Edit tour

Windows Analysis Report
http://104.21.48.1

Overview

General Information

Sample URL:	http://104.21.48.1
Analysis ID:	1608914
Tags:	tweetfeed
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1964,i,10845158487433010155,15572567177602030268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.21.48.1" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /api/v1/event HTTP/1.1Host: sparrow.cloudflare.comConnection: keep-aliveContent-Length: 87sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Sparrow-Source-Key: c771f0e4b54944bebf4261d44bd79a1eContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: http://104.21.48.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 07 Feb 2025 00:57:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 90df6ca6dc5642e9-EWRContent-Encoding: gzipData Raw: 38 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 49 6d c2 24 ce 86 25 15 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 43 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 a7 82 8c 09 d5 2f e6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8 4e 96 19 2a d7 67 9c 5f ad 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f8 ee ad 73 f9 cf f8 c7 12 ad 6b b7 ff f9 e1 fd 4f e5 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 2d 6d 56 8e 24 b3 2d fd 39 ba 2b 89 be f9 8f cd 35 ef 10 34 46 1b 9a 22 f2 98 25 f7 d4 2e cd 0a 37 a4 db e3 df b0 a5 80 16 e9 f6 e2 99 c2 35 ec 32 3a 65 b3 2f e8 05 9a 90 7a 07 24 52 24 f7 c8 49 2f 37 3a 47 e3 04 da c9 97 82 ea a5 e6 38 19 0e 06 27 bd 05 ca 3c 5d ca 09 eb ad d0 58 a1 d5 64 f8 f8 38 8d fb 3a 47 d5 21 37 ef 3f dc 92 1e f1 38 b2 93 20 b0 39 33 46 af fb c9 16 cf fd 44 67 01 cb 45 b0 1a 06 c5 f1 a4 3b 8d fb 16 5d c5 d6 5b 64 1c 4d 67 17 c3 3d c2 f2 5c 8a 84 79 dd 05 9f ad 56 cf ec fa 50 9e 47 3f e8 a5 49 90 fe 0b 37 a4 47 92 f3 f3 61 3a c0 71 7c 3a 7e 3d 1e c7 18 a7 e3 d1 d9 90 8f c7 31 3f 7f cd 86 48 ba d3 96 27 a6 78 67 d7 6a 1d d6 ed 4e 93 7e e1 e6 de ec 1e 03 9d ad b6 e8 42 70 8e 9e 13 de 58 62 30 d3 2b 3c b2 ea 71 fa 2c 94 3a e4 cd fb 1f 2b 81 df 69 c6 bd 05 1a 28 f4 40 61 5f 6b 75 d2 ed bd 00 aa 2d 57 f1 d2 39 ad e8 06 ed cb 90 da df a0 34 e9 4e c9 56 5c 22 14 b0 76 bb c3 be 46 03 bd e4 88 e4 05 e4 76 c4 c5 ce ab 41 f7 b1 db e3 5f bb Data Ascii: 833Xo7h%@H\|DMu\ic4(CNIJ`wQ}\|\|dO7WpZ+J)HWp{D2kgDi3$ * \|*.)}"U8NH]
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 07 Feb 2025 00:57:12 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 90df6cac1d34c323-EWRContent-Encoding: gzipData Raw: 38 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 49 6d c2 24 ce 86 25 15 29 d4 3d 18 94 33 62 dd 46 a2 5d 20 3a 02 82 cf 48 92 de 95 43 34 b1 96 c0 c2 60 3a 23 41 c2 15 4d e6 22 28 a7 82 8c 09 d5 2f e6 83 a8 d5 6a 85 36 31 22 77 51 ab 93 2e 55 e2 84 56 9d ee 17 91 76 b8 4e 96 19 2a d7 67 9c 5f ad 50 b9 77 c2 3a 54 68 da ed b5 50 5c af fb bf fe f8 ee ad 73 f9 cf f8 c7 12 ad 6b b7 ff f9 e1 fd 4f e5 7f df 3a 23 d4 5c a4 9b ee 97 15 33 80 b3 2d 6d 56 8e 24 b3 2d fd 39 ba 2b 89 be f9 8f cd 35 ef 10 34 46 1b 9a 22 f2 98 25 f7 d4 2e cd 0a 37 a4 db e3 df b0 a5 80 16 e9 f6 e2 99 c2 35 ec 32 3a 65 b3 2f e8 05 9a 90 7a 07 24 52 24 f7 c8 49 2f 37 3a 47 e3 04 da c9 97 82 ea a5 e6 38 19 0e 06 27 bd 05 ca 3c 5d ca 09 eb ad d0 58 a1 d5 64 f8 f8 38 8d fb 3a 47 d5 21 37 ef 3f dc 92 1e f1 38 b2 93 20 b0 39 33 46 af fb c9 16 cf fd 44 67 01 cb 45 b0 1a 06 c5 f1 a4 3b 8d fb 16 5d c5 d6 5b 64 1c 4d 67 17 c3 3d c2 f2 5c 8a 84 79 dd 05 9f ad 56 cf ec fa 50 9e 47 3f e8 a5 49 90 fe 0b 37 a4 47 92 f3 f3 61 3a c0 71 7c 3a 7e 3d 1e c7 18 a7 e3 d1 d9 90 8f c7 31 3f 7f cd 86 48 ba d3 96 27 a6 78 67 d7 6a 1d d6 ed 4e 93 7e e1 e6 de ec 1e 03 9d ad b6 e8 42 70 8e 9e 13 de 58 62 30 d3 2b 3c b2 ea 71 fa 2c 94 3a e4 cd fb 1f 2b 81 df 69 c6 bd 05 1a 28 f4 40 61 5f 6b 75 d2 ed bd 00 aa 2d 57 f1 d2 39 ad e8 06 ed cb 90 da df a0 34 e9 4e c9 56 5c 22 14 b0 76 bb c3 be 46 03 bd e4 88 e4 05 e4 76 c4 c5 ce ab 41 f7 b1 db e3 5f bb Data Ascii: 833Xo7h%@H\|DMu\ic4(CNIJ`wQ}\|\|dO7WpZ+J)HWp{D2kgDi3$ * \|*.)}"U8NH]

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: classification engine

Classification label: clean0.win@16/2@10/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1964,i,10845158487433010155,15572567177602030268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.21.48.1"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1964,i,10845158487433010155,15572567177602030268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://104.21.48.1	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
http://104.21.48.1/cdn-cgi/styles/main.css	0%	Avira URL Cloud	safe
http://104.21.48.1/favicon.ico	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
sparrow.cloudflare.com	104.18.2.57	true	false	high
performance.radar.cloudflare.com	104.18.30.78	true	false	high
www.google.com	142.250.186.132	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://104.21.48.1/cdn-cgi/styles/main.css	false	Avira URL Cloud: safe	unknown
https://sparrow.cloudflare.com/api/v1/event	false		high
http://104.21.48.1/	false		unknown
http://104.21.48.1/favicon.ico	false	Avira URL Cloud: safe	unknown
https://performance.radar.cloudflare.com/beacon.js	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.2.57	sparrow.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.30.78	performance.radar.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.31.78	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.7

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1608914
Start date and time:	2025-02-07 01:56:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://104.21.48.1
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/2@10/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.3, 172.217.16.142, 74.125.71.84, 216.58.212.142, 142.250.184.238, 199.232.214.172, 142.250.186.78, 142.250.185.78, 142.250.186.142, 142.250.186.174, 172.217.23.110, 142.250.181.238, 142.250.184.195, 184.28.90.27, 13.107.246.45, 4.175.87.197
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://104.21.48.1

Input	Output
URL: http://104.21.48.1 Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The URL provided is an IP address (104.21.48.1) rather than a domain name. IP addresses do not typically engage in typosquatting as they do not visually resemble brand names or legitimate URLs. There are no character substitutions, visual similarities, or structural elements that suggest an attempt to mimic a known brand. Additionally, IP addresses are often used for direct server access or internal network purposes, which are unrelated to typosquatting activities."}
URL: http://104.21.48.1
URL: http://104.21.48.1/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate feedback mechanism for an error page. It uses standard web APIs like `document.addEventListener`, `XMLHttpRequest`, and `JSON.stringify` to send feedback data to a Cloudflare analytics endpoint. The code is not obfuscated, and the behavior is consistent with providing a user feedback mechanism. While the use of `XMLHttpRequest` is considered a legacy practice, the overall risk is low as the script does not exhibit any high-risk indicators like dynamic code execution or data exfiltration." }
(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){var c=document.getElementById("error-feedback-survey"),d=document.getElementById("error-feedback-success"),b=new XMLHttpRequest;a={event:"feedback clicked",properties:{errorCode:1003,helpful:a,version:1}};b.open("POST","https://sparrow.cloudflare.com/api/v1/event");b.setRequestHeader("Content-Type","application/json");b.setRequestHeader("Sparrow-Source-Key","c771f0e4b54944bebf4261d44bd79a1e"); b.send(JSON.stringify(a));c.classList.add("feedback-hidden");d.classList.remove("feedback-hidden")};document.addEventListener("DOMContentLoaded",function(){var a=document.getElementById("error-feedback"),c=document.getElementById("feedback-button-yes"),d=document.getElementById("feedback-button-no");"classList"in a&&(a.classList.remove("feedback-hidden"),c.addEventListener("click",function(){e(!0)}),d.addEventListener("click",function(){e(!1)}))})}})();
URL: http://104.21.48.1/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: http://104.21.48.1/ Model: Joe Sandbox AI	{ "brands": "Cloudflare" }
	{ "brands": "Cloudflare" }
URL: http://104.21.48.1/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: http://104.21.48.1/ Model: Joe Sandbox AI	{ "brands": "Cloudflare" }
	{ "brands": "Cloudflare" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from Unix, original size modulo 2^32 8013
Category:	downloaded
Size (bytes):	2176
Entropy (8bit):	7.907971765476445
Encrypted:	false
SSDEEP:	48:Xsv38LcH9hWn0UEA17rcIkkcYkkZOa458seFKtDNa14DrG2lRZ+kUh:879eEA17NLciOz7YkDC4D3RZA
MD5:	98EA0B5620AC910FDF2E2859AAAF0EA8
SHA1:	D0AFBF017526BB929C0BE2700DB376D59FA21455
SHA-256:	45C596E0856F5D0E1B4B70BCF1DBBC00F578898D3BFD743DED5211ED22A277DC
SHA-512:	4BDD491B0DBC7BCAB4543E49C3633E9358C4BB4B18A36E3FB47C960BC12884B13DE162FC2304D21CBF3F9F292C066615784CFA7BC5A8019CC881C371F6C45BF3
Malicious:	false
Reputation:	low
URL:	http://104.21.48.1/cdn-cgi/styles/main.css
Preview:	...........YK.....W......5z..n.M. {..2...}.......n.#..\|I.,7..M.`....b.X\|T...Y-0..wgR.C........\| .:..=b...&a......T.(g...,.[.g.1.n=..a..Z..7r..........dk.........$......p..... .zk...&..!..)Q..o=...'...J.(:.p\.S...C5..2J..V\)$.40....,0%..e.!,$X.........eO.LL..3..cW......V.....s../pFa.T....(...5...K.@.J..D..~N..\.\.X-....?.....K2&.._.Z...So%...&..q...8..I.mp.....A..g..I......0....l.".....I...;.aj^.(.,E...@a.;..;$a,.C..};.w.C...=.P...\|".A.O....R.P.WSg...h;...S...@.............{.....\|Oj.&..C..v.`.".~uA.$...#....LI.......-.l..t....z.OC..G..:.J....r......z.A...`..N.....Q\.....pPEG=T7d.`o.K....O.Nt....t...d.........R..m.h30.....$i.6rE.r....e..)...4..;.7..w...p..fZZab......n.E...r....`."wJ)P..5...3..MgTC.J..N.....S;.xD..)....8.8?...c......8.M ....v.O.....&..j+.S.sY...+3..}...@.9.w.fE..v.../^........Q{.sh..Jg9.a......Ew..Z.L.n.....#.H...c. w....}G...y.=..K.)......L..-.(%MK.T.^Hy..fg...?Kg....Eg.m.C.........(.........D.$....zI...I......<........

Total Packets: 123
• 443 (HTTPS)
• 123 undefined
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2025 01:56:56.556673050 CET	49671	443	192.168.2.7	204.79.197.203
Feb 7, 2025 01:56:57.494227886 CET	49674	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:56:57.494246006 CET	49675	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:56:57.650516987 CET	49672	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:56:58.962949991 CET	49671	443	192.168.2.7	204.79.197.203
Feb 7, 2025 01:57:02.999792099 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:57:03.384809017 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:57:03.842466116 CET	49671	443	192.168.2.7	204.79.197.203
Feb 7, 2025 01:57:04.134840965 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:57:05.624841928 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:57:07.103660107 CET	49674	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:07.103688002 CET	49675	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:07.259958029 CET	49672	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:08.603699923 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:57:09.395978928 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:09.396020889 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:09.396187067 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:09.396336079 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:09.396349907 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:09.681138039 CET	443	49699	104.98.116.138	192.168.2.7
Feb 7, 2025 01:57:09.681257010 CET	49699	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:10.029973984 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:10.030292034 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:10.030320883 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:10.031403065 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:10.031483889 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:10.032763958 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:10.032844067 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:10.072738886 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:10.072756052 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:10.119617939 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:11.092514992 CET	49711	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.093466043 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.097440004 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.097553015 CET	49711	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.098274946 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.098777056 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.112780094 CET	49711	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.117547989 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.543324947 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.543342113 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.543354988 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.543442965 CET	49711	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.543884039 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.543941021 CET	49711	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.544120073 CET	49711	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.548906088 CET	80	49711	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.570949078 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:11.575809002 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.582087994 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:11.582144976 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:11.582374096 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:11.583003044 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:11.583017111 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:11.672986031 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.673012972 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.673024893 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:11.673088074 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:12.058969975 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.083041906 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.083082914 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.084312916 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.084388018 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.096225023 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.096321106 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.098997116 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.099008083 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.154700994 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.245912075 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.245959997 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.245991945 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246016026 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246017933 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.246035099 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246056080 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.246105909 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246139050 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246156931 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.246161938 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246198893 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.246257067 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.248940945 CET	49713	443	192.168.2.7	104.18.30.78
Feb 7, 2025 01:57:12.248955011 CET	443	49713	104.18.30.78	192.168.2.7
Feb 7, 2025 01:57:12.266944885 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.266993999 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.267074108 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.267390013 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.267401934 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.286776066 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:12.291701078 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:12.389969110 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:12.389988899 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:12.390003920 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:12.390017033 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:12.390047073 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:12.390104055 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:12.390923023 CET	49712	80	192.168.2.7	104.21.48.1
Feb 7, 2025 01:57:12.396301031 CET	80	49712	104.21.48.1	192.168.2.7
Feb 7, 2025 01:57:12.766467094 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.822490931 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.852575064 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.852598906 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.853750944 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.853764057 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.853914022 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.855827093 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.855890989 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.856148958 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:12.856158018 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:12.901815891 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.058589935 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058633089 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058660030 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058687925 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058701038 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.058720112 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058729887 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058748960 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.058787107 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058789968 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.058794975 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058852911 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.058888912 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.058898926 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.066553116 CET	49722	443	192.168.2.7	104.18.31.78
Feb 7, 2025 01:57:13.066575050 CET	443	49722	104.18.31.78	192.168.2.7
Feb 7, 2025 01:57:13.447289944 CET	49671	443	192.168.2.7	204.79.197.203
Feb 7, 2025 01:57:14.556593895 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:57:18.141175985 CET	49699	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:18.141680002 CET	49759	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:18.141767979 CET	443	49759	104.98.116.138	192.168.2.7
Feb 7, 2025 01:57:18.141887903 CET	49759	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:18.143085957 CET	49759	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:57:18.143119097 CET	443	49759	104.98.116.138	192.168.2.7
Feb 7, 2025 01:57:18.146018982 CET	443	49699	104.98.116.138	192.168.2.7
Feb 7, 2025 01:57:19.994512081 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:19.994585037 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:19.994725943 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:21.887475014 CET	49707	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:57:21.887496948 CET	443	49707	142.250.186.132	192.168.2.7
Feb 7, 2025 01:57:23.928806067 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:23.928833961 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:23.928937912 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:23.929164886 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:23.929178953 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.410414934 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.410727024 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.410738945 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.411890030 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.411967039 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.413304090 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.413358927 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.413634062 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.413639069 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.463270903 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.569224119 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.569319010 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.569392920 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.570947886 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.570974112 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.571043968 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.571244955 CET	49802	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.571261883 CET	443	49802	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:24.571540117 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:24.571552038 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.038342953 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.038688898 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.038719893 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.039021015 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.039361000 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.039437056 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.039503098 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.087331057 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.170838118 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.170911074 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.170969963 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.171328068 CET	49808	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.171344995 CET	443	49808	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.184499025 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.184519053 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.184586048 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.184789896 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.184803963 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.638323069 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.640688896 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.640708923 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.641755104 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.641818047 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.647212029 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.647265911 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.650235891 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.650242090 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.697634935 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.778338909 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.778475046 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:25.778526068 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.779514074 CET	49811	443	192.168.2.7	104.18.2.57
Feb 7, 2025 01:57:25.779530048 CET	443	49811	104.18.2.57	192.168.2.7
Feb 7, 2025 01:57:26.463341951 CET	49677	443	192.168.2.7	20.50.201.200
Feb 7, 2025 01:58:00.904894114 CET	443	49759	104.98.116.138	192.168.2.7
Feb 7, 2025 01:58:00.905076981 CET	49759	443	192.168.2.7	104.98.116.138
Feb 7, 2025 01:58:09.450411081 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:09.450443983 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:09.450527906 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:09.450972080 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:09.450982094 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:10.086183071 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:10.086699009 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:10.086718082 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:10.087074041 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:10.087414980 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:10.087471008 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:10.136105061 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:19.991978884 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:19.992039919 CET	443	49991	142.250.186.132	192.168.2.7
Feb 7, 2025 01:58:19.992204905 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:21.897173882 CET	49991	443	192.168.2.7	142.250.186.132
Feb 7, 2025 01:58:21.897196054 CET	443	49991	142.250.186.132	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2025 01:57:04.870954037 CET	53	52596	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:04.960472107 CET	53	50261	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:05.959100962 CET	53	55084	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:07.703484058 CET	123	123	192.168.2.7	104.40.149.189
Feb 7, 2025 01:57:07.894856930 CET	123	123	104.40.149.189	192.168.2.7
Feb 7, 2025 01:57:09.229669094 CET	123	123	192.168.2.7	104.40.149.189
Feb 7, 2025 01:57:09.386579037 CET	60806	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:09.386746883 CET	55949	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:09.393282890 CET	53	60806	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:09.393301010 CET	53	55949	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:09.439402103 CET	123	123	104.40.149.189	192.168.2.7
Feb 7, 2025 01:57:11.571552038 CET	55012	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:11.571695089 CET	65431	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:11.578576088 CET	53	55012	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:11.581007957 CET	53	65431	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:12.256356001 CET	49236	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:12.256848097 CET	65169	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:12.265233994 CET	53	49236	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:12.266427994 CET	53	65169	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:23.006402969 CET	53	63450	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:23.920406103 CET	53692	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:23.920573950 CET	53077	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:23.928174973 CET	53	53077	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:23.928194046 CET	53	53692	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:25.174731970 CET	52052	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:25.174869061 CET	63997	53	192.168.2.7	1.1.1.1
Feb 7, 2025 01:57:25.182719946 CET	53	63997	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:25.184077978 CET	53	52052	1.1.1.1	192.168.2.7
Feb 7, 2025 01:57:42.096343994 CET	53	49284	1.1.1.1	192.168.2.7
Feb 7, 2025 01:58:03.471491098 CET	138	138	192.168.2.7	192.168.2.255
Feb 7, 2025 01:58:04.801888943 CET	53	64217	1.1.1.1	192.168.2.7
Feb 7, 2025 01:58:05.129297972 CET	53	64314	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 7, 2025 01:57:09.386579037 CET	192.168.2.7	1.1.1.1	0x588a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:09.386746883 CET	192.168.2.7	1.1.1.1	0x6df5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 7, 2025 01:57:11.571552038 CET	192.168.2.7	1.1.1.1	0x5527	Standard query (0)	performance.radar.cloudflare.com	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:11.571695089 CET	192.168.2.7	1.1.1.1	0x6aed	Standard query (0)	performance.radar.cloudflare.com	65	IN (0x0001)	false
Feb 7, 2025 01:57:12.256356001 CET	192.168.2.7	1.1.1.1	0x8163	Standard query (0)	performance.radar.cloudflare.com	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:12.256848097 CET	192.168.2.7	1.1.1.1	0xa30c	Standard query (0)	performance.radar.cloudflare.com	65	IN (0x0001)	false
Feb 7, 2025 01:57:23.920406103 CET	192.168.2.7	1.1.1.1	0x9eac	Standard query (0)	sparrow.cloudflare.com	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:23.920573950 CET	192.168.2.7	1.1.1.1	0xaaf5	Standard query (0)	sparrow.cloudflare.com	65	IN (0x0001)	false
Feb 7, 2025 01:57:25.174731970 CET	192.168.2.7	1.1.1.1	0x6f20	Standard query (0)	sparrow.cloudflare.com	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:25.174869061 CET	192.168.2.7	1.1.1.1	0xf0b2	Standard query (0)	sparrow.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 7, 2025 01:57:09.393282890 CET	1.1.1.1	192.168.2.7	0x588a	No error (0)	www.google.com	142.250.186.132	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:09.393301010 CET	1.1.1.1	192.168.2.7	0x6df5	No error (0)	www.google.com		65	IN (0x0001)	false
Feb 7, 2025 01:57:11.578576088 CET	1.1.1.1	192.168.2.7	0x5527	No error (0)	performance.radar.cloudflare.com	104.18.30.78	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:11.578576088 CET	1.1.1.1	192.168.2.7	0x5527	No error (0)	performance.radar.cloudflare.com	104.18.31.78	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:11.581007957 CET	1.1.1.1	192.168.2.7	0x6aed	No error (0)	performance.radar.cloudflare.com		65	IN (0x0001)	false
Feb 7, 2025 01:57:12.265233994 CET	1.1.1.1	192.168.2.7	0x8163	No error (0)	performance.radar.cloudflare.com	104.18.31.78	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:12.265233994 CET	1.1.1.1	192.168.2.7	0x8163	No error (0)	performance.radar.cloudflare.com	104.18.30.78	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:12.266427994 CET	1.1.1.1	192.168.2.7	0xa30c	No error (0)	performance.radar.cloudflare.com		65	IN (0x0001)	false
Feb 7, 2025 01:57:23.928174973 CET	1.1.1.1	192.168.2.7	0xaaf5	No error (0)	sparrow.cloudflare.com		65	IN (0x0001)	false
Feb 7, 2025 01:57:23.928194046 CET	1.1.1.1	192.168.2.7	0x9eac	No error (0)	sparrow.cloudflare.com	104.18.2.57	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:23.928194046 CET	1.1.1.1	192.168.2.7	0x9eac	No error (0)	sparrow.cloudflare.com	104.18.3.57	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:25.182719946 CET	1.1.1.1	192.168.2.7	0xf0b2	No error (0)	sparrow.cloudflare.com		65	IN (0x0001)	false
Feb 7, 2025 01:57:25.184077978 CET	1.1.1.1	192.168.2.7	0x6f20	No error (0)	sparrow.cloudflare.com	104.18.2.57	A (IP address)	IN (0x0001)	false
Feb 7, 2025 01:57:25.184077978 CET	1.1.1.1	192.168.2.7	0x6f20	No error (0)	sparrow.cloudflare.com	104.18.3.57	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

performance.radar.cloudflare.com

sparrow.cloudflare.com

104.21.48.1

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49711	104.21.48.1	80	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 7, 2025 01:57:11.112780094 CET	426	OUT	GET / HTTP/1.1 Host: 104.21.48.1 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Feb 7, 2025 01:57:11.543324947 CET	1236	IN	HTTP/1.1 403 Forbidden Date: Fri, 07 Feb 2025 00:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 90df6ca6dc5642e9-EWR Content-Encoding: gzip Data Raw: 38 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 [TRUNCATED] Data Ascii: 833Xo7h%@H\|DMu\ic4(CNIJ`wQ}\|\|dO7WpZ+J)HWp{D2kgDi3$ * \|.)}"U8NH]@H]Exp7`X&^#KJf00C Y0cX8Sc)V3rC&GI.Od^+=YeOgX;XPztp[V6i-[8DN0Im$%)=3bF] :HC4`:#AM"(/j61"wQ.UVvNg_Pw:ThP\skO:#\3-mV$-9+54F"%.752:e/z$R$I/7:G8'<]Xd8:G!7?8 93FDgE;][dMg=\yVPG?I7Ga:q\|:~=1?H'xgjN~BpXb0+<q,:+i(@a_ku-W94NV\"vFvA_
Feb 7, 2025 01:57:11.543342113 CET	1236	IN	Data Raw: 7a d8 7d ec 76 1f bb 8f 8f dd 4e 77 da 0a 83 da 93 6b 9f 06 8e 29 1a b0 26 99 6d 81 99 a3 49 b5 c9 98 4a b0 6f 18 67 66 1f a2 31 b2 44 ab fe 67 4b a2 27 8a 61 50 05 f1 58 f3 4d d4 02 08 b9 58 55 21 87 ae 0d cb 73 34 c4 8f 57 33 55 82 48 52 ca 24 Data Ascii: z}vNwk)&mIJogf1DgK'aPXMXU!s4W3UHR$u6D{URTI(1SV2>X]F"0T0b`bGd2u.NCpr>=+t4.F4]JYLY[aMU()X2>\|/Rbp=y
Feb 7, 2025 01:57:11.543354988 CET	84	IN	Data Raw: 45 bd 79 ab f6 b1 d5 3f 98 42 d0 df 09 a5 fe dd b4 d5 08 c3 e5 9a bf ed df 61 8b 75 87 6b ea 28 5c 50 79 b2 77 0b a0 7a b9 bb 4b d2 bb ba 92 f2 46 9f c1 97 c7 69 ab c0 c8 ce 33 42 50 5e f7 c3 a0 7c f4 fe 0f 67 c4 54 ed 05 17 00 00 0d 0a 30 0d 0a Data Ascii: Ey?Bauk(\PywzKFi3BP^\|gT0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49712	104.21.48.1	80	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 7, 2025 01:57:11.570949078 CET	332	OUT	GET /cdn-cgi/styles/main.css HTTP/1.1 Host: 104.21.48.1 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://104.21.48.1/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Feb 7, 2025 01:57:11.672986031 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 07 Feb 2025 00:57:11 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: keep-alive Last-Modified: Fri, 31 Jan 2025 17:24:46 GMT ETag: W/"679d075e-1f4d" Server: cloudflare CF-RAY: 90df6ca7980fc323-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Vary: Accept-Encoding Expires: Fri, 07 Feb 2025 02:57:11 GMT Cache-Control: max-age=7200 Cache-Control: public Content-Encoding: gzip Data Raw: 38 38 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e5 59 4b 8f e3 b8 11 be e7 57 18 db 18 a0 bd 10 35 7a d8 ee 6e e9 92 4d 90 20 7b c8 1e 32 08 90 00 7d a1 a4 92 cd 98 12 05 8a 6e db 23 e8 bf 07 7c 49 94 2c 37 ba 83 4d 80 60 c7 a3 19 b1 be 62 a9 58 7c 54 b1 ca cf 59 2d 30 a9 81 77 67 52 88 43 12 06 c1 97 de cf f6 e8 7c 20 02 3a 84 b2 3d 62 0d ce 89 b8 26 61 9a e1 fc b8 e7 ec 54 17 28 67 94 f1 e4 a1 2c cb 5b 2a df 67 f8 31 da 6e 3d fb bc 61 fe e8 8a 5a af d5 37 72 a8 05 f0 ce e9 df b0 96 08 c2 ea 64 6b d4 a8 19 e2 d0 00 16 2e 97 a6 24 03 d6 fb 19 e3 05 70 b4 e7 f8 8a e2 20 90 7a 6b 8a a3 bb 26 18 bd 21 93 bf 29 51 ab 1d 6f 3d fb 18 b5 27 92 a4 ea 4a 0b 28 3a 83 70 5c 90 53 9b f8 d1 96 43 35 e8 d2 32 4a 06 96 56 5c 29 24 8a 34 30 04 16 d4 96 0f 2c 30 25 87 cd 65 e8 21 2c 24 58 e3 c2 f9 89 b7 8c a3 86 11 65 4f dd 4c 4c b3 f7 33 ca f2 63 57 90 b6 a1 f8 9a a8 56 ef 93 9a 92 1a d0 14 73 89 bd 2f 70 46 61 c0 54 ab f7 0f a4 28 a0 1e a8 35 ab a1 f7 4b ca b0 40 14 4a d1 a9 d7 44 be f6 7e 4e 01 f3 92 5c 12 5c 2a bd [TRUNCATED] Data Ascii: 880YKW5znM {2}n#\|I,7M`bX\|TY-0wgRC\| :=b&aT(g,[g1n=aZ7rdk.$p zk&!)Qo='J(:p\SC52JV\)$40,0%e!,$XeOLL3cWVs/pFaT(5K@JD~N\\X-?K2&_ZSo%&q8ImpAgI0l"I;aj^(,E@a;;$a,C.};wC=P\|"AORPWSgh;S@{\|Oj&Cv`"~uA$#LI-ltzOCG:JrzA`NQ\pPEG=T7d`oKONtt.dRm.h30$i6rEre)4;7wpfZZabnEr`"wJ)P53MgTCJNS;xD)88?c
Feb 7, 2025 01:57:11.673012972 CET	1236	IN	Data Raw: 38 b6 4d 20 7f a9 e3 d1 76 1b 4f ff d5 ee cc ed 26 9d 99 6a 2b c7 b9 53 8e 73 59 ec cb cb 8b 2b 33 dc c6 9e 7d de 11 cb a1 40 c0 39 e3 77 e5 66 45 b4 89 76 13 d1 cf 2f 5e bc f3 e2 e7 f7 f5 05 a8 51 7b ca 73 68 db fb 4a 67 39 8e 61 aa f7 d6 8b 82 Data Ascii: 8M vO&j+SsY+3}@9wfEv/^Q{shJg9aEwZLn#Hc w}Gy=K)L-(%MKT^Hyfg?KgEgmC(D$zII.<R32vAMW
Feb 7, 2025 01:57:11.673024893 CET	164	IN	Data Raw: 9a 5f 09 7c a0 dc 24 d9 16 97 81 04 74 85 49 b6 4d 85 69 84 de 2d 91 48 86 0a 05 c3 0d de 50 c4 40 52 cb c2 92 ef 17 18 8a d7 64 96 41 57 a4 8f 67 bb 15 fb c7 d7 97 62 e7 e3 17 0d 68 bf 9b b9 d9 eb 79 71 41 da 84 49 6d 9d a1 a9 ee 28 e8 26 62 54 Data Ascii: _\|$tIMi-HP@RdAWgbhyqAIm(&bTZec(V+rh,bYx6C@c?e~.[~o#nM0
Feb 7, 2025 01:57:12.286776066 CET	366	OUT	GET /favicon.ico HTTP/1.1 Host: 104.21.48.1 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://104.21.48.1/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Feb 7, 2025 01:57:12.389969110 CET	1236	IN	HTTP/1.1 403 Forbidden Date: Fri, 07 Feb 2025 00:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Vary: Accept-Encoding Server: cloudflare CF-RAY: 90df6cac1d34c323-EWR Content-Encoding: gzip Data Raw: 38 33 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 e9 6f 1b 37 16 ff ae bf e2 85 0b 68 25 40 d4 48 b2 7c 44 1a 4d d1 75 5c c4 bb 69 63 34 0e da a0 28 0c ce f0 8d c4 98 43 4e 49 4a b2 90 f5 ff be e0 1c f2 e8 b0 9b 60 77 51 7d d0 f0 7c 7c c7 ef 1d 64 f8 ea cd fb cb db 4f 37 57 b0 70 99 8c 5a e1 2b 4a 7f 13 29 48 07 d7 57 70 fe 7b 04 a1 9f 80 44 32 6b 67 44 69 fa d9 82 c0 33 d0 92 0b 24 20 99 9a cf 08 2a fa f1 03 89 20 7c f5 1b 2a 2e d2 df 29 7d 22 55 d1 01 38 4e ea fc db 48 5d bc 40 ea e2 1b 48 cd 5d 45 cd 0f 1c 93 f2 90 0a a5 bb 94 16 c8 78 d4 0a 9d 70 12 a3 37 c2 60 e2 e0 fa 06 58 92 a0 b5 a0 b4 03 26 a5 5e 23 87 7f c3 a5 d4 4b 9e 4a 66 30 0c ca 0d ad 30 43 c7 20 59 30 63 d1 cd c8 c7 db 1f e8 05 81 a0 9e 58 38 97 53 fc 63 29 56 33 72 a9 95 43 e5 e8 ed 26 47 02 49 d9 9b 11 87 0f 2e f0 8c 4f b7 64 5e a2 f2 2b fd f8 3d bd d4 59 ce 9c 88 65 93 d0 f5 d5 ec 8a cf b1 b1 4f b1 0c 67 c4 e8 58 3b db 58 a8 b4 50 1c 1f 7a a0 74 aa bd 70 07 5b 56 02 d7 b9 36 ae b1 69 2d b8 5b cc 38 ae 44 82 b4 e8 f4 84 12 4e 30 [TRUNCATED] Data Ascii: 833Xo7h%@H\|DMu\ic4(CNIJ`wQ}\|\|dO7WpZ+J)HWp{D2kgDi3$ * \|.)}"U8NH]@H]Exp7`X&^#KJf00C Y0cX8Sc)V3rC&GI.Od^+=YeOgX;XPztp[V6i-[8DN0Im$%)=3bF] :HC4`:#AM"(/j61"wQ.UVvNg_Pw:ThP\skO:#\3-mV$-9+54F"%.752:e/z$R$I/7:G8'<]Xd8:G!7?8 93FDgE;][dMg=\yVPG?I7Ga:q\|:~=1?H'xgjN~BpXb0+<q,:+i(@a_ku-W94NV\"vFvA_
Feb 7, 2025 01:57:12.389988899 CET	1236	IN	Data Raw: 7a d8 7d ec 76 1f bb 8f 8f dd 4e 77 da 0a 83 da 93 6b 9f 06 8e 29 1a b0 26 99 6d 81 99 a3 49 b5 c9 98 4a b0 6f 18 67 66 1f a2 31 b2 44 ab fe 67 4b a2 27 8a 61 50 05 f1 58 f3 4d d4 02 08 b9 58 55 21 87 ae 0d cb 73 34 c4 8f 57 33 55 82 48 52 ca 24 Data Ascii: z}vNwk)&mIJogf1DgK'aPXMXU!s4W3UHR$u6D{URTI(1SV2>X]F"0T0b`bGd2u.NCpr>=+t4.F4]JYLY[aMU()X2>\|/Rbp=y
Feb 7, 2025 01:57:12.390003920 CET	84	IN	Data Raw: 45 bd 79 ab f6 b1 d5 3f 98 42 d0 df 09 a5 fe dd b4 d5 08 c3 e5 9a bf ed df 61 8b 75 87 6b ea 28 5c 50 79 b2 77 0b a0 7a b9 bb 4b d2 bb ba 92 f2 46 9f c1 97 c7 69 ab c0 c8 ce 33 42 50 5e f7 c3 a0 7c f4 fe 0f 26 5d 9a 69 05 17 00 00 0d 0a 30 0d 0a Data Ascii: Ey?Bauk(\PywzKFi3BP^\|&]i0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49713	104.18.30.78	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-07 00:57:12 UTC	505	OUT	GET /beacon.js HTTP/1.1 Host: performance.radar.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-07 00:57:12 UTC	786	IN	HTTP/1.1 200 OK Date: Fri, 07 Feb 2025 00:57:12 GMT Content-Type: text/javascript;charset=UTF-8 Content-Length: 8245 Connection: close Access-Control-Allow-Origin: * Cache-Control: no-store, max-age=0 access-control-allow-headers: * access-control-allow-methods: * referrer-policy: no-referrer timing-allow-origin: * Set-Cookie: __cf_bm=Kq9mVfAyJwRbZfbxdg17KxjSy4KPeNFhsnzPbtROEBM-1738889832-1.0.1.1-BZSOzvt61z6RyehMv6L_1S7mUqFnHLtxo.1.a7OP667kqvMpNqfHPNzOOg_3V32pVeN.Gpi77PKcbA2zi.KxLA; path=/; expires=Fri, 07-Feb-25 01:27:12 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 90df6caaeb874349-EWR alt-svc: h3=":443"; ma=86400
2025-02-07 00:57:12 UTC	583	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6c 65 74 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 42 4f 44 59 22 29 5b 30 5d 3b 69 66 28 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 70 61 6e 22 29 3b 74 2e 77 69 64 74 68 3d 30 2c 74 2e 68 65 69 67 68 74 3d 30 2c 74 2e 73 74 79 6c 65 2e 73 65 74 50 72 6f 70 65 72 74 79 28 22 64 69 73 70 6c 61 79 22 2c 22 6e 6f 6e 65 22 2c 22 69 6d 70 6f 72 74 61 6e 74 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 63 6f 6e 73 74 20 72 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 74 65 72 6d 22 29 2c 6e 3d 28 65 2c 74 3d 22 44 65 74 61 Data Ascii: !function(){"use strict";let e=document.getElementsByTagName("BODY")[0];if(e){var t=document.createElement("span");t.width=0,t.height=0,t.style.setProperty("display","none","important"),e.appendChild(t)}const r=document.getElementById("term"),n=(e,t="Deta
2025-02-07 00:57:12 UTC	1369	IN	Data Raw: 74 65 29 2e 74 6f 49 53 4f 53 74 72 69 6e 67 28 29 7d 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6d 73 67 22 3e 24 7b 65 7d 3c 73 70 61 6e 3e 3c 2f 70 3e 60 29 7d 2c 61 3d 65 3d 3e 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 74 3d 3e 73 65 74 54 69 6d 65 6f 75 74 28 74 2c 65 29 29 29 2c 6f 3d 28 29 3d 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 31 65 38 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2b 31 2c 73 3d 61 73 79 6e 63 20 65 3d 3e 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 28 72 2c 6e 29 3d 3e 7b 76 61 72 20 61 3d 21 31 3b 6c 65 74 20 73 3d 60 24 7b 65 7d 24 7b 2d 31 21 3d 3d 65 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 3f 22 26 22 3a 22 3f 22 7d 72 3d 24 7b 6f 28 29 7d 60 3b 69 66 28 74 29 7b 76 61 72 20 69 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 Data Ascii: te).toISOString()}</span><span class="msg">${e}<span></p>`)},a=e=>new Promise((t=>setTimeout(t,e))),o=()=>Math.floor(1e8*Math.random())+1,s=async e=>new Promise(((r,n)=>{var a=!1;let s=`${e}${-1!==e.indexOf("?")?"&":"?"}r=${o()}`;if(t){var i=document.crea
2025-02-07 00:57:12 UTC	1369	IN	Data Raw: 31 3b 69 66 28 21 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 28 29 2e 73 6f 6d 65 28 28 65 3d 3e 65 2e 6e 61 6d 65 2e 6d 61 74 63 68 28 2f 5e 68 74 74 70 73 3a 5c 2f 5c 2f 70 65 72 66 6f 72 6d 61 6e 63 65 5c 2e 72 61 64 61 72 5c 2e 28 3f 3a 73 74 61 67 69 6e 67 5c 2e 29 3f 63 6c 6f 75 64 66 6c 61 72 65 5c 2e 63 6f 6d 5c 2f 62 65 61 63 6f 6e 5c 2e 6a 73 24 2f 29 29 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 22 68 74 74 70 73 3a 22 21 3d 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 29 72 65 74 75 72 6e 21 31 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 70 65 72 66 6f 72 6d 61 6e 63 65 29 72 65 74 75 72 6e 21 31 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 70 65 72 66 6f 72 6d 61 6e 63 65 2e 63 6c 65 61 72 52 Data Ascii: 1;if(!performance.getEntries().some((e=>e.name.match(/^https:\/\/performance\.radar\.(?:staging\.)?cloudflare\.com\/beacon\.js$/))))return!1;if("https:"!==location.protocol)return!1;if(void 0===performance)return!1;if("function"!=typeof performance.clearR
2025-02-07 00:57:12 UTC	1369	IN	Data Raw: 73 2e 74 61 72 67 65 74 4f 62 6a 65 63 74 48 61 73 68 3d 6f 5b 75 5d 2e 64 69 67 65 73 74 2c 73 2e 74 61 72 67 65 74 4f 62 6a 65 63 74 48 61 73 68 7c 7c 28 73 2e 74 61 72 67 65 74 4f 62 6a 65 63 74 48 61 73 68 3d 22 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 22 29 2c 6e 28 74 29 2c 65 2e 65 78 74 72 61 26 26 65 2e 65 78 74 72 61 2e 66 61 69 6c 75 72 65 26 26 21 72 2e 63 61 6e 46 61 69 6c 3f 64 2b 2b 3a 6d 2e 70 75 73 68 28 73 29 7d 29 29 2e 63 61 74 63 68 28 28 65 3d 3e 7b 6e 28 65 29 7d 29 29 2c 64 3e 33 29 72 65 74 75 72 6e 20 76 6f 69 64 20 6e 28 22 54 6f 6f 20 6d 61 6e 79 20 66 61 69 6c 65 64 20 6d 65 61 Data Ascii: s.targetObjectHash=o[u].digest,s.targetObjectHash\|\|(s.targetObjectHash="0000000000000000000000000000000000000000000000000000000000000000"),n(t),e.extra&&e.extra.failure&&!r.canFail?d++:m.push(s)})).catch((e=>{n(e)})),d>3)return void n("Too many failed mea
2025-02-07 00:57:12 UTC	1369	IN	Data Raw: 43 6f 64 65 3a 72 2c 6d 65 61 73 75 72 65 6d 65 6e 74 73 3a 68 7d 2c 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 72 61 64 61 72 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 70 69 2f 62 65 61 63 6f 6e 22 2c 7b 6d 65 74 68 6f 64 3a 22 50 4f 53 54 22 2c 72 65 66 65 72 72 65 72 3a 22 22 2c 72 65 66 65 72 72 65 72 50 6f 6c 69 63 79 3a 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 2c 68 65 61 64 65 72 73 3a 7b 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2c 22 58 2d 53 75 62 6d 69 74 2d 54 6f 6b 65 6e 22 3a 22 31 37 33 38 38 38 39 38 33 32 2d 62 32 66 66 33 37 38 64 34 31 64 31 30 66 64 38 32 65 30 39 33 38 35 65 35 63 30 62 66 32 Data Ascii: Code:r,measurements:h},fetch("https://performance.radar.cloudflare.com/api/beacon",{method:"POST",referrer:"",referrerPolicy:"no-referrer",headers:{"Content-Type":"application/json;charset=UTF-8","X-Submit-Token":"1738889832-b2ff378d41d10fd82e09385e5c0bf2
2025-02-07 00:57:12 UTC	1369	IN	Data Raw: 64 30 61 33 61 32 64 63 62 30 37 62 31 66 62 66 64 66 61 62 61 62 63 37 22 2c 22 73 69 7a 65 22 3a 31 30 32 34 30 30 7d 5d 2c 22 6e 75 6d 5f 74 61 72 67 65 74 73 22 3a 33 2c 22 6e 75 6d 5f 62 79 74 65 73 22 3a 33 30 37 32 30 30 7d 2c 7b 22 6e 61 6d 65 22 3a 22 67 72 6f 75 70 2d 63 64 6e 2d 30 32 22 2c 22 72 61 74 65 22 3a 30 2e 38 2c 22 70 72 65 66 69 78 22 3a 22 22 2c 22 63 61 6e 46 61 69 6c 22 3a 66 61 6c 73 65 2c 22 61 6c 6c 6f 77 4d 6f 62 69 6c 65 22 3a 74 72 75 65 2c 22 61 73 73 65 74 73 22 3a 5b 7b 22 74 61 72 67 65 74 4e 61 6d 65 22 3a 22 63 6c 6f 75 64 66 6c 61 72 65 22 2c 22 65 73 22 3a 37 37 37 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 65 73 74 69 6e 67 63 66 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 67 68 2f 6a 69 6d 61 65 6b 2f 74 65 Data Ascii: d0a3a2dcb07b1fbfdfababc7","size":102400}],"num_targets":3,"num_bytes":307200},{"name":"group-cdn-02","rate":0.8,"prefix":"","canFail":false,"allowMobile":true,"assets":[{"targetName":"cloudflare","es":777,"url":"https://testingcf.jsdelivr.net/gh/jimaek/te
2025-02-07 00:57:12 UTC	817	IN	Data Raw: 36 31 32 65 33 32 36 31 35 33 39 34 64 38 30 64 30 61 33 61 32 64 63 62 30 37 62 31 66 62 66 64 66 61 62 61 62 63 37 22 2c 22 73 69 7a 65 22 3a 31 30 32 34 30 30 7d 2c 7b 22 74 61 72 67 65 74 4e 61 6d 65 22 3a 22 63 64 6e 2d 63 6c 6f 75 64 66 6c 61 72 65 2d 63 70 22 2c 22 65 73 22 3a 37 37 37 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 65 6e 63 68 6d 61 72 6b 73 2e 63 64 6e 2e 63 6f 6d 70 75 74 65 2d 70 69 70 65 2e 63 6f 6d 2f 72 32 30 2d 31 30 30 4b 42 2e 70 6e 67 22 2c 22 64 69 67 65 73 74 22 3a 22 32 37 62 63 65 39 65 38 35 65 61 66 33 35 36 37 61 34 36 39 35 62 61 32 62 36 31 32 65 33 32 36 31 35 33 39 34 64 38 30 64 30 61 33 61 32 64 63 62 30 37 62 31 66 62 66 64 66 61 62 61 62 63 37 22 2c 22 73 69 7a 65 22 3a 31 30 32 34 30 30 7d 2c 7b 22 74 Data Ascii: 612e32615394d80d0a3a2dcb07b1fbfdfababc7","size":102400},{"targetName":"cdn-cloudflare-cp","es":777,"url":"https://benchmarks.cdn.compute-pipe.com/r20-100KB.png","digest":"27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7","size":102400},{"t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49722	104.18.31.78	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-07 00:57:12 UTC	532	OUT	GET /beacon.js HTTP/1.1 Host: performance.radar.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __cf_bm=Kq9mVfAyJwRbZfbxdg17KxjSy4KPeNFhsnzPbtROEBM-1738889832-1.0.1.1-BZSOzvt61z6RyehMv6L_1S7mUqFnHLtxo.1.a7OP667kqvMpNqfHPNzOOg_3V32pVeN.Gpi77PKcbA2zi.KxLA
2025-02-07 00:57:13 UTC	507	IN	HTTP/1.1 200 OK Date: Fri, 07 Feb 2025 00:57:13 GMT Content-Type: text/javascript;charset=UTF-8 Content-Length: 8245 Connection: close Access-Control-Allow-Origin: * Cache-Control: no-store, max-age=0 access-control-allow-headers: * access-control-allow-methods: * referrer-policy: no-referrer timing-allow-origin: * Strict-Transport-Security: max-age=15552000; includeSubDomains X-Content-Type-Options: nosniff Server: cloudflare CF-RAY: 90df6cafa9c10dc7-EWR alt-svc: h3=":443"; ma=86400
2025-02-07 00:57:13 UTC	862	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6c 65 74 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 42 4f 44 59 22 29 5b 30 5d 3b 69 66 28 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 70 61 6e 22 29 3b 74 2e 77 69 64 74 68 3d 30 2c 74 2e 68 65 69 67 68 74 3d 30 2c 74 2e 73 74 79 6c 65 2e 73 65 74 50 72 6f 70 65 72 74 79 28 22 64 69 73 70 6c 61 79 22 2c 22 6e 6f 6e 65 22 2c 22 69 6d 70 6f 72 74 61 6e 74 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 63 6f 6e 73 74 20 72 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 74 65 72 6d 22 29 2c 6e 3d 28 65 2c 74 3d 22 44 65 74 61 Data Ascii: !function(){"use strict";let e=document.getElementsByTagName("BODY")[0];if(e){var t=document.createElement("span");t.width=0,t.height=0,t.style.setProperty("display","none","important"),e.appendChild(t)}const r=document.getElementById("term"),n=(e,t="Deta
2025-02-07 00:57:13 UTC	1369	IN	Data Raw: 3d 30 2c 69 2e 68 65 69 67 68 74 3d 30 2c 69 2e 68 69 64 64 65 6e 3d 21 30 2c 69 2e 73 74 79 6c 65 2e 73 65 74 50 72 6f 70 65 72 74 79 28 22 64 69 73 70 6c 61 79 22 2c 22 6e 6f 6e 65 22 2c 22 69 6d 70 6f 72 74 61 6e 74 22 29 2c 69 2e 72 65 66 65 72 72 65 72 50 6f 6c 69 63 79 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 2c 69 2e 6f 6e 6c 6f 61 64 3d 28 29 3d 3e 7b 61 3d 21 30 2c 72 28 7b 61 73 73 65 74 3a 73 2c 65 78 74 72 61 3a 7b 66 61 69 6c 75 72 65 3a 21 31 7d 7d 29 7d 2c 69 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 73 29 2c 74 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 69 29 7d 73 65 74 54 69 6d 65 6f 75 74 28 28 28 29 3d 3e 7b 61 7c 7c 72 28 7b 61 73 73 65 74 3a 73 2c 65 78 74 72 61 3a 7b 66 61 69 6c 75 72 65 3a 21 30 7d 7d 29 7d 29 2c 33 Data Ascii: =0,i.height=0,i.hidden=!0,i.style.setProperty("display","none","important"),i.referrerPolicy="no-referrer",i.onload=()=>{a=!0,r({asset:s,extra:{failure:!1}})},i.setAttribute("src",s),t.appendChild(i)}setTimeout((()=>{a\|\|r({asset:s,extra:{failure:!0}})}),3
2025-02-07 00:57:13 UTC	1369	IN	Data Raw: 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 29 72 65 74 75 72 6e 21 31 3b 63 6f 6e 73 74 20 65 3d 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 74 73 22 29 3b 72 65 74 75 72 6e 21 28 65 26 26 70 61 72 73 65 49 6e 74 28 65 29 2b 39 30 30 3e 64 28 29 29 7d 29 28 29 7c 7c 21 74 29 72 65 74 75 72 6e 20 76 6f 69 64 20 6e 28 22 4e 6f 20 6d 65 61 73 75 72 65 6d 65 6e 74 73 20 74 6f 20 64 6f 2e 22 29 3b 6e 28 60 54 61 6b 69 6e 67 20 24 7b 74 7d 20 6d 65 61 73 75 72 65 6d 65 6e 74 73 2e 2e 2e 60 29 3b 6c 65 74 20 72 3d 30 3b 63 6f 6e 73 74 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 Data Ascii: if("undefined"==typeof sessionStorage)return!1;const e=sessionStorage.getItem("ts");return!(e&&parseInt(e)+900>d())})()\|\|!t)return void n("No measurements to do.");n(`Taking ${t} measurements...`);let r=0;const o=document.querySelector("#cf-error-details
2025-02-07 00:57:13 UTC	1369	IN	Data Raw: 62 6d 69 74 2e 22 29 3b 61 77 61 69 74 20 61 28 35 30 29 7d 7d 63 6f 6e 73 74 20 70 3d 70 65 72 66 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 22 72 65 73 6f 75 72 63 65 22 29 3b 6c 65 74 20 68 3d 5b 5d 3b 69 66 28 70 29 66 6f 72 28 76 61 72 20 53 20 69 6e 20 6d 29 7b 6c 65 74 20 65 3d 6d 5b 53 5d 2c 74 3d 70 5b 70 2e 6d 61 70 28 28 65 3d 3e 65 2e 6e 61 6d 65 29 29 2e 69 6e 64 65 78 4f 66 28 65 2e 61 73 73 65 74 29 5d 3b 69 66 28 74 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 65 4f 72 69 67 69 6e 7c 7c 21 30 3d 3d 3d 65 2e 66 61 69 6c 75 72 65 29 7b 69 66 28 64 65 6c 65 74 65 20 65 2e 61 73 73 65 74 2c 65 2e 69 6e 73 74 61 6e 63 65 54 69 6d 65 4d 73 3d 4d 61 74 68 2e 74 72 75 6e 63 28 70 65 72 66 6f 72 6d 61 6e 63 65 Data Ascii: bmit.");await a(50)}}const p=performance.getEntriesByType("resource");let h=[];if(p)for(var S in m){let e=m[S],t=p[p.map((e=>e.name)).indexOf(e.asset)];if(t&&performance.timeOrigin\|\|!0===e.failure){if(delete e.asset,e.instanceTimeMs=Math.trunc(performance
2025-02-07 00:57:13 UTC	1369	IN	Data Raw: 33 33 65 31 63 66 30 65 31 64 22 2c 22 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 22 3a 22 2a 22 7d 2c 62 6f 64 79 3a 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 79 29 7d 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6a 73 6f 6e 28 29 7d 29 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 28 79 2c 22 26 6e 62 73 70 3b 53 65 6e 74 20 64 61 74 61 20 28 63 6c 69 63 6b 20 74 6f 20 65 78 70 61 6e 64 29 2e 2e 2e 22 29 2c 6e 28 27 4d 65 61 73 75 72 65 6d 65 6e 74 73 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 73 65 6e 74 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 61 64 61 72 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 22 3e 52 61 64 61 72 3c 2f Data Ascii: 33e1cf0e1d","Access-Control-Allow-Origin":"*"},body:JSON.stringify(y)}).then((function(e){return e.json()})).then((function(e){n(y," Sent data (click to expand)..."),n('Measurements successfully sent to <a href="https://radar.cloudflare.com/">Radar</
2025-02-07 00:57:13 UTC	1369	IN	Data Raw: 64 2e 6e 65 74 2f 69 6d 67 2f 72 32 30 2d 31 30 30 4b 42 2e 70 6e 67 22 2c 22 64 69 67 65 73 74 22 3a 22 32 37 62 63 65 39 65 38 35 65 61 66 33 35 36 37 61 34 36 39 35 62 61 32 62 36 31 32 65 33 32 36 31 35 33 39 34 64 38 30 64 30 61 33 61 32 64 63 62 30 37 62 31 66 62 66 64 66 61 62 61 62 63 37 22 2c 22 73 69 7a 65 22 3a 31 30 32 34 30 30 7d 5d 2c 22 6e 75 6d 5f 74 61 72 67 65 74 73 22 3a 35 2c 22 6e 75 6d 5f 62 79 74 65 73 22 3a 35 31 32 30 30 30 7d 2c 7b 22 6e 61 6d 65 22 3a 22 67 72 6f 75 70 2d 63 64 6e 2d 30 32 22 2c 22 72 61 74 65 22 3a 30 2e 38 2c 22 70 72 65 66 69 78 22 3a 22 22 2c 22 63 61 6e 46 61 69 6c 22 3a 66 61 6c 73 65 2c 22 61 6c 6c 6f 77 4d 6f 62 69 6c 65 22 3a 74 72 75 65 2c 22 61 73 73 65 74 73 22 3a 5b 7b 22 74 61 72 67 65 74 4e 61 6d Data Ascii: d.net/img/r20-100KB.png","digest":"27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7","size":102400}],"num_targets":5,"num_bytes":512000},{"name":"group-cdn-02","rate":0.8,"prefix":"","canFail":false,"allowMobile":true,"assets":[{"targetNam
2025-02-07 00:57:13 UTC	538	IN	Data Raw: 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 31 36 39 39 39 2e 63 65 64 65 78 69 73 2d 74 65 73 74 2e 63 6f 6d 2f 69 6d 67 2f 31 36 39 39 39 2f 72 32 30 2d 31 30 30 4b 42 2e 70 6e 67 22 2c 22 64 69 67 65 73 74 22 3a 22 32 37 62 63 65 39 65 38 35 65 61 66 33 35 36 37 61 34 36 39 35 62 61 32 62 36 31 32 65 33 32 36 31 35 33 39 34 64 38 30 64 30 61 33 61 32 64 63 62 30 37 62 31 66 62 66 64 66 61 62 61 62 63 37 22 2c 22 73 69 7a 65 22 3a 31 30 32 34 30 30 7d 2c 7b 22 74 61 72 67 65 74 4e 61 6d 65 22 3a 22 63 64 6e 65 74 77 6f 72 6b 73 22 2c 22 65 73 22 3a 34 34 32 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 33 36 2e 63 65 64 65 78 69 73 2d 74 65 73 74 2e 63 6f 6d 2f 69 6d 67 2f 31 37 36 35 33 2f 72 32 30 2d 31 30 30 4b 42 2e 70 6e 67 22 2c 22 64 69 Data Ascii: "url":"https://p16999.cedexis-test.com/img/16999/r20-100KB.png","digest":"27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7","size":102400},{"targetName":"cdnetworks","es":442,"url":"https://p36.cedexis-test.com/img/17653/r20-100KB.png","di

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49802	104.18.2.57	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-07 00:57:24 UTC	498	OUT	OPTIONS /api/v1/event HTTP/1.1 Host: sparrow.cloudflare.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type,sparrow-source-key Origin: http://104.21.48.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-07 00:57:24 UTC	412	IN	HTTP/1.1 200 OK Date: Fri, 07 Feb 2025 00:57:24 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 8 Connection: close Access-Control-Allow-Origin: http://104.21.48.1 Vary: Origin access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin access-control-allow-methods: POST, OPTIONS access-control-max-age: 600 Server: cloudflare CF-RAY: 90df6cf80a688c75-EWR
2025-02-07 00:57:24 UTC	8	IN	Data Raw: 53 75 63 63 65 73 73 2e Data Ascii: Success.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49808	104.18.2.57	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-07 00:57:25 UTC	629	OUT	POST /api/v1/event HTTP/1.1 Host: sparrow.cloudflare.com Connection: keep-alive Content-Length: 87 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Sparrow-Source-Key: c771f0e4b54944bebf4261d44bd79a1e Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: http://104.21.48.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-07 00:57:25 UTC	87	OUT	Data Raw: 7b 22 65 76 65 6e 74 22 3a 22 66 65 65 64 62 61 63 6b 20 63 6c 69 63 6b 65 64 22 2c 22 70 72 6f 70 65 72 74 69 65 73 22 3a 7b 22 65 72 72 6f 72 43 6f 64 65 22 3a 31 30 30 33 2c 22 68 65 6c 70 66 75 6c 22 3a 74 72 75 65 2c 22 76 65 72 73 69 6f 6e 22 3a 31 7d 7d Data Ascii: {"event":"feedback clicked","properties":{"errorCode":1003,"helpful":true,"version":1}}
2025-02-07 00:57:25 UTC	418	IN	HTTP/1.1 200 Filtered Date: Fri, 07 Feb 2025 00:57:25 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 9 Connection: close Access-Control-Allow-Origin: http://104.21.48.1 Vary: Origin access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin access-control-allow-methods: POST, OPTIONS access-control-max-age: 600 Server: cloudflare CF-RAY: 90df6cfbe8b9426a-EWR
2025-02-07 00:57:25 UTC	9	IN	Data Raw: 46 69 6c 74 65 72 65 64 2e Data Ascii: Filtered.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49811	104.18.2.57	443	3664	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-07 00:57:25 UTC	358	OUT	GET /api/v1/event HTTP/1.1 Host: sparrow.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-07 00:57:25 UTC	195	IN	HTTP/1.1 401 Unauthorized Date: Fri, 07 Feb 2025 00:57:25 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 12 Connection: close Server: cloudflare CF-RAY: 90df6cffbd84f5f7-EWR
2025-02-07 00:57:25 UTC	12	IN	Data Raw: 55 6e 61 75 74 68 6f 72 69 7a 65 64 Data Ascii: Unauthorized

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	19:56:58
Start date:	06/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	19:57:02
Start date:	06/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1964,i,10845158487433010155,15572567177602030268,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	19:57:09
Start date:	06/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://104.21.48.1"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Source: http://104.21.48.1/	HTTP Parser: No favicon
Source: http://104.21.48.1/	HTTP Parser: No favicon

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.21.48.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 104.40.149.189
Source: unknown	UDP traffic detected without corresponding DNS query: 104.40.149.189
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /beacon.js HTTP/1.1Host: performance.radar.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /beacon.js HTTP/1.1Host: performance.radar.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=Kq9mVfAyJwRbZfbxdg17KxjSy4KPeNFhsnzPbtROEBM-1738889832-1.0.1.1-BZSOzvt61z6RyehMv6L_1S7mUqFnHLtxo.1.a7OP667kqvMpNqfHPNzOOg_3V32pVeN.Gpi77PKcbA2zi.KxLA
Source: global traffic	HTTP traffic detected: GET /api/v1/event HTTP/1.1Host: sparrow.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 104.21.48.1Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/main.css HTTP/1.1Host: 104.21.48.1Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://104.21.48.1/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 104.21.48.1Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://104.21.48.1/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: performance.radar.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sparrow.cloudflare.com

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://104.21.48.1

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3604, Parent PID: 5972

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated

Windows Analysis Report
http://104.21.48.1