Edit tour

Windows Analysis Report
https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/

Overview

General Information

Sample URL:	https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/
Analysis ID:	1598225
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2556,i,14488737336053587371,11564217591594750329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io

Joe Sandbox AI: The URL 'https://eng--sso--coinbasepro-cdn--x---auth.webflow.io' appears to be attempting to mimic a legitimate Coinbase Pro URL. The use of 'coinbasepro' in the subdomain suggests an attempt to associate with the well-known cryptocurrency exchange platform, Coinbase. The legitimate URL for Coinbase Pro is 'https://pro.coinbase.com'. The analyzed URL uses multiple hyphens and subdomains, which can be a tactic to confuse users into thinking they are accessing a legitimate service. The domain 'webflow.io' is a legitimate platform for web hosting and design, which could be used for unrelated purposes, but the specific subdomain structure here is suspiciously complex and likely intended to deceive. The visual similarity is moderate due to the inclusion of 'coinbasepro', and the structural complexity increases the likelihood of user confusion. Overall, the URL has a high likelihood of being a typosquatting attempt.

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63741 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.6:49617 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:62225 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:63738 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: eng--sso--coinbasepro-cdn--x---auth.webflow.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css/webflow-https-errors.webflow.css HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/designer_favicon.5ea478d03e.png HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Graphik-Medium-Web.abf6e1188f.woff2 HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://eng--sso--coinbasepro-cdn--x---auth.webflow.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Graphik-Regular-Web.5a0c1a002e.woff2 HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://eng--sso--coinbasepro-cdn--x---auth.webflow.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/designer_favicon.5ea478d03e.png HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: eng--sso--coinbasepro-cdn--x---auth.webflow.io
Source: global traffic	DNS traffic detected: DNS query: d3e54v103j8qbb.cloudfront.net

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 24 Jan 2025 00:37:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Ray: 906bf3df59bb43dc-EWRCF-Cache-Status: HITCache-Control: public, max-age=432000ETag: W/"6789742d-38c"content-security-policy: frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.comsurrogate-key: eng--sso--coinbasepro-cdn--x---auth.webflow.iovary: Accept-EncodingSet-Cookie: _cfuvid=TB5DnAqjLGLnkOJ8QRDJpJllsSfdtlTlVb4HNqIbG8U-1737679022055-0.0.1.1-604800000; path=/; domain=.webflow.io; HttpOnly; Secure; SameSite=NoneServer: cloudflarealt-svc: h3=":443"; ma=86400

Source: sets.json.1.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.1.dr	String found in binary or memory: https://24.hu
Source: sets.json.1.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.1.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.1.dr	String found in binary or memory: https://alice.tw
Source: sets.json.1.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.1.dr	String found in binary or memory: https://autobild.de
Source: sets.json.1.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.1.dr	String found in binary or memory: https://bild.de
Source: sets.json.1.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.1.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.1.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.1.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.1.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.1.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.1.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.1.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.1.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.1.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.1.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.1.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.1.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.1.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.1.dr	String found in binary or memory: https://chennien.com
Source: sets.json.1.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.1.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.1.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.1.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.1.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.1.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.1.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.1.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.1.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.1.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.1.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.1.dr	String found in binary or memory: https://css-load.com
Source: chromecache_112.3.dr	String found in binary or memory: https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css
Source: chromecache_112.3.dr	String found in binary or memory: https://d3e54v103j8qbb.cloudfront.net/static/designer_favicon.5ea478d03e.png
Source: sets.json.1.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.1.dr	String found in binary or memory: https://deere.com
Source: sets.json.1.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.1.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.1.dr	String found in binary or memory: https://drimer.io
Source: sets.json.1.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.1.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.1.dr	String found in binary or memory: https://een.be
Source: sets.json.1.dr	String found in binary or memory: https://efront.com
Source: sets.json.1.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.1.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.1.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.1.dr	String found in binary or memory: https://ella.sv
Source: sets.json.1.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.1.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.1.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.1.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.1.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.1.dr	String found in binary or memory: https://finn.no
Source: sets.json.1.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.1.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.1.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.1.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.1.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://grid.id
Source: sets.json.1.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.1.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.1.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.1.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.1.dr	String found in binary or memory: https://hapara.com
Source: sets.json.1.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1.global
Source: sets.json.1.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.1.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.1.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.1.dr	String found in binary or memory: https://hearty.app
Source: sets.json.1.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.1.dr	String found in binary or memory: https://hearty.me
Source: sets.json.1.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.1.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.1.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.1.dr	String found in binary or memory: https://hj.rs
Source: sets.json.1.dr	String found in binary or memory: https://hjck.com
Source: sets.json.1.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.1.dr	String found in binary or memory: https://html-load.com
Source: sets.json.1.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.1.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.1.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.1.dr	String found in binary or memory: https://img-load.com
Source: sets.json.1.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.1.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.1.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.1.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.1.dr	String found in binary or memory: https://interia.pl
Source: sets.json.1.dr	String found in binary or memory: https://intoday.in
Source: sets.json.1.dr	String found in binary or memory: https://iolam.it
Source: sets.json.1.dr	String found in binary or memory: https://ishares.com
Source: sets.json.1.dr	String found in binary or memory: https://jagran.com
Source: sets.json.1.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.1.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.1.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.1.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.1.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.1.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.1.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.1.dr	String found in binary or memory: https://kompas.com
Source: sets.json.1.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.1.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.1.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.1.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.1.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.1.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.1.dr	String found in binary or memory: https://libero.it
Source: sets.json.1.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.1.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.1.dr	String found in binary or memory: https://livechat.com
Source: sets.json.1.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.1.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.1.dr	String found in binary or memory: https://livemint.com
Source: sets.json.1.dr	String found in binary or memory: https://max.auto
Source: sets.json.1.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.1.dr	String found in binary or memory: https://meo.pt
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.1.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.1.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.1.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.1.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.1.dr	String found in binary or memory: https://money.pl
Source: sets.json.1.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.1.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.1.dr	String found in binary or memory: https://nacion.com
Source: sets.json.1.dr	String found in binary or memory: https://naukri.com
Source: sets.json.1.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.1.dr	String found in binary or memory: https://nien.co
Source: sets.json.1.dr	String found in binary or memory: https://nien.com
Source: sets.json.1.dr	String found in binary or memory: https://nien.org
Source: sets.json.1.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.1.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.1.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.1.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.1.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.1.dr	String found in binary or memory: https://o2.pl
Source: sets.json.1.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.1.dr	String found in binary or memory: https://onet.pl
Source: sets.json.1.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.1.dr	String found in binary or memory: https://p106.net
Source: sets.json.1.dr	String found in binary or memory: https://p24.hu
Source: sets.json.1.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.1.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.1.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.1.dr	String found in binary or memory: https://player.pl
Source: sets.json.1.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.1.dr	String found in binary or memory: https://poalim.site
Source: sets.json.1.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.1.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.1.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.1.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.1.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.1.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.1.dr	String found in binary or memory: https://radio1.be
Source: sets.json.1.dr	String found in binary or memory: https://radio2.be
Source: sets.json.1.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.1.dr	String found in binary or memory: https://repid.org
Source: sets.json.1.dr	String found in binary or memory: https://reshim.org
Source: sets.json.1.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.1.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.1.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.1.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.1.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.1.dr	String found in binary or memory: https://samayam.com
Source: sets.json.1.dr	String found in binary or memory: https://sapo.io
Source: sets.json.1.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.1.dr	String found in binary or memory: https://shock.co
Source: sets.json.1.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.1.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.1.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.1.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.1.dr	String found in binary or memory: https://songshare.com
Source: sets.json.1.dr	String found in binary or memory: https://songstats.com
Source: sets.json.1.dr	String found in binary or memory: https://sporza.be
Source: sets.json.1.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.1.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.1.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.1.dr	String found in binary or memory: https://stripe.com
Source: sets.json.1.dr	String found in binary or memory: https://stripe.network
Source: sets.json.1.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.1.dr	String found in binary or memory: https://supereva.it
Source: sets.json.1.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.1.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.1.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.1.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.1.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.1.dr	String found in binary or memory: https://text.com
Source: sets.json.1.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.1.dr	String found in binary or memory: https://the42.ie
Source: sets.json.1.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.1.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.1.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.1.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.1.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.1.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.1.dr	String found in binary or memory: https://top.pl
Source: sets.json.1.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.1.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.1.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.1.dr	String found in binary or memory: https://tvid.in
Source: sets.json.1.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.1.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.1.dr	String found in binary or memory: https://unotv.com
Source: sets.json.1.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.1.dr	String found in binary or memory: https://vrt.be
Source: sets.json.1.dr	String found in binary or memory: https://vwo.com
Source: sets.json.1.dr	String found in binary or memory: https://welt.de
Source: sets.json.1.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.1.dr	String found in binary or memory: https://wildix.com
Source: sets.json.1.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.1.dr	String found in binary or memory: https://wingify.com
Source: sets.json.1.dr	String found in binary or memory: https://wordle.at
Source: sets.json.1.dr	String found in binary or memory: https://wp.pl
Source: sets.json.1.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.1.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.1.dr	String found in binary or memory: https://ya.ru
Source: sets.json.1.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.1.dr	String found in binary or memory: https://zalo.me
Source: sets.json.1.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.1.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.1.dr	String found in binary or memory: https://zoom.com
Source: sets.json.1.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63741
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:63741 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_3992_1000995087

Jump to behavior

Source: classification engine

Classification label: mal52.win@22/16@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2556,i,14488737336053587371,11564217591594750329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2556,i,14488737336053587371,11564217591594750329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Reputation
d3e54v103j8qbb.cloudfront.net	18.244.20.40	true	false	high
eng--sso--coinbasepro-cdn--x---auth.webflow.io	104.18.36.248	true	true	unknown
www.google.com	142.250.185.164	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css	false		high
https://d3e54v103j8qbb.cloudfront.net/static/designer_favicon.5ea478d03e.png	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://wieistmeineip.de	sets.json.1.dr	false	high
https://mercadoshops.com.co	sets.json.1.dr	false	high
https://gliadomain.com	sets.json.1.dr	false	high
https://poalim.xyz	sets.json.1.dr	false	high
https://mercadolivre.com	sets.json.1.dr	false	high
https://reshim.org	sets.json.1.dr	false	high
https://nourishingpursuits.com	sets.json.1.dr	false	high
https://medonet.pl	sets.json.1.dr	false	high
https://unotv.com	sets.json.1.dr	false	high
https://mercadoshops.com.br	sets.json.1.dr	false	high
https://joyreactor.cc	sets.json.1.dr	false	high
https://zdrowietvn.pl	sets.json.1.dr	false	high
https://johndeere.com	sets.json.1.dr	false	high
https://songstats.com	sets.json.1.dr	false	high
https://baomoi.com	sets.json.1.dr	false	high
https://supereva.it	sets.json.1.dr	false	high
https://elfinancierocr.com	sets.json.1.dr	false	high
https://bolasport.com	sets.json.1.dr	false	high
https://rws1nvtvt.com	sets.json.1.dr	false	high
https://desimartini.com	sets.json.1.dr	false	high
https://hearty.app	sets.json.1.dr	false	high
https://hearty.gift	sets.json.1.dr	false	high
https://mercadoshops.com	sets.json.1.dr	false	high
https://heartymail.com	sets.json.1.dr	false	high
https://nlc.hu	sets.json.1.dr	false	high
https://p106.net	sets.json.1.dr	false	high
https://radio2.be	sets.json.1.dr	false	high
https://finn.no	sets.json.1.dr	false	high
https://hc1.com	sets.json.1.dr	false	high
https://kompas.tv	sets.json.1.dr	false	high
https://mystudentdashboard.com	sets.json.1.dr	false	high
https://songshare.com	sets.json.1.dr	false	high
https://smaker.pl	sets.json.1.dr	false	high
https://mercadopago.com.mx	sets.json.1.dr	false	high
https://p24.hu	sets.json.1.dr	false	high
https://talkdeskqaid.com	sets.json.1.dr	false	high
https://24.hu	sets.json.1.dr	false	high
https://mercadopago.com.pe	sets.json.1.dr	false	high
https://cardsayings.net	sets.json.1.dr	false	high
https://text.com	sets.json.1.dr	false	high
https://mightytext.net	sets.json.1.dr	false	high
https://pudelek.pl	sets.json.1.dr	false	high
https://hazipatika.com	sets.json.1.dr	false	high
https://joyreactor.com	sets.json.1.dr	false	high
https://cookreactor.com	sets.json.1.dr	false	high
https://wildixin.com	sets.json.1.dr	false	high
https://eworkbookcloud.com	sets.json.1.dr	false	high
https://cognitiveai.ru	sets.json.1.dr	false	high
https://nacion.com	sets.json.1.dr	false	high
https://chennien.com	sets.json.1.dr	false	high
https://drimer.travel	sets.json.1.dr	false	high
https://deccoria.pl	sets.json.1.dr	false	high
https://mercadopago.cl	sets.json.1.dr	false	high
https://talkdeskstgid.com	sets.json.1.dr	false	high
https://naukri.com	sets.json.1.dr	false	high
https://interia.pl	sets.json.1.dr	false	high
https://bonvivir.com	sets.json.1.dr	false	high
https://carcostadvisor.be	sets.json.1.dr	false	high
https://salemovetravel.com	sets.json.1.dr	false	high
https://sapo.io	sets.json.1.dr	false	high
https://wpext.pl	sets.json.1.dr	false	high
https://welt.de	sets.json.1.dr	false	high
https://poalim.site	sets.json.1.dr	false	high
https://drimer.io	sets.json.1.dr	false	high
https://infoedgeindia.com	sets.json.1.dr	false	high
https://blackrockadvisorelite.it	sets.json.1.dr	false	high
https://cognitive-ai.ru	sets.json.1.dr	false	high
https://cafemedia.com	sets.json.1.dr	false	high
https://graziadaily.co.uk	sets.json.1.dr	false	high
https://thirdspace.org.au	sets.json.1.dr	false	high
https://mercadoshops.com.ar	sets.json.1.dr	false	high
https://smpn106jkt.sch.id	sets.json.1.dr	false	high
https://elpais.uy	sets.json.1.dr	false	high
https://landyrev.com	sets.json.1.dr	false	high
https://the42.ie	sets.json.1.dr	false	high
https://commentcamarche.com	sets.json.1.dr	false	high
https://tucarro.com.ve	sets.json.1.dr	false	high
https://rws3nvtvt.com	sets.json.1.dr	false	high
https://eleconomista.net	sets.json.1.dr	false	high
https://helpdesk.com	sets.json.1.dr	false	high
https://mercadolivre.com.br	sets.json.1.dr	false	high
https://clmbtech.com	sets.json.1.dr	false	high
https://standardsandpraiserepurpose.com	sets.json.1.dr	false	high
https://07c225f3.online	sets.json.1.dr	false	high
https://salemovefinancial.com	sets.json.1.dr	false	high
https://mercadopago.com.br	sets.json.1.dr	false	high
https://zoom.us	sets.json.1.dr	false	high
https://commentcamarche.net	sets.json.1.dr	false	high
https://etfacademy.it	sets.json.1.dr	false	high
https://mighty-app.appspot.com	sets.json.1.dr	false	high
https://hj.rs	sets.json.1.dr	false	high
https://hearty.me	sets.json.1.dr	false	high
https://mercadolibre.com.gt	sets.json.1.dr	false	high
https://timesinternet.in	sets.json.1.dr	false	high
https://indiatodayne.in	sets.json.1.dr	false	high
https://idbs-staging.com	sets.json.1.dr	false	high
https://blackrock.com	sets.json.1.dr	false	high
https://idbs-eworkbook.com	sets.json.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.36.248	eng--sso--coinbasepro-cdn--x---auth.webflow.io	United States	13335	CLOUDFLARENETUS	true
18.244.20.109	unknown	United States	16509	AMAZON-02US	false
18.244.20.40	d3e54v103j8qbb.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1598225
Start date and time:	2025-01-24 01:36:01 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@22/16@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 172.217.16.142, 142.251.173.84, 142.250.181.238, 142.250.186.174, 142.250.186.78, 2.23.77.188, 217.20.57.34, 142.250.185.174, 142.250.184.206, 142.250.186.46, 142.250.65.174, 74.125.155.41, 142.250.184.195, 34.104.35.123, 13.107.246.45, 184.28.90.27, 4.175.87.197
Excluded domains from analysis (whitelisted): r4---sn-p5qlsnrl.gvt1.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, r4.sn-p5qlsnrl.gvt1.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/

Input	Output
URL: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io Model: Joe Sandbox AI	```json{ "brand": "Coinbase", "brand_classification": "wellknown", "legit_url": "https://pro.coinbase.com", "similarity": 7, "spoofed": 8, "reasoning": "The URL 'https://eng--sso--coinbasepro-cdn--x---auth.webflow.io' appears to be attempting to mimic a legitimate Coinbase Pro URL. The use of 'coinbasepro' in the subdomain suggests an attempt to associate with the well-known cryptocurrency exchange platform, Coinbase. The legitimate URL for Coinbase Pro is 'https://pro.coinbase.com'. The analyzed URL uses multiple hyphens and subdomains, which can be a tactic to confuse users into thinking they are accessing a legitimate service. The domain 'webflow.io' is a legitimate platform for web hosting and design, which could be used for unrelated purposes, but the specific subdomain structure here is suspiciously complex and likely intended to deceive. The visual similarity is moderate due to the inclusion of 'coinbasepro', and the structural complexity increases the likelihood of user confusion. Overall, the URL has a high likelihood of being a typosquatting attempt."}
URL: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io
URL: https://webflow.io Model: Joe Sandbox AI	```json{ "brand": "Webflow", "brand_classification": "known", "legit_url": "https://webflow.com", "similarity": 7, "spoofed": 3, "reasoning": "The URL 'webflow.io' uses the '.io' domain extension instead of the more common '.com' for Webflow. The '.io' extension is often used by tech companies and startups, which could be legitimate in this context. There are no character substitutions or visual similarities that suggest typosquatting. The structural similarity is high due to the identical brand name, but the use of '.io' could indicate a different legitimate purpose, such as a tech-focused service or a regional offering. The likelihood of user confusion is moderate, as users might expect the '.com' domain for a well-known brand like Webflow, but the '.io' domain is not inherently deceptive."}
URL: https://webflow.io
URL: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	908
Entropy (8bit):	4.9217370763661155
Encrypted:	false
SSDEEP:	12:hYzDBNevXCsWJF8/UDy5y2TABUyr47qFgSSA2TABUVFx0fqArxGmxCHxc9ev/WJN:hYzD8aJFxO5ls2y4BPs2mg2JFxau
MD5:	1D9896E6C6994806305469581DB3BF1D
SHA1:	1F32D57D57FD3038B8083B5BE176D50884D8356E
SHA-256:	0011409A5900EBD0A086A364DCD7A4CE9C59E66ADD32DC66E4B21483911436A8
SHA-512:	E76D26D90C7437AA4C261BF18F22A37E1687179333FF3EFC56BCA3386B48B2B5915A4C098371831538ABF914BDFC33C24C21B4F196ED79FC9406064FDFE145C7
Malicious:	false
Reputation:	low
URL:	https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/
Preview:	<!DOCTYPE html>.<html lang="en">..<head>. <meta charset="utf-8">. <title>404 - Page not found</title>. <meta content="The page you are looking for doesn't exist or has been moved." name="description">. <meta content="width=device-width, initial-scale=1" name="viewport">.. <link href="https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css" rel="stylesheet" type="text/css">.. <link href="https://d3e54v103j8qbb.cloudfront.net/static/designer_favicon.5ea478d03e.png" rel="shortcut icon" type="image/x-icon">.</head>..<body>.<div class="utility-wrapper">. <div class="utility-container">. <div class="text-mono">404</div>. <div class="utility-content">. <h1>Page not found<br></h1>. <p>The page you are looking for doesn't exist or has been moved.</p>. </div>. <div></div>. </div>.</div>.</body>..</html>.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 30885, version 1.0
Category:	downloaded
Size (bytes):	30885
Entropy (8bit):	7.9938302639105
Encrypted:	true
SSDEEP:	768:n/jo3BYAVy/zuMbOAR9Vb5McrtKfKTpCC4vOP:npXuMbOyRiWhTpCC4vg
MD5:	5A0C1A002E8A14BEDB37E60EE72642AC
SHA1:	B5DF1451CE0D9AACE0D7337ABB26D10CD7999333
SHA-256:	CCDE0CF7CE5D0767EBA8AABD07F8537F24E5097CFB5E1F08E1685926EFCFBE84
SHA-512:	329EB4B59CF67FD9B2581EB6AAD71189D16F52649EC0D8A54550D2BF9EA7954A9E0AA5CD2B9E936615B4FA505F22EEC595FCC127EA2FB0CE52FA7F92574F45A5
Malicious:	false
Reputation:	low
URL:	https://d3e54v103j8qbb.cloudfront.net/fonts/Graphik-Regular-Web.5a0c1a002e.woff2
Preview:	wOF2......x.......ax..x!..................x...........n....`..:....L..<........... .6.$..P..,.. ..c..D...[.F..c..W...m....V......1..m.-"....J.x.^...G...:....?9..i.I...AT...=IA.5[.S$.......4.Dk....e...=....;.;NO.....L......CC../....P/+.,&..%..nNG....\|..O.k".b5....J.U.1#@;'.zDz.....e.N_..OE...9..eg.....!....4......m-...K........O_..$:e.j"mR..l..@?..b.4$.......k`....#5?.../gT...I4..s.).f.........h...k...ht..n..<.dr{.#.V.:.'.<..........D,.I.;......p..'7.yow)], ...RD.....KO.G.Q,..'..fL..~.r..^.zK..s.k...../i..c..h.D_..T..U..m>..s..b.(..E.X.{.[..x..........@....N...+..^.e...t...4.F4.v..]..c...'..:.....AEUR.T..UIuP.G....]rP......k...EB..d&..^,Y.P.Z......}>U..7.=.....M.+......T..A........e .1@m..j.....-..<..dB..\|u....z......U.v.d...z...r......p.VFN.M^.E.......`....}.....\.....^...1<#f6s.RU.AO....M.\kJ.S.1....~(.Cp....6.....N."...].?IW....dk9..`.I..y.G.9...-.+.d._.....w...B.]"c3.D.\.F........\+.@.._U.Pwj..KS}...Y..Jr`.}O..D.......J...D*....H. aad..

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	4176
Entropy (8bit):	4.917297123338692
Encrypted:	false
SSDEEP:	96:McUPBqrrXyEVyDXyw7kXy01blI8q81SPqK:Mc8BErXyBXyJXyUrICK
MD5:	C2BF6463065522E597390EEDB7A3F2F7
SHA1:	CFFF83E977BEA349743935E1B17BB753ACA11825
SHA-256:	A2693A37CDE8116FD113092E8F1D9794F1D2EBD336958C9385255B4B65BEDBBF
SHA-512:	B32B4EEB0F8E9B2B61903037FD9397D453C095C41CF154F6A2DDA8DD2CDD81C6210FE4A7723376E91AF211EB44C64EF2CDDA58AE4C9BB75612CB700682252B75
Malicious:	false
Reputation:	low
URL:	https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css
Preview:	/! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /..html {. font-family: sans-serif;. -ms-text-size-adjust: 100%;. -webkit-text-size-adjust: 100%;.}..body {. margin: 0;.}..article,.aside,.details,.figcaption,.figure,.footer,.header,.hgroup,.main,.menu,.nav,.section,.summary {. display: block;.}..a {. background-color: transparent;.}..a:active,.a:hover {. outline: 0;.}..b,.strong {. font-weight: bold;.}..h1 {. font-size: 2em;. margin: 0.67em 0;.}..img {. border: 0;.}..svg:not(:root) {. overflow: hidden;.}..button,.input,.optgroup,.select,.textarea {. color: inherit;. /* 1 /. font: inherit;. / 2 /. margin: 0;. / 3 */.}..button {. overflow: visible;.}..button,.select {. text-transform: none;.}..button,.html input[type="button"],.input[type="reset"] {. -webkit-appearance: button;. cursor: pointer;.}..button[disabled],.html input[disabled] {. cursor: default;.}..button::-moz-focus-inner,.input

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 34041, version 1.0
Category:	downloaded
Size (bytes):	34041
Entropy (8bit):	7.993384171292279
Encrypted:	true
SSDEEP:	768:NyNNFK8YgotAMrDRUIY6rHWSMJsGU7yBaUp7przzxWo8zB:gnK8ytAgSIR7WS4ZUWBaUxprhWnzB
MD5:	ABF6E1188F57F609D6987CA7AA1F54B7
SHA1:	B226E5B656CAF3CE6ED5D9AD277850EA7CA27D05
SHA-256:	40BB52D988186022D07C0248E9B6AF63A1DDE146B157797463BA7B5DADA4AC53
SHA-512:	59152926E1062F1D41B6E9F81EB4D77263435FFB5CF7DA66E76A7FCFF1EE6F3FCF25FD62D020FB130FF4FEB257EE0D9C7E990584EF7EB01585FEC6745017BBCF
Malicious:	false
Reputation:	low
URL:	https://d3e54v103j8qbb.cloudfront.net/fonts/Graphik-Medium-Web.abf6e1188f.woff2
Preview:	wOF2..............s4...w...........................(..V....`..:.. .T..<.....d..j.. .6.$..P.... .._..:..n[.Wq.....T.m...Wn.~/.........E..1.n..E.+......dC....`nKU..'...GV..`..+s.....`k4>.].f4.W.9=.P3..!.Q.Bu....Y.%\...S..a..B@...@.. .,...C....".....Q..;]... .D.%..v....Jf...;.eN&.3....C.>.IG...IP.....'...!.y^bl..8v.M[<U...~...R..7.....E.....6.f.%@.`..) .......q.&......w[Yg.h...........".(....T%".G.c........Z...W./.F.4.X........^..$.d.e.,...r..8.=...f..(s....B..FG...\...u.G.M.e$$!.dC.~..&.E.d,.{....u.].Sk.m.S..u\|i.g.u.[..`mo.B......0........\..IL..&%pt&..C....mT..a{.c.....!...F..M....RD@.cA...R..Zx......n..C..a.U6.S=@^#.U........p........Pe.EY..X...#.X..{{..$...+..5FL@.......Ot.?.T.J%..D"...S's..1.Ag".R.'...A/.pf..B,]...$Y.mN7xt{....'<..9wH.1..=....Xs.P..pw..\..6......w] .c. 1....V..=.D.e.......:}..y..h.#.j:...N...H.T&Y..D.2L.."m......}4.~.A......j&..?....[.....M..q.f.&C......Cz0.x..e..5C...s..!!..Q.....`o2....7..@e...YB.#m..w]a.29....O..AZ}

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1567
Entropy (8bit):	6.9757762158785175
Encrypted:	false
SSDEEP:	24:d1hfvWwh82lYSKwylROeNVrT3qyJ3VpEmwiC9MGB586BWsiq2Rm5Sz7:DAvnL3ltNN1J3zwL9MUxiq205Y
MD5:	5EA478D03EEC796D20AAF28CCA915BCA
SHA1:	6005158958C6ACA177A334B0E67EB719433E646B
SHA-256:	5FF12421BB3D43C78F8C56350B5FC2F9AF80C059762C1E146CB617A8A885CD1A
SHA-512:	A6AEA3B0A0E532191C8313ED7AC5AE05223F9A8970708323C5ACDC39D0020D71D41AE41A8C8EEB4932A0619E5288D607D17D70CCADB67840D77AC066D67B3556
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:fe9d4aac-7c30-4b83-a406-95e34bf529b0" xmpMM:DocumentID="xmp.did:E8D2FBE0D87F11E680A8D22BBF3662C2" xmpMM:InstanceID="xmp.iid:E8D2FBDFD87F11E680A8D22BBF3662C2" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4d4ae430-645a-4d7d-863a-ec8461361705" stRef:documentID="adobe:docid:photoshop:b615955d-cbbb-1179-b96c-b20af129b614"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..LZ.../IDATx..K(Da

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1567
Entropy (8bit):	6.9757762158785175
Encrypted:	false
SSDEEP:	24:d1hfvWwh82lYSKwylROeNVrT3qyJ3VpEmwiC9MGB586BWsiq2Rm5Sz7:DAvnL3ltNN1J3zwL9MUxiq205Y
MD5:	5EA478D03EEC796D20AAF28CCA915BCA
SHA1:	6005158958C6ACA177A334B0E67EB719433E646B
SHA-256:	5FF12421BB3D43C78F8C56350B5FC2F9AF80C059762C1E146CB617A8A885CD1A
SHA-512:	A6AEA3B0A0E532191C8313ED7AC5AE05223F9A8970708323C5ACDC39D0020D71D41AE41A8C8EEB4932A0619E5288D607D17D70CCADB67840D77AC066D67B3556
Malicious:	false
Reputation:	low
URL:	https://d3e54v103j8qbb.cloudfront.net/static/designer_favicon.5ea478d03e.png
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:fe9d4aac-7c30-4b83-a406-95e34bf529b0" xmpMM:DocumentID="xmp.did:E8D2FBE0D87F11E680A8D22BBF3662C2" xmpMM:InstanceID="xmp.iid:E8D2FBDFD87F11E680A8D22BBF3662C2" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4d4ae430-645a-4d7d-863a-ec8461361705" stRef:documentID="adobe:docid:photoshop:b615955d-cbbb-1179-b96c-b20af129b614"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..LZ.../IDATx..K(Da

Total Packets: 186
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 24, 2025 01:36:50.210361958 CET	49674	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:36:50.210380077 CET	49673	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:36:50.491607904 CET	49672	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:36:56.186182022 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:56.186217070 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:56.186379910 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:56.191709042 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:56.191718102 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.010060072 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.010127068 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.015830994 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.015844107 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.016129971 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.017905951 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.017905951 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.017921925 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.018057108 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.059338093 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.194411039 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.194628954 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.194694042 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.195745945 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:57.195769072 CET	443	49716	40.113.110.67	192.168.2.6
Jan 24, 2025 01:36:57.195785999 CET	49716	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:36:59.624228954 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:36:59.624264956 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:36:59.624326944 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:36:59.624553919 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:36:59.624566078 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:36:59.818134069 CET	49673	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:36:59.818140984 CET	49674	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:37:00.099416971 CET	49672	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:37:00.267811060 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:00.268064022 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:00.268079042 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:00.269265890 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:00.269326925 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:00.274333000 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:00.274400949 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:00.318128109 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:00.318152905 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:00.365009069 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:01.439909935 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.439956903 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.440068960 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.440232038 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.440265894 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.440350056 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.440519094 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.440551043 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.440757990 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.440772057 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.742805958 CET	443	49708	173.222.162.64	192.168.2.6
Jan 24, 2025 01:37:01.742918968 CET	49708	443	192.168.2.6	173.222.162.64
Jan 24, 2025 01:37:01.913938046 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.914387941 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.914401054 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.915302992 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.915482998 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.915508986 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.916160107 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.916224003 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.916562080 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.916624069 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.917404890 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.917525053 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.917577028 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.917661905 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.917756081 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.917762995 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:01.958241940 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.958257914 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:01.958338022 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:02.013236046 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:02.109421968 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:02.109570980 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:02.111484051 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:02.111812115 CET	49732	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:02.111818075 CET	443	49732	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:02.132525921 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.132556915 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.132965088 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.133188963 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.133213043 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.864469051 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.888863087 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.888891935 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.889878035 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.890193939 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.893563986 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.893563986 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.893589020 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.893640041 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.947303057 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:02.947334051 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:02.993144035 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.133193970 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.133236885 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.133285999 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.133311987 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.133358002 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.133472919 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.133537054 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.133574963 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.134797096 CET	49737	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.134815931 CET	443	49737	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.156953096 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.156985998 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.157053947 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.157416105 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.157453060 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.157500982 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.157893896 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.157901049 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.157953024 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.158094883 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.158106089 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.158226967 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.158245087 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.158405066 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.158412933 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.895684004 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.896508932 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.896524906 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.897067070 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.897623062 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.897691011 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.897803068 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.908133984 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.908318996 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.908334970 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.909372091 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.909420967 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.909818888 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.909867048 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.910024881 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.910037994 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.917454004 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.917649984 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.917670965 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.919338942 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.919395924 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.919718981 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.919806957 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.919888020 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.919895887 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.939337015 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:03.960860968 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:03.975629091 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.140307903 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.140358925 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:04.140811920 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.141043901 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.141058922 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:04.174071074 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.174098015 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.174175978 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.174196005 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.174269915 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.175484896 CET	49747	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.175501108 CET	443	49747	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.192572117 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.192595005 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:04.192881107 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.193247080 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.193259001 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:04.193818092 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.193841934 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.193850040 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.193873882 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.193901062 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.193902016 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.193913937 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.193942070 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.194034100 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.205811977 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.205876112 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.205898046 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.205918074 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.205954075 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.205956936 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.205979109 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.205995083 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.206010103 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.206010103 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.206052065 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.206114054 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.279827118 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.279846907 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.279880047 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.279910088 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.279922009 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.279946089 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.279964924 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.279993057 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.280509949 CET	49745	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.280525923 CET	443	49745	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.293231964 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.293298006 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.293348074 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.293374062 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.293391943 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.293476105 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.293566942 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.293807030 CET	49746	443	192.168.2.6	18.244.20.40
Jan 24, 2025 01:37:04.293819904 CET	443	49746	18.244.20.40	192.168.2.6
Jan 24, 2025 01:37:04.922552109 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:04.922806025 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.922825098 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:04.923698902 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:04.923785925 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.924180984 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.924180984 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.924235106 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:04.953831911 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:04.953922987 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.955339909 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.955352068 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:04.955566883 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:04.956773996 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.956876040 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.956881046 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:04.957015038 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:04.974277973 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:04.974287033 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:05.003338099 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:05.021147013 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:05.137301922 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:05.137536049 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:05.137589931 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:05.137990952 CET	49753	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:05.138009071 CET	443	49753	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:05.196135044 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:05.196199894 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:05.196352005 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:05.196410894 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:05.201916933 CET	49754	443	192.168.2.6	18.244.20.109
Jan 24, 2025 01:37:05.201936007 CET	443	49754	18.244.20.109	192.168.2.6
Jan 24, 2025 01:37:10.168507099 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:10.168584108 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:10.168787956 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:11.787992954 CET	49719	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:11.788047075 CET	443	49719	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:16.454493046 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:16.454525948 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:16.454606056 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:16.455157042 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:16.455168009 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:16.826816082 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:16.826965094 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:16.827045918 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:17.256962061 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.257116079 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.261290073 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.261296988 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.261498928 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.263119936 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.263166904 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.263170958 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.263315916 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.307337046 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.435381889 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.435776949 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.435782909 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.435801983 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.435807943 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.435818911 CET	443	49837	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:17.435827971 CET	49837	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:17.788490057 CET	49731	443	192.168.2.6	104.18.36.248
Jan 24, 2025 01:37:17.788517952 CET	443	49731	104.18.36.248	192.168.2.6
Jan 24, 2025 01:37:18.684525013 CET	62225	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:18.690481901 CET	53	62225	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:18.690558910 CET	62225	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:18.690601110 CET	62225	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:18.695501089 CET	53	62225	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:19.148540974 CET	53	62225	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:19.149259090 CET	62225	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:19.154422998 CET	53	62225	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:19.154501915 CET	62225	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:23.684633970 CET	49617	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:23.689502001 CET	53	49617	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:23.689579964 CET	49617	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:23.689636946 CET	49617	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:23.694430113 CET	53	49617	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:24.144927025 CET	53	49617	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:24.145164967 CET	49617	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:24.150047064 CET	53	49617	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:24.150105953 CET	49617	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:35.419147015 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:35.419174910 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:35.419258118 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:35.419998884 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:35.420012951 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.254323959 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.254529953 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.256649971 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.256679058 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.257463932 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.259349108 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.259386063 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.259402990 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.259512901 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.303349972 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.442720890 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.442934990 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:36.443449974 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.443449974 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.443449974 CET	49717	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:37:36.443487883 CET	443	49717	40.113.110.67	192.168.2.6
Jan 24, 2025 01:37:57.249445915 CET	63738	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:57.254540920 CET	53	63738	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:57.254612923 CET	63738	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:57.259551048 CET	53	63738	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:57.718234062 CET	63738	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:57.723285913 CET	53	63738	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:57.723484993 CET	63738	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:59.679282904 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:59.679336071 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:37:59.679399014 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:59.679670095 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:37:59.679682016 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:00.122531891 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.122626066 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:00.122720957 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.123222113 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.123262882 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:00.320548058 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:00.320885897 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:38:00.320916891 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:00.321392059 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:00.321702957 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:38:00.321809053 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:00.365135908 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:38:00.943221092 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:00.943403959 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.945022106 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.945055008 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:00.946016073 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:00.947838068 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.947912931 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.947926044 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:00.948028088 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:00.991367102 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:01.124910116 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:01.125325918 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:01.125417948 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:01.125516891 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:01.125518084 CET	63741	443	192.168.2.6	40.113.110.67
Jan 24, 2025 01:38:01.125560999 CET	443	63741	40.113.110.67	192.168.2.6
Jan 24, 2025 01:38:10.252520084 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:10.252609015 CET	443	63740	142.250.185.164	192.168.2.6
Jan 24, 2025 01:38:10.252669096 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:38:11.788798094 CET	63740	443	192.168.2.6	142.250.185.164
Jan 24, 2025 01:38:11.788821936 CET	443	63740	142.250.185.164	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 24, 2025 01:36:55.443118095 CET	53	63034	1.1.1.1	192.168.2.6
Jan 24, 2025 01:36:55.618434906 CET	53	50038	1.1.1.1	192.168.2.6
Jan 24, 2025 01:36:56.601027966 CET	53	55370	1.1.1.1	192.168.2.6
Jan 24, 2025 01:36:59.616230011 CET	64254	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:36:59.616374016 CET	60349	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:36:59.623172998 CET	53	64254	1.1.1.1	192.168.2.6
Jan 24, 2025 01:36:59.623194933 CET	53	60349	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:01.428107023 CET	49975	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:01.428266048 CET	51131	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:01.436364889 CET	53	49975	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:01.439204931 CET	53	51131	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:02.124761105 CET	54519	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:02.124761105 CET	51852	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:02.131789923 CET	53	54519	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:02.132105112 CET	53	51852	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:04.181473970 CET	54390	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:04.181474924 CET	62113	53	192.168.2.6	1.1.1.1
Jan 24, 2025 01:37:04.190167904 CET	53	54390	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:04.192193985 CET	53	62113	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:13.622354984 CET	53	54331	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:18.684103012 CET	53	60579	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:23.684231043 CET	53	51552	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:55.172065973 CET	53	52192	1.1.1.1	192.168.2.6
Jan 24, 2025 01:37:57.248981953 CET	53	58164	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 24, 2025 01:36:59.616230011 CET	192.168.2.6	1.1.1.1	0x1dba	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:36:59.616374016 CET	192.168.2.6	1.1.1.1	0x6db5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 24, 2025 01:37:01.428107023 CET	192.168.2.6	1.1.1.1	0xd511	Standard query (0)	eng--sso--coinbasepro-cdn--x---auth.webflow.io	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:01.428266048 CET	192.168.2.6	1.1.1.1	0xca9e	Standard query (0)	eng--sso--coinbasepro-cdn--x---auth.webflow.io	65	IN (0x0001)	false
Jan 24, 2025 01:37:02.124761105 CET	192.168.2.6	1.1.1.1	0xdb68	Standard query (0)	d3e54v103j8qbb.cloudfront.net	65	IN (0x0001)	false
Jan 24, 2025 01:37:02.124761105 CET	192.168.2.6	1.1.1.1	0x415b	Standard query (0)	d3e54v103j8qbb.cloudfront.net	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:04.181473970 CET	192.168.2.6	1.1.1.1	0x915	Standard query (0)	d3e54v103j8qbb.cloudfront.net	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:04.181474924 CET	192.168.2.6	1.1.1.1	0xa545	Standard query (0)	d3e54v103j8qbb.cloudfront.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 24, 2025 01:36:59.623172998 CET	1.1.1.1	192.168.2.6	0x1dba	No error (0)	www.google.com	142.250.185.164	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:36:59.623194933 CET	1.1.1.1	192.168.2.6	0x6db5	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 24, 2025 01:37:01.436364889 CET	1.1.1.1	192.168.2.6	0xd511	No error (0)	eng--sso--coinbasepro-cdn--x---auth.webflow.io	104.18.36.248	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:01.436364889 CET	1.1.1.1	192.168.2.6	0xd511	No error (0)	eng--sso--coinbasepro-cdn--x---auth.webflow.io	172.64.151.8	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:01.439204931 CET	1.1.1.1	192.168.2.6	0xca9e	No error (0)	eng--sso--coinbasepro-cdn--x---auth.webflow.io		65	IN (0x0001)	false
Jan 24, 2025 01:37:02.132105112 CET	1.1.1.1	192.168.2.6	0x415b	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.40	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:02.132105112 CET	1.1.1.1	192.168.2.6	0x415b	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.109	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:02.132105112 CET	1.1.1.1	192.168.2.6	0x415b	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.134	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:02.132105112 CET	1.1.1.1	192.168.2.6	0x415b	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.221	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:04.190167904 CET	1.1.1.1	192.168.2.6	0x915	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.109	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:04.190167904 CET	1.1.1.1	192.168.2.6	0x915	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.134	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:04.190167904 CET	1.1.1.1	192.168.2.6	0x915	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.221	A (IP address)	IN (0x0001)	false
Jan 24, 2025 01:37:04.190167904 CET	1.1.1.1	192.168.2.6	0x915	No error (0)	d3e54v103j8qbb.cloudfront.net	18.244.20.40	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

eng--sso--coinbasepro-cdn--x---auth.webflow.io

https:

d3e54v103j8qbb.cloudfront.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49716	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:36:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 47 39 4d 5a 33 46 50 36 55 36 47 39 6a 54 51 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 66 36 32 36 66 34 37 35 38 31 36 33 30 35 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6G9MZ3FP6U6G9jTQ.1Context: ef626f4758163053
2025-01-24 00:36:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-24 00:36:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 47 39 4d 5a 33 46 50 36 55 36 47 39 6a 54 51 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 66 36 32 36 66 34 37 35 38 31 36 33 30 35 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 47 54 41 52 61 6c 59 67 73 4f 42 65 32 6f 74 47 6e 38 48 61 6d 2f 4c 66 31 39 6d 32 63 74 6f 63 50 65 48 70 48 35 56 4e 6f 6c 67 69 5a 44 76 51 48 77 66 63 30 2f 71 6e 2f 59 52 42 6e 44 4d 4d 71 62 6a 4d 52 50 38 67 58 67 38 6b 5a 39 31 4e 74 52 34 54 6c 37 61 52 4a 78 6d 58 41 5a 5a 59 53 42 54 59 74 67 75 72 68 79 49 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 6G9MZ3FP6U6G9jTQ.2Context: ef626f4758163053<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATGTARalYgsOBe2otGn8Ham/Lf19m2ctocPeHpH5VNolgiZDvQHwfc0/qn/YRBnDMMqbjMRP8gXg8kZ91NtR4Tl7aRJxmXAZZYSBTYtgurhyIA
2025-01-24 00:36:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 47 39 4d 5a 33 46 50 36 55 36 47 39 6a 54 51 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 66 36 32 36 66 34 37 35 38 31 36 33 30 35 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6G9MZ3FP6U6G9jTQ.3Context: ef626f4758163053<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-24 00:36:57 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-24 00:36:57 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 58 73 63 41 42 77 2b 59 45 79 4b 58 62 4e 69 6f 67 32 45 55 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: XXscABw+YEyKXbNiog2EUA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49732	104.18.36.248	443	6232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:01 UTC	689	OUT	GET / HTTP/1.1 Host: eng--sso--coinbasepro-cdn--x---auth.webflow.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-24 00:37:02 UTC	695	IN	HTTP/1.1 404 Not Found Date: Fri, 24 Jan 2025 00:37:02 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Ray: 906bf3df59bb43dc-EWR CF-Cache-Status: HIT Cache-Control: public, max-age=432000 ETag: W/"6789742d-38c" content-security-policy: frame-ancestors 'self' https://.webflow.com http://.webflow.com http://*.webflow.io http://webflow.com https://webflow.com surrogate-key: eng--sso--coinbasepro-cdn--x---auth.webflow.io vary: Accept-Encoding Set-Cookie: _cfuvid=TB5DnAqjLGLnkOJ8QRDJpJllsSfdtlTlVb4HNqIbG8U-1737679022055-0.0.1.1-604800000; path=/; domain=.webflow.io; HttpOnly; Secure; SameSite=None Server: cloudflare alt-svc: h3=":443"; ma=86400
2025-01-24 00:37:02 UTC	674	IN	Data Raw: 33 38 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 6e 26 23 78 32 37 3b 74 20 65 78 69 73 74 20 6f 72 20 68 61 73 20 62 65 65 6e 20 6d 6f 76 65 64 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 Data Ascii: 38c<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>404 - Page not found</title> <meta content="The page you are looking for doesn't exist or has been moved." name="description"> <meta content="width=device-wid
2025-01-24 00:37:02 UTC	241	IN	Data Raw: 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 75 74 69 6c 69 74 79 2d 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 62 72 3e 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 6e 26 23 78 32 37 3b 74 20 65 78 69 73 74 20 6f 72 20 68 61 73 20 62 65 65 6e 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: div> <div class="utility-content"> <h1>Page not found<br></h1> <p>The page you are looking for doesn't exist or has been moved.</p> </div> <div></div> </div></div></body></html>
2025-01-24 00:37:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49737	18.244.20.40	443	6232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:02 UTC	609	OUT	GET /css/webflow-https-errors.webflow.css HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-24 00:37:03 UTC	528	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 4176 Connection: close Last-Modified: Mon, 05 Jul 2021 14:41:25 GMT X-Amz-Server-Side-Encryption: AES256 Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 23 Jan 2025 06:53:15 GMT Etag: "c2bf6463065522e597390eedb7a3f2f7" Via: 1.1 553c17cdbfc8c5ba81390077b0e5d2d4.cloudfront.net (CloudFront) Age: 63829 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P11 X-Amz-Cf-Id: OXI2pbNNbRzsm60Lntu7C8aQAqvmXPHEaw3s67fyfXkT2Snk0S84pg==
2025-01-24 00:37:03 UTC	4176	IN	Data Raw: 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 33 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 0a 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 0a 61 72 74 69 63 6c 65 2c 0a 61 73 69 64 65 2c 0a 64 65 74 61 69 6c 73 2c 0a 66 69 67 63 61 70 74 69 6f 6e 2c 0a 66 69 67 75 72 65 2c 0a Data Ascii: /! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /html { font-family: sans-serif; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%;}body { margin: 0;}article,aside,details,figcaption,figure,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49747	18.244.20.40	443	6232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:03 UTC	657	OUT	GET /static/designer_favicon.5ea478d03e.png HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-24 00:37:04 UTC	538	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1567 Connection: close Last-Modified: Wed, 25 Jan 2017 00:00:30 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 23 Jan 2025 01:57:12 GMT Cache-Control: max-age=84600, must-revalidate Etag: "5ea478d03eec796d20aaf28cca915bca" Via: 1.1 094f3889138382e35e0daededad0ca5e.cloudfront.net (CloudFront) Age: 81593 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P11 X-Amz-Cf-Id: s_S6ZYGSTgfY1vHaYckHJsgVg4w0E8TyLYbHyNSzlKkngZruEIkpww==
2025-01-24 00:37:04 UTC	1567	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 86 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49745	18.244.20.40	443	6232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:03 UTC	678	OUT	GET /fonts/Graphik-Medium-Web.abf6e1188f.woff2 HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-24 00:37:04 UTC	619	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 34041 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Last-Modified: Wed, 05 Jun 2019 19:43:00 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 23 Jan 2025 06:13:17 GMT Cache-Control: max-age=84600, must-revalidate Etag: "abf6e1188f57f609d6987ca7aa1f54b7" Via: 1.1 b88a4e10ec6aa05046ba32d44beb97f2.cloudfront.net (CloudFront) Age: 66869 X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P11 X-Amz-Cf-Id: S9eVnu2zFsqf0m3_jwlVy9WNuLy4kYHf4V3vm_2R9a1TdFAtK0IQFA==
2025-01-24 00:37:04 UTC	15765	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 84 f9 00 13 00 00 00 01 73 34 00 00 84 77 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 e0 00 00 00 19 1b 81 b8 28 1c 9a 56 14 84 18 06 60 16 97 3a 00 8a 20 08 54 09 83 3c 11 0c 0a 83 9b 64 82 ef 6a 12 84 20 01 36 02 24 03 90 50 0b 88 2a 00 04 20 05 88 5f 07 9f 3a 0c 83 6e 5b c6 57 71 06 e7 e6 b4 f3 13 54 b9 6d 00 0d fd 57 6e f5 7e 2f e0 c9 06 ef 95 9e db 04 a9 87 b4 45 d6 b0 dd 31 e3 6e 95 b4 45 0d 2b cb fe ff ff ff cc 64 43 c6 02 b0 03 60 6e 4b 55 fb aa 27 88 00 99 47 56 15 8b 60 de 0c 2b 73 16 02 14 9d 86 60 6b 34 3e c3 5d ea 66 34 c1 57 82 39 3d a3 50 33 a3 a5 21 b7 51 01 42 75 f8 88 1d c7 59 b3 25 5c 08 a3 ab 53 f0 d3 98 61 eb e9 42 40 84 81 8c 40 e0 00 20 00 2c d9 fd ba 43 18 bc d8 f3 9c 22 1e af d1 1f f8 51 Data Ascii: wOF2s4w(V`: T<dj 6$P* _:n[WqTmWn~/E1nE+dC`nKU'GV`+s`k4>]f4W9=P3!QBuY%\SaB@@ ,C"Q
2025-01-24 00:37:04 UTC	16384	IN	Data Raw: 06 5d 78 5f 9b a3 b4 c3 bc 27 2f 48 75 5e fc d5 b9 d1 e2 52 a9 ec d2 d4 dd d2 bb 49 76 9f 37 9b 93 3e 5e df 98 07 02 ae 57 2d c5 46 8f 25 2f 3d dd 34 82 ca 8d 43 5f cb f3 e4 3a d0 36 f6 79 77 ad a1 5f 96 07 bc a8 eb ba d9 bc 11 19 b0 06 68 88 f1 e6 7d 08 2f 30 1f 4d 4c 4b ed 9a 0e b2 57 23 8e c5 d7 17 b8 79 cd 2e 81 83 2e d5 93 12 6a 44 a6 6b 21 6d 4f da 0a ec 6b 57 3a 00 49 8f b6 93 92 61 b4 65 06 d7 8e 22 94 f8 f0 d1 10 55 eb fc f7 5c ea 83 d8 46 71 24 c2 9b 75 21 5d bc b5 91 d8 23 92 f8 7b 90 37 7b 35 59 f9 fa 4a 7a e5 8e bd fd 76 c0 9b 7d 7e 3d f8 ce 6c eb 2c b3 b0 6f 07 52 30 27 0d 27 f9 73 6e 84 47 32 1f 4b ae 93 ba 14 ed f8 3a 25 18 ee 9d 2f 74 0b 6b 4d 52 2f 43 06 93 12 2a 84 02 1f 07 a1 3a a6 5c 6c 26 dc 26 ea d1 4f a5 65 06 1b 77 d8 e7 1d ab 49 Data Ascii: ]x_'/Hu^RIv7>^W-F%/=4C_:6yw_h}/0MLKW#y..jDk!mOkW:Iae"U\Fq$u!]#{7{5YJzv}~=l,oR0''snG2K:%/tkMR/C*:\l&&OewI
2025-01-24 00:37:04 UTC	1892	IN	Data Raw: 6e 9b 41 89 6c 39 3c c6 0e 46 3b f5 b7 93 15 4c 67 8b bc fe 79 c5 bf d9 4c 8b cf be cb 87 6e e4 ff 8d 0f 42 4a 7f 43 87 63 bf 20 4e 3b fa 65 fc 96 12 31 34 97 23 24 87 1f 10 94 69 71 91 11 83 b6 da 12 ca 59 ba d4 ef 93 20 53 9c 64 31 36 40 05 d8 26 43 02 3d 7a 04 72 bc a9 9d 2e 0d 41 d6 b0 88 01 f7 d1 38 df c7 4d a6 18 19 92 24 4b 81 4a b6 09 2a 06 2a 8b ee 1d 2f 41 aa 18 da 29 d0 c5 12 13 0f f5 f9 27 45 92 2d 01 27 cc b2 5d 9c f4 a1 bb b4 ba 88 5e e0 d0 59 12 c8 40 b2 e4 38 ad 34 96 4d 62 75 96 0c 56 f4 e9 2b e8 67 a9 40 8e 52 ef f2 f8 53 36 1d 71 48 db 47 fa 10 95 25 6d 54 ec 10 95 4d 67 59 1d 0f 95 28 5d 26 82 db db 64 d9 e4 2a eb 34 c2 86 24 38 c0 49 09 76 cb c3 c5 86 5c 97 26 2b ce b2 99 c5 58 fd e7 30 59 9c 49 5a 78 69 0d 25 28 8d 78 67 d9 39 ad ce Data Ascii: nAl9<F;LgyLnBJCc N;e14#$iqY Sd16@&C=zr.A8M$KJ*/A)'E-']^Y@84MbuV+g@RS6qHG%mTMgY(]&d4$8Iv\&+X0YIZxi%(xg9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49746	18.244.20.40	443	6232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:03 UTC	679	OUT	GET /fonts/Graphik-Regular-Web.5a0c1a002e.woff2 HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://eng--sso--coinbasepro-cdn--x---auth.webflow.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://d3e54v103j8qbb.cloudfront.net/css/webflow-https-errors.webflow.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-24 00:37:04 UTC	619	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 30885 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Last-Modified: Wed, 05 Jun 2019 19:45:00 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 23 Jan 2025 04:35:19 GMT Cache-Control: max-age=84600, must-revalidate Etag: "5a0c1a002e8a14bedb37e60ee72642ac" Via: 1.1 1f5c750c03b26301631398b45f61e262.cloudfront.net (CloudFront) Age: 72106 X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P11 X-Amz-Cf-Id: WR7S0oneQVIrl9RZdfpcBqQKrGpYHU6T19HxGdgYDTjVWyrfd4YjLA==
2025-01-24 00:37:04 UTC	15765	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 78 a5 00 13 00 00 00 01 61 78 00 00 78 21 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 8c 00 00 00 19 1b 81 95 2e 1c 9a 6e 14 84 19 06 60 16 97 3a 00 89 08 08 4c 09 83 3c 11 0c 0a 83 9d 08 82 f1 0f 12 84 20 01 36 02 24 03 90 50 0b 88 2c 00 04 20 05 88 63 07 9f 44 0c 83 00 5b 0a 46 91 00 63 9b c6 57 cd 03 bb 6d 00 0c 9f 19 56 f7 95 b8 c0 dc d4 31 aa df 6d c3 2d 22 96 ab 87 df 4a 89 78 fb 5e 00 ba 83 47 10 ed eb 3a fb ff ff ff 3f 39 a9 c8 98 69 07 49 bb 01 03 41 54 d4 ff 07 3d 49 41 9b 35 5b 92 53 24 d3 e4 1c c9 c0 b4 b4 34 91 44 6b 89 da d7 88 d4 86 65 a6 a2 e4 96 3d eb cd ec e3 3b fc 3b 4e 4f a3 db 1f ee bd 1e 4c 9a e0 d3 13 d2 a1 a1 43 43 87 05 2f ff be bb bc 50 2f 2b b9 2c 26 cb ef 25 ba 99 6e 4e 47 08 bf 0f d6 Data Ascii: wOF2xaxx!x.n`:L< 6$P, cD[FcWmV1m-"Jx^G:?9iIAT=IA5[S$4Dke=;;NOLCC/P/+,&%nNG
2025-01-24 00:37:04 UTC	15120	IN	Data Raw: 53 ac b1 20 b7 7e 11 30 ee 67 5c a3 fb aa 3c 63 9d 7e f6 0a 99 ec 3b 56 de de 4f a5 1b 97 58 70 05 ef 73 8b 95 76 e3 85 2f f8 b4 63 19 26 5c 81 e9 fe 01 7a c1 c4 1f 1e de 45 f2 ea ff 66 72 9e 3f 5c d4 3a bd e0 8f 82 27 e7 f6 db a7 a9 68 ef a6 68 4d 53 14 c3 27 d9 e8 16 12 8f f6 e6 d9 11 9a 2b 03 f6 4a b5 36 20 15 50 5b e5 dc b2 b0 2d d5 5a 61 b5 4d 37 76 0a 42 01 49 8f cd 2a 9e 1a f4 77 08 4c c0 32 12 0c 40 c4 66 db 1a 21 fc de 54 fa b3 6b be a2 aa 4a 39 80 b8 94 f3 ab aa 17 28 61 64 be 32 51 a5 18 70 21 ca 05 55 55 0b 14 cb 0e 50 c9 a5 15 31 0a 23 7b bf 2b 93 a7 26 08 9a 4a 79 6f 1b 61 da f5 af f6 53 a9 2b 0e 2f 2e c9 41 a4 e5 a7 48 62 93 a0 b4 54 a9 75 50 78 45 63 3b 06 fc 58 c1 a1 f7 c7 ed b1 3a 98 f5 80 36 16 bf 54 a6 2a 17 4b fd d8 80 d0 d9 cd a2 8c Data Ascii: S ~0g\<c~;VOXpsv/c&\zEfr?\:'hhMS'+J6 P[-ZaM7vBIwL2@f!TkJ9(ad2Qp!UUP1#{+&JyoaS+/.AHbTuPxEc;X:6TK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49754	18.244.20.109	443	6232	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:04 UTC	391	OUT	GET /static/designer_favicon.5ea478d03e.png HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-24 00:37:05 UTC	538	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 1567 Connection: close Last-Modified: Wed, 25 Jan 2017 00:00:30 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Thu, 23 Jan 2025 01:57:12 GMT Cache-Control: max-age=84600, must-revalidate Etag: "5ea478d03eec796d20aaf28cca915bca" Via: 1.1 354c49ee216d1b8ed995ee7b94d96f10.cloudfront.net (CloudFront) Age: 81594 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P11 X-Amz-Cf-Id: xq2bDtIfvh4zuqqHaPKMG5qEBqm-ScoxBlV65ELMt29VhpHFQwt5PQ==
2025-01-24 00:37:05 UTC	1567	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 86 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49753	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:04 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 77 79 37 4f 41 70 51 31 45 4b 4f 48 6c 47 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 34 35 36 33 34 64 38 62 61 62 32 66 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Cwy7OApQ1EKOHlGz.1Context: 7d045634d8bab2f0
2025-01-24 00:37:04 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-24 00:37:04 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 77 79 37 4f 41 70 51 31 45 4b 4f 48 6c 47 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 34 35 36 33 34 64 38 62 61 62 32 66 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 47 54 41 52 61 6c 59 67 73 4f 42 65 32 6f 74 47 6e 38 48 61 6d 2f 4c 66 31 39 6d 32 63 74 6f 63 50 65 48 70 48 35 56 4e 6f 6c 67 69 5a 44 76 51 48 77 66 63 30 2f 71 6e 2f 59 52 42 6e 44 4d 4d 71 62 6a 4d 52 50 38 67 58 67 38 6b 5a 39 31 4e 74 52 34 54 6c 37 61 52 4a 78 6d 58 41 5a 5a 59 53 42 54 59 74 67 75 72 68 79 49 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Cwy7OApQ1EKOHlGz.2Context: 7d045634d8bab2f0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATGTARalYgsOBe2otGn8Ham/Lf19m2ctocPeHpH5VNolgiZDvQHwfc0/qn/YRBnDMMqbjMRP8gXg8kZ91NtR4Tl7aRJxmXAZZYSBTYtgurhyIA
2025-01-24 00:37:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 77 79 37 4f 41 70 51 31 45 4b 4f 48 6c 47 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 34 35 36 33 34 64 38 62 61 62 32 66 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Cwy7OApQ1EKOHlGz.3Context: 7d045634d8bab2f0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-24 00:37:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-24 00:37:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 70 75 63 68 53 62 6f 74 72 55 36 30 49 37 38 2b 4f 52 69 75 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: puchSbotrU60I78+ORiu/A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49837	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:17 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 6b 32 6f 38 49 48 64 7a 55 69 32 68 57 33 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 63 38 31 64 30 31 37 32 31 36 64 36 63 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: mk2o8IHdzUi2hW3m.1Context: dac81d017216d6cd
2025-01-24 00:37:17 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-24 00:37:17 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6d 6b 32 6f 38 49 48 64 7a 55 69 32 68 57 33 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 63 38 31 64 30 31 37 32 31 36 64 36 63 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 47 54 41 52 61 6c 59 67 73 4f 42 65 32 6f 74 47 6e 38 48 61 6d 2f 4c 66 31 39 6d 32 63 74 6f 63 50 65 48 70 48 35 56 4e 6f 6c 67 69 5a 44 76 51 48 77 66 63 30 2f 71 6e 2f 59 52 42 6e 44 4d 4d 71 62 6a 4d 52 50 38 67 58 67 38 6b 5a 39 31 4e 74 52 34 54 6c 37 61 52 4a 78 6d 58 41 5a 5a 59 53 42 54 59 74 67 75 72 68 79 49 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: mk2o8IHdzUi2hW3m.2Context: dac81d017216d6cd<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATGTARalYgsOBe2otGn8Ham/Lf19m2ctocPeHpH5VNolgiZDvQHwfc0/qn/YRBnDMMqbjMRP8gXg8kZ91NtR4Tl7aRJxmXAZZYSBTYtgurhyIA
2025-01-24 00:37:17 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6d 6b 32 6f 38 49 48 64 7a 55 69 32 68 57 33 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 61 63 38 31 64 30 31 37 32 31 36 64 36 63 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: mk2o8IHdzUi2hW3m.3Context: dac81d017216d6cd<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-24 00:37:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-24 00:37:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 52 4b 6d 69 46 6a 31 48 6b 75 50 67 45 57 48 73 50 33 55 44 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hRKmiFj1HkuPgEWHsP3UDw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49717	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:37:36 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 68 68 62 34 72 53 76 68 45 57 64 66 6b 58 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 38 30 65 62 31 38 35 65 37 33 32 35 36 63 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Jhhb4rSvhEWdfkXG.1Context: 480eb185e73256cb
2025-01-24 00:37:36 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-24 00:37:36 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 68 68 62 34 72 53 76 68 45 57 64 66 6b 58 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 38 30 65 62 31 38 35 65 37 33 32 35 36 63 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 47 54 41 52 61 6c 59 67 73 4f 42 65 32 6f 74 47 6e 38 48 61 6d 2f 4c 66 31 39 6d 32 63 74 6f 63 50 65 48 70 48 35 56 4e 6f 6c 67 69 5a 44 76 51 48 77 66 63 30 2f 71 6e 2f 59 52 42 6e 44 4d 4d 71 62 6a 4d 52 50 38 67 58 67 38 6b 5a 39 31 4e 74 52 34 54 6c 37 61 52 4a 78 6d 58 41 5a 5a 59 53 42 54 59 74 67 75 72 68 79 49 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Jhhb4rSvhEWdfkXG.2Context: 480eb185e73256cb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATGTARalYgsOBe2otGn8Ham/Lf19m2ctocPeHpH5VNolgiZDvQHwfc0/qn/YRBnDMMqbjMRP8gXg8kZ91NtR4Tl7aRJxmXAZZYSBTYtgurhyIA
2025-01-24 00:37:36 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 68 68 62 34 72 53 76 68 45 57 64 66 6b 58 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 38 30 65 62 31 38 35 65 37 33 32 35 36 63 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Jhhb4rSvhEWdfkXG.3Context: 480eb185e73256cb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-24 00:37:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-24 00:37:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 72 6e 73 46 34 39 68 68 30 79 52 37 44 6e 54 50 68 79 70 57 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: irnsF49hh0yR7DnTPhypWg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	63741	40.113.110.67	443

Timestamp	Bytes transferred	Direction	Data
2025-01-24 00:38:00 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 73 69 66 37 4b 70 4a 76 45 36 30 4d 4d 35 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 62 39 61 37 37 36 38 38 39 33 63 32 34 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6sif7KpJvE60MM5o.1Context: 2ab9a7768893c24b
2025-01-24 00:38:00 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-24 00:38:00 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 36 73 69 66 37 4b 70 4a 76 45 36 30 4d 4d 35 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 62 39 61 37 37 36 38 38 39 33 63 32 34 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 47 54 41 52 61 6c 59 67 73 4f 42 65 32 6f 74 47 6e 38 48 61 6d 2f 4c 66 31 39 6d 32 63 74 6f 63 50 65 48 70 48 35 56 4e 6f 6c 67 69 5a 44 76 51 48 77 66 63 30 2f 71 6e 2f 59 52 42 6e 44 4d 4d 71 62 6a 4d 52 50 38 67 58 67 38 6b 5a 39 31 4e 74 52 34 54 6c 37 61 52 4a 78 6d 58 41 5a 5a 59 53 42 54 59 74 67 75 72 68 79 49 41 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 6sif7KpJvE60MM5o.2Context: 2ab9a7768893c24b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATGTARalYgsOBe2otGn8Ham/Lf19m2ctocPeHpH5VNolgiZDvQHwfc0/qn/YRBnDMMqbjMRP8gXg8kZ91NtR4Tl7aRJxmXAZZYSBTYtgurhyIA
2025-01-24 00:38:00 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 73 69 66 37 4b 70 4a 76 45 36 30 4d 4d 35 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 62 39 61 37 37 36 38 38 39 33 63 32 34 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6sif7KpJvE60MM5o.3Context: 2ab9a7768893c24b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-24 00:38:01 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-24 00:38:01 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4a 50 49 70 2b 43 5a 41 56 55 4b 6d 53 34 74 79 4b 4e 37 73 47 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: JPIp+CZAVUKmS4tyKN7sGA.0Payload parsing failed.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	19:36:50
Start date:	23/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:36:53
Start date:	23/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=2556,i,14488737336053587371,11564217591594750329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	19:37:00
Start date:	23/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping3992_433254149\sets.json

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3992, Parent PID: 5884

General

Windows Analysis Report
https://eng--sso--coinbasepro-cdn--x---auth.webflow.io/