Edit tour

Windows Analysis Report
http://m.ccsurj.org/

Overview

General Information

Sample URL:	http://m.ccsurj.org/
Analysis ID:	1589334
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5756 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,7273462861023531778,15793530550184385695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://m.ccsurj.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /wdzmr.php HTTP/1.1Host: vkg.hpdbfezgrqwn.vipConnection: keep-aliveContent-Length: 189sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8;Accept: */*Origin: https://www.ccsurj.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccsurj.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found

Source: chromecache_149.2.dr	String found in binary or memory: http://12aff.best5689.com/92043302/signup/cs/index.html
Source: chromecache_149.2.dr	String found in binary or memory: http://5887ky.com
Source: chromecache_349.2.dr, chromecache_236.2.dr	String found in binary or memory: http://james.padolsey.com)
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: http://kaiyunty583.net
Source: chromecache_268.2.dr, chromecache_194.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_347.2.dr	String found in binary or memory: http://push.zhanzhang.baidu.com/push.js
Source: chromecache_149.2.dr	String found in binary or memory: https://0326018.cc
Source: chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://11073377.app
Source: chromecache_351.2.dr	String found in binary or memory: https://1k4ej4j1lxvjwz.com/
Source: chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://551000l.cc
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://665339c.com
Source: chromecache_149.2.dr	String found in binary or memory: https://665339c.com/wap/downloadApp?promoCode=e9VJBL
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://789400.cc/
Source: chromecache_149.2.dr	String found in binary or memory: https://99505n.cc
Source: chromecache_149.2.dr	String found in binary or memory: https://a43389.cc/
Source: chromecache_149.2.dr	String found in binary or memory: https://aff.kkcg8.com/sign-up/593325
Source: chromecache_220.2.dr	String found in binary or memory: https://analytics.tiktok.com/i18n/pixel/events.js
Source: chromecache_149.2.dr	String found in binary or memory: https://app.geqianf225.top/s/bet365
Source: chromecache_149.2.dr	String found in binary or memory: https://app.geqianf225.top/s/bwyz
Source: chromecache_149.2.dr	String found in binary or memory: https://app.geqianf225.top/s/tyc
Source: chromecache_149.2.dr	String found in binary or memory: https://appiso-ali.ghgdfdf.com/?cGkxMl90NDA3MQ==&c=101105706293#/
Source: chromecache_149.2.dr	String found in binary or memory: https://cdn.livechatinc.com/tracking.js
Source: chromecache_220.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://e977110.com
Source: chromecache_149.2.dr	String found in binary or memory: https://e977110.com/wap/downloadApp?promoCode=pK8XQc
Source: chromecache_290.2.dr, chromecache_197.2.dr, chromecache_225.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_290.2.dr, chromecache_197.2.dr, chromecache_225.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_290.2.dr, chromecache_225.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_149.2.dr	String found in binary or memory: https://guwu.fun/download
Source: chromecache_204.2.dr	String found in binary or memory: https://j21716.com
Source: chromecache_149.2.dr	String found in binary or memory: https://j21716.com/wap/downloadApp?promoCode=XPMJTR
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://k933005.com
Source: chromecache_149.2.dr	String found in binary or memory: https://lucky298.com/vsgl
Source: chromecache_196.2.dr, chromecache_204.2.dr	String found in binary or memory: https://lucky298.com/vsglat
Source: chromecache_204.2.dr	String found in binary or memory: https://m399227.com
Source: chromecache_347.2.dr	String found in binary or memory: https://p.ssl.qhimg.com/t010e288a56a0b005e9.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common
Source: chromecache_166.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/images/errors/ico-605.png
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/curl/curl.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.j
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/main.js
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/urlencode.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/static/css/gb.validation.min.css
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1736150851437
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/bootstrap/bootstrap.min.css
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/common/themes/error.css
Source: chromecache_166.2.dr, chromecache_300.2.dr, chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites/images/touchicon.png
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/common.css?v=1736150851437
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/lang/zh_CN.css?v=1736150851437
Source: chromecache_166.2.dr, chromecache_300.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/Logo/405/1696591118080.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10004/1719343950451.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10006/1719344244164.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10008/1719344412734.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10010/1719344363451.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10047/1719344188380.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10048/1719344459903.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10049/1719344515771.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10050/1719344563012.jpg)
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/all_bg.jpg
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/header_bg.jpg
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/top_bg.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/icon_marquee.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/1_9.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/3_108.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/code_bg.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_0.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_1.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_2.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_3.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_4.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_5.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_6.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_7.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_apple.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_bg.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_1.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_3.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_4.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_5.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_fish_42_5.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hot_game_title.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hotgame_title_bg.jpg
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_1.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_3.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_4.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_5.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/service_inner_bg.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/service_out_bg.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title_bg.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/bootstrap-dialog.min.css
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/common.css
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/images/default-banner.jpg
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/images/favicon/favicon_1761.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/bootstrap-dialog.min.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/float.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/gui-base.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/idangerous.swiper.min.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/layer.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/lazyload.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/moment.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/Comet.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/PopUp.js
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-base.css
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-skin-default.css
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/themes/hb/css/pc.css
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/mobileTopic/images/special_3.jpg
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads1.png
Source: chromecache_220.2.dr	String found in binary or memory: https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads2.png
Source: chromecache_149.2.dr	String found in binary or memory: https://parimatchasia.onelink.me/nec7/949ac8d5?
Source: chromecache_220.2.dr	String found in binary or memory: https://s1.kwai.net/kos/s101/nlav11187/pixel/events.js
Source: chromecache_220.2.dr	String found in binary or memory: https://s1.kwai.net/kos/s101/nlav11187/pixel/events.js?sdkid=
Source: chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_1722c_&affid=2017190&siteid=18017&adid=1722&c=
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2464c_&affid=2017190&siteid=18017&adid=2464&c=
Source: chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2484c_&affid=2017190&siteid=18017&adid=2484&c=
Source: chromecache_149.2.dr	String found in binary or memory: https://wros8.top/vjS2
Source: chromecache_149.2.dr	String found in binary or memory: https://www.4a0kzf.com/Yvj3
Source: chromecache_347.2.dr	String found in binary or memory: https://www.baidu.com/
Source: chromecache_347.2.dr	String found in binary or memory: https://www.baidu.com/baidu
Source: chromecache_347.2.dr	String found in binary or memory: https://www.baidu.com/img/baidu_jgylogo3.gif
Source: chromecache_149.2.dr	String found in binary or memory: https://www.bvty894.com:30122/entry/register?i_code=2270535
Source: chromecache_149.2.dr	String found in binary or memory: https://www.livechat.com/?welcome
Source: chromecache_149.2.dr	String found in binary or memory: https://www.livechat.com/chat-with/15900159/
Source: chromecache_149.2.dr	String found in binary or memory: https://www.ljjapp2.com/?601158
Source: chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	String found in binary or memory: https://www.ray060.com/?601158
Source: chromecache_347.2.dr	String found in binary or memory: https://www.so.com/
Source: chromecache_347.2.dr	String found in binary or memory: https://www.sogou.com/
Source: chromecache_347.2.dr	String found in binary or memory: https://www.sogou.com/web
Source: chromecache_347.2.dr	String found in binary or memory: https://www.sogou.com/web/index/images/logo_440x140.v.4.png
Source: chromecache_149.2.dr	String found in binary or memory: https://www.ss52611.com/vip.html?c=88003698540
Source: chromecache_149.2.dr	String found in binary or memory: https://www.xivev6.com:9056/entry/register37012/?i_code=30114312
Source: chromecache_149.2.dr	String found in binary or memory: https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuc291emhhbnp4Lm
Source: chromecache_149.2.dr	String found in binary or memory: https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuenZiempzYi5jb2
Source: chromecache_149.2.dr	String found in binary or memory: https://xj206.cc/
Source: chromecache_347.2.dr	String found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: classification engine

Classification label: mal56.win@19/335@44/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,7273462861023531778,15793530550184385695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://m.ccsurj.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1976,i,7273462861023531778,15793530550184385695,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://m.ccsurj.org/"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://m.ccsurj.org/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.poshytip/jquery.poshytip.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads2.png	0%	Avira URL Cloud	safe
https://www.ccsurj.org/__local/7/57/19/8893B54885AD47B81497E346099_E950D003_146A63.png	100%	Avira URL Cloud	phishing
https://www.ccsurj.org/sitegray/sitegray.js	100%	Avira URL Cloud	phishing
https://www.4a0kzf.com/Yvj3	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/ClassTool.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/base.css	0%	Avira URL Cloud	safe
https://551000l.cc/message_zh_CN.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/themes/hongbao.css	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/bootstrap/bootstrap.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/images/default-banner.jpg	0%	Avira URL Cloud	safe
https://appiso-ali.ghgdfdf.com/?cGkxMl90NDA3MQ==&c=101105706293#/	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-skin-default.css	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/jquery/plugins/jquery.poshytip/poshytip.css	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_1.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_6.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.j	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/urlencode.js	0%	Avira URL Cloud	safe
https://xj206.cc/	0%	Avira URL Cloud	safe
https://www.ccsurj.org/images/ico_tz.png	100%	Avira URL Cloud	phishing
https://1k4ej4j1lxvjwz.com/popper.min.js	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/sansanqiqi.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/js/float.js	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/main.js	0%	Avira URL Cloud	safe
https://www.ccsurj.org/images/tt_bg.png	100%	Avira URL Cloud	phishing
https://www.ccsurj.org/system/resource/js/calendar/simple.js	100%	Avira URL Cloud	phishing
https://www.ccsurj.org/style/style.css	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/Comet.js	0%	Avira URL Cloud	safe
https://789400.cc/	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/login.css	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/188jinbaobo.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/curl/curl/loader/legacy.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/js/idangerous.swiper.min.js	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/quicklink.umd.js	0%	Avira URL Cloud	safe
http://12aff.best5689.com/92043302/signup/cs/index.html	0%	Avira URL Cloud	safe
https://www.ccsurj.org/images/slider-arrow.png	100%	Avira URL Cloud	phishing
https://www.ccsurj.org/images/logo-xxgcxy.jpg	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_5.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title_bg.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10048/1719344459903.jpg)	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_5.png	0%	Avira URL Cloud	safe
https://vkg.hpdbfezgrqwn.vip/wdzmr.php	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/header_bg.jpg	0%	Avira URL Cloud	safe
https://www.ccsurj.org/@public/js.js	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/fserver	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_2.png	0%	Avira URL Cloud	safe
https://www.ccsurj.org/__local/F/3A/FA/D3291F0B28550FCE05C6FD5AA87_291DC08D_1634EF4.png	100%	Avira URL Cloud	phishing
https://1k4ej4j1lxvjwz.com/css/modalStyles.css	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/kaiyun.png	0%	Avira URL Cloud	safe
https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2484c_&affid=2017190&siteid=18017&adid=2484&c=	0%	Avira URL Cloud	safe
https://www.ss52611.com/vip.html?c=88003698540	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/common.css	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	0%	Avira URL Cloud	safe
https://m399227.com	0%	Avira URL Cloud	safe
http://kaiyunty583.net	0%	Avira URL Cloud	safe
https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-1.jpg	100%	Avira URL Cloud	phishing
http://james.padolsey.com)	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/icon_marquee.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10050/1719344563012.jpg)	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_5.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/components/selectPure.js?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js	0%	Avira URL Cloud	safe
https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuenZiempzYi5jb2	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hot_game_title.png	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/2025shiyunhui.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/js/layer.js	0%	Avira URL Cloud	safe
https://lucky298.com/vsglat	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/base.css	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/2025fajia.png	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/tychongse.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_fish_42_5.png	0%	Avira URL Cloud	safe
https://www.ccsurj.org/js/jquery.js	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/common.css?v=1736150851437	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/home/TopPage.js?v=1736150851437	0%	Avira URL Cloud	safe
https://www.ljjapp2.com/?601158	0%	Avira URL Cloud	safe
https://e977110.com/wap/downloadApp?promoCode=pK8XQc	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10008/1719344412734.jpg)	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/061410/rcenter/common/images/errors/blue-bg.jpg	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_bg.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-layer.css	0%	Avira URL Cloud	safe
https://j21716.com	0%	Avira URL Cloud	safe
https://11073377.app	0%	Avira URL Cloud	safe
https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-5.jpg	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/font-awesome/font-awesome.css	0%	Avira URL Cloud	safe
https://www.ccsurj.org/system/resource/js/vsbscreen.min.js	100%	Avira URL Cloud	phishing
https://a43389.cc/	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-base.css	0%	Avira URL Cloud	safe
https://wros8.top/vjS2	0%	Avira URL Cloud	safe
https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-4.jpg	100%	Avira URL Cloud	phishing
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/style.css	0%	Avira URL Cloud	safe
https://1k4ej4j1lxvjwz.com/imgs/gf.fc8d6758.png	0%	Avira URL Cloud	safe
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_1.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
1k4ej4j1lxvjwz.com	122.10.50.210	true	false	high
551000l.cc	154.193.113.233	true	false	high
l5-global.gslb.ksyuncdn.com	103.198.200.7	true	false	high
www.wshifen.com	103.235.46.96	true	false	high
d3h3opd4qa0dfk.cloudfront.net	13.32.121.43	true	false	unknown
www.ccsurj.org	154.216.143.26	true	false	unknown
www.google.com	142.250.185.100	true	false	high
vkg.hpdbfezgrqwn.vip	122.10.26.202	true	false	high
ucloud-internal.v.ucnaming.com	36.27.222.245	true	false	unknown
www.sogou.com	43.153.236.147	true	false	high
m.ccsurj.org	154.216.143.26	true	false	unknown
p.ssl.qhimg.com	unknown	unknown	false	high
p3yw7u.innittapp.com	unknown	unknown	false	unknown
www.baidu.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.poshytip/jquery.poshytip.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/ClassTool.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/sitegray/sitegray.js	true	Avira URL Cloud: phishing	unknown
https://www.ccsurj.org/__local/7/57/19/8893B54885AD47B81497E346099_E950D003_146A63.png	true	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/base.css	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/bootstrap/bootstrap.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/themes/hongbao.css	false	Avira URL Cloud: safe	unknown
https://551000l.cc/message_zh_CN.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/urlencode.js	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/jquery/plugins/jquery.poshytip/poshytip.css	false	Avira URL Cloud: safe	unknown
https://www.sogou.com/web/index/images/logo_440x140.v.4.png	false		high
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-skin-default.css	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/images/ico_tz.png	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/main.js	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/style/style.css	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/Comet.js	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/sansanqiqi.png	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/images/tt_bg.png	false	Avira URL Cloud: phishing	unknown
https://1k4ej4j1lxvjwz.com/popper.min.js	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/system/resource/js/calendar/simple.js	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/float.js	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/login.css	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/188jinbaobo.png	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/quicklink.umd.js	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/curl/curl/loader/legacy.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/idangerous.swiper.min.js	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/images/slider-arrow.png	false	Avira URL Cloud: phishing	unknown
https://www.ccsurj.org/images/logo-xxgcxy.jpg	false	Avira URL Cloud: phishing	unknown
https://vkg.hpdbfezgrqwn.vip/wdzmr.php	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/@public/js.js	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/css/modalStyles.css	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/__local/F/3A/FA/D3291F0B28550FCE05C6FD5AA87_291DC08D_1634EF4.png	false	Avira URL Cloud: phishing	unknown
https://1k4ej4j1lxvjwz.com/imgs/kaiyun.png	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/themes/style/common.css	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery.validate/jquery.validate.js	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-1.jpg	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/components/selectPure.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/2025shiyunhui.png	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/js/layer.js	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/tychongse.png	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/base.css	false	Avira URL Cloud: safe	unknown
https://1k4ej4j1lxvjwz.com/imgs/2025fajia.png	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/js/jquery.js	false	Avira URL Cloud: phishing	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/common.css?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/home/TopPage.js?v=1736150851437	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/images/errors/blue-bg.jpg	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-layer.css	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/themes/default/font-awesome/font-awesome.css	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-5.jpg	false	Avira URL Cloud: phishing	unknown
https://www.ccsurj.org/system/resource/js/vsbscreen.min.js	false	Avira URL Cloud: phishing	unknown
https://1k4ej4j1lxvjwz.com/imgs/gf.fc8d6758.png	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/msites/themes/default/style.css	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/themes/gui-base.css	false	Avira URL Cloud: safe	unknown
https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-4.jpg	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.4a0kzf.com/Yvj3	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/zh_CN/pubads/images/ads2.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_1.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_6.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://appiso-ali.ghgdfdf.com/?cGkxMl90NDA3MQ==&c=101105706293#/	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/commonPage/images/default-banner.jpg	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://xj206.cc/	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.j	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://789400.cc/	chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_290.2.dr, chromecache_225.2.dr	false		high
https://cdn.livechatinc.com/tracking.js	chromecache_149.2.dr	false		high
http://12aff.best5689.com/92043302/signup/cs/index.html	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://www.so.com/	chromecache_347.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_5.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/services_title_bg.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10048/1719344459903.jpg)	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/icon_game_5.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/header/header_bg.jpg	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/fserver	chromecache_166.2.dr, chromecache_300.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_2.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://www.ss52611.com/vip.html?c=88003698540	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://service.sdqhwtvbtwdf.com/C.ashx?btag=a_18017b_2484c_&affid=2017190&siteid=18017&adid=2484&c=	chromecache_149.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://m399227.com	chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
http://kaiyunty583.net	chromecache_196.2.dr, chromecache_149.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/icon_marquee.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
http://james.padolsey.com)	chromecache_349.2.dr, chromecache_236.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10050/1719344563012.jpg)	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_5.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://wy-ali.meriksenrusso.com/wx/app/proxy-qrcode.html?url=aHR0cHM6Ly9hcHBpc28tdHkuenZiempzYi5jb2	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/hot_game_title.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://lucky298.com/vsglat	chromecache_196.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/game_fish_42_5.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://e977110.com/wap/downloadApp?promoCode=pK8XQc	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/fserver/files/gb/1761/carousel/10008/1719344412734.jpg)	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/download_bg.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown
https://www.ljjapp2.com/?601158	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://j21716.com	chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://11073377.app	chromecache_149.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
https://a43389.cc/	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://wros8.top/vjS2	chromecache_149.2.dr	false	Avira URL Cloud: safe	unknown
https://zz.bdstatic.com/linksubmit/push.js	chromecache_347.2.dr	false		high
https://getbootstrap.com/)	chromecache_290.2.dr, chromecache_197.2.dr, chromecache_225.2.dr	false		high
https://p3yw7u.innittapp.com/ftl/bet365-1761/images/index/collabor_1.png	chromecache_220.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
154.193.113.233	551000l.cc	Seychelles	132839	POWERLINE-AS-APPOWERLINEDATACENTERHK	false
122.10.26.202	vkg.hpdbfezgrqwn.vip	Hong Kong	139817	GIGALINK-AS-APHONGKONGGIGALINKNETWORKLIMITEDHK	false
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
103.235.46.96	www.wshifen.com	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	false
122.10.50.210	1k4ej4j1lxvjwz.com	Hong Kong	134548	DXTL-HKDXTLTseungKwanOServiceHK	false
13.32.121.43	d3h3opd4qa0dfk.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
154.216.143.26	www.ccsurj.org	Seychelles	134705	ITACE-AS-APItaceInternationalLimitedHK	false
36.27.222.245	ucloud-internal.v.ucnaming.com	China	136190	CHINATELECOM-ZHEJIANG-JINHUA-IDCJINHUAZHEJIANGProvince	false
103.198.200.7	l5-global.gslb.ksyuncdn.com	China	55720	GIGABIT-MYGigabitHostingSdnBhdMY	false
43.153.236.147	www.sogou.com	Japan	4249	LILLY-ASUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589334
Start date and time:	2025-01-12 01:15:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://m.ccsurj.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@19/335@44/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.251.168.84, 172.217.16.206, 142.250.185.206, 216.58.206.46, 142.250.74.206, 199.232.214.172, 192.229.221.95, 142.250.184.206, 142.250.185.110, 142.250.181.238, 142.250.185.238, 216.58.206.35, 216.58.206.78, 142.250.185.142, 2.23.242.162, 4.245.163.56, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://m.ccsurj.org/

Input	Output
URL: http://m.ccsurj.org Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://m.ccsurj.org
URL: https://www.ccsurj.org/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script has a few moderate-risk indicators, such as encoding the search query using Base64 and disabling auto-enable on a form field. However, it does not appear to have any high-risk behaviors like dynamic code execution or data exfiltration. The script seems to be focused on handling a simple search functionality, so the overall risk is assessed as medium." }
function _nl_ys_check(){ var keyword = document.getElementById('showkeycode270869').value; if(keyword==null\|\|keyword==""){ alert(""); return false; } if(window.toFF==1) { document.getElementById("lucenenewssearchkey270869").value = Simplized(keyword ); }else { document.getElementById("lucenenewssearchkey270869").value = keyword; } var base64 = new Base64(); document.getElementById("lucenenewssearchkey270869").value = base64.encode(document.getElementById("lucenenewssearchkey270869").value); new VsbFormFunc().disableAutoEnable(document.getElementById("showkeycode270869")); return true; }
URL: https://www.ccsurj.org/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple DOM manipulation operation, which is a common and benign practice. It sets the `innerHTML` property of an element with the ID `c_lunar270866` to the value of the `c_Calendar270866ShowString` variable. This behavior is consistent with typical calendar or date-related functionality and does not exhibit any high-risk indicators." }
document.getElementById("c_lunar270866").innerHTML = c_Calendar270866ShowString;
URL: https://1k4ej4j1lxvjwz.com/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a simple function that delays the loading of a background image for an element with the class 'box[data-v-5371a066]'. This is a common technique used to improve the initial page load performance by deferring the loading of non-critical resources. The code does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The functionality is straightforward and does not raise any major security concerns." }
window.onload = function() { // function loadBackgroundImage() { var boxElement = document.querySelector('.box[data-v-5371a066]'); // 1 setTimeout(function() { boxElement.style.backgroundImage = 'url(../imgs/bg.lanse.jpg)'; // URL }, 1000); // 1000 = 1 } // loadBackgroundImage(); }
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a configuration or setup code for a web application. It sets up various root paths and variables, handles iframe language settings, and defines a common set of parameters for API requests. There are no clear indicators of high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The code seems to be focused on setting up the application's infrastructure and does not exhibit any malicious intent." }
var resRoot = 'https://p3yw7u.innittapp.com/061410/rcenter/msites'; var wsRoot = '/mdcenter/websocket/msite'; var mdRoot = '/mdcenter/msite.comet'; var fltRootPath = 'https://p3yw7u.innittapp.com/ftl/'; var useBase64 = base64List.includes(1761); //iframe try{window.top.language='zh-CN';}catch(ex){window.language='zh-CN';} // try{window.top.timeLanguage='zh-CN';}catch(ex){window.timeLanguage='zh-CN';} // 202172 const commonParameter = { locale: "zh_CN", terminal: "pc", is_native: false, version: "v3055", resolution: "2x", };
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that handles the functionality of a red packet (hongbao) promotion. It makes AJAX requests to retrieve data related to the promotion, such as the activity ID and the red packet theme. The script also handles the display and logic of the red packet feature, including checking the user's login status and remaining draw times. While the script uses some legacy practices like `XDomainRequest`, it does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration. The script's purpose and functionality seem to be aligned with a typical promotional campaign, so the overall risk score is low." }
var activityMessageId = ""; // ID = searchId var redBagTheme = ""; // var readFloat; getFloat(); // function getFloat() { const data = Object.assign({}, commonParameter) $.ajax({ url: "/mobile-api/v5/origin/getFloat.html", type: "POST", dataType: "json", data: data, success: function (res) { if (res.code === "0") { if (res.data.activity) { activityMessageId = res.data.activity.activityId; redBagTheme = res.data.activity.redBagTheme; } sessionStorage["getFloat"] = JSON.stringify(res); if (typeof floatV5Main === "function") floatV5Main(); // } }, error: function (res) { console.log(res); } }).done(function() { readFloat = setInterval(function() { if($('#float-v5').length > 0) { replaceInfo("source-src-float", "src") clearInterval(readFloat) } }, 500) }) } // function canShowLottery() { if (sessionStorage.is_login !== "true") { loginObj.getLoginPopup(); return; } if (!activityMessageId) { $(".hongbao").removeClass('disabled'); $("#tip-msgs").html('!'); $(".hongbao-time-txt").hide(); $(".hongbao-time").hide(); return; } $(".hongbao").addClass('hide_hongbao'); $(".hongbao-msg-tips").hide(); $.ajax({ url: "/activity-api/v5/activityOrigin/countDrawTimes.html", type: "POST", dataType: "JSON", data: Object.assign({}, commonParameter, {activityMessageId: activityMessageId}), success: function (res) { if (res.code === "0") { if (redBagTheme === "redbag02") { $("#hongbao_inner").removeClass(); $("#hongbao_inner").addClass("hongbao_inner02"); $(".redbag02").show(); $("#target01").removeClass("hongbao-time-txt"); $("#target02").removeClass("hongbao-time"); $("#target03").addClass("hongbao-time-txt"); $("#target04").addClass("hongbao-time"); } else { $("#hongbao_inner").removeClass(); $("#hongbao_inner").addClass("hongbao_inner01"); $(".redbag01").show(); $("#target01").addClass("hongbao-time-txt"); $("#target02").addClass("hongbao-time"); $("#target03").removeClass("hongbao-time-txt"); $("#target04").removeClass("hongbao-time"); } $("#hongbao_detail").fadeIn(600); $("#tip-msgs").show(); if (res.data.drawTimes && res.data.drawTimes > 0) { $(".hongbao").removeClass('disabled'); $("#tip-msgs").show(); $("#tip-msgs").html('<span id="ramain-count">' + res.data.drawTimes + '</span>'); $(".hongbao-time-txt").hide(); $(".hongbao-time").hide(); } else if (res.data.drawTimes === 0) { if (res.data.isEnd === "false") { $(".hongbao").addClass('disabled'); $("#tip-msgs").show(); $("#tip-msgs").html('<span id="ramain-count">0</span>'); $("#ramain-count").text(res.data.drawTimes); } else {
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet appears to be a part of a larger application that handles the display of a floating promotional banner or widget. While the code does not contain any obvious high-risk indicators, it exhibits some moderate-risk behaviors that warrant further review. The script dynamically manipulates the DOM, loads external resources, and interacts with session storage, which could potentially lead to security issues if not implemented properly. Additionally, the use of obfuscated or hardcoded URLs and the handling of user data (e.g., language, location) without clear transparency raises some concerns. Overall, the script requires closer inspection to ensure that it is not engaging in any malicious activities and that it is following best practices for web security." }
$(function(){ loadStyleString("#float-v5 .float-v5-item .list-item.top_close_btn", "/commonPage/themes/images/hongbao/icon-close-1.png",true,true); }) function floatV5Main() { $('#float-v5 > div').remove(); // const getFloat = JSON.parse(sessionStorage.getFloat); const _activity = getFloat.data.activity; const _customerFloats = getFloat.data.customerFloats; // -; <>null; <> ; if (!!_activity && !!_activity.id) { const isShow = displayInPage(_activity.displayInPages); // , zh_CNvi_VN let imgMap = { // '' '_hover' '7': '/ftl/commonPage/themes/images/hongbao/vi_VN/hongbao_type1_hover.png', '8': '/ftl/commonPage/themes/images/hongbao/vi_VN/hongbao_type2_hover.png', '9': '/ftl/commonPage/themes/images/hongbao/vi_VN/hongbao_type3_hover.png', }; let listItem = _activity.cttFloatPicItemList.map(function (item, index) { let imgWidth = (item.imgWidth \|\| 0) + 'px'; let imgHeight = (item.imgHeight \|\| 0) + 'px'; let imgUrl = item.normalEffect \|\| ''; let imgUrlHover = _activity.mouseInEffect ? item.mouseInEffect : ''; if (Object.keys(imgMap).includes(_activity.templateType)) { // , , imgWidth = 'auto'; imgHeight = 'auto'; if (['zh_CN', 'vi_VN'].includes(_activity.language)) { // , // imgUrl = imgMap[_activity.templateType].replace('vi_VN', _activity.language).replace('_hover', ''); imgUrlHover = imgMap[_activity.templateType].replace('vi_VN', _activity.language); // :'zh_CN/' if (imgUrl.indexOf('zh_CN/') !== -1) imgUrl = imgUrl.replace('zh_CN/', ''); if (imgUrlHover.indexOf('zh_CN/') !== -1) imgUrlHover = imgUrlHover.replace('zh_CN/', ''); } } return `<div class="list-item ${item.imgLinkType}" style="width: ${imgWidth}; height: ${imgHeight}"> <a href="javascript:${item.imgLinkType === 'close_btn' ? '' : 'canShowLottery()'}"> <img source-src-float="${cdnUrl + imgUrl}" alt="" class="img_default"> ${_activity.mouseInEffect ? `<img source-src-float="${cdnUrl + imgUrlHover}" alt="" class="img_hover">` : ''} </a> </div>` }) var floatV5Item = $('<div>', { 'data-fp': _activity.id, class: [ 'float-v5-item', 'redPacket', _activity.location, _activity.interactivity, _activity.hideCloseButton ? 'hideCloseButton' : '', _activity.showEffect ? 'show_effect' : '', _activity.mouseInEffect ? 'mouseInEffect' : '', isShow ? '' : 'hide', ].join(' '), 'data-displayinpages': _activity.displayInPages, 'data-templatetype': _activity.templateType \|\| "0", // 0 style: _style(_activity), }).append(listItem); // <> // if (!!_activity.hideCloseButton) floatV5Item.append('<div class="list-item close_btn top_close_btn"></div>'); if (!!_activity.hideCloseButton && Object.keys(imgMap).includes(_activity.templateType)) floatV5Item.append('<div class="list-item close_btn top_close_btn"></div>'); // $('#
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be implementing Facebook Pixel functionality, which is a common analytics and tracking tool used by many websites. While the snippet does dynamically generate and insert a Facebook Pixel script and an associated noscript tag, this behavior is typical for integrating the Facebook Pixel and does not exhibit any high-risk indicators. The script is interacting with a known, reputable domain (facebook.com), and the overall intent seems to be for legitimate analytics and tracking purposes. Therefore, the risk score is assessed as low (3)." }
var fpixelid = sessionStorage.getItem('fpixelid') \|\| false if(fpixelid){ var script = document.createElement('script'); script.innerHTML = `!function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0'; n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t,s)}(window, document,'script', 'https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '${fpixelid}'); fbq('track', 'PageView');`; var noscript = document.createElement('noscript'); var img = document.createElement('img'); img.setAttribute('height', '1'); img.setAttribute('width', '1'); img.setAttribute('style', 'display:none'); img.src = `https://www.facebook.com/tr?id=${fpixelid}&ev=PageView&noscript=1`; var head = document.head \|\| document.getElementsByTagName('head')[0]; head.appendChild(script); head.insertBefore(noscript, script); noscript.appendChild(img); }
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript snippet appears to be a login-related functionality that handles various types of captcha mechanisms, including default captcha, word captcha, and slider captcha. While the code does not exhibit any obvious high-risk behaviors, there are some moderate-risk indicators that warrant further review. The script makes AJAX requests to fetch captcha data, which could potentially lead to data exfiltration if the requests are not properly secured or the response data is not properly validated. Additionally, the script uses dynamic HTML manipulation, which could be a concern if not implemented carefully. Overall, the script requires further review to ensure that it is not being used for any malicious purposes and that it adheres to best practices for web security." }
/** * / var initCaptcha = { defaultCaptcha : '2',// wordCaptcha : '1', // sliderCaptcha : '0', // freshCaptcha : 'freshCaptcha', dalogEnd:'end', captchaDialog: null, dealwithHtml: function () { var html = $("#login-initCaptcha").html(); html = html.replace("demo2", "new-captcha-id"); return html; }, captchaStatus : { init : 'init', fresh : 'fresh', }, /* * PC * @param dialogCloseOrCaptchaChangeCallbackFun * @param checkFinshCallbackFun * @param args / initCaptchaPopup: function (dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args) { var init = true; initCaptcha.getInitParam(initCaptcha.captchaStatus.init, dialogCloseOrCaptchaChangeCallbackFun, null, checkFinshCallbackFun,args); }, /* * PC * @param receiveInitParamFun * @param dialogCloseOrCaptchaChangeCallbackFun * @param reloadCaptchaFun // * @param checkFinshCallbackFun //yong * @param args * @param url //forgetPwd.ftl api */ getInitParam: function (captchaStatus, dialogCloseOrCaptchaChangeCallbackFun, reloadCaptchaFun, checkFinshCallbackFun,args) { var init_data ={}; var url = window.location.pathname.indexOf('forgetPwd.html') > -1 ? "/site/captcha/init.html?type=forgetPassword" : importAccount ? "/site/captcha/init.html?type=importPlayer" : "/site/captcha/init.html" if(typeof(args) == "object"){ init_data["type"]=args["op"]; } $.ajax({ url: url, data: init_data, dataType: 'json', async: false, success: function (data) { // if (typeof (reloadCaptchaFun) == "function") { reloadCaptchaFun(data,dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args); } // if (typeof (captchaStatus) != "undefined" && captchaStatus == initCaptcha.captchaStatus.init) { initCaptcha.receiveInitParamFun(data, dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args); } }, error: function (error) { //TODO console.log(error); // var data = {}; data['captchaType']=initCaptcha.defaultCaptcha; data['op']=initCaptcha.dalogEnd; dialogCloseOrCaptchaChangeCallbackFun(data, checkFinshCallbackFun,args); return undefined; } }); }, // receiveInitParamFun: function (data, dialogCloseOrCaptchaChangeCallbackFun, checkFinshCallbackFun,args) { var isOpenCaptcha = data["isOpenCaptcha"]; if (!isOpenCaptcha && !importAccount) { checkFinshCallbackFun(data,args); return; } var captchaType = data['data']['captchaType']; var temp_data = data['data']['captchaData']; // if (captchaType == initCaptcha.defaultCaptcha) { // data['captchaType']=initCaptcha.defaultCaptcha; data['op']=initCaptcha.freshCaptcha; dialogCloseOrCaptchaChangeCallbackFun(data, checkFinshCallbackFun,args); return; } // if (captchaType == '0' \|\| captchaTy
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a legitimate function that checks the login status of a user and adjusts the visibility and behavior of a sign-in button accordingly. It makes an AJAX request to retrieve the activity status and sign-in switch settings, and then updates the button's appearance and functionality based on the response. While the code uses some legacy practices like `sessionStorage` and `XDomainRequest`, it does not exhibit any high-risk behaviors like dynamic code execution or data exfiltration. The overall functionality seems to be related to a typical user sign-in feature, and the code is not obfuscated or suspicious." }
/** * checkSignSwitch (/,) * * & * : _vr_signSwitch * 2021/1/8 Dear / function checkSignSwitch(showTips) { // var isLogin = sessionStorage.is_login; // var buttons = $("._vr_signSwitch"); if (buttons.length > 0) { /; {:, :}/ if (isLogin === "true") { buttons.attr({ href: "/pcenter-client/pcenter/#/pcenter-client/sign", target: "_blank" }) } else { buttons.attr({ href: "javascript:loginPlayer(this)" }) } $.ajax({ url: "/mobile-api/v5/chess/getActivityMsg.html", type: "get", data: { "function": "sign" }, dataType: 'json', success: function (res) { /open {1:, 0:}/ if (res.data.isSign !== null && res.data.signSwitch.open === 1) { / ; {false:, true \| null: }; / var page = location.pathname; if (res.data.isSign === false && (page === "/index.html" \|\| page === "/")) { // showTips && alert("!!"); } else { // buttons.hide(); // buttons.removeClass("text-warning") /-*/ } buttons.addClass('switchOn') $('._vr_loginSuccess ._vr_signSwitch').css({"display":"inline", "visibility": "visible"}); }else { buttons.removeClass('switchOn') $("._vr_loginSuccess .panel_sign").css("display","none"); } } }); } }
URL: https://551000l.cc/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a legitimate implementation of a language switching dialog. It uses the Layui library to create a modal dialog, and the functionality is focused on saving the user's language preference to session storage and cookies. There are no obvious high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The code seems to be following common practices for handling user preferences and language switching, which is a common requirement for web applications. While there are some moderate-risk indicators, such as the use of `XDomainRequest` and aggressive DOM manipulation, these are likely due to the specific implementation details and do not appear to be malicious in nature. Overall, the code seems to be a well-intentioned feature implementation with no clear signs of malicious intent." }
/** * PC * title: * skin: * area: * transparent: * updateTime: / function layerLangDialogIndex(title, content, skin, area, btnAlign, transparent, updateTime) { var dialog = layer.open({ type: 1, time: 0, // closeBtn: 0, shadeClose: false, content: content, title: title, move: ".layui-layer-title", btnAlign: 'c', skin: skin, area: area, btn: [' (No)', ' (Yes)'], success: function (layer) { // //$(layer).find('.layui-layer-btn ').html('<a class="layui-layer-btn0 _close"></a>'); // $(layer).addClass("index-modal"); // if(!!transparent){ $(layer).addClass("index-modal-transparent"); } }, btn1:function(){ // // 1.''session 2.cookie 3. window.sessionStorage["selected_language"] = 'zh_CN'; document.cookie = 'switched_language=true'; layer.close(dialog); }, btn2:function(){ // // 1.'en_US' or 'hi_IN'session 2.cookie 3.'en_US' or 'hi_IN'cookie 4. 5. var switchLanguage = '' window.sessionStorage["selected_language"] = switchLanguage; document.cookie = 'switched_language=true'; document.cookie = '_LANGUAGE=' + switchLanguage; layer.close(dialog); window.location.reload(); } }); } /* * * sessionStorage.selected_language: null \|\| language / function langDialog() { var content = '<p class="switch-txt"> </p><p class="switch-txt switch-txt-hi">Do you want to switch language into English</p>' var title = ['', 'background-color: #2D2D2D; color: white']; // 1.switched_languagecookie if (filterSwitchedLanguage('switched_language') == 'false' \|\| filterSwitchedLanguage('switched_language') == null) { var languageLayer = layerLangDialogIndex(title, content, 'switch-language-wrap', ['500px', '230px'], '', false, false); } } /* * switched_languagecookie */ function filterSwitchedLanguage(query) { // cookie const cookies = document.cookie; // cookie cookie var cookiesArray = cookies.split("; "); // 'switched_language' cookie var cookie = cookiesArray.filter(function(el) { return el.toLowerCase().indexOf(query.toLowerCase()) > -1; }) // 'switched_language' cookie var switchedLanguageCookie = cookie.toString().split("="); // switched_languagecookie var cookieValue = switchedLanguageCookie[1]; return cookieValue }
URL: https://www.ccsurj.org/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": " 6666 ", "prominent_button_name": "", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://551000l.cc/live.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Forbidden", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://551000l.cc/live.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Forbidden", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://551000l.cc/live.html Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://www.ccsurj.org/ Model: Joe Sandbox AI	{ "brands": [ "bet365", "UEFA EURO 2024", "BET365", "Kaiun", "188bet", "Taiyang Cheng", "Raybet", "betway", "3377", "Grand Lisboa" ] }

URL: https://551000l.cc/live.html Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (858), with no line terminators
Category:	downloaded
Size (bytes):	872
Entropy (8bit):	5.164057464392581
Encrypted:	false
SSDEEP:	12:2o7gXjLMi2A9E7CVtHCSYC6pdzX5PbSuZ1L2A9E7ClVeeoh57n1L2A9E7ClVqanr:2iGjIiouiu6p/PNZ1kdeU71kwrn
MD5:	AC480D48A02AE1E697BD6FBD7D42E8E8
SHA1:	C1E2BF1AB08BEB020AB404FAA5F42CDE77C99AEC
SHA-256:	2F5F4B70CA10C6F21E4EE19BC854A6754AB794AB4F51340A8F1B12444A2B91F8
SHA-512:	EED699DC90295C2D69858F20208DF69CEAD25852724BBFD3B84F51578FC5EEB86F3A5886246099B47849ABB2665CA4A6F373ADB784FE32779FD6FE70FBB7D094
Malicious:	false
Reputation:	low
URL:	https://p3yw7u.innittapp.com/061410/rcenter/common/js/jquery/plugins/jquery-eventlock/jquery-eventlock-1.0.0.js?v=1736150851437
Preview:	(function($){$.fn.isLocked=function(){var isLocked=false;if($(this).hasClass("ui-button-disable")){return true}var tagName=$(this).prop("tagName");if(tagName=="BUTTON"){var disabled=$(this).prop("disabled");if(disabled=="true"){isLocked=true}}else{var submited=$(this).prop("submited");if(submited=="true"){isLocked=true}}return isLocked};$.fn.lock=function(){var text={"en-US":"Waiting ...","zh-CN":".....","zh-TW":".....","ja-JP":"......"};$(this).each(function(){var tagName=$(this).prop("tagName");if(tagName=="BUTTON"){$(this).prop("disabled","true")}else{$(this).prop("submited","true")}$(this).addClass("ui-button-disable")})};$.fn.unlock=function(){$(this).each(function(){var tagName=$(this).prop("tagName");if(tagName=="BUTTON"){$(this).prop("disabled",null)}else{$(this).prop("submited",null)}$(this).removeClass("ui-button-disable")})}})(jQuery);

Source: https://www.ccsurj.org/__local/7/57/19/8893B54885AD47B81497E346099_E950D003_146A63.png	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/sitegray/sitegray.js	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/ico_tz.png	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/tt_bg.png	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/system/resource/js/calendar/simple.js	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/style/style.css	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/slider-arrow.png	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/logo-xxgcxy.jpg	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/@public/js.js	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/__local/F/3A/FA/D3291F0B28550FCE05C6FD5AA87_291DC08D_1634EF4.png	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-1.jpg	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/js/jquery.js	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-5.jpg	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/system/resource/js/vsbscreen.min.js	Avira URL Cloud: Label: phishing
Source: https://www.ccsurj.org/images/21/11/25/1p6vg4xelj/banner-4.jpg	Avira URL Cloud: Label: phishing

Source: https://www.ccsurj.org/	HTTP Parser: No favicon
Source: https://www.ccsurj.org/	HTTP Parser: No favicon
Source: https://www.ccsurj.org/	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: m.ccsurj.org
Source: global traffic	DNS traffic detected: DNS query: www.ccsurj.org
Source: global traffic	DNS traffic detected: DNS query: vkg.hpdbfezgrqwn.vip
Source: global traffic	DNS traffic detected: DNS query: www.baidu.com
Source: global traffic	DNS traffic detected: DNS query: www.sogou.com
Source: global traffic	DNS traffic detected: DNS query: 1k4ej4j1lxvjwz.com
Source: global traffic	DNS traffic detected: DNS query: p.ssl.qhimg.com
Source: global traffic	DNS traffic detected: DNS query: 551000l.cc
Source: global traffic	DNS traffic detected: DNS query: p3yw7u.innittapp.com

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 01:16:43.778410912 CET	49675	443	192.168.2.4	173.222.162.32
Jan 12, 2025 01:16:49.678653002 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:49.678698063 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:49.678761005 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:49.679002047 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:49.679018974 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:50.351768970 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:50.352209091 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:50.352243900 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:50.353243113 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:50.353338957 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:50.354607105 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:50.354685068 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:50.402497053 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:50.402533054 CET	443	49737	142.250.185.100	192.168.2.4
Jan 12, 2025 01:16:50.449315071 CET	49737	443	192.168.2.4	142.250.185.100
Jan 12, 2025 01:16:51.671813965 CET	80	49723	2.22.50.131	192.168.2.4
Jan 12, 2025 01:16:51.671948910 CET	49723	80	192.168.2.4	2.22.50.131
Jan 12, 2025 01:16:51.677205086 CET	49723	80	192.168.2.4	2.22.50.131
Jan 12, 2025 01:16:51.681996107 CET	80	49723	2.22.50.131	192.168.2.4
Jan 12, 2025 01:16:51.859638929 CET	49739	80	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:51.860044956 CET	49740	80	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:51.864682913 CET	80	49739	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:51.864769936 CET	49739	80	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:51.864876986 CET	80	49740	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:51.864928007 CET	49740	80	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:51.865066051 CET	49739	80	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:51.869839907 CET	80	49739	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:52.758198023 CET	80	49739	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:52.808460951 CET	49739	80	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.292541981 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.292586088 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:53.292747021 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.297776937 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.297847033 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:53.297919035 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.298151016 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.298160076 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:53.298496008 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:53.298508883 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.516716957 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.517138004 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.517163038 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.518230915 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.518310070 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.522927999 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.523076057 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.523192883 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.534836054 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.535128117 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.535162926 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.536253929 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.536322117 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.536647081 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.536709070 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.563338995 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.576327085 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.576351881 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.592186928 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.592207909 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:54.623223066 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:54.638547897 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.063721895 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063755035 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063764095 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063780069 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063786030 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063792944 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063874006 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.063896894 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063908100 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063932896 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.063939095 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.063963890 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.063999891 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.107770920 CET	49742	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.107789993 CET	443	49742	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.110279083 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.110327959 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.110429049 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.110558987 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.110616922 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.111032009 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.111042023 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.111069918 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.111097097 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.111391068 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.111398935 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.111629009 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.111649036 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.111675024 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.113524914 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.113565922 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.114095926 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.114106894 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.114427090 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.114440918 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.114999056 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.115006924 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.115521908 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.115531921 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.116225004 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.116244078 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.155332088 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438551903 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438580990 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438590050 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438605070 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438611984 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438615084 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438642979 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.438682079 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438699007 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.438700914 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.438730955 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.446698904 CET	49743	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.446717978 CET	443	49743	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.447290897 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.447345018 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:55.447412014 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.448402882 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:55.448415041 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.008717060 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.009001017 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.009035110 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.010185957 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.010523081 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.010533094 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.010705948 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.010718107 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.010737896 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.010792971 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.014363050 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.014434099 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.015513897 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.015647888 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.015661001 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.015734911 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.018778086 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.018982887 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.019006014 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.020133018 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.020426989 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.020529032 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.020591974 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.027394056 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.027659893 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.027697086 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.028727055 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.028786898 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.029439926 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.029495955 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.029558897 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.029567003 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.034893990 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.035130024 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.035161018 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.036197901 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.036262989 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.036598921 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.036648035 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.036716938 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.036725044 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.051359892 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.059830904 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.059866905 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.076493025 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.076517105 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.076534033 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.107242107 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.339071035 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.339355946 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.339378119 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.340461016 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.340531111 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.340936899 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.340996981 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.341114044 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.341125011 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.389866114 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.586128950 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.586227894 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.586302996 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.587522984 CET	49744	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.587568045 CET	443	49744	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.587857008 CET	49750	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.587918043 CET	443	49750	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.588094950 CET	49750	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.588444948 CET	49750	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.588463068 CET	443	49750	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.588543892 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.588629007 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.588696003 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.589445114 CET	49747	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.589473963 CET	443	49747	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.593255043 CET	49751	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.593293905 CET	443	49751	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.593425989 CET	49751	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.593837976 CET	49751	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.593852043 CET	443	49751	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610676050 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610707998 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610717058 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610794067 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.610794067 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610841990 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610868931 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.610882044 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.610922098 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.611797094 CET	49746	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.611814976 CET	443	49746	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.612322092 CET	49753	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.612353086 CET	443	49753	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.612447023 CET	49753	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.612915039 CET	49753	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.612941027 CET	443	49753	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.614444971 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.614552021 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.614614010 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.615097046 CET	49748	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.615117073 CET	443	49748	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.822921991 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.822979927 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.822999001 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.823016882 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.823055983 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.823065042 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.823082924 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.823085070 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.823113918 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.823115110 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.823132038 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.823163986 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.824635029 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.824702024 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.824738026 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.824750900 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.824764013 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.867960930 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.913522959 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.913583994 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.913681984 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.913695097 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.913772106 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.913820028 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.913820028 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.915837049 CET	49749	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.915859938 CET	443	49749	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.976599932 CET	49754	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.976629019 CET	443	49754	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.976680994 CET	49754	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.976865053 CET	49755	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.976910114 CET	443	49755	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.977030993 CET	49755	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.977063894 CET	49756	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.977149010 CET	443	49756	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.977217913 CET	49756	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.977344990 CET	49754	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.977358103 CET	443	49754	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.977504015 CET	49755	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.977521896 CET	443	49755	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:56.977649927 CET	49756	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:56.977684975 CET	443	49756	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.046555042 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.046582937 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.046629906 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.046681881 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.046737909 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.046761036 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.046885967 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.047164917 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.047209024 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.047240973 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.047257900 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.047275066 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.047298908 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.047854900 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.047900915 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.047924995 CET	49745	443	192.168.2.4	154.216.143.26
Jan 12, 2025 01:16:57.047939062 CET	443	49745	154.216.143.26	192.168.2.4
Jan 12, 2025 01:16:57.047961950 CET	49745	443	192.168.2.4	154.216.143.26

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 12, 2025 01:16:49.669212103 CET	192.168.2.4	1.1.1.1	0xf95f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:49.669416904 CET	192.168.2.4	1.1.1.1	0x9539	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 12, 2025 01:16:51.430994034 CET	192.168.2.4	1.1.1.1	0xa62e	Standard query (0)	m.ccsurj.org	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:51.431374073 CET	192.168.2.4	1.1.1.1	0x4759	Standard query (0)	m.ccsurj.org	65	IN (0x0001)	false
Jan 12, 2025 01:16:51.790558100 CET	192.168.2.4	1.1.1.1	0x7669	Standard query (0)	m.ccsurj.org	65	IN (0x0001)	false
Jan 12, 2025 01:16:52.760797024 CET	192.168.2.4	1.1.1.1	0xf721	Standard query (0)	www.ccsurj.org	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:52.760953903 CET	192.168.2.4	1.1.1.1	0xdcc5	Standard query (0)	www.ccsurj.org	65	IN (0x0001)	false
Jan 12, 2025 01:16:53.143275976 CET	192.168.2.4	1.1.1.1	0x6748	Standard query (0)	www.ccsurj.org	65	IN (0x0001)	false
Jan 12, 2025 01:16:56.617991924 CET	192.168.2.4	1.1.1.1	0x3674	Standard query (0)	www.ccsurj.org	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:56.618258953 CET	192.168.2.4	1.1.1.1	0x7f14	Standard query (0)	www.ccsurj.org	65	IN (0x0001)	false
Jan 12, 2025 01:16:56.967852116 CET	192.168.2.4	1.1.1.1	0xeb84	Standard query (0)	www.ccsurj.org	65	IN (0x0001)	false
Jan 12, 2025 01:16:58.114031076 CET	192.168.2.4	1.1.1.1	0x3eb9	Standard query (0)	vkg.hpdbfezgrqwn.vip	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.114506006 CET	192.168.2.4	1.1.1.1	0xceeb	Standard query (0)	vkg.hpdbfezgrqwn.vip	65	IN (0x0001)	false
Jan 12, 2025 01:16:58.120733023 CET	192.168.2.4	1.1.1.1	0xdb53	Standard query (0)	www.baidu.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.121081114 CET	192.168.2.4	1.1.1.1	0xe00f	Standard query (0)	www.baidu.com	65	IN (0x0001)	false
Jan 12, 2025 01:16:58.122137070 CET	192.168.2.4	1.1.1.1	0x2e51	Standard query (0)	www.sogou.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.122484922 CET	192.168.2.4	1.1.1.1	0xc26	Standard query (0)	www.sogou.com	65	IN (0x0001)	false
Jan 12, 2025 01:16:58.456686974 CET	192.168.2.4	1.1.1.1	0x118d	Standard query (0)	vkg.hpdbfezgrqwn.vip	65	IN (0x0001)	false
Jan 12, 2025 01:16:59.822292089 CET	192.168.2.4	1.1.1.1	0xab99	Standard query (0)	www.baidu.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:59.822432995 CET	192.168.2.4	1.1.1.1	0x2acc	Standard query (0)	www.baidu.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.071074009 CET	192.168.2.4	1.1.1.1	0x8bb6	Standard query (0)	1k4ej4j1lxvjwz.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.071235895 CET	192.168.2.4	1.1.1.1	0x2252	Standard query (0)	1k4ej4j1lxvjwz.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.098799944 CET	192.168.2.4	1.1.1.1	0x2931	Standard query (0)	www.sogou.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.099097013 CET	192.168.2.4	1.1.1.1	0xc91	Standard query (0)	www.sogou.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.100400925 CET	192.168.2.4	1.1.1.1	0x4d23	Standard query (0)	vkg.hpdbfezgrqwn.vip	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.100637913 CET	192.168.2.4	1.1.1.1	0xee68	Standard query (0)	vkg.hpdbfezgrqwn.vip	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.468772888 CET	192.168.2.4	1.1.1.1	0x86a7	Standard query (0)	vkg.hpdbfezgrqwn.vip	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.631289005 CET	192.168.2.4	1.1.1.1	0x6ba5	Standard query (0)	1k4ej4j1lxvjwz.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:03.611006021 CET	192.168.2.4	1.1.1.1	0xacea	Standard query (0)	p.ssl.qhimg.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:03.611519098 CET	192.168.2.4	1.1.1.1	0x3a3a	Standard query (0)	p.ssl.qhimg.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:04.005439043 CET	192.168.2.4	1.1.1.1	0x4504	Standard query (0)	1k4ej4j1lxvjwz.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:04.005633116 CET	192.168.2.4	1.1.1.1	0x8690	Standard query (0)	1k4ej4j1lxvjwz.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:04.559838057 CET	192.168.2.4	1.1.1.1	0xbf29	Standard query (0)	1k4ej4j1lxvjwz.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:04.820811033 CET	192.168.2.4	1.1.1.1	0xb2a9	Standard query (0)	p.ssl.qhimg.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:04.821166039 CET	192.168.2.4	1.1.1.1	0xf93a	Standard query (0)	p.ssl.qhimg.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:19.109246969 CET	192.168.2.4	1.1.1.1	0xb191	Standard query (0)	551000l.cc	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:19.109318972 CET	192.168.2.4	1.1.1.1	0xb476	Standard query (0)	551000l.cc	65	IN (0x0001)	false
Jan 12, 2025 01:17:21.325148106 CET	192.168.2.4	1.1.1.1	0xb30b	Standard query (0)	p3yw7u.innittapp.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:21.325335026 CET	192.168.2.4	1.1.1.1	0xab1	Standard query (0)	p3yw7u.innittapp.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:22.342653990 CET	192.168.2.4	1.1.1.1	0x288d	Standard query (0)	p3yw7u.innittapp.com	65	IN (0x0001)	false
Jan 12, 2025 01:17:22.803033113 CET	192.168.2.4	1.1.1.1	0x9773	Standard query (0)	551000l.cc	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:22.803162098 CET	192.168.2.4	1.1.1.1	0x6657	Standard query (0)	551000l.cc	65	IN (0x0001)	false
Jan 12, 2025 01:17:25.268703938 CET	192.168.2.4	1.1.1.1	0xba29	Standard query (0)	p3yw7u.innittapp.com	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:25.268970966 CET	192.168.2.4	1.1.1.1	0x39b7	Standard query (0)	p3yw7u.innittapp.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 12, 2025 01:16:49.677568913 CET	1.1.1.1	192.168.2.4	0x9539	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 12, 2025 01:16:49.677582979 CET	1.1.1.1	192.168.2.4	0xf95f	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:51.789931059 CET	1.1.1.1	192.168.2.4	0x4759	Server failure (2)	m.ccsurj.org	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:51.796756983 CET	1.1.1.1	192.168.2.4	0xa62e	No error (0)	m.ccsurj.org		154.216.143.26	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:52.153851032 CET	1.1.1.1	192.168.2.4	0x7669	Server failure (2)	m.ccsurj.org	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:53.096455097 CET	1.1.1.1	192.168.2.4	0xf721	No error (0)	www.ccsurj.org		154.216.143.26	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:53.118592978 CET	1.1.1.1	192.168.2.4	0xdcc5	Server failure (2)	www.ccsurj.org	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:53.322606087 CET	1.1.1.1	192.168.2.4	0x6748	Server failure (2)	www.ccsurj.org	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:56.967459917 CET	1.1.1.1	192.168.2.4	0x7f14	Server failure (2)	www.ccsurj.org	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:56.976048946 CET	1.1.1.1	192.168.2.4	0x3674	No error (0)	www.ccsurj.org		154.216.143.26	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:56.976268053 CET	1.1.1.1	192.168.2.4	0xeb84	Server failure (2)	www.ccsurj.org	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:58.127439022 CET	1.1.1.1	192.168.2.4	0xdb53	No error (0)	www.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:16:58.127439022 CET	1.1.1.1	192.168.2.4	0xdb53	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:16:58.127439022 CET	1.1.1.1	192.168.2.4	0xdb53	No error (0)	www.wshifen.com		103.235.46.96	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.127439022 CET	1.1.1.1	192.168.2.4	0xdb53	No error (0)	www.wshifen.com		103.235.47.188	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.332911968 CET	1.1.1.1	192.168.2.4	0x2e51	No error (0)	www.sogou.com		43.153.236.147	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.391472101 CET	1.1.1.1	192.168.2.4	0xe00f	No error (0)	www.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:16:58.391472101 CET	1.1.1.1	192.168.2.4	0xe00f	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:16:58.456022978 CET	1.1.1.1	192.168.2.4	0xceeb	Server failure (2)	vkg.hpdbfezgrqwn.vip	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:58.466737986 CET	1.1.1.1	192.168.2.4	0x3eb9	No error (0)	vkg.hpdbfezgrqwn.vip		122.10.26.202	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:58.809304953 CET	1.1.1.1	192.168.2.4	0x118d	Server failure (2)	vkg.hpdbfezgrqwn.vip	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:16:59.829654932 CET	1.1.1.1	192.168.2.4	0xab99	No error (0)	www.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:16:59.829654932 CET	1.1.1.1	192.168.2.4	0xab99	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:16:59.829654932 CET	1.1.1.1	192.168.2.4	0xab99	No error (0)	www.wshifen.com		103.235.46.96	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:16:59.829654932 CET	1.1.1.1	192.168.2.4	0xab99	No error (0)	www.wshifen.com		103.235.47.188	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.065265894 CET	1.1.1.1	192.168.2.4	0x2acc	No error (0)	www.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:00.065265894 CET	1.1.1.1	192.168.2.4	0x2acc	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:00.299709082 CET	1.1.1.1	192.168.2.4	0x2931	No error (0)	www.sogou.com		43.153.236.147	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.436167002 CET	1.1.1.1	192.168.2.4	0x4d23	No error (0)	vkg.hpdbfezgrqwn.vip		122.10.26.202	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.467917919 CET	1.1.1.1	192.168.2.4	0xee68	Server failure (2)	vkg.hpdbfezgrqwn.vip	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.630877018 CET	1.1.1.1	192.168.2.4	0x2252	Server failure (2)	1k4ej4j1lxvjwz.com	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:17:00.642981052 CET	1.1.1.1	192.168.2.4	0x8bb6	No error (0)	1k4ej4j1lxvjwz.com		122.10.50.210	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:00.811374903 CET	1.1.1.1	192.168.2.4	0x86a7	Server failure (2)	vkg.hpdbfezgrqwn.vip	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:17:01.173033953 CET	1.1.1.1	192.168.2.4	0x6ba5	Server failure (2)	1k4ej4j1lxvjwz.com	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:17:03.815601110 CET	1.1.1.1	192.168.2.4	0xacea	No error (0)	p.ssl.qhimg.com	d3h3opd4qa0dfk.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:03.815601110 CET	1.1.1.1	192.168.2.4	0xacea	No error (0)	d3h3opd4qa0dfk.cloudfront.net		13.32.121.43	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:03.815601110 CET	1.1.1.1	192.168.2.4	0xacea	No error (0)	d3h3opd4qa0dfk.cloudfront.net		13.32.121.84	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:03.815601110 CET	1.1.1.1	192.168.2.4	0xacea	No error (0)	d3h3opd4qa0dfk.cloudfront.net		13.32.121.88	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:03.815601110 CET	1.1.1.1	192.168.2.4	0xacea	No error (0)	d3h3opd4qa0dfk.cloudfront.net		13.32.121.52	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:04.558875084 CET	1.1.1.1	192.168.2.4	0x8690	Server failure (2)	1k4ej4j1lxvjwz.com	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:17:04.589389086 CET	1.1.1.1	192.168.2.4	0x4504	No error (0)	1k4ej4j1lxvjwz.com		122.10.50.210	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:05.123018980 CET	1.1.1.1	192.168.2.4	0xbf29	Server failure (2)	1k4ej4j1lxvjwz.com	none	none	65	IN (0x0001)	false
Jan 12, 2025 01:17:05.712322950 CET	1.1.1.1	192.168.2.4	0xb2a9	No error (0)	p.ssl.qhimg.com	p.ssl.qhimg.com.qh-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:05.712322950 CET	1.1.1.1	192.168.2.4	0xb2a9	No error (0)	p.ssl.qhimg.com.qh-cdn.com	69d9dbca.cdn.ucloud.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:05.712322950 CET	1.1.1.1	192.168.2.4	0xb2a9	No error (0)	69d9dbca.cdn.ucloud.com.cn	uc-jn.ucloud.com.cn.ucnaming.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:05.712322950 CET	1.1.1.1	192.168.2.4	0xb2a9	No error (0)	uc-jn.ucloud.com.cn.ucnaming.com	ucloud-internal.v.ucnaming.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:05.712322950 CET	1.1.1.1	192.168.2.4	0xb2a9	No error (0)	ucloud-internal.v.ucnaming.com		36.27.222.245	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:05.712322950 CET	1.1.1.1	192.168.2.4	0xb2a9	No error (0)	ucloud-internal.v.ucnaming.com		36.27.222.246	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:19.121306896 CET	1.1.1.1	192.168.2.4	0xb191	No error (0)	551000l.cc		154.193.113.233	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:19.121306896 CET	1.1.1.1	192.168.2.4	0xb191	No error (0)	551000l.cc		154.193.113.232	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:22.297334909 CET	1.1.1.1	192.168.2.4	0xb30b	No error (0)	p3yw7u.innittapp.com	p3yw7u.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:22.297334909 CET	1.1.1.1	192.168.2.4	0xb30b	No error (0)	p3yw7u.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:22.297334909 CET	1.1.1.1	192.168.2.4	0xb30b	No error (0)	l5-global.gslb.ksyuncdn.com		103.198.200.7	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:22.297334909 CET	1.1.1.1	192.168.2.4	0xb30b	No error (0)	l5-global.gslb.ksyuncdn.com		103.155.16.134	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:22.406164885 CET	1.1.1.1	192.168.2.4	0xab1	No error (0)	p3yw7u.innittapp.com	p3yw7u.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:22.406164885 CET	1.1.1.1	192.168.2.4	0xab1	No error (0)	p3yw7u.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:22.675729990 CET	1.1.1.1	192.168.2.4	0x288d	No error (0)	p3yw7u.innittapp.com	p3yw7u.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:22.675729990 CET	1.1.1.1	192.168.2.4	0x288d	No error (0)	p3yw7u.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:22.824340105 CET	1.1.1.1	192.168.2.4	0x9773	No error (0)	551000l.cc		154.193.113.233	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:22.824340105 CET	1.1.1.1	192.168.2.4	0x9773	No error (0)	551000l.cc		154.193.113.232	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:25.857404947 CET	1.1.1.1	192.168.2.4	0xba29	No error (0)	p3yw7u.innittapp.com	p3yw7u.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:25.857404947 CET	1.1.1.1	192.168.2.4	0xba29	No error (0)	p3yw7u.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:25.857404947 CET	1.1.1.1	192.168.2.4	0xba29	No error (0)	l5-global.gslb.ksyuncdn.com		103.198.200.7	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:25.857404947 CET	1.1.1.1	192.168.2.4	0xba29	No error (0)	l5-global.gslb.ksyuncdn.com		103.155.16.134	A (IP address)	IN (0x0001)	false
Jan 12, 2025 01:17:26.253835917 CET	1.1.1.1	192.168.2.4	0x39b7	No error (0)	p3yw7u.innittapp.com	p3yw7u.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 12, 2025 01:17:26.253835917 CET	1.1.1.1	192.168.2.4	0x39b7	No error (0)	p3yw7u.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:16:51.865066051 CET	427	OUT	GET / HTTP/1.1 Host: m.ccsurj.org Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:16:52.758198023 CET	353	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Sun, 12 Jan 2025 00:16:52 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://www.ccsurj.org/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Jan 12, 2025 01:17:37.766144991 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:54 UTC	657	OUT	GET / HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:55 UTC	267	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:54 GMT Content-Type: text/html; charset=utf-8 Content-Length: 25442 Last-Modified: Fri, 10 Jan 2025 07:04:19 GMT Connection: close Vary: Accept-Encoding ETag: "6780c673-6362" Accept-Ranges: bytes
2025-01-12 00:16:55 UTC	16117	IN	Data Raw: ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 56 5f 50 41 54 48 3d 22 2f 22 3b 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 20 72 65 74 75 72 6e 20 74 72 75 65 3b 20 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 6e 61 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><script>var V_PATH="/";window.onerror=function(){ return true; };</script><meta na
2025-01-12 00:16:55 UTC	9325	IN	Data Raw: 22 3e 3c 2f 73 70 61 6e 3e 3c 68 32 3e e5 b0 b1 e4 b8 9a e5 b7 a5 e4 bd 9c 3c 2f 68 32 3e 3c 61 20 68 72 65 66 3d 22 2f 6a 79 67 7a 2e 68 74 6d 6c 22 3e e6 9b b4 e5 a4 9a 26 67 74 3b 26 67 74 3b 3c 2f 61 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 2d 6c 69 73 74 32 20 69 2d 6c 62 6f 78 32 22 3e 0d 0a 3c 75 6c 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 69 6e 66 6f 2f 31 30 37 37 2f 33 34 35 39 2e 68 74 6d 6c 22 3e e6 9a 96 e5 bf 83 ef bc 81 e8 bf 99 e4 ba 9b e9 92 88 e5 af b9 e6 80 a7 e4 b8 be e6 8e aa e4 b8 ba e5 9b b0 e9 9a be e4 ba ba e5 91 98 e5 b0 b1 e4 b8 9a e4 bf 9d 3c 2f 61 3e 3c 73 70 61 6e 3e 31 31 2f 32 35 3c 2f 73 70 61 6e 3e 3c 2f 6c 69 3e 0d 0a 3c 6c 69 3e 3c 61 20 68 72 65 66 Data Ascii: "></span><h2></h2><a href="/jygz.html">>></a></div> <div class="i-list2 i-lbox2"><ul><li><a href="/info/1077/3459.html"></a><span>11/25</span></li><li><a href

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:55 UTC	542	OUT	GET /style/style.css HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:55 UTC	323	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:55 GMT Content-Type: text/css Content-Length: 15539 Last-Modified: Fri, 10 Jan 2025 07:04:19 GMT Connection: close Vary: Accept-Encoding ETag: "6780c673-3cb3" Expires: Tue, 11 Feb 2025 00:16:55 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:55 UTC	15539	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 75 74 66 2d 38 22 3b 2f 2a 20 43 53 53 20 44 6f 63 75 6d 65 6e 74 2a 2f 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 6d 69 63 72 6f 73 6f 66 74 20 79 61 68 65 69 22 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 66 66 66 3b 7d 0d 0a 75 6c 2c 6c 69 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 3b 7d 0d 0a 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 7b 6d 61 72 67 69 6e 3a 20 30 3b 70 61 64 64 69 6e 67 3a 20 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f Data Ascii: @charset "utf-8";/* CSS Document*/body{margin: 0;padding: 0;font-family: "microsoft yahei";font-size: 14px;min-width: 1100px;background:#ffffff;}ul,li{list-style-type: none;margin: 0;padding: 0;}h1,h2,h3,h4,h5,h6{margin: 0;padding: 0;font-weight: no

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	6767
Entropy (8bit):	5.512301770404852
Encrypted:	false
SSDEEP:	96:KrdCAknFANT9UpcOb1BiEUGqcaiAviAHuviwv+0JfiAHXKrjQ9K8pbaIiofi1MPr:Kr6niN9UpcOb1wEUaq/YK8EdiNuxeZ
MD5:	910B0BE124413CB49C6B9BB007BAF456
SHA1:	FF4CAA611C6477983C297B9D28AFA66ACBFDBD90
SHA-256:	2E4F07CA3E11CC046FC9DFE772E4C7A8534FD8B4F1F85DF21902C07534DC0390
SHA-512:	E896CB14966EDB96F8ACED3AE2CA4D2C1C7DAA07472AE0CC3246F592B9B31015F7B29CE59CE2AF8B8CB546836106493B1EDB21085AFAEBD6F644DF6D7BA7634B
Malicious:	false
Reputation:	low
URL:	https://www.ccsurj.org/system/resource/js/ajax.js
Preview:	.//..XMLHTTP......function createXMLHttpRequest()..{.. var xmlHttp = null;.. try{... ..xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");... }... catch(e)... {.... try{.... xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");.... }.... catch(e).... {........ try{........ xmlHttp = new XMLHttpRequest();........ }catch(e){........ }.... }... }.. return xmlHttp;..} ....//......//url: ......//fun.......function startRequest(url, fun,xmlHttp)..{.. xmlHttp.onreadystatechange = fun;.. xmlHttp.open("GET",url,true);.. xmlHttp.send(null);..}....//..xml.....//father......//name........//...............null..function getXmlChild(father, name)..{.. var es = father.getElementsByTagName(name);.. if(es.length == 0).. return null;.. else.. return es[0];..}....String.prototype.trim.= function() ..{ ..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (673)
Category:	downloaded
Size (bytes):	59450
Entropy (8bit):	5.5817630703190995
Encrypted:	false
SSDEEP:	384:DpwAOKkIjsrmbLoEnQTOYb1wI1u4FQZ58xzU8DIKIENpfr6YiVn4IjhliVUbWi7Y:FwokIjm8oJDWCjWli+c8KxOKkKL9V
MD5:	70E7326A1132B730F1B6EB8152CE6E65
SHA1:	0CCF4268B13B7AC2D46E73DDB3E7FE26A0DB656D
SHA-256:	37EB2837CEDEE205F614F189D56F49F401AF8BF92C1C6D5CCBB3AB894D852922
SHA-512:	33254E2A59C44798C83A1E5FE0B00F2E8325C779A75763BF140EA7BE20B3F48374853A3FEBAE49C22733D89C09816121F811D7D1D00661BBE011BAB6123254D6
Malicious:	false
Reputation:	low
URL:	https://1k4ej4j1lxvjwz.com/
Preview:	<html>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8">...<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no">...<title id="titlename">....</title>...<meta content="" name="keywords">...<meta content="" name="description">...<link rel="stylesheet" type="text/css" href="/css/style.css" />...<link rel="stylesheet" href="/css/modalStyles.css">...<link rel="stylesheet" href="/css/bootstrap.min.css">. <script src="/jquery.min.js"></script>. <script src="/popper.min.js"></script>. <script src="/bootstrap.min.js"></script>. <script src="/banner.js"></script>. . .........-->.. <script>. document.addEventListener('contextmenu', function(event) {. event.preventDefault();. });. document.addEventListener('selectstart', function(event) {. event.preventDefault();. });. </script>

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:56 UTC	550	OUT	GET /sitegray/sitegray_d.css HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:56 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:56 GMT Content-Type: text/css Content-Length: 20 Last-Modified: Fri, 10 Jan 2025 07:04:20 GMT Connection: close ETag: "6780c674-14" Expires: Tue, 11 Feb 2025 00:16:56 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:56 UTC	20	IN	Data Raw: 2f 2a 2e 6e 6f 67 72 61 79 66 6f 72 73 69 74 65 7b 7d 2a 2f Data Ascii: /.nograyforsite{}/

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:56 UTC	540	OUT	GET /index.vsb.css HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:56 UTC	295	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:56 GMT Content-Type: text/css Content-Length: 34 Last-Modified: Fri, 10 Jan 2025 07:04:20 GMT Connection: close ETag: "6780c674-22" Expires: Tue, 11 Feb 2025 00:16:56 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:56 UTC	34	IN	Data Raw: 2e 66 6f 6e 74 32 37 30 38 36 36 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 70 74 20 3b 7d 0d 0a 0d 0a Data Ascii: .font270866{ font-size: 9pt ;}

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:56 UTC	525	OUT	GET /js/jquery.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:56 UTC	353	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:56 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 94792 Last-Modified: Fri, 10 Jan 2025 07:04:20 GMT Connection: close Vary: Accept-Encoding ETag: "6780c674-17248" Expires: Tue, 11 Feb 2025 00:16:56 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:56 UTC	16031	IN	Data Raw: 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 75 6e 63 74 69 6f 6e 20 63 79 28 61 29 7b 72 65 74 75 72 6e 20 66 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 61 3a 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 39 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 7c 7c 61 2e 70 61 72 65 6e 74 57 69 6e 64 6f 77 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 63 75 28 61 29 7b 69 66 28 21 63 6a 5b 61 5d 29 7b 76 61 72 20 62 3d 63 2e 62 6f 64 79 2c 64 3d 66 28 22 3c 22 2b 61 2b 22 3e 22 29 2e 61 70 70 65 6e 64 54 6f 28 62 29 2c 65 3d 64 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 29 3b 64 2e 72 65 6d 6f 76 65 28 29 3b 69 66 28 65 3d 3d 3d 22 6e 6f 6e 65 22 7c 7c 65 3d 3d 3d 22 22 29 7b 63 6b 7c 7c 28 63 6b 3d 63 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 Data Ascii: (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView\|\|a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"\|\|e===""){ck\|\|(ck=c.createElement("iframe")
2025-01-12 00:16:56 UTC	16384	IN	Data Raw: 73 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 2c 70 69 70 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 66 2e 44 65 66 65 72 72 65 64 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 66 2e 65 61 63 68 28 7b 64 6f 6e 65 3a 5b 61 2c 22 72 65 73 6f 6c 76 65 22 5d 2c 66 61 69 6c 3a 5b 62 2c 22 72 65 6a 65 63 74 22 5d 2c 70 72 6f 67 72 65 73 73 3a 5b 63 2c 22 6e 6f 74 69 66 79 22 5d 7d 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 62 5b 30 5d 2c 65 3d 62 5b 31 5d 2c 67 3b 66 2e 69 73 46 75 6e 63 74 69 6f 6e 28 63 29 3f 69 5b 61 5d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 3d 63 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 67 26 26 66 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 2e 70 72 6f 6d 69 73 65 29 3f 67 Data Ascii: s);return this},pipe:function(a,b,c){return f.Deferred(function(d){f.each({done:[a,"resolve"],fail:[b,"reject"],progress:[c,"notify"]},function(a,b){var c=b[0],e=b[1],g;f.isFunction(c)?i[a](function(){g=c.apply(this,arguments),g&&f.isFunction(g.promise)?g
2025-01-12 00:16:57 UTC	16384	IN	Data Raw: 0d 0a 61 29 7b 76 61 72 20 62 3d 46 2e 65 78 65 63 28 61 29 3b 62 26 26 28 62 5b 31 5d 3d 28 62 5b 31 5d 7c 7c 22 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 62 5b 33 5d 3d 62 5b 33 5d 26 26 6e 65 77 20 52 65 67 45 78 70 28 22 28 3f 3a 5e 7c 5c 5c 73 29 22 2b 62 5b 33 5d 2b 22 28 3f 3a 5c 5c 73 7c 24 29 22 29 29 3b 72 65 74 75 72 6e 20 62 7d 2c 48 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 7b 7d 3b 72 65 74 75 72 6e 28 21 62 5b 31 5d 7c 7c 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 5b 31 5d 29 26 26 28 21 62 5b 32 5d 7c 7c 28 63 2e 69 64 7c 7c 7b 7d 29 2e 76 61 6c 75 65 3d 3d 3d 62 5b 32 5d 29 26 26 28 21 62 5b 33 5d 7c 7c 62 5b 33 5d 2e 74 65 73 Data Ascii: a){var b=F.exec(a);b&&(b[1]=(b[1]\|\|"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^\|\\s)"+b[3]+"(?:\\s\|$)"));return b},H=function(a,b){var c=a.attributes\|\|{};return(!b[1]\|\|a.nodeName.toLowerCase()===b[1])&&(!b[2]\|\|(c.id\|\|{}).value===b[2])&&(!b[3]\|\|b[3].tes
2025-01-12 00:16:57 UTC	16384	IN	Data Raw: 65 28 22 68 72 65 66 22 29 7d 2c 74 79 70 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 7d 7d 2c 72 65 6c 61 74 69 76 65 3a 7b 22 2b 22 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 74 79 70 65 6f 66 20 62 3d 3d 22 73 74 72 69 6e 67 22 2c 64 3d 63 26 26 21 6c 2e 74 65 73 74 28 62 29 2c 65 3d 63 26 26 21 64 3b 64 26 26 28 62 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 66 6f 72 28 76 61 72 20 66 3d 30 2c 67 3d 61 2e 6c 65 6e 67 74 68 2c 68 3b 66 3c 67 3b 66 2b 2b 29 69 66 28 68 3d 61 5b 66 5d 29 7b 77 68 69 6c 65 28 28 68 3d 68 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 29 26 26 68 2e 6e 6f 64 65 54 79 70 65 21 3d 3d 31 29 3b 61 5b 66 5d 3d 65 Data Ascii: e("href")},type:function(a){return a.getAttribute("type")}},relative:{"+":function(a,b){var c=typeof b=="string",d=c&&!l.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e
2025-01-12 00:16:57 UTC	16384	IN	Data Raw: 61 3d 66 0d 0a 2e 63 6c 65 61 6e 28 61 72 67 75 6d 65 6e 74 73 29 3b 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 74 68 69 73 2e 74 6f 41 72 72 61 79 28 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 61 2c 22 62 65 66 6f 72 65 22 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 61 66 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 5b 30 5d 26 26 74 68 69 73 5b 30 5d 2e 70 61 72 65 6e 74 4e 6f 64 65 29 72 65 74 75 72 6e 20 74 68 69 73 2e 64 6f 6d 4d 61 6e 69 70 28 61 72 67 75 6d 65 6e 74 73 2c 21 31 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 74 68 69 73 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 7d 29 3b 69 66 28 61 72 67 75 6d 65 6e Data Ascii: a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(argumen
2025-01-12 00:16:57 UTC	13225	IN	Data Raw: 63 6d 61 73 63 72 69 70 74 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 65 63 6d 61 73 63 72 69 70 74 22 7d 2c 63 6f 6e 74 65 6e 74 73 3a 7b 73 63 72 69 70 74 3a 2f 6a 61 76 61 73 63 72 69 70 74 7c 65 63 6d 61 73 63 72 69 70 74 2f 7d 2c 63 6f 6e 76 65 72 74 65 72 73 3a 7b 22 74 65 78 74 20 73 63 72 69 70 74 22 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 2e 67 6c 6f 62 61 6c 45 76 61 6c 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 7d 7d 29 2c 66 2e 61 6a 61 78 50 72 65 66 69 6c 74 65 72 28 22 73 63 72 69 70 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 63 61 63 68 65 3d 3d 3d 62 26 26 28 61 2e 63 61 63 68 65 3d 21 31 29 2c 61 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 26 26 28 61 2e 74 79 70 65 3d 22 47 45 54 22 2c 61 2e 67 6c 6f 62 61 6c 3d 21 31 29 7d 29 2c 66 Data Ascii: cmascript, application/x-ecmascript"},contents:{script:/javascript\|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:56 UTC	536	OUT	GET /js/jquery.SuperSlide.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:56 UTC	352	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:56 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 11020 Last-Modified: Fri, 10 Jan 2025 07:04:19 GMT Connection: close Vary: Accept-Encoding ETag: "6780c673-2b0c" Expires: Tue, 11 Feb 2025 00:16:56 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:56 UTC	11020	IN	Data Raw: ef bb bf 0d 0a 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 66 6e 2e 73 6c 69 64 65 3d 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 61 2e 66 6e 2e 73 6c 69 64 65 2e 64 65 66 61 75 6c 74 73 3d 7b 74 79 70 65 3a 22 73 6c 69 64 65 22 2c 65 66 66 65 63 74 3a 22 66 61 64 65 22 2c 61 75 74 6f 50 6c 61 79 3a 21 31 2c 64 65 6c 61 79 54 69 6d 65 3a 35 30 30 2c 69 6e 74 65 72 54 69 6d 65 3a 32 35 30 30 2c 74 72 69 67 67 65 72 54 69 6d 65 3a 31 35 30 2c 64 65 66 61 75 6c 74 49 6e 64 65 78 3a 30 2c 74 69 74 43 65 6c 6c 3a 22 2e 68 64 20 6c 69 22 2c 6d 61 69 6e 43 65 6c 6c 3a 22 2e 62 64 22 2c 74 61 72 67 65 74 43 65 6c 6c 3a 6e 75 6c 6c 2c 74 72 69 67 67 65 72 3a 22 6d 6f 75 73 65 6f 76 65 72 22 2c 73 63 72 6f 6c 6c 3a 31 2c 76 69 73 3a 31 2c 74 69 Data Ascii: !function(a){a.fn.slide=function(b){return a.fn.slide.defaults={type:"slide",effect:"fade",autoPlay:!1,delayTime:500,interTime:2500,triggerTime:150,defaultIndex:0,titCell:".hd li",mainCell:".bd",targetCell:null,trigger:"mouseover",scroll:1,vis:1,ti

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:56 UTC	533	OUT	GET /sitegray/sitegray.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:56 UTC	324	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:56 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 95 Last-Modified: Fri, 10 Jan 2025 07:04:21 GMT Connection: close ETag: "6780c675-5f" Expires: Tue, 11 Feb 2025 00:16:56 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:56 UTC	95	IN	Data Raw: 2f 2a 0d 0a 20 2a 20 2d 2d 20 67 72 61 79 73 63 61 6c 65 2e 6a 73 20 2d 2d 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4a 61 6d 65 73 20 50 61 64 6f 6c 73 65 79 20 28 68 74 74 70 3a 2f 2f 6a 61 6d 65 73 2e 70 61 64 6f 6c 73 65 79 2e 63 6f 6d 29 0d 0a 20 2a 0d 0a 20 2a 2f Data Ascii: /* * -- grayscale.js -- * Copyright (C) James Padolsey (http://james.padolsey.com) * */

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:56 UTC	548	OUT	GET /system/resource/js/vsbscreen.min.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:56 UTC	350	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:56 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 3347 Last-Modified: Fri, 10 Jan 2025 07:04:21 GMT Connection: close Vary: Accept-Encoding ETag: "6780c675-d13" Expires: Tue, 11 Feb 2025 00:16:56 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:56 UTC	3347	IN	Data Raw: 76 61 72 20 5f 76 73 62 5f 6d 75 6c 74 69 73 63 72 65 65 6e 3b 69 66 28 74 79 70 65 6f 66 28 5f 76 73 62 5f 6d 75 6c 74 69 73 63 72 65 65 6e 29 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 76 61 72 20 5f 76 73 62 5f 6d 75 6c 74 69 73 63 72 65 65 6e 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 3d 74 68 69 73 3b 76 61 72 20 61 3d 22 76 73 62 5f 73 63 72 65 65 6e 5f 73 65 74 5f 64 65 76 69 63 65 22 3b 76 61 72 20 6b 3d 22 76 73 62 5f 73 63 72 65 65 6e 5f 72 65 6c 6f 61 64 5f 63 6f 75 6e 74 22 3b 76 61 72 20 62 3d 33 30 30 3b 76 61 72 20 67 3d 32 3b 76 61 72 20 68 3d 22 76 73 62 5f 73 63 72 65 65 6e 5f 72 65 6c 6f 61 64 5f 75 72 6c 22 3b 76 61 72 20 69 3d 33 30 3b 76 61 72 20 65 3d 22 5f 76 73 62 73 63 72 65 65 6e 22 3b 76 61 72 20 63 3d 22 Data Ascii: var _vsb_multiscreen;if(typeof(_vsb_multiscreen)=="undefined"){var _vsb_multiscreen=new function(){var d=this;var a="vsb_screen_set_device";var k="vsb_screen_reload_count";var b=300;var g=2;var h="vsb_screen_reload_url";var i=30;var e="_vsbscreen";var c="

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:57 UTC	542	OUT	GET /system/resource/js/counter.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:58 UTC	350	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:57 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 1329 Last-Modified: Fri, 10 Jan 2025 07:04:21 GMT Connection: close Vary: Accept-Encoding ETag: "6780c675-531" Expires: Tue, 11 Feb 2025 00:16:57 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:58 UTC	1329	IN	Data Raw: ef bb bf 76 61 72 20 5f 6a 73 71 5f 69 6d 61 67 65 20 3d 20 6e 65 77 20 49 6d 61 67 65 28 29 3b 0d 0a 66 75 6e 63 74 69 6f 6e 20 5f 6a 73 71 5f 65 6e 63 6f 64 65 28 29 7b 5f 6b 65 79 53 74 72 3d 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 3b 74 68 69 73 2e 65 6e 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 7c 7c 61 3d 3d 75 6e 64 65 66 69 6e 65 64 7c 7c 61 3d 3d 22 22 29 72 65 74 75 72 6e 22 22 3b 76 61 72 20 62 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 76 61 72 20 63 2c 63 68 72 32 2c 63 68 72 33 3b 76 61 72 20 64 2c 65 6e 63 32 2c 65 6e 63 33 2c 65 6e 63 34 3b 76 61 Data Ascii: var _jsq_image = new Image();function _jsq_encode(){_keyStr="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";this.encode=function(a){if(a==null\|\|a==undefined\|\|a=="")return"";var b=new Array();var c,chr2,chr3;var d,enc2,enc3,enc4;va

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:57 UTC	528	OUT	GET /@public/base.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:58 UTC	350	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:57 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 2363 Last-Modified: Sat, 11 Jan 2025 07:29:15 GMT Connection: close Vary: Accept-Encoding ETag: "67821dcb-93b" Expires: Tue, 11 Feb 2025 00:16:57 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:58 UTC	2363	IN	Data Raw: 65 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 70 2c 61 2c 63 2c 6b 2c 65 2c 64 29 7b 65 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 28 63 3c 61 3f 22 22 3a 65 28 70 61 72 73 65 49 6e 74 28 63 2f 61 29 29 29 2b 28 28 63 3d 63 25 61 29 3e 33 35 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 63 2b 32 39 29 3a 63 2e 74 6f 53 74 72 69 6e 67 28 33 36 29 29 7d 3b 69 66 28 21 27 27 2e 72 65 70 6c 61 63 65 28 2f 5e 2f 2c 53 74 72 69 6e 67 29 29 7b 77 68 69 6c 65 28 63 2d 2d 29 64 5b 65 28 63 29 5d 3d 6b 5b 63 5d 7c 7c 65 28 63 29 3b 6b 3d 5b 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 5b 65 5d 7d 5d 3b 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 27 5c 5c 77 2b 27 7d 3b 63 3d 31 3b 7d 3b 77 68 69 6c 65 28 63 2d Data Ascii: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]\|\|e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c-

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:57 UTC	550	OUT	GET /system/resource/js/calendar/simple.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:58 UTC	351	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:57 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 9191 Last-Modified: Fri, 10 Jan 2025 07:04:21 GMT Connection: close Vary: Accept-Encoding ETag: "6780c675-23e7" Expires: Tue, 11 Feb 2025 00:16:57 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:58 UTC	9191	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 53 69 6d 70 6c 65 5f 43 61 6c 65 6e 64 61 72 28 29 0d 0a 7b 0d 0a 20 20 20 76 61 72 20 20 20 20 63 61 6c 5f 43 61 6c 65 6e 64 61 72 43 61 6c 65 6e 64 61 72 44 61 74 61 3d 6e 65 77 20 20 20 20 41 72 72 61 79 28 32 30 29 3b 20 20 20 20 20 0d 0a 20 20 20 76 61 72 20 20 20 20 63 61 6c 5f 43 61 6c 65 6e 64 61 72 6d 61 64 64 3d 6e 65 77 20 20 20 20 41 72 72 61 79 28 31 32 29 3b 20 20 20 20 20 0d 0a 20 20 20 76 61 72 20 20 20 20 63 61 6c 5f 43 61 6c 65 6e 64 61 72 54 68 65 44 61 74 65 3d 6e 65 77 20 20 20 20 44 61 74 65 28 29 3b 20 20 20 20 20 0d 0a 20 20 20 76 61 72 20 20 20 20 63 61 6c 5f 43 61 6c 65 6e 64 61 72 74 67 53 74 72 69 6e 67 3d 22 e7 94 b2 e4 b9 99 e4 b8 99 e4 b8 81 e6 88 8a e5 b7 b1 e5 ba 9a e8 be 9b e5 a3 ac e7 99 b8 22 Data Ascii: function Simple_Calendar(){ var cal_CalendarCalendarData=new Array(20); var cal_Calendarmadd=new Array(12); var cal_CalendarTheDate=new Date(); var cal_CalendartgString=""

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:58 UTC	609	OUT	GET /images/ico_search.png HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/style/style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	298	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: image/png Content-Length: 541 Last-Modified: Fri, 10 Jan 2025 07:04:22 GMT Connection: close ETag: "6780c676-21d" Expires: Tue, 11 Feb 2025 00:16:59 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:59 UTC	541	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 13 00 00 00 13 08 06 00 00 00 72 50 36 cc 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 00 00 00 00 00 f9 43 bb 7f 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 01 81 49 44 41 54 38 cb 9d d4 3b 6b 54 51 14 05 e0 2f f3 20 89 44 63 20 8e 88 af 42 c6 46 cc a3 09 62 9a a0 08 76 fe 01 ff 82 8f 9f 60 65 6d 0a 3b 7f 82 85 08 5a 09 6a 93 10 52 04 62 21 71 0a 8b 51 49 31 82 af e0 c8 4c 46 8b bb 23 67 ae 33 93 31 ab 39 7b dd bb ce 62 9f bd f7 39 23 7a e3 08 ce a3 12 fc 23 de e1 a7 01 18 c9 f1 09 dc c0 7c 0f 6d 1b eb 78 82 dd fd Data Ascii: PNGIHDRrP6gAMAa cHRMz&u0`:pQ<bKGDCpHYs~IDAT8;kTQ/ Dc BFbv`em;ZjRb!qQI1LF#g319{b9#z#\|mx

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://m.ccsurj.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Windows Analysis Report
http://m.ccsurj.org/

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:58 UTC	595	OUT	GET /images/logo-xxgcxy.jpg HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	302	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: image/jpeg Content-Length: 60109 Last-Modified: Fri, 10 Jan 2025 07:04:21 GMT Connection: close ETag: "6780c675-eacd" Expires: Tue, 11 Feb 2025 00:16:59 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:59 UTC	16082	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 30 00 00 00 52 08 06 00 00 00 4a 52 ee 17 00 00 00 04 73 42 49 54 08 08 08 08 7c 08 64 88 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 1f 74 45 58 74 53 6f 66 74 77 61 72 65 00 4d 61 63 72 6f 6d 65 64 69 61 20 46 69 72 65 77 6f 72 6b 73 20 38 b5 68 d2 78 00 00 02 78 70 72 56 57 78 9c ed 99 4d 68 13 41 18 86 67 33 69 6c 9a c9 66 b3 14 f4 2e de 2b b9 14 a4 d0 28 68 ed 41 bd 14 7f c0 8b f6 07 51 41 c9 41 2a 5e 3c 09 c5 83 68 50 57 0f 9e 84 5a 09 48 ac 62 43 4d 69 b4 16 c2 16 44 45 85 22 8d 15 8d 1e a4 fe a0 37 33 7e bb cd 41 9a 05 51 bb b3 95 be cf ec 3b 4b 96 25 cf ec 7c c3 24 21 e5 5a 71 81 1d 63 6b a5 83 4d 4d da d4 5b d2 b2 a5 65 d9 ee 25 17 8b 9a 4d 57 ac 7e bb 9f 8e 94 Data Ascii: PNGIHDR0RJRsBIT\|dpHYs~tEXtSoftwareMacromedia Fireworks 8hxxprVWxMhAg3ilf.+(hAQAA*^<hPWZHbCMiDE"73~AQ;K%\|$!ZqckMM[e%MW~
2025-01-12 00:16:59 UTC	16384	IN	Data Raw: ac ce ea e7 46 6e e3 5f d2 cf 1a 43 7b e6 19 8c 6d 55 7a a7 7e 88 e5 75 ef ef a5 2b a8 57 29 5a a7 e3 68 6c d5 f9 3c e6 7a 90 f9 ef d9 6c 5d 95 b0 51 9f ce b4 91 3b 1f eb 79 5c ef 22 7c 0e 97 8c bd 8d bf e6 a1 b7 2b 64 fc 90 93 5e ca 7f 1f 55 8a e8 c7 2f b9 bd af f2 7e 1d e5 76 dd f7 67 ac 68 9f 1d bb 5b cf fe b6 8d 47 ce 90 7e 3f ae fb fc 52 f3 bf da 68 fb cb e5 c7 92 e8 3c f5 aa 58 ee 6d e3 24 f7 f3 57 b3 50 b6 49 fe b6 b1 18 17 ea 2c 61 d7 f7 47 7c b6 e4 ff ab ec 1f 73 51 06 63 ab cf c9 b0 d0 bf 15 dd 3f 1f 8d ea 1b f5 da e2 ff 36 a3 7b 98 29 bb 76 66 ec 37 da a0 3e 9d 3b 3f d4 f2 2f 0e 73 77 3c 56 f6 9e 03 ac 1d b1 4f 3f af a9 0f fc 3c d4 ca ed 79 a8 5b e8 63 4b 9c 96 f4 b5 32 17 bb 39 bf e6 a4 9d 29 bb 76 7e c8 d5 7b 04 f5 69 ee 79 90 bc 94 ce c1 5c Data Ascii: Fn_C{mUz~u+W)Zhl<zl]Q;y\"\|+d^U/~vgh[G~?Rh<Xm$WPI,aG\|sQc?6{)vf7>;?/sw<VO?<y[cK29)v~{iy\
2025-01-12 00:16:59 UTC	16384	IN	Data Raw: 20 1e 65 e4 fd 27 ef 3d 8a d6 f8 3f 85 cd 98 6f e9 e7 f9 6e 80 ed b1 61 f6 eb ec 9b f4 bd 7c 37 18 8d 15 f9 3e 9a fd 3f c7 90 f4 55 96 25 cb 3b ab ef 12 8f a2 ad fc 8f 2f f1 6d f6 b5 9e 4e 7f 2f e8 e3 49 8e b5 d9 f7 66 f3 51 d6 83 fc 7a 7b c8 f1 3c d3 64 cc e9 36 e9 64 99 6e f9 3b e8 af da ca ff a5 b2 51 be 03 96 6d fb 7b 7b f7 35 ed 24 fd c0 fb 04 69 d1 a6 78 e6 14 ff 67 3c c6 24 f2 22 cd 5e be 25 3d ea fc af 94 52 4a 29 a5 9e 53 97 da e7 cd 74 ef 65 2f f9 d6 94 eb 20 97 b0 61 7d 1b cd be 6b fa f7 d4 5f b5 f6 79 b5 3f ac 39 d4 9a c9 6c cd 7a 8d d2 ff 7d 6d 23 bf f3 47 df fc 4b 6b 21 ac 9b f4 f3 6b 28 cb 39 ea 47 fc e3 31 bb bf 94 de e8 7a 96 d7 2c ad 51 bf 26 ee 6c cd 69 56 e6 bf 8a fd b2 dc fb 23 5f d6 3c f2 9c f6 c2 33 b9 ce 9e 6d 24 f7 5e 39 67 0d 97 Data Ascii: e'=?ona\|7>?U%;/mN/IfQz{<d6dn;Qm{{5$ixg<$"^%=RJ)Ste/ a}k_y?9lz}m#GKk!k(9G1z,Q&liV#_<3m$^9g
2025-01-12 00:16:59 UTC	11259	IN	Data Raw: 0b 10 0d d0 5d c8 cb 6c 29 42 2e b6 23 9a 9d ae 88 1f 94 6e a2 ea 83 68 bf b2 09 24 99 15 5a 3f 98 51 88 f4 53 f0 43 fc 32 42 50 fe 45 f3 fc 20 3e d0 d2 e9 1a 9b 78 ad 1d 3b 9a b8 ae 16 f1 23 32 6b 27 bd 08 d1 bc 1c 69 d7 2d 04 f6 7f 3c 32 0e 9a 22 95 c7 03 2e c2 c7 08 99 8d 31 43 cf c2 10 0c 43 91 67 64 28 42 62 86 d0 10 eb 69 5b 2d 88 cb f4 3b 33 e8 9c ee 03 93 81 d1 8e ec 36 2c 3b 14 72 31 34 0a a1 fa 6e 29 6d 13 47 c4 85 31 9e 93 10 b2 30 2b 4c 99 10 48 16 74 cc c1 20 9b fa 8a a0 b6 80 4e 80 b2 10 6d c6 0a 1a 6a 61 92 30 f6 1d 9a 46 a0 3f 8c 6e 82 6b 4b 73 cd 0a 02 1d 94 cb 30 62 ba 84 23 b7 66 3f af 13 0e ba 09 a9 b3 2d 32 0a bf db 83 cd d9 dc f5 44 e0 ad ae c6 5b 5e de 2c 13 92 0f 48 1c 3c 88 68 53 98 fe a2 d5 ab f1 49 f9 f8 3d 1e f2 bf ff 9e ed 59 Data Ascii: ]l)B.#nh$Z?QSC2BPE >x;#2k'i-<2".1CCgd(Bbi[-;36,;r14n)mG10+LHt Nmja0F?nkKs0b#f?-2D[^,H<hSI=Y

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	541	OUT	GET /system/resource/js/base64.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	351	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 4749 Last-Modified: Fri, 10 Jan 2025 07:04:21 GMT Connection: close Vary: Accept-Encoding ETag: "6780c675-128d" Expires: Tue, 11 Feb 2025 00:16:59 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:59 UTC	4749	IN	Data Raw: 2f 2a 2a 20 20 0d 0a 2a 20 20 0d 0a 2a 20 20 42 61 73 65 36 34 20 65 6e 63 6f 64 65 20 2f 20 64 65 63 6f 64 65 20 20 0d 0a 2a 20 20 e6 96 87 e5 ad 97 e9 87 87 e7 94 a8 55 54 46 2d 38 e6 96 b9 e5 bc 8f e8 bf 9b e8 a1 8c 42 61 73 65 36 34 e7 bc 96 e7 a0 81 0d 0a 2a 20 20 0d 0a 2a 2f 20 20 0d 0a 20 20 20 20 0d 0a 66 75 6e 63 74 69 6f 6e 20 42 61 73 65 36 34 28 29 20 7b 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 2f 2f 20 70 72 69 76 61 74 65 20 70 72 6f 70 65 72 74 79 20 20 20 0d 0a 20 20 20 20 5f 6b 65 79 53 74 72 20 3d 20 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 3b 20 20 20 0d 0a 20 20 20 20 0d 0a Data Ascii: /** * * Base64 encode / decode * UTF-8Base64* */ function Base64() { // private property _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	543	OUT	GET /system/resource/js/formfunc.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	350	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 1356 Last-Modified: Fri, 10 Jan 2025 07:04:22 GMT Connection: close Vary: Accept-Encoding ETag: "6780c676-54c" Expires: Tue, 11 Feb 2025 00:16:59 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:59 UTC	1356	IN	Data Raw: ef bb bf 2f 2a e6 8c 89 e9 92 ae e4 b9 8b e7 b1 bb e7 9a 84 e6 8f 90 e4 ba a4 e6 97 b6 64 69 73 61 62 6c 65 64 2c 20 e7 84 b6 e5 90 8e e6 8f 90 e4 ba a4 e5 ae 8c e6 88 90 e8 87 aa e5 8a a8 65 6e 61 62 6c 65 3b 20 e7 94 a8 e5 9c a8 e6 8f 90 e4 ba a4 e5 8a a8 e4 bd 9c e5 8f 91 e7 94 9f e5 89 8d 2c 20 e5 a6 82 20 6f 6e 73 75 62 6d 69 74 20 e4 b8 ad 0d 0a e7 94 a8 e6 b3 95 e4 b8 be e4 be 8b ef bc 9a 20 e5 8f 82 e8 a7 81 e6 9c ac e7 9b ae e5 bd 95 66 6f 72 6d 66 75 6e 63 64 65 6d 6f 2e 68 74 6d 0d 0a 2a 2f 0d 0a 66 75 6e 63 74 69 6f 6e 20 56 73 62 46 6f 72 6d 46 75 6e 63 28 29 0d 0a 7b 0d 0a 20 20 20 20 76 61 72 20 5f 74 68 69 73 20 3d 20 74 68 69 73 3b 0d 0a 20 20 20 20 5f 74 68 69 73 2e 64 69 73 61 62 6c 65 41 75 74 6f 45 6e 61 62 6c 65 20 3d 20 66 75 6e 63 Data Ascii: /disabled, enable; , onsubmit formfuncdemo.htm/function VsbFormFunc(){ var _this = this; _this.disableAutoEnable = func

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	544	OUT	GET /system/resource/js/dynclicks.js HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	350	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 3504 Last-Modified: Fri, 10 Jan 2025 07:04:22 GMT Connection: close Vary: Accept-Encoding ETag: "6780c676-db0" Expires: Tue, 11 Feb 2025 00:16:59 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:59 UTC	3504	IN	Data Raw: ef bb bf 66 75 6e 63 74 69 6f 6e 20 5f 64 79 6e 43 6c 69 63 6b 73 5f 61 6a 61 78 28 29 0d 0a 7b 0d 0a 20 20 20 20 76 61 72 20 78 6d 6c 68 74 74 70 20 3d 20 6e 75 6c 6c 3b 0d 0a 20 20 20 20 74 72 79 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 78 6d 6c 68 74 74 70 20 3d 20 6e 65 77 20 41 63 74 69 76 65 58 4f 62 6a 65 63 74 28 22 4d 69 63 72 6f 73 6f 66 74 2e 58 4d 4c 48 54 54 50 22 29 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 63 61 74 63 68 28 65 29 0d 0a 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 72 79 0d 0a 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 78 6d 6c 68 74 74 70 20 3d 20 6e 65 77 20 41 63 74 69 76 65 58 4f 62 6a 65 63 74 28 22 4d 73 78 6d 6c 32 2e 58 4d 4c 48 54 54 50 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d Data Ascii: function _dynClicks_ajax(){ var xmlhttp = null; try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) { try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	612	OUT	GET /images/21/11/25/1p6vg4xelj/banner-5.jpg HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: image/jpeg Content-Length: 248821 Last-Modified: Fri, 10 Jan 2025 07:04:24 GMT Connection: close ETag: "6780c678-3cbf5" Expires: Tue, 11 Feb 2025 00:16:59 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:16:59 UTC	16080	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 04 03 02 02 03 04 05 04 04 04 04 04 05 06 05 05 05 05 05 05 06 06 07 07 08 07 07 06 09 09 0a 0a 09 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff db 00 43 01 03 03 03 05 04 05 09 06 06 09 0d 0b 09 0b 0d 0f 0e 0e 0e 0e 0f 0f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 01 78 04 b0 03 01 11 00 02 11 01 03 11 01 ff c4 00 1e 00 00 00 06 03 01 01 00 00 00 00 00 00 00 00 00 00 03 04 05 06 07 08 00 01 02 09 0a ff c4 00 60 10 00 01 03 03 02 04 04 03 05 05 04 05 08 05 02 17 02 01 03 04 05 06 11 00 12 07 13 21 31 08 14 22 41 32 51 61 15 23 42 71 81 Data Ascii: JFIFHHCCx`!1"A2Qa#Bq
2025-01-12 00:16:59 UTC	16384	IN	Data Raw: 5f 78 11 51 d8 8d 73 8d b3 8e 9b 9c c9 07 51 5d bb 3d b7 68 eb 31 4a 7a 76 81 39 ca 5d b7 b9 5a 22 82 49 af 94 6c 9b f5 68 0e ac 34 aa d4 24 00 89 10 82 92 af 5d ab f8 51 34 c8 24 04 e5 6a c8 d3 ad 95 b6 f1 2b 6f dc 17 1d 4a d4 62 81 41 b9 67 53 a9 10 a4 b9 56 98 e3 04 e2 84 d7 8c 53 61 08 65 55 50 45 7a a2 2a 75 d7 62 8d 81 a0 af 4e d7 81 ba a6 75 08 73 29 c6 4d 4e 83 2e 09 82 ed 22 79 a7 1a 4e 9f f6 88 9a da 11 17 82 88 20 89 8e ed c8 63 fd d5 ce 89 4b 20 49 3a fc 93 56 a9 66 dd c9 e9 05 55 4f 74 d4 b2 8b 5b 53 1f 22 f7 4d 52 b5 98 51 e8 88 9f 54 d5 15 16 06 33 85 5c 7c d7 42 a0 5d f4 25 e9 8f d3 51 33 d9 6d 11 3f 12 17 d3 51 42 b3 1d f0 39 ff 00 3d 45 65 04 a3 9f 6c 7d 53 51 09 6a c4 e8 bd b4 48 08 52 d7 03 ad d4 b9 f8 c5 c3 3a 2a 82 3a cc 9a fc 67 a4 Data Ascii: _xQsQ]=h1Jzv9]Z"Ilh4$]Q4$j+oJbAgSVSaeUPEzubNus)MN."yN cK I:VfUOt[S"MRQT3\\|B]%Q3m?QB9=Eel}SQjHR::g
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: b2 ee a8 7f 8e e6 ad 70 a6 eb 01 8c cc c5 98 90 e3 2c 67 54 90 0d 1c 98 ce 51 54 30 ba 38 99 77 80 93 50 fc b1 92 a8 9a 0d 14 e3 d4 4a a1 45 aa c1 71 15 43 9d 02 4b 6f 8a 2a 0f 55 e5 c9 16 7f 4f 56 ba 3c 27 03 7d 17 27 8a c2 35 ba 9e af 7b 32 d8 97 03 85 8c cc e2 0d ad 6b 54 7f 62 e2 85 16 97 70 6f 88 73 58 47 49 c2 7f 98 08 6d 87 57 10 76 aa eb 30 76 57 b8 5b 9a d7 24 39 c3 7c 5c 93 2e a9 c1 4b d9 8b 66 f0 7e de a5 d2 af 09 15 48 d4 b8 d4 bf d9 f9 d1 67 73 b6 49 37 64 6d 11 3d c8 a2 3b 57 0b df db 54 e7 31 c4 66 e4 89 90 bd a1 ca 1d b5 38 7f 59 7b 89 bc 3d a2 5d 7c 3d ac d1 1e a8 5c f4 c6 49 ca 85 3d c6 91 71 21 0d 7d 66 0a 3f 83 e7 ab 9e 9e 39 58 4d c2 90 ba 56 ba da a8 b6 e9 b3 2c 9a dd e5 75 f2 58 7e 1d 4e 4d 7a a3 f7 90 e4 1b 64 ab e6 9c ea bb 4b 1f Data Ascii: p,gTQT08wPJEqCKo*UOV<'}'5{2kTbposXGImWv0vW[$9\|\.Kf~HgsI7dm=;WT1f8Y{=]\|=\I=q!}f?9XMV,uX~NMzdK
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: e6 8e 36 e2 22 a8 aa 89 0e 51 70 a8 a8 bf 54 c6 88 1b a5 96 d9 19 c6 ad 55 96 6d d4 57 65 9b 75 15 59 66 dd 5a bb 2d 61 75 6a 59 66 dd 52 96 5a db f4 d5 dd 4b 2d 63 56 a5 96 61 35 14 b2 d6 35 15 65 59 b7 51 5d 96 6d d4 52 cb 5b 75 14 b2 e7 67 d3 56 86 cb 5b 13 e5 a9 75 2c b1 43 e9 a9 75 32 ad 72 f5 2e af 2a da 0a 7c b5 2e ae cb 14 75 2e a5 96 6d 5f d3 52 ea ac b3 1a 97 57 65 ac 6a ee a6 55 9b 75 2e a5 96 b6 7d 75 2e aa cb 5b 35 2e ad 6b 6e ad 5e 55 bc 6a 29 95 6b 1a 8a ec 81 93 15 99 6c 3b 19 f6 d1 c6 9d 15 12 05 fa a6 3f a6 a9 42 12 44 3b 6a 8b 0e 8f 48 a1 a5 3a 2c 88 14 38 cd c4 a6 b6 fb 62 e2 b4 0d b7 ca 45 15 54 e8 aa 3d 32 9a 5c b0 b2 51 67 0b 85 6d bb 76 46 60 51 69 34 b2 47 20 53 e2 c5 74 5a 56 39 e2 09 cc 56 95 ce 77 2c 8f ba 8e f5 dd 85 d2 28 e8 Data Ascii: 6"QpTUmWeuYfZ-aujYfRZK-cVa55eYQ]mR[ugV[u,Cu2r.*\|.u.m_RWejUu.}u.[5.kn^Uj)kl;?BD;jH:,8bET=2\QgmvF`Qi4G StZV9Vw,(
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: c6 ba f4 03 ea d4 cc 5d d1 11 33 f2 d6 65 b2 cb cf db f1 a1 9f c4 2b ca 49 00 fa ea b2 13 af 5f 81 e4 6d 3f a0 6b a7 00 f0 05 e7 ea 5d f5 85 48 9c 18 88 30 4b 88 f5 5c 6d 48 76 e2 80 9f b2 6f 74 49 53 f5 db a5 55 8f 08 f7 4f a1 3a bb d9 52 a9 54 b8 ae d3 22 0a 43 61 5e 79 a1 da 80 3b 0b 71 8a 7b 8e 17 df 5b 63 8c 2c 39 c8 e6 9e fc 4c af 57 6d fe 2a dd 8d 50 6b f5 da 1f 92 28 30 f9 70 25 ba cb 6b c8 86 c8 92 ed 45 c6 57 df 59 e1 a4 8a 46 dd c3 9a d9 35 44 8d 76 87 92 b2 c1 7a 5e 56 f7 85 db 76 fb 6e bf 2e 75 ed 56 ac 44 65 ea c5 58 1b a8 2a b2 f7 34 8c 39 72 10 87 04 0d 8e b0 f7 66 f1 f2 72 5b c5 49 14 f9 b9 a6 b5 36 ff 00 b8 6a 24 ab 58 b5 78 7b 39 d8 f4 6a a4 d6 ea 03 4c 18 af ee 62 03 ef 27 56 14 45 10 d4 76 92 7c 95 74 73 51 b5 ad d0 94 88 6b 33 9d 40 Data Ascii: ]3e+I_m?k]H0K\mHvotISUO:RT"Ca^y;q{[c,9LWmPk(0p%kEWYF5Dvz^Vvn.uVDeX49rfr[I6j$Xx{9jLb'VEv\|tsQk3@
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: 2b bd 95 32 e3 dc 39 51 ac 6a b5 2e cf ae d6 ad 57 6c f9 df 68 52 46 9c e8 1f 91 a8 92 f9 a3 61 fe 42 38 8e 38 fa 7a 49 b5 c9 22 74 dd af 8b 76 c3 18 fa 26 aa 1a 3a 76 0e 08 df a6 ab b9 87 d3 32 48 9c e7 ef 65 05 5a f3 a2 4a ba 38 a7 78 57 6c 5b 57 ed 1a db 54 58 74 7b 4d 6a 6e 4d 78 45 e6 49 24 b2 6c 6e d8 db 46 6e f3 11 bd ab b1 7d 3b 93 5e 0f b4 55 ec 99 91 b2 9d a5 82 f7 71 b6 9e e0 ad 54 ac 3a 17 9b 9b 26 7d 1e e0 b6 6b 13 8d 86 ab d2 44 d6 a2 e4 0b 63 ca b2 ed 3e 9c 4c 32 47 cc 36 c0 b6 22 b3 f7 2a 03 d7 2a ba e2 d4 d0 54 30 79 41 b8 b9 be a7 d3 5e 45 3a f7 3b a7 a7 10 6e 09 cd 42 b7 ac 6a 35 2e 64 39 37 d4 67 12 d2 8c c3 2a a6 8e bc f3 60 12 17 96 a8 ad 88 8b 9b d3 3d f5 87 09 a3 ce e7 4d 23 ae 23 3e 2b 9f c1 36 5b e5 d0 6e a2 ab c6 af 2e 81 7c 85 Data Ascii: +29Qj.WlhRFaB88zI"tv&:v2HeZJ8xWl[WTXt{MjnMxEI$lnFn};^UqT:&}kDc>L2G6"*T0yA^E:;nBj5.d97g`=M##>+6[n.\|
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: 3d 5c e4 13 8b 31 aa cc f8 71 8e 0b 26 e2 92 88 88 ac 52 69 ac 11 7f db 49 9e e6 3f f7 49 ac 55 5e 75 d4 c3 b5 62 b4 5f 3f eb ac cb a0 99 7c 49 73 67 0d b8 84 b8 cf fe af 4d 1f fb e2 83 ff 00 1d 36 11 77 b7 dd 22 a8 da 27 1f 45 e4 b5 6a 23 2d d0 a9 cd ed 0f bc 65 c1 ed df b0 26 bd 25 4e 81 78 4a 2f 13 95 98 e3 bf 99 87 c4 ea 65 36 04 e9 90 09 9a 0d 0e 12 f9 57 8d a5 4c 86 7f d9 aa 2f e3 d7 1e 8e 36 96 9b 8b af 45 88 48 e6 c8 32 9e 49 26 b3 5e af c1 72 84 e5 2e e3 b8 20 93 8e 57 d5 54 25 bb d5 b6 ea 9c 96 13 a9 2f 46 d1 a5 41 f9 6a 32 96 37 38 82 12 e4 ab 90 30 58 f5 53 a4 2a 95 78 38 61 c4 5b 8b ed c9 73 6a f4 6a bc 78 94 49 b2 d0 25 2b 00 91 e3 ef 11 17 84 c1 72 6e 92 ae 51 7f cb 59 05 0b 4c ed 8f 92 dc 6b 9c da 57 cb cc 26 1d 3e e8 b9 2a b0 2e 93 9f fb Data Ascii: =\1q&RiI?IU^ub_?\|IsgM6w"'Ej#-e&%NxJ/e6WL/6EH2I&^r. WT%/FAj2780XSx8a[sjjxI%+rnQYLkW&>.
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: 6b 48 54 41 25 59 88 ef 56 d9 d9 cc 26 08 05 3e 14 e9 a3 4c 4e 10 a8 96 11 15 89 3b f1 eb 3c 8e cc fe 5a 2d d4 cc b9 5a ac c4 20 56 63 a1 08 b8 9c d4 5e fb 7d f1 a1 b3 ae ac bc 23 3b b3 b8 93 dd 73 ad c9 29 05 b5 db 3a 69 bf 19 cf df 97 29 cd ab 85 15 44 44 5d 21 db aa 08 f4 aa ac 16 49 96 b7 38 8f 49 f4 b0 82 06 b9 2f 96 51 30 9f ae 81 c5 32 ea a5 71 ba b0 54 71 ae d4 6a 34 2a cd 5e 95 70 d0 ce 80 fb 50 11 4a 4b 64 8f 8c a0 28 ed 20 12 b8 66 a1 b7 ae 04 53 d4 ab ac e5 f6 4a 73 55 7e f0 f7 c5 bb 72 25 7a bb e6 e8 57 55 ab 51 a8 b5 1e 03 b5 3b 8a 3b 6d c5 11 47 77 93 60 6d 8f c6 bf c6 b8 14 f9 ea 47 28 72 99 32 15 e9 35 3a e7 a1 a3 70 76 d6 e9 e9 f6 9b c9 1a 9c 1c f0 25 7d d5 12 3e 5b 7b 15 72 bb 40 97 f4 d6 90 f0 98 12 e8 49 19 4a 6e a6 55 37 6d ca af cb Data Ascii: kHTA%YV&>LN;<Z-Z Vc^}#;s):i)DD]!I8I/Q02qTqj4*^pPJKd( fSJsU~r%zWUQ;;mGw`mG(r25:pv%}>[{r@IJnU7m
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: ae 21 b8 a2 00 4a ab b9 44 75 d5 78 86 9e 32 f3 ba 57 07 c5 72 a7 7a 0d a7 6a 44 84 ed 85 ce b5 e9 f5 2f b4 a0 56 ab 32 ea b2 44 e7 4c 05 22 6a 2d 35 a5 11 6d 5b 23 17 c8 5e 46 b3 ea 4e e9 b7 3a f3 f3 d6 4c e3 c5 dd bb 0b 72 f5 4d 3a d8 ae ab 9c 3b 8b 5d 83 7a 47 2b 7a b5 12 7d 97 4b 95 2e 2d 1d c7 5b 83 48 a6 cc 07 95 1c 84 d9 02 6f 7d d6 c3 aa 6f 35 ce 15 35 29 b1 63 01 8f c4 2c e7 5b fd c7 d6 dd 15 31 ce 03 45 51 24 13 25 85 68 c3 97 f8 3a 60 95 3e 6b ed af a0 05 d3 06 e1 16 ec 39 15 5f d1 34 4a d3 9a c8 a2 39 75 5e 76 95 b4 1b 88 ee 0a d4 0a 72 74 ca e2 4c 90 6c ba 7d 05 57 5d 2c 21 99 aa 1b e9 af c9 2a 67 78 0a fa 46 30 40 f4 34 89 cb 6f d2 da 7f 74 7a 26 ba ef 37 24 af 06 e3 a9 5c 7a 91 30 88 9f 96 80 94 0b cc 5f 16 9b ee 0e 2d 14 54 74 d6 3d 06 9c Data Ascii: !JDux2WrzjD/V2DL"j-5m[#^FN:LrM:;]zG+z}K.-[Ho}o55)c,[1EQ$%h:`>k9_4J9u^vrtLl}W],!*gxF0@4otz&7$\z0_-Tt=
2025-01-12 00:17:00 UTC	16384	IN	Data Raw: 95 95 c4 e0 d4 eb 7e 91 c1 e9 f1 98 a8 30 76 e5 12 ab 3d 52 bd 21 81 61 15 95 95 b5 c9 62 df 54 54 29 0e ae cf 90 e3 eb ae bf 04 cd 16 57 05 c5 ac 93 87 31 75 f7 0a 47 62 f5 b2 7e cc b8 84 ab fc 88 f5 7a f2 db 71 6a 66 d0 83 4c cf fb 38 c8 7a a6 0d 01 4f 6e d3 5f 88 b1 b7 3a ba 9a 56 54 b7 86 7c b7 fe 05 9a 0a 87 42 73 0d ff 00 9a a8 d7 c3 c1 48 83 1a 2c 77 e6 1b f5 58 81 5c a5 57 dd 8c fb 86 91 fc bb c8 5c 9f 41 e1 c9 0a 8b 97 48 b2 b9 e8 9d 74 f8 f0 e8 1f e1 c9 e1 4b 7d 5c ad fb 5a a9 f2 e0 9d 44 4a c5 3e 9d 56 96 4b 50 88 dc c7 e4 3f 0c c0 51 63 30 00 e0 24 c1 2d a2 7b 79 a8 6b d8 97 28 ab 9d 70 7e 84 e1 4f 9e 21 76 83 e5 77 3f 65 d5 38 86 68 f2 bc f8 88 dc 72 50 7d e7 76 5d 90 ec 56 ea 7c 3a 9b 46 a9 5b b0 e9 94 5b 82 95 5f 75 b5 48 aa 65 31 c0 f5 c1 Data Ascii: ~0v=R!abTT)W1uGb~zqjfL8zOn_:VT\|BsH,wX\W\AHtK}\ZDJ>VKP?Qc0$-{yk(p~O!vw?e8hrP}v]V\|:F[[_uHe1

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	593	OUT	GET /img/baidu_jgylogo3.gif HTTP/1.1 Host: www.baidu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	499	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 705 Content-Type: image/gif Date: Sun, 12 Jan 2025 00:16:59 GMT Etag: "2c1-4a6473f6030c0" Expires: Wed, 10 Jan 2035 00:16:59 GMT Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT P3p: CP=" OTI DSP COR IVA OUR IND COM " Server: Apache Set-Cookie: BAIDUID=18C41BFB53904CF6DC8787FBDF054588:FG=1; expires=Mon, 12-Jan-26 00:16:59 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1 Connection: close
2025-01-12 00:16:59 UTC	680	IN	Data Raw: 47 49 46 38 39 61 75 00 26 00 a2 00 00 e6 32 2f ea d4 e2 59 60 e8 99 9d f1 ef 76 74 29 32 e1 e1 06 02 ff ff ff 21 f9 04 00 00 00 00 00 2c 00 00 00 00 75 00 26 00 00 03 ff 78 ba dc fe 30 b6 20 4a 19 30 04 c9 bb ff 60 c8 55 56 21 4c a4 b0 89 6c eb be cb 50 96 eb 11 cc 56 0d ef 7c 7f e0 96 93 82 34 c3 f8 8e 48 d0 0d 28 94 01 0b c9 a8 f4 b1 04 0e 9f 05 dd 74 7b ac e2 14 d8 2c 77 8c 7c 0a b1 42 b2 5a a4 61 10 4b c6 37 7c 4d f7 50 68 0a af 25 f6 d4 d6 ff 6e 38 46 4e 26 3a 40 46 80 89 7c 56 31 7e 77 85 79 03 92 8a 7f 72 16 88 20 84 39 94 6b 68 6c 4f 9c 6a 9e 21 9a 73 a1 5c a3 0c 1a 6d 0e 96 26 a7 5c ae 98 8f 41 5a ae 50 51 04 ba 7e 7f a5 9b 79 58 98 b7 52 06 c5 bc c5 c8 c9 06 00 00 04 bc 1f 00 c8 57 45 0b 7a 38 35 ae 27 ca db dc 06 0a d1 dd e1 e0 e1 c8 04 2e e3 Data Ascii: GIF89au&2/Y`vt)2!,u&x0 J0`UV!LlPV\|4H(t{,w\|BZaK7\|MPh%n8FN&:@F\|V1~wyr 9khlOj!s\m&\AZPQ~yXRWEz85'.
2025-01-12 00:16:59 UTC	25	IN	Data Raw: 0e 74 12 01 f5 1c 98 48 4b 26 bc 04 a2 16 01 b4 44 c4 4b 10 ad 91 00 00 3b Data Ascii: tHK&DK;

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	641	OUT	POST /wdzmr.php HTTP/1.1 Host: vkg.hpdbfezgrqwn.vip Connection: keep-alive Content-Length: 189 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8; Accept: / Origin: https://www.ccsurj.org Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:16:59 UTC	189	OUT	Data Raw: 74 69 74 6c 65 3d 25 45 39 25 41 36 25 39 36 25 45 39 25 41 31 25 42 35 2d 2d 25 45 34 25 42 38 25 38 30 25 45 37 25 41 42 25 39 45 25 45 36 25 38 41 25 38 30 25 45 35 25 41 45 25 39 38 25 45 37 25 42 44 25 39 31 2d 44 4f 54 41 32 25 32 43 4c 4f 4c 25 32 43 43 53 47 4f 25 45 36 25 42 38 25 42 38 25 45 36 25 38 38 25 38 46 25 45 38 25 42 35 25 39 42 25 45 34 25 42 41 25 38 42 25 45 35 25 38 46 25 38 41 25 45 35 25 39 30 25 38 34 25 45 37 25 41 37 25 38 44 25 45 38 25 42 35 25 39 42 25 45 34 25 42 41 25 38 42 25 45 37 25 41 42 25 39 45 25 45 37 25 38 43 25 39 43 Data Ascii: title=%E9%A6%96%E9%A1%B5--%E4%B8%80%E7%AB%9E%E6%8A%80%E5%AE%98%E7%BD%91-DOTA2%2CLOL%2CCSGO%E6%B8%B8%E6%88%8F%E8%B5%9B%E4%BA%8B%E5%8F%8A%E5%90%84%E7%A7%8D%E8%B5%9B%E4%BA%8B%E7%AB%9E%E7%8C%9C
2025-01-12 00:17:00 UTC	339	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Request-ID: fe79e2197ab9891d0001b4dad3098706 Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Strict-Transport-Security: max-age=31536000
2025-01-12 00:17:00 UTC	679	IN	Data Raw: 32 39 62 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 56 5f 50 41 54 48 3d 22 2f 22 3b 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 20 72 65 74 75 72 6e 20 74 72 75 65 3b 20 7d 3b 64 6f 63 75 6d 65 6e 74 2e 6f 6e 6b 65 79 64 6f 77 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 6f 6e 6b 65 79 75 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 6f 6e 6b 65 79 70 72 65 73 73 20 3d 20 6e 65 77 20 46 75 6e 63 74 69 6f 6e 28 22 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 29 3b 64 6f 63 75 6d 65 6e 74 2e 6f 6e 63 6f 6e 74 65 78 74 6d 65 6e 75 20 3d 20 6e 65 77 20 46 75 6e 63 74 69 6f 6e 28 22 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 Data Ascii: 29b<html><head><script>var V_PATH="/";window.onerror=function(){ return true; };document.onkeydown = document.onkeyup = document.onkeypress = new Function("return false;");document.oncontextmenu = new Function("return false;");</script><meta name="vi

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:16:59 UTC	608	OUT	GET /web/index/images/logo_440x140.v.4.png HTTP/1.1 Host: www.sogou.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:17:00 UTC	905	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:16:59 GMT Content-Type: image/png Content-Length: 2950 Connection: close Last-Modified: Mon, 19 Aug 2024 09:14:31 GMT Set-Cookie: ABTEST=0\|1736641019\|v17; expires=Tue, 11-Feb-25 00:16:59 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: IPLOC=US; expires=Mon, 12-Jan-26 00:16:59 GMT; domain=.sogou.com; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: SUID=BD7B2E085EA7A20B00000000678309FB; expires=Sat, 07-Jan-2045 00:16:59 GMT; domain=.sogou.com; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" ETag: "66c30cf7-b86" Expires: Fri, 11 Jul 2025 00:16:59 GMT Cache-Control: max-age=15552000 UUID: 31634bbc-3d06-4b99-a489-27820dd1d99f Accept-Ranges: bytes
2025-01-12 00:17:00 UTC	2950	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b8 00 00 00 8c 08 03 00 00 00 39 88 4c 8e 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 7b 50 4c 54 45 47 70 4c 53 56 59 53 56 59 53 56 59 53 56 59 53 56 59 ff 75 1b 53 56 59 b3 63 38 53 56 59 ff 73 1a 53 56 59 53 56 59 53 56 59 53 56 59 53 56 59 53 56 59 ff 77 1d ff 70 18 ff 72 19 ff 7f 22 ff 84 26 ff 65 0f ff 66 10 53 56 59 ff 62 0d ff 62 0d ff 6c 14 ff 87 28 ff 84 26 53 56 59 fe 69 12 ff 6f 17 ff 8d 2d ff 7c 20 ff 76 1b ff 81 24 fe 63 0d fe 56 04 ff 86 27 fe 5d 09 f6 58 00 3f 00 00 00 1e 74 52 4e 53 00 12 4c 96 f7 c2 15 ef 08 3c 5d 7e ad 66 d3 2a e2 71 49 30 e5 90 8a a4 1c d1 e8 bd d4 b3 ad 02 03 e5 00 00 0a 7f 49 44 41 54 78 da ed 9d e9 7a a2 4a Data Ascii: PNGIHDR9LgAMAasRGB{PLTEGpLSVYSVYSVYSVYSVYuSVYc8SVYsSVYSVYSVYSVYSVYSVYwpr"&efSVYbbl(&SVYio-\| v$cV']X?tRNSL<]~f*qI0IDATxzJ

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:17:00 UTC	612	OUT	GET /images/21/11/25/1p6vg4xelj/banner-2.jpg HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:17:01 UTC	304	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:17:00 GMT Content-Type: image/jpeg Content-Length: 333374 Last-Modified: Fri, 10 Jan 2025 07:04:24 GMT Connection: close ETag: "6780c678-5163e" Expires: Tue, 11 Feb 2025 00:17:00 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:17:01 UTC	16080	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff db 00 43 00 02 02 02 02 02 02 02 02 02 02 02 02 02 02 03 04 03 02 02 03 04 05 04 04 04 04 04 05 06 05 05 05 05 05 05 06 06 07 07 08 07 07 06 09 09 0a 0a 09 09 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff db 00 43 01 03 03 03 05 04 05 09 06 06 09 0d 0b 09 0b 0d 0f 0e 0e 0e 0e 0f 0f 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 01 78 04 b0 03 01 11 00 02 11 01 03 11 01 ff c4 00 1e 00 00 01 05 01 01 01 01 01 00 00 00 00 00 00 00 00 07 03 04 05 06 08 02 09 01 00 0a ff c4 00 56 10 00 01 04 01 02 04 04 04 03 06 02 07 04 06 04 0f 02 01 03 04 05 06 11 12 00 07 13 21 14 22 31 41 15 23 32 51 08 61 71 16 24 Data Ascii: JFIFHHCCxV!"1A#2Qaq$
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: 44 fd 97 5b 35 ed e8 9f 7e 12 e9 2c ba d9 ed ed c2 5d 7a c9 5d ba a6 ba 7e 9c 35 79 74 d0 f6 d7 4f 4e da 70 8e 29 2c 9f 82 2a a0 ff 00 75 e2 12 a4 09 c0 86 ed 4b ed e9 c3 2e a4 0c ba 70 0d a8 f9 be fe 9c 34 95 2b 1b 65 d2 26 aa aa bd bb f0 89 d6 4e 9a 4f 4e de fd f8 8d c9 ed 4e 51 14 97 df b7 bf 0c 29 e0 27 8d f9 47 d3 cc be 9c 44 52 a5 74 54 fb ea 5a 6a bc 35 3a cb b1 fa bb f7 41 4d 07 84 4f 09 76 d3 4d 55 7d 57 86 12 9e c1 c4 a7 02 2b d8 51 15 75 f5 e1 b7 53 5b 44 e0 5b dd dd 7b 20 f1 1d d4 8d 6a 59 05 57 44 1e c9 ee bf 6e 11 39 2c 23 ae bd ff 00 4e 18 54 a0 68 97 11 d3 55 fb fa 70 c2 95 2e 29 db 4e 18 4a 78 4a e9 af 0c 4f 4e 40 7f cf 86 12 a4 09 d2 27 b2 76 4e 23 53 80 9d 34 89 dd 74 ee 9e fc 46 e4 a3 75 20 82 a8 88 1a ee f7 5e 21 bf 15 2a fa 28 a9 a2 Data Ascii: D[5~,]z]~5ytONp),uK.p4+e&NONNQ)'GDRtTZj5:AMOvMU}W+QuS[D[{ jYWDn9,#NThUp.)NJxJON@'vN#S4tFu ^!(
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: db ed 47 34 43 5f 91 25 c1 79 bd 3a 8d 1b 65 f6 4e 36 b8 8d 1b a6 8c 48 06 a4 2e 6f 43 55 d4 ca 58 78 1f 25 fb 91 7c f7 bf fc 29 65 50 f0 0c da 64 eb be 4c df 4a 08 d8 e5 db c6 ae bd 5c e9 e8 2c c3 92 ea f6 ea 20 f6 61 ed 76 be 08 8d 9a a3 82 25 c6 31 f1 98 0d c6 dc 47 d4 2d dd 3c c2 a5 b6 3e d7 3e 7d cb 6a 73 a3 93 d5 39 85 3c 3e 68 72 ca 4c 67 77 b6 b3 59 93 0b bb 2a d9 77 23 41 4e fd 22 5e ce b7 ea 05 df 44 d1 51 1d 2c 62 56 a7 b2 43 11 b1 59 76 b2 ed 6c 91 c8 f2 9a 28 17 b5 65 d3 99 10 f4 55 07 34 fc d1 50 84 93 f2 d0 91 74 5f 74 e0 63 c7 3d d1 46 10 e4 41 e5 1f 35 6c f9 27 3a 64 79 6d 94 fe 54 4e 90 d2 ce ab 02 f9 98 ec 99 6e 8b 69 22 36 f2 5d 61 12 af 9c 75 d5 b5 d0 7b ea 0a 6e a4 98 c5 ff 00 1f 97 f0 99 55 07 59 ff 00 2f 9f f2 8e 1c ee e4 d4 49 71 Data Ascii: G4C_%y:eN6H.oCUXx%\|)ePdLJ\, av%1G-<>>}js9<>hrLgwY*w#AN"^DQ,bVCYvl(eU4Pt_tc=FA5l':dymTNni"6]au{nUY/Iq
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: e7 96 dc 0d fd e1 54 39 ab cd 0b 0e 64 64 b5 eb 41 1a ca 86 a6 14 25 66 05 7c b2 f1 92 1f 47 5f 3f 98 f0 0e d4 d7 72 6d 1d 9a 9f dc 97 b2 70 03 16 af 8a b0 87 86 e8 de fd 79 ef f7 42 ab 2a 2e d0 d6 1d 77 27 f8 5f 71 2b be 6c a6 41 51 57 1c 71 d3 1b 57 c2 34 39 92 e2 ad 7b 2c 1b 68 44 8e 3a eb c0 9e 41 44 5d db 4f 77 b8 f9 97 b8 ac 23 06 8b 12 ab 8e 2a 6b b2 62 ee c9 cd b1 e6 08 d8 f2 d3 b9 04 aa c4 5d 49 4e f9 26 17 60 1a f2 b2 f4 8a 90 a7 78 18 ad 5a cf 83 71 38 98 44 97 61 10 3a 6c ba 45 a8 ea 23 bc fb 7e 6a ba af aa f1 f6 46 13 49 53 4d 46 c8 ea 25 eb 64 68 d5 d6 cb 7f 25 f3 c5 74 f0 cf 50 e7 43 1e 46 1d 9b 7b d9 42 55 79 eb 6a 17 45 d3 c2 46 15 f7 d3 46 91 17 fe 5c 68 1d b9 f3 42 59 b0 f2 4f 0d bd 34 d1 7e e9 b7 d3 d1 78 f0 29 ae 62 af 65 51 9a 96 dd Data Ascii: T9ddA%f\|G_?rmpyB.w'_q+lAQWqW49{,hD:AD]Ow#kb]IN&`xZq8Da:lE#~jFISMF%dh%tPCF{BUyjEFF\hBYO4~x)beQ
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: 48 0c 4e c0 5e 81 2b c3 df cc 72 71 b7 f1 26 56 7a 79 62 99 8a 02 2f 4f 6e e1 40 11 52 15 43 24 55 d3 82 73 e2 35 13 db 30 b6 e3 b8 db 8f 9a a9 8b c9 20 d3 37 77 76 89 c7 2a a9 e1 e4 f1 9c a7 b1 86 c4 81 eb fe e0 f2 a6 d3 67 7a e8 48 d9 89 06 ba 2a ef d3 5d 3d 7f 4e 00 e2 73 18 dc 1d 7f 1e f4 09 80 3b da 43 fb 3a bc 8b 29 c6 b3 f8 34 d4 48 6b 55 7f ae 1f 15 a7 17 59 ad d6 3f b0 5e 7d c7 08 d3 ce 9d 4f 40 4d 50 89 04 57 54 e3 5f 46 22 a4 92 22 5d bb 7b 5c 75 23 90 fb f0 47 ea 68 7f 0f 4a 5a cd dc 01 f9 1d d2 42 d4 e2 8f 8f d8 46 2b a6 6f ea d0 7c 5c 47 84 94 8d b1 ea 01 bc db cb e5 25 da a0 8a 05 a2 ae 8b ea 8b c5 49 40 25 da 8b 14 1e 7a 57 93 65 a8 79 57 96 45 c4 6b ad a7 3d 61 1e 9c 5e 79 bb 49 51 25 57 04 d2 9c db 4d 6d 18 54 53 37 22 c4 7d f3 11 27 01 Data Ascii: HN^+rq&Vzyb/On@RC$Us50 7wvgzH]=Ns;C:)4HkUY?^}O@MPWT_F""]{\u#GhJZBF+o\|\G%I@%zWeyWEk=a^yIQ%WMmTS7"}'
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: b8 db 35 ae b4 dd ef 2c 5f 9f 8c bd 98 43 b9 a6 8d 8f 33 21 b8 60 dc 49 41 30 de 71 c5 5d 35 16 8c 81 8e 98 f7 54 71 50 b4 fe 5e 33 f2 d5 b5 9a 38 1b fa f2 43 6b 68 a7 94 99 49 fe 55 33 03 a7 a6 97 98 d1 47 c8 08 8f 1b 8f 61 1c 2c 2c 97 4e a3 a4 6e 08 ab 22 f2 a6 d6 b5 0d 7c c9 a2 8f 6d 15 17 4e 25 96 56 b7 5e 1c 55 1a 48 47 58 ad bc cd c7 79 89 9b 66 92 31 1c 7e 5b cd 64 4c c9 98 20 d1 be e3 4e a4 36 04 9c 75 42 63 fb 08 dd 92 2d 09 6f 2d 10 b4 14 d5 35 ed 5b 0a 96 28 e5 79 78 b0 d4 f9 f3 f0 e4 b7 b8 6d 65 34 52 0e b0 5c 21 9f 2e f3 ce 73 e1 d7 56 18 cd 3e 4b 98 e0 f5 4d 59 c7 67 27 85 30 c0 bc 2c 78 ab ba 40 0b 33 1b 78 82 51 89 2a 36 6d 26 e2 25 4d 35 1e 34 ff 00 89 64 22 e4 dc 1e 5c 79 11 e0 b5 f8 95 0e 1f 3c 61 ed 1d ab 69 6f af 72 97 ba a8 e6 08 66 Data Ascii: 5,_C3!`IA0q]5TqP^38CkhIU3Ga,,Nn"\|mN%V^UHGXyf1~[dL N6uBc-o-5[(yxme4R\!.sV>KMYg'0,x@3xQ*6m&%M54d"\y<aiorf
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: 16 8a 34 49 33 1e 83 e2 1d 0f 13 ab ee 0b 62 d2 38 20 be 61 25 45 25 d5 11 35 86 46 c3 0b 88 d6 cd 76 bc c0 bd b6 d0 5e f6 ef 54 ea 2a 98 d3 ec da c4 ef e2 ac 92 31 da 5c 6e 87 04 cf e8 ef a1 37 06 e2 3b 81 90 3d 1e d5 a9 71 ae 9b 94 c2 22 24 7d 8a 24 e3 b1 ba 66 29 f2 51 3d 94 bf 97 87 55 40 7a b2 d2 de d5 f4 e0 5b e4 75 1d eb 3b 49 52 67 9c b0 f0 f9 85 9f f9 8c f5 3f 2e e3 58 bb 6d 45 4a f2 73 0a fc a2 61 2f 41 79 a5 9a 8c bc c4 79 ee 21 20 75 c5 b0 6c a5 1b 28 60 df d4 a4 9d d5 35 e0 d3 30 ba 99 1a c7 67 d1 ad d7 88 27 e0 4e 96 bf 0d 11 09 df 19 20 0f 68 f3 e7 a8 fa 7b 90 17 18 c9 43 97 99 8b 76 79 bc ab 99 b8 ab d5 4e 41 84 b3 5f 71 cf 85 82 9a 10 8b 1d 55 51 da de aa 22 3a a6 e1 25 ee 8b db 8b f5 30 7e 36 1c 90 80 1f 7b e9 fa 8f f2 b6 d0 e1 02 2a 0b Data Ascii: 4I3b8 a%E%5Fv^T1\n7;=q"$}$f)Q=U@z[u;IRg?.XmEJsa/Ayy! ul(`50g'N h{CvyNA_qUQ":%0~6{
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: c9 10 f2 22 64 11 52 be 46 aa 9a 69 e3 a2 0f 87 35 ef db 73 25 df d7 87 b6 a9 ed d0 a6 3a 95 ae d4 14 40 95 9b f2 77 98 69 15 33 fc 09 d8 24 66 3a d9 74 56 5c 33 da 5b d3 ab 22 bb 5d e1 b9 10 b6 c8 67 66 ba 2a a7 6e 0a 52 63 52 43 ec bc 84 36 a3 0a 64 9e d3 41 4d 66 72 6e 83 24 62 b2 e7 05 ce 23 e5 d0 eb a4 b4 f4 7a a9 af b7 22 33 2c 47 15 12 65 3c 18 ec de 4d a9 26 af b6 ab e9 dd 38 d2 d3 74 b1 c1 96 7b 41 ef 1b fa f7 20 13 f4 71 a5 d9 9a e3 e0 76 f5 ef 42 4e 60 72 7f 22 bc 9a 51 73 bc 64 2a f1 68 e4 db 6c 5d c2 46 ec 66 ba 40 6a 2b d1 98 00 69 5e 2e f5 76 fd 2a 66 89 a7 91 74 e0 e4 38 dd 25 47 ea b1 ef d3 fc fb d0 89 30 aa 98 35 b6 9d da ed f2 59 d2 87 94 b4 38 2c 6c 62 35 4c cb 99 73 2a de ac 99 55 19 e5 19 71 2b 65 d6 59 3e 5e 32 c8 1b 46 de 60 55 d7 Data Ascii: "dRFi5s%:@wi3$f:tV\3["]gfnRcRC6dAMfrn$b#z"3,Ge<M&8t{A qvBN`r"Qsdhl]Ff@j+i^.vft8%G05Y8,lb5LsUq+eY>^2F`U
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: 8a e2 64 72 e1 b7 5e ed 54 1b aa d9 83 6e c7 89 9d 20 cd b1 29 20 bf 30 fa ce 90 1a 92 35 ea a4 8d 88 a6 89 ae 91 a3 30 6c 7e c8 f3 1e f5 b8 c2 2a df f8 39 64 94 f6 89 d8 f6 4d 80 b6 df 2d fc 49 42 7c 46 24 ca 4a 8c 6e 97 14 93 a5 9d d9 9b d3 66 96 f2 6d d6 00 fc 13 f1 87 54 42 da f6 e5 12 d1 13 46 44 d5 74 55 ef 6a d6 6e e8 04 a5 cf 94 91 b7 af 5e 2a d1 02 8b 12 55 72 b7 13 7e 92 ba f6 ba ac 20 d9 28 ca 95 3e 54 a6 03 53 7a 4c 87 5c 12 55 16 fc 50 34 aa a9 a8 22 08 2a a9 37 aa e7 f1 07 cc e3 72 3b 3d c8 c7 57 23 18 35 36 3c fe 43 89 47 9e 52 b8 c5 47 34 29 4e 2d bc 2a 6a 88 a0 e5 75 ac 82 f9 6d bb 19 63 b8 e1 ee 42 24 44 1d c2 8e ee 25 f2 fa a2 2a f6 e0 10 a5 fc 5b 7a 97 7e ae 3c 8f 05 5a ba 9d e6 02 e2 2e 7e bb 20 5e 7d 90 62 19 4f 31 6f 33 cc 65 99 47 Data Ascii: dr^Tn ) 050l~9dM-IB\|F$JnfmTBFDtUjn^Ur~ (>TSzL\UP4"7r;=W#56<CGRG4)N-jumcB$D%*[z~<Z.~ ^}bO1o3eG
2025-01-12 00:17:01 UTC	16384	IN	Data Raw: 42 18 eb 66 d7 4f 5e f4 4d c1 a7 cf 1c fa 1f 2e 9c a5 bf b8 e5 f5 86 0d 22 8c 61 57 b2 ec 95 69 ab 67 c6 6c 52 d5 15 10 4a 34 94 3f 39 92 77 4d db b7 2a 70 fa 27 cb 59 06 61 ab b3 7c b7 d3 bf 43 65 9a 9f 0e 99 ee cc 07 62 db fa ee 54 3c 17 0f cd 72 6e 61 60 95 96 03 61 39 f8 56 f3 6a 33 89 52 95 5a 6c 2a 6b 7c 37 8b 66 51 b5 b1 b2 8c 4d 81 ec ee 9f 33 bf d4 a8 bc 1b e8 e5 33 aa 2b bf 0a d3 94 3a d7 00 fe 9e d1 77 ba da a1 58 cc 2c a0 a0 7c 93 0b 91 7b 73 bf e9 b2 ab fe 22 6c e0 65 d9 55 54 fc 64 59 93 41 57 18 2a 21 3c 05 d5 1d 90 5e 7a 14 72 7b ba ec 27 06 3e a2 8b ea 3a 2f e7 c5 03 17 e1 6a a7 61 20 80 eb 02 3f 50 1c 42 12 d7 0a 88 62 78 07 56 fb 95 a2 2e 1b 26 7e 1b 8e 7c 1b 25 81 99 83 4c c9 58 d4 55 88 24 dc 28 ea 23 2d ee 83 8a a0 b2 5c ea b8 e0 b8 Data Ascii: BfO^M."aWiglRJ4?9wMp'Ya\|CebT<rna`a9Vj3RZlk\|7fQM33+:wX,\|{s"leUTdYAW*!<^zr{'>:/ja ?PBbxV.&~\|%LXU$(#-\

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:17:00 UTC	611	OUT	GET /images/slider-arrow.png HTTP/1.1 Host: www.ccsurj.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.ccsurj.org/style/style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:17:01 UTC	299	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 12 Jan 2025 00:17:00 GMT Content-Type: image/png Content-Length: 1377 Last-Modified: Fri, 10 Jan 2025 07:04:35 GMT Connection: close ETag: "6780c683-561" Expires: Tue, 11 Feb 2025 00:17:00 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes
2025-01-12 00:17:01 UTC	1377	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 eb 00 00 00 46 08 06 00 00 00 2d 88 63 e5 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 22 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 30 36 37 20 37 39 2e 31 35 37 37 34 37 2c 20 32 30 31 35 2f 30 33 2f 33 30 2d 32 33 3a 34 30 3a 34 32 20 20 Data Ascii: PNGIHDRF-ctEXtSoftwareAdobe ImageReadyqe<"iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42