Edit tour

Windows Analysis Report
http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5

Overview

General Information

Sample URL:	http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5
Analysis ID:	1586743
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

HTML body contains low number of good links

HTML title does not match URL

None HTTPS page querying sensitive user data (password, username or email)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2156,i,15736909478761391179,14924788642455346770,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 498X-Ratelimit-Reset: 1736435819Date: Thu, 09 Jan 2025 14:16:59 GMTContent-Length: 0

Source: http://zwibbdq.trackbest.click/assets/styles.css	Avira URL Cloud: Label: malware
Source: http://zwibbdq.trackbest.click/t/6/128767/262/1494/873186/403/9/4avg5x4ni5	Avira URL Cloud: Label: malware
Source: http://zwibbdq.trackbest.click/favicon.ico	Avira URL Cloud: Label: malware

Source: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5	HTTP Parser: No favicon
Source: http://zwibbdq.trackbest.click/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5	HTTP Parser: No favicon

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://zwibbdq.trackbest.clicksec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: http://zwibbdq.trackbest.click/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6/128767/262/1494/873186/403/9/4avg5x4ni5 HTTP/1.1Host: zwibbdq.trackbest.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zwibbdq.trackbest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/6/128767/262/1494/873186/403/9/4avg5x4ni5 HTTP/1.1Host: zwibbdq.trackbest.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5 HTTP/1.1Host: zwibbdq.trackbest.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: zwibbdq.trackbest.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://zwibbdq.trackbest.click/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: zwibbdq.trackbest.click
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2156,i,15736909478761391179,14924788642455346770,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2156,i,15736909478761391179,14924788642455346770,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.66.137	true	false	high
www.google.com	142.250.181.228	true	false	high
zwibbdq.trackbest.click	23.228.85.252	true	true	unknown

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.132	unknown	United States	15169	GOOGLEUS	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
23.228.85.252	zwibbdq.trackbest.click	United States	46573	LAYER-HOSTUS	true
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
151.101.194.137	unknown	United States	54113	FASTLYUS	false

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1586743
Start date and time:	2025-01-09 15:15:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@16/17@10/7

Input	Output
URL: http://zwibbdq.trackbest.click Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://zwibbdq.trackbest.click
URL: http://zwibbdq.trackbest.click/6/128767/262/1494/8... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including redirecting the user to a modified URL and checking for bot/crawler user agents. While the intent is not entirely clear, the combination of URL manipulation and conditional redirection warrants further investigation." }
let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");
URL: http://zwibbdq.trackbest.click/opt-out/t/6/128767/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of an unsubscribe functionality. It sets a cookie to track the user's unsubscribed status, and sends a POST request to a server-side endpoint to handle the unsubscription. While it uses some older practices like setting cookies manually and making an AJAX request with jQuery, the overall behavior is consistent with a typical unsubscribe workflow and does not exhibit any high-risk indicators." }
function setCookie(name, value, days) { const date = new Date(); date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000)); const expires = `expires=${date.toUTCString()}`; document.cookie = `${name}=${value};${expires};path=/`; } function submitUnsubscribeForm(event) { event.preventDefault(); const email = document.getElementById('unsubscribe-email').value; // Replace this with the actual unsubscription logic document.getElementById('unsubscribe-message').textContent = `You've successfully unsubscribed, ${email}. We're sorry to see you go.`; setCookie('unsubscribed', 'true', 365); sendUnsubscribeRequest(); } function sendUnsubscribeRequest() { const email = document.getElementById('unsubscribe-email').value; const data = { "content": { "email": email, "reason": "none" } } $.ajax({ url: "/form-request", type: "post", contentType: 'application/json', data: JSON.stringify(data), success: function (response) { console.log(response); document.getElementById('unsubscribe-form').style.display = 'none'; }, error: function (jqXHR, textStatus, errorThrown) { alert(jqXHR.statusText) console.log({"request-error": jqXHR}) } }); }
URL: http://zwibbdq.trackbest.click/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Unsubscribe from Our Newsletter", "prominent_button_name": "Unsubscribe", "text_input_field_labels": ["9zpnjk@dugscl.com"], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://zwibbdq.trackbest.click/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Source	Detection	Scanner	Label
http://zwibbdq.trackbest.click/assets/styles.css	100%	Avira URL Cloud	malware
http://zwibbdq.trackbest.click/t/6/128767/262/1494/873186/403/9/4avg5x4ni5	100%	Avira URL Cloud	malware
http://zwibbdq.trackbest.click/favicon.ico	100%	Avira URL Cloud	malware

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.6.0.min.js	false		high
http://zwibbdq.trackbest.click/assets/styles.css	false	Avira URL Cloud: malware	unknown
http://zwibbdq.trackbest.click/favicon.ico	false	Avira URL Cloud: malware	unknown
http://zwibbdq.trackbest.click/t/6/128767/262/1494/873186/403/9/4avg5x4ni5	false	Avira URL Cloud: malware	unknown
http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5	true		unknown
http://zwibbdq.trackbest.click/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5	false		unknown

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 13:16:54 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9779566244569526
Encrypted:	false
SSDEEP:	48:8ddATk4OHUidAKZdA19ehwiZUklqehQy+3:8wfR/y
MD5:	3ABBBB96646015DB2A9B70597FCB1307
SHA1:	2B536C3E9766F0AE5002C5C155288883CEAF9EFA
SHA-256:	2147B8FBF8C90A79EBEA7A2AD033FF52B233071D0702DD31FAF252CB1737EB79
SHA-512:	E036C1BE04C0ACD9FCE62238A2DAAE3EF5E9C7074B1EE080182AE3016AFC92E8A9A9C44A4D9E87A075CD54EE7CF6127307E3BD9E0523E9A7F288D9BC8E558672
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....}.".b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I)Z.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.r....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.r....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z.r..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.r...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............H.].....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 15:16:56.075556993 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.075623035 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.075715065 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.075994968 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.076020956 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.717885017 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.718209982 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.718239069 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.720066071 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.720134020 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.721828938 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.721925020 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.767956018 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:56.767982006 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:16:56.814798117 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:16:59.141865969 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.142108917 CET	49715	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.147073984 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:16:59.147110939 CET	80	49715	23.228.85.252	192.168.2.5
Jan 9, 2025 15:16:59.147157907 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.147207975 CET	49715	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.153150082 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.158040047 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:16:59.740030050 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:16:59.789206982 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.821288109 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:16:59.835577965 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:16:59.995115042 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:00.049376965 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:00.825759888 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:00.830764055 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:00.991343021 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:00.993767977 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:00.998703003 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.156229019 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.156256914 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.156270981 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.156369925 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:01.183403015 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:01.188471079 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.190649033 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.190694094 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.190772057 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.191046000 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.191061020 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.346923113 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.346941948 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:01.347105026 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:01.674036026 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.674557924 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.674587965 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.675467014 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.675535917 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.679593086 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.679657936 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.679877043 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.679889917 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.728813887 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.780026913 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780086040 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780117035 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780144930 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780158043 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.780177116 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780193090 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780220985 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.780237913 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.780337095 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780854940 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780885935 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780911922 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.780927896 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.780966997 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.784751892 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.796011925 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.796087980 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.796122074 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.836364031 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.872392893 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.872477055 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.872546911 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.872634888 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.872636080 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.872672081 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.872952938 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.872992039 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873044968 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.873054028 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873115063 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873166084 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.873173952 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873228073 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.873563051 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873761892 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873799086 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873815060 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.873821020 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873863935 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873876095 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.873882055 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.873929024 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.874486923 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.874557018 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.874603033 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.874608040 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.874672890 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.874711990 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.874758959 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.874768019 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.874820948 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.875405073 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.927689075 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.927710056 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.931859016 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.931931019 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.931957006 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965015888 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965070009 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965109110 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.965112925 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965135098 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965183973 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.965192080 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965329885 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965374947 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.965384960 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965395927 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.965574980 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.965641022 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.965646982 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967334986 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967350960 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967392921 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967403889 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967427015 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967452049 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967475891 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967490911 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967490911 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967502117 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967528105 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967561960 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967628956 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967636108 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967654943 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:01.967678070 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.967714071 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.968359947 CET	49717	443	192.168.2.5	151.101.66.137
Jan 9, 2025 15:17:01.968377113 CET	443	49717	151.101.66.137	192.168.2.5
Jan 9, 2025 15:17:02.001775980 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.001816034 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.002250910 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.002250910 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.002283096 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.454216003 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.455101967 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.455128908 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.456567049 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.456872940 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.458195925 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.458350897 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.459619999 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.459660053 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.502316952 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.564898968 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.580554008 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.580574989 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.580599070 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.580609083 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.580634117 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.580657959 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.580670118 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.580688000 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.626831055 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.654738903 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.654763937 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.654789925 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.654831886 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.654867887 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.654876947 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.654886961 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.656160116 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.656207085 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.656229019 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.656266928 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.656274080 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.656316042 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.656336069 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.741399050 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.741442919 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.741527081 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.741527081 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.741549969 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.741585970 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.742125034 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.742146969 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.742199898 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.742199898 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.742207050 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.742278099 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.742290974 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.742353916 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.742358923 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.742403030 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:02.742449045 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.890336037 CET	49718	443	192.168.2.5	151.101.194.137
Jan 9, 2025 15:17:02.890361071 CET	443	49718	151.101.194.137	192.168.2.5
Jan 9, 2025 15:17:06.618472099 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:17:06.618568897 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:17:06.618727922 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:17:07.771909952 CET	49711	443	192.168.2.5	142.250.181.228
Jan 9, 2025 15:17:07.771945953 CET	443	49711	142.250.181.228	192.168.2.5
Jan 9, 2025 15:17:44.158540964 CET	49715	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:44.163393974 CET	80	49715	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:46.362231016 CET	49714	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:46.367085934 CET	80	49714	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:56.199265003 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:17:56.199322939 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:17:56.199421883 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:17:56.202445030 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:17:56.202469110 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:17:56.882221937 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:17:56.885072947 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:17:56.885113001 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:17:56.885601997 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:17:56.886018991 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:17:56.886123896 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:17:56.939534903 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:17:59.769480944 CET	49715	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:17:59.775762081 CET	80	49715	23.228.85.252	192.168.2.5
Jan 9, 2025 15:17:59.775847912 CET	49715	80	192.168.2.5	23.228.85.252
Jan 9, 2025 15:18:06.741115093 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:18:06.741271019 CET	443	50041	216.58.212.132	192.168.2.5
Jan 9, 2025 15:18:06.741337061 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:18:07.769830942 CET	50041	443	192.168.2.5	216.58.212.132
Jan 9, 2025 15:18:07.769855022 CET	443	50041	216.58.212.132	192.168.2.5

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 15:16:53.526424885 CET	53	59338	1.1.1.1	192.168.2.5
Jan 9, 2025 15:16:53.555958986 CET	53	54428	1.1.1.1	192.168.2.5
Jan 9, 2025 15:16:54.570753098 CET	53	64281	1.1.1.1	192.168.2.5
Jan 9, 2025 15:16:56.066359997 CET	49825	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:16:56.066360950 CET	60798	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:16:56.072995901 CET	53	49825	1.1.1.1	192.168.2.5
Jan 9, 2025 15:16:56.073666096 CET	53	60798	1.1.1.1	192.168.2.5
Jan 9, 2025 15:16:59.125797033 CET	62406	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:16:59.128922939 CET	58879	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:16:59.136833906 CET	53	62406	1.1.1.1	192.168.2.5
Jan 9, 2025 15:16:59.139837980 CET	53	58879	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:01.181411982 CET	60112	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:17:01.183268070 CET	62732	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:17:01.188697100 CET	53	60112	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:01.190249920 CET	53	62732	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:01.991420031 CET	56514	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:17:01.991633892 CET	50674	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:17:01.998461008 CET	53	56514	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:01.998543024 CET	53	50674	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:02.008162022 CET	53	53069	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:11.591434002 CET	53	52549	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:30.604955912 CET	53	63023	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:53.232099056 CET	53	55884	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:53.575784922 CET	53	57917	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:56.171447992 CET	56501	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:17:56.171539068 CET	52301	53	192.168.2.5	1.1.1.1
Jan 9, 2025 15:17:56.178117990 CET	53	52301	1.1.1.1	192.168.2.5
Jan 9, 2025 15:17:56.178158045 CET	53	56501	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 15:16:59.153150082 CET	479	OUT	GET /6/128767/262/1494/873186/403/9/4avg5x4ni5 HTTP/1.1 Host: zwibbdq.trackbest.click Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 15:16:59.740030050 CET	710	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 499 X-Ratelimit-Reset: 1736435819 Date: Thu, 09 Jan 2025 14:16:59 GMT Content-Length: 458 Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED] Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>
Jan 9, 2025 15:16:59.821288109 CET	431	OUT	GET /favicon.ico HTTP/1.1 Host: zwibbdq.trackbest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 15:16:59.995115042 CET	258	IN	HTTP/1.1 404 Not Found Content-Type: text/plain; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 498 X-Ratelimit-Reset: 1736435819 Date: Thu, 09 Jan 2025 14:16:59 GMT Content-Length: 0
Jan 9, 2025 15:17:00.825759888 CET	564	OUT	GET /t/6/128767/262/1494/873186/403/9/4avg5x4ni5 HTTP/1.1 Host: zwibbdq.trackbest.click Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 15:17:00.991343021 CET	393	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Location: /opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 497 X-Ratelimit-Reset: 1736435819 Date: Thu, 09 Jan 2025 14:17:00 GMT Content-Length: 75 Data Raw: 3c 61 20 68 72 65 66 3d 22 2f 6f 70 74 2d 6f 75 74 2f 74 2f 36 2f 31 32 38 37 36 37 2f 32 36 32 2f 31 34 39 34 2f 38 37 33 31 38 36 2f 34 30 33 2f 39 2f 34 61 76 67 35 78 34 6e 69 35 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5">Found</a>.
Jan 9, 2025 15:17:00.993767977 CET	572	OUT	GET /opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5 HTTP/1.1 Host: zwibbdq.trackbest.click Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 15:17:01.156229019 CET	1236	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Address: gin_throttle_mw_7200000000_8.46.123.189 X-Ratelimit-Limit: 500 X-Ratelimit-Remaining: 496 X-Ratelimit-Reset: 1736435819 Date: Thu, 09 Jan 2025 14:17:01 GMT Transfer-Encoding: chunked Data Raw: 38 30 30 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 55 6e 73 75 62 73 63 72 69 62 65 20 2d [TRUNCATED] Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Unsubscribe - bestschoices.click</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Unsubscribe from Our Newsletter</h1> <p>We're sorry to see you go. Please enter your email address to unsubscribe.</p> <form id="unsubscribe-form" onsubmit="submitUnsubscribeForm(event)"> <input type="email" id="unsubscribe-email" placeholder="Enter your email" value="" required> <button type="submit">Unsubscribe</button> <p id="unsubscribe-message"></p> </form> <a href="/">Back to the main page</a></div><script src="https://code.jquery.com/jquery-
Jan 9, 2025 15:17:01.156256914 CET	1236	IN	Data Raw: 33 2e 36 2e 30 2e 6d 69 6e 2e 6a 73 22 0d 0a 20 20 20 20 20 20 20 20 69 6e 74 65 67 72 69 74 79 3d 22 73 68 61 32 35 36 2d 2f 78 55 6a 2b 33 4f 4a 55 35 79 45 78 6c 71 36 47 53 59 47 53 48 6b 37 74 50 58 69 6b 79 6e 53 37 6f 67 45 76 44 65 6a 2f Data Ascii: 3.6.0.min.js" integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script><script> function setCookie(name, value, days) { const date = new Date(); date.setTime(date.getT
Jan 9, 2025 15:17:01.156270981 CET	502	IN	Data Raw: 70 65 3a 20 27 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 27 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 3a 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 61 74 61 29 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 75 63 63 Data Ascii: pe: 'application/json', data: JSON.stringify(data), success: function (response) { console.log(response); document.getElementById('unsubscribe-form').style.display =
Jan 9, 2025 15:17:01.183403015 CET	401	OUT	GET /assets/styles.css HTTP/1.1 Host: zwibbdq.trackbest.click Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://zwibbdq.trackbest.click/opt-out/t/6/128767/262/1494/873186/403/9/4avg5x4ni5 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 15:17:01.346923113 CET	1236	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 1435 Content-Type: text/css; charset=utf-8 Last-Modified: Mon, 30 Dec 2024 01:03:10 GMT Date: Thu, 09 Jan 2025 14:17:01 GMT Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED] Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
Jan 9, 2025 15:17:01.346941948 CET	384	IN	Data Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
Jan 9, 2025 15:17:46.362231016 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-09 14:17:01 UTC	577	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: http://zwibbdq.trackbest.click sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: http://zwibbdq.trackbest.click/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 14:17:01 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 1916747 Date: Thu, 09 Jan 2025 14:17:01 GMT X-Served-By: cache-lga21931-LGA, cache-ewr-kewr1740023-EWR X-Cache: HIT, HIT X-Cache-Hits: 2774, 0 X-Timer: S1736432222.732034,VS0,VE1 Vary: Accept-Encoding
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 53 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 6d 61 70 28 74 68 69 73 2c 66 Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,f
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 76 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f Data Ascii: on(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74 Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked\|selected\|async\|autofocus\|autoplay\|controls\|defer\|disabled\|hidden\|ismap\|loop\|multiple\|open\|readonly\|required\|scoped",M="[\\x20\\t
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?\|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t\|\|(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10\|55296,1023&n\|56320))},re=/([\0-\x1f\x7f]\|^-?\d)\|^-$\|[^\0-\x1f\
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 79 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 53 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 6e 2c 66 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 63 29 29 2c 6e 7d 63 61 74 63 68 28 Data Ascii: )){(f=ee.test(t)&&ye(e.parentNode)\|\|e)===e&&d.scope\|\|((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e 73 75 70 70 6f 72 74 3d 7b 7d 2c 69 3d 73 65 2e 69 73 58 4d 4c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 6e 61 6d 65 73 70 61 63 65 55 52 49 2c 6e 3d 65 26 26 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c Data Ascii: ion(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 74 26 26 74 2e 76 61 6c 75 65 3d 3d 3d 6e 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 45 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 69 66 28 6f 29 7b 69 66 28 28 Data Ascii: tion(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 3a 63 68 65 63 6b 65 64 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 3a 63 68 65 63 6b 65 64 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 61 23 22 2b 53 2b 22 2b 2a 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5c 5c 5c 66 22 29 2c 76 2e 70 75 73 68 28 22 5b 5c 5c 72 5c 5c 6e 5c 5c 66 5d 22 29 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 68 72 65 66 3d 27 27 20 64 69 73 61 62 6c 65 64 3d 27 Data Ascii: ["+M+"name"+M+"="+M+"(?:''\|\"\")"),e.querySelectorAll(":checked").length\|\|v.push(":checked"),e.querySelectorAll("a#"+S+"+").length\|\|v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="<a href='' disabled='
2025-01-09 14:17:01 UTC	1378	IN	Data Raw: 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 2d 21 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 3b 72 65 74 75 72 6e 20 6e 7c 7c 28 31 26 28 6e 3d 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 3d 3d 28 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 74 29 3f 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 74 29 3a 31 29 7c 7c 21 64 2e 73 6f 72 74 44 65 74 61 63 68 65 64 26 26 74 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 65 29 3d 3d 3d 6e 3f 65 3d 3d 43 7c 7c 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 26 26 79 28 70 2c 65 29 3f 2d 31 3a 74 3d 3d 43 7c 7c 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 3d 3d 70 Data Ascii: e.compareDocumentPosition-!t.compareDocumentPosition;return n\|\|(1&(n=(e.ownerDocument\|\|e)==(t.ownerDocument\|\|t)?e.compareDocumentPosition(t):1)\|\|!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C\|\|e.ownerDocument==p&&y(p,e)?-1:t==C\|\|t.ownerDocument==p

Timestamp	Bytes transferred	Direction	Data
2025-01-09 14:17:02 UTC	358	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 14:17:02 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 09 Jan 2025 14:17:02 GMT Age: 1916748 X-Served-By: cache-lga21931-LGA, cache-ewr-kewr1740037-EWR X-Cache: HIT, HIT X-Cache-Hits: 2774, 1 X-Timer: S1736432223.522486,VS0,VE1 Vary: Accept-Encoding
2025-01-09 14:17:02 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-09 14:17:02 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-01-09 14:17:02 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-01-09 14:17:02 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-01-09 14:17:02 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-01-09 14:17:02 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Target ID:	0
Start time:	09:16:46
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	09:16:49
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2156,i,15736909478761391179,14924788642455346770,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3348, Parent PID: 5744

Windows Analysis Report
http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5

Target ID:	3
Start time:	09:16:57
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://zwibbdq.trackbest.click/6/128767/262/1494/873186/403/9/4avg5x4ni5"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre