Edit tour

Windows Analysis Report
https://informed.deliveryelc.top/us/

Overview

General Information

Sample URL:	https://informed.deliveryelc.top/us/
Analysis ID:	1589683
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

AI detected suspicious URL

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2180,i,8207117373059037879,371962863403030045,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://informed.deliveryelc.top/us/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_46	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
1.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=dFYasO50ko2Imcnpza4Xy2YAEQuNoSMvbqGFKWBL3NWDASdAft9HActW%2FjpkNTr1VgZmjyFYkJuaIwzlEeJ8oCKpk7ji9rgsjpL%2FprrcqjaC%2BifK0XEScUJuxQPxrLuaqcAoL4NEclrKWWI%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 398Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 00:07:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFYasO50ko2Imcnpza4Xy2YAEQuNoSMvbqGFKWBL3NWDASdAft9HActW%2FjpkNTr1VgZmjyFYkJuaIwzlEeJ8oCKpk7ji9rgsjpL%2FprrcqjaC%2BifK0XEScUJuxQPxrLuaqcAoL4NEclrKWWI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 901125f53acd727a-EWR

Source: chromecache_46.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_46.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62240
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal68.phis.win@16/10@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2180,i,8207117373059037879,371962863403030045,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://informed.deliveryelc.top/us/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2180,i,8207117373059037879,371962863403030045,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://informed.deliveryelc.top/us/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://informed.deliveryelc.top/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://informed.deliveryelc.top/favicon.ico	100%	Avira URL Cloud	phishing
https://informed.deliveryelc.top/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
informed.deliveryelc.top	104.21.38.157	true	true	unknown
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	172.217.18.100	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://informed.deliveryelc.top/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://informed.deliveryelc.top/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: phishing	unknown
https://informed.deliveryelc.top/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=dFYasO50ko2Imcnpza4Xy2YAEQuNoSMvbqGFKWBL3NWDASdAft9HActW%2FjpkNTr1VgZmjyFYkJuaIwzlEeJ8oCKpk7ji9rgsjpL%2FprrcqjaC%2BifK0XEScUJuxQPxrLuaqcAoL4NEclrKWWI%3D	false		high
https://informed.deliveryelc.top/us/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_46.2.dr	false		high
https://www.cloudflare.com/5xx-error-landing	chromecache_46.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.38.157	informed.deliveryelc.top	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.217.16.196	unknown	United States	15169	GOOGLEUS	false
172.217.18.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589683
Start date and time:	2025-01-13 01:06:45 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://informed.deliveryelc.top/us/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@16/10@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.110, 64.233.184.84, 216.58.212.174, 142.250.186.78, 142.250.186.46, 172.202.163.200, 199.232.214.172, 192.229.221.95, 20.3.187.198, 20.242.39.171, 13.95.31.18, 172.217.16.206, 52.165.164.15, 216.58.206.78, 142.250.185.206, 131.107.255.255, 142.250.186.163, 34.104.35.123, 2.23.242.162, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, edgedl.me.gvt1.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://informed.deliveryelc.top/us/

Input	Output
URL: https://informed.deliveryelc.top Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://informed.deliveryelc.top
URL: https://informed.deliveryelc.top/us/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script checks if cookies are enabled in the user's browser and displays a cookie alert if they are not. This is a common practice to inform users about cookie usage and does not demonstrate any high-risk behaviors." }
if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) }
URL: https://informed.deliveryelc.top/us/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": true }

URL: https://informed.deliveryelc.top/us/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://informed.deliveryelc.top/us/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://informed.deliveryelc.top/us/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryelc.top/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4548
Entropy (8bit):	5.0344270992704745
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOiUAt0ZLmmqrR89PaQxJbGD:1j9jhjYjIK/Vo+tr0Z6mqre9ieJGD
MD5:	9DD17A7BEA550E0F5E802F5CB62C365E
SHA1:	6FC4ACB755A30969CBB113DA62C6BB859D7B7339
SHA-256:	A13C9B6681135114C7974E4BBC74DED1D07F0C573714C5147D6BA05B1493B5E0
SHA-512:	5A6080D941A72426D2FCC3006EB14B5316F1A6D3C63D26597EEEB319481FE288507793C5491D2E8B84EAE488294C57617A72651465CCE4FE3C180EA3FFF34BC5
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryelc.top/us/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	32038
Entropy (8bit):	3.7586031096610943
Encrypted:	false
SSDEEP:	192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn
MD5:	3F0F72ED57A54B97CDA500BCF0545EFB
SHA1:	2F252619C18E729D98E16B96D37CD7CD567B38EB
SHA-256:	67FBE8EF9020E5C776AADF6801A1FEF8DC563E2E4DC9DDC740AF8010C0C38943
SHA-512:	EA68C54A3CA39A47555A41AE5FC3723F1E7C06B3AD1776EE7082FFBFF48277D2B4EE7CA1753165C2DCCDF7012EB0CBE29CDBDE21DC05373A07CF18E23DE37E54
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryelc.top/favicon.ico
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@...................e21.f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21.f32Qf32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q...Q.....US.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q.\[Q.............\|z.m<;.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.uGG..................RP.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.xKJ..................vu.k98.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.g43......^].....................{NL.f32.f32.f32Qf32Qf32.f32.f32..\[.............ts..ww...............k98.f32Qf32Qf32.f32.f32...........................................f32Qf32Qf32.f32.g43.....................................rq....f32Qh65Qh65.h65.j87..YY..[[..[[..[[..\[..]]..oo...........vu.f32Q...Q.........................................mk.g43.f32.f32.f32Q...Q........................`^.p?=.f32.f32.f32.f32.f32.f32.f32Q..Q.....ml.rB@.g43.f32.f32.f32.f32.f32.f32.f32.f32.f32.f3

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://informed.deliveryelc.top/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	32038
Entropy (8bit):	3.7586031096610943
Encrypted:	false
SSDEEP:	192:cfRys3/ZtSs9axogZeLpoCaAVbZ5iDJ6j5+qDxZ7cnPgW5LnM:cr68dcgWJn
MD5:	3F0F72ED57A54B97CDA500BCF0545EFB
SHA1:	2F252619C18E729D98E16B96D37CD7CD567B38EB
SHA-256:	67FBE8EF9020E5C776AADF6801A1FEF8DC563E2E4DC9DDC740AF8010C0C38943
SHA-512:	EA68C54A3CA39A47555A41AE5FC3723F1E7C06B3AD1776EE7082FFBFF48277D2B4EE7CA1753165C2DCCDF7012EB0CBE29CDBDE21DC05373A07CF18E23DE37E54
Malicious:	false
Reputation:	low
Preview:	............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... .....@...................e21.f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21.f32Qf32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q...Q.....US.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Q.\[Q.............\|z.m<;.f32.f32.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.uGG..................RP.f32.f32.f32.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.xKJ..................vu.k98.f32.f32.f32.f32.f32Qf32Qf32.f32.f32.g43......^].....................{NL.f32.f32.f32Qf32Qf32.f32.f32..\[.............ts..ww...............k98.f32Qf32Qf32.f32.f32...........................................f32Qf32Qf32.f32.g43.....................................rq....f32Qh65Qh65.h65.j87..YY..[[..[[..[[..\[..]]..oo...........vu.f32Q...Q.........................................mk.g43.f32.f32.f32Q...Q........................`^.p?=.f32.f32.f32.f32.f32.f32.f32Q..Q.....ml.rB@.g43.f32.f32.f32.f32.f32.f32.f32.f32.f32.f3

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:07:41.132167101 CET	49675	443	192.168.2.4	173.222.162.32
Jan 13, 2025 01:07:45.566257954 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:45.566301107 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:45.566797018 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:45.567491055 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:45.567507029 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:46.221566916 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:46.223679066 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:46.223694086 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:46.224694014 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:46.225073099 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:46.231522083 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:46.231585979 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:46.286806107 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:46.286815882 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:46.333926916 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:47.538870096 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:47.538918972 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:47.539024115 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:47.539515972 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:47.539531946 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:47.540041924 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:47.540090084 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:47.540168047 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:47.540441036 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:47.540455103 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.002087116 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.023216963 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.056474924 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.073704958 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.468209982 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.468247890 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.468482971 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.468516111 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.469624996 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.469705105 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.472096920 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.472136974 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.472192049 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.495367050 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.495420933 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.495498896 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.495599985 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.495609045 CET	443	49742	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.495620012 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.496172905 CET	49742	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.498852015 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.498920918 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.499001026 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.499093056 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.499155998 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.499208927 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.499365091 CET	443	49741	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.499475956 CET	49741	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.499771118 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.499831915 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.499907970 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.500369072 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.500385046 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.500781059 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.500802040 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.968472004 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.968770981 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.968811989 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.970484018 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.970556974 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.977458954 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.977722883 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:48.977756977 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.978749990 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:48.978827953 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.259864092 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.260023117 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.260188103 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.260211945 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.260215998 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.303339958 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.306260109 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.306261063 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.306276083 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.306276083 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.350406885 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.350425005 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.360399961 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.360512972 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.360569000 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.360590935 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.360666037 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.360722065 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.360730886 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.360863924 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.360949993 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.453075886 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.453119040 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:49.453161001 CET	49743	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.453202963 CET	443	49743	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.453219891 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.455064058 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.455087900 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:49.488121986 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.531337976 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589281082 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589338064 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589378119 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589397907 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.589427948 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589487076 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589515924 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.589524984 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589689970 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589734077 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589736938 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.589747906 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.589785099 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.594038010 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.594094992 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.594105005 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.594225883 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.594274044 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.594281912 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.649182081 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.680021048 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.680109978 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.680164099 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.680176020 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.680188894 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.680231094 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.680238962 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.680372000 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.680418968 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.761679888 CET	49744	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.761706114 CET	443	49744	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.778100967 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.778141975 CET	443	49746	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.778376102 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.779135942 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:49.779154062 CET	443	49746	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:49.946604013 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:49.958655119 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.958673000 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:49.962116003 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:49.962274075 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.987190008 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.987411022 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:49.987627983 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.033648968 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.033659935 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.087230921 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.114027977 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.114234924 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.114361048 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.114599943 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.114619017 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.115199089 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.115235090 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.115298033 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.115758896 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.115771055 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.240354061 CET	443	49746	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.240767002 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.240788937 CET	443	49746	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.244175911 CET	443	49746	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.244244099 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.244659901 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.244703054 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.244740009 CET	443	49746	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.244760990 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.244813919 CET	49746	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.245069027 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.245127916 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.245193005 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.245414972 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.245435953 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.581238031 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.581645012 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.581659079 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.582479954 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.583899975 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.583976030 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.584254026 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.627321959 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.709490061 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.709705114 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.709810019 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.709819078 CET	443	49749	35.190.80.1	192.168.2.4
Jan 13, 2025 01:07:50.709841013 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.709860086 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.709881067 CET	49749	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:07:50.731338024 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.773602962 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.838274002 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.838308096 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.839987040 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.847285032 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.847455025 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.847462893 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.847496033 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.906069994 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.953938961 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.954091072 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:50.955528975 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.997322083 CET	49750	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:50.997370005 CET	443	49750	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.005153894 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.005184889 CET	443	49751	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.005898952 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.006211042 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.006227970 CET	443	49751	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.467370033 CET	443	49751	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.467693090 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.467706919 CET	443	49751	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.471432924 CET	443	49751	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.471508026 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.472071886 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.472110033 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.472160101 CET	443	49751	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.472168922 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.472229004 CET	49751	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.472732067 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.472820997 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.472920895 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.473193884 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.473234892 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.786621094 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.786664009 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.786998987 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.787353039 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.787439108 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.787924051 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.788009882 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.788028955 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.788310051 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.788355112 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.951891899 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.952486038 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.952552080 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.954011917 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.954103947 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.954627037 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.954715014 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:51.954816103 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:51.954834938 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.005055904 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.093656063 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.093775988 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.093883038 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.093883038 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.093950033 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094038963 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.094041109 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094068050 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094130039 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.094149113 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094296932 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094356060 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.094371080 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094481945 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.094543934 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.094556093 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.098484039 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.098788977 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.098802090 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.145524979 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.183846951 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184067965 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184171915 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184259892 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184349060 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.184355974 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184349060 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.184418917 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184546947 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.184566021 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.184986115 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185056925 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.185070038 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185165882 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185236931 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.185249090 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185405970 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185477018 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.185488939 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185549021 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.185625076 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.185971022 CET	49752	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.185998917 CET	443	49752	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.193486929 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.193538904 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.193624973 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.194259882 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.194278955 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.260279894 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.260643959 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.260663033 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.262682915 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.263032913 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.263123989 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.263839960 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.264045000 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.264138937 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.264214039 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.264616966 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.264698982 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.265165091 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.265240908 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.265535116 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.265542984 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.265551090 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.265552044 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.317383051 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.317600965 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.401977062 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.402144909 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.402215004 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.402935028 CET	49753	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.402954102 CET	443	49753	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.422709942 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.422775984 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.422813892 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.422851086 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.422888041 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.422890902 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.422966957 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.423007965 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.423051119 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.423337936 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.423409939 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.423490047 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.423506021 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.427439928 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.427483082 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.427520990 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.427536964 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.427593946 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.513256073 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513345957 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513384104 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513412952 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513441086 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513457060 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.513468981 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513499022 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513511896 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.513520956 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.513521910 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.513562918 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.514059067 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.514117956 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.514151096 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.514208078 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.514240026 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.514358044 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.514662027 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.514796019 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.514853001 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.515099049 CET	49754	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.515129089 CET	443	49754	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.802809000 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.803165913 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.803184986 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.806741953 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.806821108 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.807343960 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.807513952 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.848629951 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:52.848645926 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:07:52.895503044 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:07:56.133272886 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:56.133361101 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:56.133421898 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:58.406604052 CET	49738	443	192.168.2.4	172.217.18.100
Jan 13, 2025 01:07:58.406677008 CET	443	49738	172.217.18.100	192.168.2.4
Jan 13, 2025 01:07:58.812122107 CET	62179	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:58.816992044 CET	53	62179	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:58.817111015 CET	62179	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:58.817111015 CET	62179	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:58.821964025 CET	53	62179	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:59.260139942 CET	53	62179	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:59.262623072 CET	62179	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:59.267687082 CET	53	62179	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:59.267764091 CET	62179	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:08:07.570508003 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:08:07.570633888 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:08:07.570765018 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:08:07.836895943 CET	49755	443	192.168.2.4	104.21.38.157
Jan 13, 2025 01:08:07.836935043 CET	443	49755	104.21.38.157	192.168.2.4
Jan 13, 2025 01:08:45.616415977 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:45.616486073 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:45.616581917 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:45.617073059 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:45.617086887 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:46.273488998 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:46.274033070 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:46.274051905 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:46.274733067 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:46.275552988 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:46.275641918 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:46.317909956 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:56.209599972 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:56.209676027 CET	443	62240	172.217.16.196	192.168.2.4
Jan 13, 2025 01:08:56.209733009 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:57.836199045 CET	62240	443	192.168.2.4	172.217.16.196
Jan 13, 2025 01:08:57.836271048 CET	443	62240	172.217.16.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:07:41.113882065 CET	53	58696	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:41.130481958 CET	53	52758	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:42.160208941 CET	53	58028	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:45.557154894 CET	49768	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:45.557321072 CET	63733	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:45.564249992 CET	53	63733	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:45.564289093 CET	53	49768	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:47.170897961 CET	61589	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:47.170980930 CET	49629	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:47.527101040 CET	53	61589	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:47.527410984 CET	53	49629	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:49.363236904 CET	54005	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:49.364262104 CET	59671	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:49.369879007 CET	53	54005	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:49.371023893 CET	53	59671	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:51.011660099 CET	54199	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:51.011881113 CET	63876	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:07:51.720660925 CET	53	54199	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:52.673829079 CET	53	63876	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:58.795495987 CET	138	138	192.168.2.4	192.168.2.255
Jan 13, 2025 01:07:58.811611891 CET	53	59348	1.1.1.1	192.168.2.4
Jan 13, 2025 01:07:59.123754025 CET	53	64995	1.1.1.1	192.168.2.4
Jan 13, 2025 01:08:17.967052937 CET	53	59919	1.1.1.1	192.168.2.4
Jan 13, 2025 01:08:40.576833010 CET	53	50062	1.1.1.1	192.168.2.4
Jan 13, 2025 01:08:40.880424023 CET	53	64753	1.1.1.1	192.168.2.4
Jan 13, 2025 01:08:45.607903957 CET	51871	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:08:45.608391047 CET	50432	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:08:45.614526987 CET	53	51871	1.1.1.1	192.168.2.4
Jan 13, 2025 01:08:45.615165949 CET	53	50432	1.1.1.1	192.168.2.4
Jan 13, 2025 01:09:10.626204967 CET	53	63906	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 01:07:52.673942089 CET	192.168.2.4	1.1.1.1	c282	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 01:07:45.557154894 CET	192.168.2.4	1.1.1.1	0x4ae2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:45.557321072 CET	192.168.2.4	1.1.1.1	0x9c85	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 01:07:47.170897961 CET	192.168.2.4	1.1.1.1	0xc962	Standard query (0)	informed.deliveryelc.top	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:47.170980930 CET	192.168.2.4	1.1.1.1	0x3357	Standard query (0)	informed.deliveryelc.top	65	IN (0x0001)	false
Jan 13, 2025 01:07:49.363236904 CET	192.168.2.4	1.1.1.1	0xecc3	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:49.364262104 CET	192.168.2.4	1.1.1.1	0x5ee5	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 01:07:51.011660099 CET	192.168.2.4	1.1.1.1	0x1561	Standard query (0)	informed.deliveryelc.top	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:51.011881113 CET	192.168.2.4	1.1.1.1	0xfa32	Standard query (0)	informed.deliveryelc.top	65	IN (0x0001)	false
Jan 13, 2025 01:08:45.607903957 CET	192.168.2.4	1.1.1.1	0xdb48	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:08:45.608391047 CET	192.168.2.4	1.1.1.1	0x58f3	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 01:07:45.564249992 CET	1.1.1.1	192.168.2.4	0x9c85	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 01:07:45.564289093 CET	1.1.1.1	192.168.2.4	0x4ae2	No error (0)	www.google.com		172.217.18.100	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:47.527101040 CET	1.1.1.1	192.168.2.4	0xc962	No error (0)	informed.deliveryelc.top		104.21.38.157	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:47.527101040 CET	1.1.1.1	192.168.2.4	0xc962	No error (0)	informed.deliveryelc.top		172.67.168.40	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:47.527410984 CET	1.1.1.1	192.168.2.4	0x3357	No error (0)	informed.deliveryelc.top			65	IN (0x0001)	false
Jan 13, 2025 01:07:49.369879007 CET	1.1.1.1	192.168.2.4	0xecc3	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:51.720660925 CET	1.1.1.1	192.168.2.4	0x1561	No error (0)	informed.deliveryelc.top		104.21.38.157	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:51.720660925 CET	1.1.1.1	192.168.2.4	0x1561	No error (0)	informed.deliveryelc.top		172.67.168.40	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:52.673829079 CET	1.1.1.1	192.168.2.4	0xfa32	No error (0)	informed.deliveryelc.top			65	IN (0x0001)	false
Jan 13, 2025 01:07:55.728579044 CET	1.1.1.1	192.168.2.4	0x1e0c	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:55.728579044 CET	1.1.1.1	192.168.2.4	0x1e0c	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:07:57.273576021 CET	1.1.1.1	192.168.2.4	0xdd96	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:07:57.273576021 CET	1.1.1.1	192.168.2.4	0xdd96	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:08:35.703764915 CET	1.1.1.1	192.168.2.4	0x8768	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:08:35.703764915 CET	1.1.1.1	192.168.2.4	0x8768	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:08:45.614526987 CET	1.1.1.1	192.168.2.4	0xdb48	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:08:45.615165949 CET	1.1.1.1	192.168.2.4	0x58f3	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 01:08:53.924650908 CET	1.1.1.1	192.168.2.4	0xf2af	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:08:53.924650908 CET	1.1.1.1	192.168.2.4	0xf2af	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

informed.deliveryelc.top

https:

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	104.21.38.157	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:49 UTC	670	OUT	GET /us/ HTTP/1.1 Host: informed.deliveryelc.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:49 UTC	566	IN	HTTP/1.1 403 Forbidden Date: Mon, 13 Jan 2025 00:07:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFYasO50ko2Imcnpza4Xy2YAEQuNoSMvbqGFKWBL3NWDASdAft9HActW%2FjpkNTr1VgZmjyFYkJuaIwzlEeJ8oCKpk7ji9rgsjpL%2FprrcqjaC%2BifK0XEScUJuxQPxrLuaqcAoL4NEclrKWWI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901125f53acd727a-EWR
2025-01-13 00:07:49 UTC	803	IN	Data Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c Data Ascii: cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getEl
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <f
2025-01-13 00:07:49 UTC	1015	IN	Data Raw: 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 Data Ascii: al" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><sp
2025-01-13 00:07:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	104.21.38.157	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:49 UTC	578	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: informed.deliveryelc.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://informed.deliveryelc.top/us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:49 UTC	411	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:07:49 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-5df3" Server: cloudflare CF-RAY: 901125f6aea38c9b-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:07:49 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:07:49 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2025-01-13 00:07:49 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	35.190.80.1	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:49 UTC	557	OUT	OPTIONS /report/v4?s=dFYasO50ko2Imcnpza4Xy2YAEQuNoSMvbqGFKWBL3NWDASdAft9HActW%2FjpkNTr1VgZmjyFYkJuaIwzlEeJ8oCKpk7ji9rgsjpL%2FprrcqjaC%2BifK0XEScUJuxQPxrLuaqcAoL4NEclrKWWI%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://informed.deliveryelc.top Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:50 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 13 Jan 2025 00:07:49 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49749	35.190.80.1	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:50 UTC	490	OUT	POST /report/v4?s=dFYasO50ko2Imcnpza4Xy2YAEQuNoSMvbqGFKWBL3NWDASdAft9HActW%2FjpkNTr1VgZmjyFYkJuaIwzlEeJ8oCKpk7ji9rgsjpL%2FprrcqjaC%2BifK0XEScUJuxQPxrLuaqcAoL4NEclrKWWI%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 398 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:50 UTC	398	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 32 31 35 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 33 38 2e 31 35 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 6e 66 6f 72 6d 65 64 2e 64 65 6c 69 76 65 Data Ascii: [{"age":1,"body":{"elapsed_time":2155,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.38.157","status_code":403,"type":"http.error"},"type":"network-error","url":"https://informed.delive
2025-01-13 00:07:50 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 13 Jan 2025 00:07:50 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49750	104.21.38.157	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:50 UTC	667	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: informed.deliveryelc.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://informed.deliveryelc.top/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:50 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:07:50 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-1c4" Server: cloudflare CF-RAY: 901125ff1bbc1865-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:07:50 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:07:50 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49752	104.21.38.157	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:51 UTC	607	OUT	GET /favicon.ico HTTP/1.1 Host: informed.deliveryelc.top Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://informed.deliveryelc.top/us/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:52 UTC	979	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:07:52 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 32038 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=86400 Last-Modified: Mon, 15 Jul 2024 08:24:14 GMT ETag: W/"7d26-190b57e07b0" CF-Cache-Status: HIT Age: 68645 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BixVtTxF0jRY28qNjaSThw%2FMpDmuGCyVVR7DGdxPk0F6LHwOP7x%2B5L%2F0qfTL5Fxn0d%2B45jAt8Idlp%2BFJ%2Fb75ROy%2B7AtAFspixM6ZvyMqvn51EOX8yupcxXa1i78VGB5oQPwjkHQMoycMwb0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901126062ef97c84-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1940&rtt_var=732&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1185&delivery_rate=1505154&cwnd=246&unsent_bytes=0&cid=61ca8933b8229ff8&ts=151&x=0"
2025-01-13 00:07:52 UTC	390	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 00 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 32 31 1b 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 65 32 31 1b 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 e4 da d8 51 be a7 a5 ff 81 55 53 ff 66 33 32 ff 66 Data Ascii: hF 00 %V@@ (B:( @e21f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21f32Qf32f32f32f32f32f32f32f32f32f32f32f32f32f32f32QQUSf32f
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: bb a3 a1 ff 7f 52 50 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 78 4b 4a ff bf aa aa ff f8 f6 f6 ff fd fc fc ff d8 c9 c7 ff 9a 76 75 ff 6b 39 38 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 67 34 33 ff ab 8f 8e ff 86 5e 5d ff b6 9d 9d ff f0 eb eb ff ff ff ff ff ef e9 e9 ff b6 9b 9a ff 7b 4e 4c ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 85 5c 5b ff fe fd fd ff f7 f5 f5 ff c9 b7 b6 ff 97 74 73 ff 99 77 77 ff c7 b4 b4 ff f1 ed ed ff fb f9 f9 ff cd bb b9 ff 6b 39 38 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff b4 9b 9b ff ff ff ff Data Ascii: RPf32f32f32f32f32f32f32f32Qf32Qf32f32f32xKJvuk98f32f32f32f32f32Qf32Qf32f32f32g43^]{NLf32f32f32Qf32Qf32f32f32\[tswwk98f32Qf32Qf32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: 79 77 ff 6c 39 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fe fd fd a1 fe fd fd ff f1 eb ea ff bb a1 9f ff 7d 4e 4b ff 68 36 34 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 a4 86 85 a1 Data Ascii: ywl97f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32}NKh64f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: fe ff ef e9 e8 ff c2 aa a7 ff 84 59 56 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff ba a3 a2 ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff f7 f4 f4 ff d4 c6 c6 ff a0 81 80 ff 72 43 42 ff 6b 39 38 ff 7b 4f 4e ff a7 8a 8a ff d2 c4 c3 ff f7 f4 f4 ff ff ff ff ff ff ff ff ff fe fe fe ff f0 ea e9 ff 7c 4e 4c ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 6b 39 38 ff e6 dd dd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fa fa ff db cf cf ff b1 98 97 ff 8d 68 67 ff 74 45 44 ff 72 43 42 ff 8c Data Ascii: YVf32f32f32f32f32f32f32f32f32f32f32rCBk98{ON\|NLf32f32f32f32f32f32f32f32f32k98hgtEDrCB
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fd fd fd a1 fb fa fa ff f2 ed ec ff ce b9 b6 ff b2 97 95 ff 8c 61 5e ff 73 42 3f ff 6a 38 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 95 6f 6c a1 79 48 45 ff 67 34 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 Data Ascii: f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32a^sB?j87f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32olyHEg42f32f32f32f32f32f32f32f32f32f32f3
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 e3 65 32 31 f1 66 33 31 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 32 f1 65 32 32 f1 66 33 32 e3 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 Data Ascii: f32e21f31f32f32f32f32f32e22e22e22f32e22e22f32e22e22f32e22f32f31f31f31f32f31f31f31f31f32f31f31f31f31f31f31e21f31f31f31f31f31e22e22f32e22f32f32e21e22f32f32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff ff 01 be a9 a8 f1 e9 e3 e2 ff fe fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff fb f9 f9 ff ca b3 af ff a0 7d 7b ff 75 42 3f ff 67 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 6a 39 38 f1 83 5a 59 ff c1 ac ac ff f6 f3 f2 ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f9 f6 f6 ff dd cf cd ff b6 99 95 ff 77 44 41 ff 68 35 34 ff 66 33 32 ff 66 33 32 ff Data Ascii: }{uB?g32f32f32f32f32f32f32f32f32f32e21f31e21e21f31f32e21f32f32e21e21e22e21f31f31e21f32e21f31f31f32f31f31f31j98ZYwDAh54f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: 31 ff 66 33 32 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 6d 3d 3c ff 9a 79 78 ff cf bf be ff fa f8 f8 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fc fa fa ff d3 c0 bd ff ac 8d 8a ff 79 47 44 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 34 33 ff 6f 3f 3e ff 92 6d 6c ff d3 c5 c4 ff f3 ef ef ff fe fe fe ff ff ff ff ff ff ff ff ff ff Data Ascii: 1f32f31e21e21e21f31m=<yxyGDf32f31f32f31f31f32e21e21f31e21f32f31f32e21f31f32f31f32f32f32e21f32f32e22e21f32f32e21e21f32f43o?>ml
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff db d0 d0 ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff f0 eb eb ff d9 cd cd ff af 95 95 ff 80 55 54 ff 67 34 33 ff 66 33 32 ff 68 36 35 ff 7a 4e 4d ff 8f 69 69 ff b3 99 98 ff d9 cd cc ff fb fa fa ff fe fe fe ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f4 ef ee ff 94 6c 69 ff 66 33 32 ff 65 32 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 91 6d 6c ff f8 f5 f5 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e8 e1 e0 ff be a8 Data Ascii: UTg43f32h65zNMiilif32e21f31f31f32f32f32e21f32e21e22f32f32f32ml
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff b9 a1 a1 ff ca b9 b9 ff bc a7 a7 ff bc a7 a7 ff bc a7 a7 ff c3 af ae ff d1 c2 c2 ff ed e7 e7 ff fe fe fe ff e5 da d9 ff 6d 39 36 ff 65 32 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 6f 3f 3e ff a0 80 7f ff fe fe fe Data Ascii: m96e21f31e21f32e21f32f31f32f31f31e21f32f31f32f32e21f32f32f32f32f32f32f31f31f32f31f32e21f32e21f31f32o?>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49754	104.21.38.157	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:52 UTC	359	OUT	GET /favicon.ico HTTP/1.1 Host: informed.deliveryelc.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:52 UTC	974	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:07:52 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 32038 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=86400 Last-Modified: Mon, 15 Jul 2024 08:24:14 GMT ETag: W/"7d26-190b57e07b0" CF-Cache-Status: HIT Age: 68645 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QvhBl%2Bo%2Fw9%2B6mqsydpcxounQMakh81Cm7oJzZ7Jy1u2ZGM6NZ2QCpcauGU%2BnaH9qCC7Q%2BrfN3RGvBRU%2BhRdLYQumoUTGODJyKUf2n2MPajHR6BToFeltHSuq43QlZyxsKCqDQjhVSTHUqLQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 9011260838c618cc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1473&min_rtt=1451&rtt_var=588&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=937&delivery_rate=1794714&cwnd=252&unsent_bytes=0&cid=ad218df1da0be3f6&ts=165&x=0"
2025-01-13 00:07:52 UTC	395	IN	Data Raw: 00 00 01 00 04 00 10 10 00 00 00 00 20 00 68 04 00 00 46 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 ae 04 00 00 30 30 00 00 00 00 20 00 a8 25 00 00 56 15 00 00 40 40 00 00 00 00 20 00 28 42 00 00 fe 3a 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 32 31 1b 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 66 33 32 51 65 32 31 1b 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 e4 da d8 51 be a7 a5 ff 81 55 53 ff 66 33 32 ff 66 Data Ascii: hF 00 %V@@ (B:( @e21f32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qf32Qe21f32Qf32f32f32f32f32f32f32f32f32f32f32f32f32f32f32QQUSf32f
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: 52 50 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 78 4b 4a ff bf aa aa ff f8 f6 f6 ff fd fc fc ff d8 c9 c7 ff 9a 76 75 ff 6b 39 38 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 67 34 33 ff ab 8f 8e ff 86 5e 5d ff b6 9d 9d ff f0 eb eb ff ff ff ff ff ef e9 e9 ff b6 9b 9a ff 7b 4e 4c ff 66 33 32 ff 66 33 32 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff 85 5c 5b ff fe fd fd ff f7 f5 f5 ff c9 b7 b6 ff 97 74 73 ff 99 77 77 ff c7 b4 b4 ff f1 ed ed ff fb f9 f9 ff cd bb b9 ff 6b 39 38 ff 66 33 32 51 66 33 32 51 66 33 32 ff 66 33 32 ff 66 33 32 ff b4 9b 9b ff ff ff ff ff ff ff ff ff Data Ascii: RPf32f32f32f32f32f32f32f32Qf32Qf32f32f32xKJvuk98f32f32f32f32f32Qf32Qf32f32f32g43^]{NLf32f32f32Qf32Qf32f32f32\[tswwk98f32Qf32Qf32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fe fd fd a1 fe fd fd ff f1 eb ea ff bb a1 9f ff 7d 4e 4b ff 68 36 34 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 a4 86 85 a1 da ce ce ff fb Data Ascii: 7f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32}NKh64f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff c2 aa a7 ff 84 59 56 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff ba a3 a2 ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff f7 f4 f4 ff d4 c6 c6 ff a0 81 80 ff 72 43 42 ff 6b 39 38 ff 7b 4f 4e ff a7 8a 8a ff d2 c4 c3 ff f7 f4 f4 ff ff ff ff ff ff ff ff ff fe fe fe ff f0 ea e9 ff 7c 4e 4c ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 66 33 32 a1 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 6b 39 38 ff e6 dd dd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb fa fa ff db cf cf ff b1 98 97 ff 8d 68 67 ff 74 45 44 ff 72 43 42 ff 8c 65 65 ff c5 b2 Data Ascii: YVf32f32f32f32f32f32f32f32f32f32f32rCBk98{ON\|NLf32f32f32f32f32f32f32f32f32k98hgtEDrCBee
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 fd fd fd a1 fb fa fa ff f2 ed ec ff ce b9 b6 ff b2 97 95 ff 8c 61 5e ff 73 42 3f ff 6a 38 37 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 a1 ff ff ff 01 ff ff ff 01 95 6f 6c a1 79 48 45 ff 67 34 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 Data Ascii: f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32a^sB?j87f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32f32olyHEg42f32f32f32f32f32f32f32f32f32f32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 e3 65 32 31 f1 66 33 31 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 65 32 32 f1 66 33 32 f1 65 32 32 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 32 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 66 33 31 f1 65 32 32 f1 65 32 32 f1 66 33 32 e3 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 65 32 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff Data Ascii: f32e21f31f32f32f32f32f32e22e22e22f32e22e22f32e22e22f32e22f32f31f31f31f32f31f31f31f31f32f31f31f31f31f31f31e21f31f31f31f31f31e22e22f32e22f32f32e21e22f32f32f32f32f32
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: a8 f1 e9 e3 e2 ff fe fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff fb f9 f9 ff ca b3 af ff a0 7d 7b ff 75 42 3f ff 67 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 65 32 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 6a 39 38 f1 83 5a 59 ff c1 ac ac ff f6 f3 f2 ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f9 f6 f6 ff dd cf cd ff b6 99 95 ff 77 44 41 ff 68 35 34 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 66 Data Ascii: }{uB?g32f32f32f32f32f32f32f32f32f32e21f31e21e21f31f32e21f32f32e21e21e22e21f31f31e21f32e21f31f31f32f31f31f31j98ZYwDAh54f32f32e22f
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: ff 66 33 31 ff 65 32 31 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 6d 3d 3c ff 9a 79 78 ff cf bf be ff fa f8 f8 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fc fa fa ff d3 c0 bd ff ac 8d 8a ff 79 47 44 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 32 f1 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 65 32 31 ff 66 33 32 ff 66 34 33 ff 6f 3f 3e ff 92 6d 6c ff d3 c5 c4 ff f3 ef ef ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe Data Ascii: f31e21e21e21f31m=<yxyGDf32f31f32f31f31f32e21e21f31e21f32f31f32e21f31f32f31f32f32f32e21f32f32e22e21f32f32e21e21f32f43o?>ml
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff fe fe fe ff f0 eb eb ff d9 cd cd ff af 95 95 ff 80 55 54 ff 67 34 33 ff 66 33 32 ff 68 36 35 ff 7a 4e 4d ff 8f 69 69 ff b3 99 98 ff d9 cd cc ff fb fa fa ff fe fe fe ff fe fe fe ff ff ff ff ff fe fe fe ff fe fe fe ff f4 ef ee ff 94 6c 69 ff 66 33 32 ff 65 32 31 ff 66 33 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 66 33 32 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 65 32 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 91 6d 6c ff f8 f5 f5 ff ff ff ff ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e8 e1 e0 ff be a8 a8 ff 97 75 74 Data Ascii: UTg43f32h65zNMiilif32e21f31f31f32f32f32e21f32e21e22f32f32f32mlut
2025-01-13 00:07:52 UTC	1369	IN	Data Raw: a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff bb a4 a4 ff b9 a1 a1 ff ca b9 b9 ff bc a7 a7 ff bc a7 a7 ff bc a7 a7 ff c3 af ae ff d1 c2 c2 ff ed e7 e7 ff fe fe fe ff e5 da d9 ff 6d 39 36 ff 65 32 31 f1 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 66 33 31 f1 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 65 32 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 32 ff 66 33 31 ff 66 33 31 ff 66 33 32 ff 66 33 31 ff 66 33 32 ff 65 32 31 ff 66 33 32 ff 65 32 31 ff 66 33 31 ff 66 33 32 ff 6f 3f 3e ff a0 80 7f ff fe fe fe ff fe fe fe ff Data Ascii: m96e21f31e21f32e21f32f31f32f31f31e21f32f31f32f32e21f32f32f32f32f32f32f31f31f32f31f32e21f32e21f31f32o?>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49753	104.21.38.157	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:07:52 UTC	394	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: informed.deliveryelc.top Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:07:52 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:07:52 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-1c4" Server: cloudflare CF-RAY: 90112608389c41ef-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:07:52 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:07:52 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Target ID:	0
Start time:	19:07:36
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:07:39
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 --field-trial-handle=2180,i,8207117373059037879,371962863403030045,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:07:46
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://informed.deliveryelc.top/us/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://informed.deliveryelc.top/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing
Source: https://informed.deliveryelc.top/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://informed.deliveryelc.top/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_46, type: DROPPED

Source: https://informed.deliveryelc.top/us/	HTTP Parser: No favicon
Source: https://informed.deliveryelc.top/us/	HTTP Parser: No favicon

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /us/ HTTP/1.1Host: informed.deliveryelc.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: informed.deliveryelc.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://informed.deliveryelc.top/us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: informed.deliveryelc.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://informed.deliveryelc.top/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: informed.deliveryelc.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://informed.deliveryelc.top/us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: informed.deliveryelc.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: informed.deliveryelc.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: informed.deliveryelc.top
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://informed.deliveryelc.top/us/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3132, Parent PID: 5768

General

Chronological Activities

Analysis Process: chrome.exePID: 3848, Parent PID: 3132

General

Windows Analysis Report
https://informed.deliveryelc.top/us/