3d 20 67 75 69 64 45 6c 65 6d 65 6e 74 20 3f 20 67 75 69 64 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 23 22 3b 0a 20 20 20 Data Ascii: titled"; const guid = guidElement ? guidElement.textContent : "#"; const description = descriptionElement ? descriptionElement.textContent : "No description available."; const content = contentElement ? cont
Jan 9, 2025 00:46:53.719547987 CET	557	IN	Data Raw: 20 20 20 3c 68 32 3e 3c 61 20 68 72 65 66 3d 22 24 7b 67 75 69 64 7d 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 24 7b 74 69 74 6c 65 7d 3c 2f 61 3e 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 24 7b 64 65 73 63 72 69 Data Ascii: <h2><a href="${guid}" target="_blank">${title}</a></h2> <p>${description}</p> <div>${content}</div> `; newsItemsContainer.appendChild(newsItem); }); }; (async () => { con
Jan 9, 2025 00:47:14.028431892 CET	507	OUT	GET / HTTP/1.1 Host: topmarktingplace.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://topmarktingplace.com/news?q=This%20link%20is%20locked! Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 00:47:14.238542080 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 486 X-Ratelimit-Reset: 1736383453 Date: Wed, 08 Jan 2025 23:47:14 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 74 6f 70 6d 61 72 6b 74 69 6e 67 70 6c 61 63 65 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - topmarktingplace.com</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</l
Jan 9, 2025 00:47:14.238554001 CET	224	IN	Data Raw: 61 62 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 Data Ascii: abel> </div> </div> <form id="subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</b
Jan 9, 2025 00:47:14.238565922 CET	1236	IN	Data Raw: 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 6d 65 73 73 61 67 65 22 3e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 2f 66 6f 72 6d 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6e 65 77 73 22 Data Ascii: utton> <p id="subscription-message"></p> </form> <a href="news">Fox News</a> <br> <a href="about">Learn more about our email marketing agency</a> <br> <a href="opt-out">Unsubscribe from our newsletter</a>
Jan 9, 2025 00:47:14.238596916 CET	224	IN	Data Raw: 6e 74 20 3d 20 68 6f 75 72 73 2e 74 6f 53 74 72 69 6e 67 28 29 2e 70 61 64 53 74 61 72 74 28 32 2c 20 27 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 6d 69 6e 75 74 65 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 6d 69 6e 75 Data Ascii: nt = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().padStart(2, '0'); secondsElement.textContent = seconds.toString().padStart(2, '0'); } function submitForm(
Jan 9, 2025 00:47:14.328219891 CET	339	IN	Data Raw: 65 76 65 6e 74 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 65 76 65 6e 74 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 65 6d 61 69 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 Data Ascii: event) { event.preventDefault(); const email = document.getElementById('email').value; document.getElementById('subscription-message').textContent = `Thank you for subscribing, ${email}!`; } u
Jan 9, 2025 00:47:59.341617107 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-08 23:46:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 42 73 58 46 52 49 56 79 45 79 52 6e 73 54 43 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 64 36 39 32 36 39 65 65 38 32 32 63 36 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 2BsXFRIVyEyRnsTC.1Context: 5bd69269ee822c60
2025-01-08 23:46:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-08 23:46:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 42 73 58 46 52 49 56 79 45 79 52 6e 73 54 43 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 64 36 39 32 36 39 65 65 38 32 32 63 36 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2BsXFRIVyEyRnsTC.2Context: 5bd69269ee822c60<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-08 23:46:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 42 73 58 46 52 49 56 79 45 79 52 6e 73 54 43 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 62 64 36 39 32 36 39 65 65 38 32 32 63 36 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2BsXFRIVyEyRnsTC.3Context: 5bd69269ee822c60<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-08 23:46:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-08 23:46:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4f 6c 41 2b 4a 48 64 65 5a 55 43 45 65 62 69 6d 51 36 56 6f 31 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: OlA+JHdeZUCEebimQ6Vo1A.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-08 23:46:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 7a 6e 44 63 67 4d 66 2f 30 53 45 51 67 61 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 66 39 36 31 61 63 38 33 39 37 63 66 64 35 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: nznDcgMf/0SEQgaa.1Context: bf961ac8397cfd5f
2025-01-08 23:46:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-08 23:46:54 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 7a 6e 44 63 67 4d 66 2f 30 53 45 51 67 61 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 66 39 36 31 61 63 38 33 39 37 63 66 64 35 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: nznDcgMf/0SEQgaa.2Context: bf961ac8397cfd5f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-08 23:46:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 7a 6e 44 63 67 4d 66 2f 30 53 45 51 67 61 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 66 39 36 31 61 63 38 33 39 37 63 66 64 35 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: nznDcgMf/0SEQgaa.3Context: bf961ac8397cfd5f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-08 23:46:54 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-08 23:46:54 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 64 30 2f 74 2f 58 4d 41 77 55 71 76 6e 42 71 42 46 36 2b 45 55 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: d0/t/XMAwUqvnBqBF6+EUw.0Payload parsing failed.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10

Timestamp	Bytes transferred	Direction	Data
2025-01-08 23:47:11 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 70 78 68 6b 67 57 53 62 50 6b 43 2b 6a 78 77 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 37 61 36 62 39 31 34 33 30 38 64 36 31 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: pxhkgWSbPkC+jxwE.1Context: 9d7a6b914308d61f
2025-01-08 23:47:11 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-08 23:47:11 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 70 78 68 6b 67 57 53 62 50 6b 43 2b 6a 78 77 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 37 61 36 62 39 31 34 33 30 38 64 36 31 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: pxhkgWSbPkC+jxwE.2Context: 9d7a6b914308d61f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-08 23:47:11 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 70 78 68 6b 67 57 53 62 50 6b 43 2b 6a 78 77 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 64 37 61 36 62 39 31 34 33 30 38 64 36 31 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: pxhkgWSbPkC+jxwE.3Context: 9d7a6b914308d61f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-08 23:47:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-08 23:47:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 4c 47 45 43 54 2b 38 64 6b 57 77 53 6f 6b 75 75 73 6a 6f 49 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bLGECT+8dkWwSokuusjoIg.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-08 23:47:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 52 33 62 33 51 4a 6a 73 45 2b 4d 46 50 62 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 61 33 63 64 61 35 32 39 32 39 65 33 39 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: uR3b3QJjsE+MFPbN.1Context: 68a3cda52929e398
2025-01-08 23:47:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-08 23:47:31 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 52 33 62 33 51 4a 6a 73 45 2b 4d 46 50 62 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 61 33 63 64 61 35 32 39 32 39 65 33 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: uR3b3QJjsE+MFPbN.2Context: 68a3cda52929e398<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-08 23:47:31 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 52 33 62 33 51 4a 6a 73 45 2b 4d 46 50 62 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 38 61 33 63 64 61 35 32 39 32 39 65 33 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: uR3b3QJjsE+MFPbN.3Context: 68a3cda52929e398<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-08 23:47:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-08 23:47:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 65 32 69 45 6c 44 79 73 64 30 47 57 6b 48 2f 62 6e 70 75 71 6c 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: e2iElDysd0GWkH/bnpuqlg.0Payload parsing failed.

Timestamp	Bytes transferred	Direction	Data
2025-01-08 23:47:56 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 31 39 44 31 54 76 67 4a 30 43 7a 6a 52 65 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 34 33 61 63 34 33 64 32 30 36 30 33 63 35 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: n19D1TvgJ0CzjRe3.1Context: 743ac43d20603c58
2025-01-08 23:47:56 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-08 23:47:56 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 31 39 44 31 54 76 67 4a 30 43 7a 6a 52 65 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 34 33 61 63 34 33 64 32 30 36 30 33 63 35 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 32 38 61 71 61 2b 59 31 32 54 4a 69 33 32 7a 50 47 62 55 56 32 2b 6a 58 44 2f 74 51 66 77 53 70 6e 56 63 69 70 77 74 49 49 79 37 46 58 4f 4f 5a 35 78 4a 51 4c 42 57 62 41 75 45 67 79 2b 68 57 68 68 6a 62 76 77 66 54 30 75 2f 79 54 51 78 54 49 38 6d 58 50 70 7a 43 49 6d 70 67 4a 35 47 53 59 47 6b 59 77 6a 63 4b 33 68 48 30 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: n19D1TvgJ0CzjRe3.2Context: 743ac43d20603c58<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAV28aqa+Y12TJi32zPGbUV2+jXD/tQfwSpnVcipwtIIy7FXOOZ5xJQLBWbAuEgy+hWhhjbvwfT0u/yTQxTI8mXPpzCImpgJ5GSYGkYwjcK3hH0
2025-01-08 23:47:56 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 31 39 44 31 54 76 67 4a 30 43 7a 6a 52 65 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 34 33 61 63 34 33 64 32 30 36 30 33 63 35 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: n19D1TvgJ0CzjRe3.3Context: 743ac43d20603c58<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-08 23:47:56 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-08 23:47:56 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 6d 38 55 73 4b 39 75 36 45 75 42 6a 43 53 38 48 74 5a 62 32 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Zm8UsK9u6EuBjCS8HtZb2w.0Payload parsing failed.

Target ID:	1
Start time:	18:46:39
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	18:46:42
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2028,i,11434675489695704821,6903413596824268969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	4
Start time:	18:46:49
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://topmarktingplace.com/4vfVEJ42616owhy1324yhmrkkdpck110EVYGTFUNAFUPGFT22589MFQQ17548D10"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre