Edit tour

Windows Analysis Report
http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19

Overview

General Information

Sample URL:http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
Analysis ID:1637986
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML title does not match URL
None HTTPS page querying sensitive user data (password, username or email)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,6001787884130247300,2422151676545335571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2288 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-14T01:53:51.278764+010028596241Exploit Kit Activity Detected185.246.85.9380192.168.2.449731TCP

Click to jump to signature section

Show All Signature Results
Source: http://czm11.cavernbeatles.com/HTTP Parser: Number of links: 0
Source: http://czm11.cavernbeatles.com/HTTP Parser: Title: Coming Soon - aeroportodiancona.info does not match URL
Source: http://czm11.cavernbeatles.com/HTTP Parser: Has password / email / username input fields
Source: http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/HTTP Parser: No favicon
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="author".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="author".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="author".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="author".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="author".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="copyright".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="copyright".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="copyright".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="copyright".. found
Source: http://czm11.cavernbeatles.com/HTTP Parser: No <meta name="copyright".. found

Networking

barindex
Source: Network trafficSuricata IDS: 2859624 - Severity 1 - ETPRO EXPLOIT_KIT FoxTDS Filtered Blacklisted : 185.246.85.93:80 -> 192.168.2.4:49731
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 23.60.203.209
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: global trafficHTTP traffic detected: GET /rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19 HTTP/1.1Host: czm11.cavernbeatles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19 HTTP/1.1Host: czm11.cavernbeatles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: czm11.cavernbeatles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1Host: czm11.cavernbeatles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: czm11.cavernbeatles.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://czm11.cavernbeatles.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/styles.css HTTP/1.1Host: czm11.cavernbeatles.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://czm11.cavernbeatles.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: czm11.cavernbeatles.com
Source: global trafficDNS traffic detected: DNS query: feeds.foxnews.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_8.46.123.189X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 497X-Ratelimit-Reset: 1741917230Date: Fri, 14 Mar 2025 00:53:51 GMTContent-Length: 0
Source: chromecache_49.2.drString found in binary or memory: https://feeds.foxnews.com/foxnews/world
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5324_2045640045Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5324_2045640045Jump to behavior
Source: classification engineClassification label: mal48.win@20/10@24/4
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,6001787884130247300,2422151676545335571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2288 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,6001787884130247300,2422151676545335571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2288 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1637986 URL: http://czm11.cavernbeatles.... Startdate: 14/03/2025 Architecture: WINDOWS Score: 48 15 beacons.gvt2.com 2->15 17 beacons.gcp.gvt2.com 2->17 19 beacons-handoff.gcp.gvt2.com 2->19 29 Suricata IDS alerts for network traffic 2->29 7 chrome.exe 2 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.4, 138, 443, 49297 unknown unknown 7->21 12 chrome.exe 7->12         started        process6 dnsIp7 23 czm11.cavernbeatles.com 185.246.85.93, 443, 49730, 49731 IKOULAFR France 12->23 25 www.google.com 142.250.185.132, 443, 49726, 49727 GOOGLEUS United States 12->25 27 6 other IPs or domains 12->27

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r190%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://czm11.cavernbeatles.com/assets/styles.css0%Avira URL Cloudsafe
http://czm11.cavernbeatles.com/favicon.ico0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
j.sni.global.fastly.net
151.101.2.132
truefalse
    high
    czm11.cavernbeatles.com
    185.246.85.93
    truetrue
      unknown
      beacons-handoff.gcp.gvt2.com
      142.251.143.35
      truefalse
        high
        www.google.com
        142.250.185.132
        truefalse
          high
          beacons.gvt2.com
          142.250.181.227
          truefalse
            high
            beacons6.gvt2.com
            142.250.186.35
            truefalse
              high
              beacons.gcp.gvt2.com
              unknown
              unknownfalse
                high
                feeds.foxnews.com
                unknown
                unknownfalse
                  high
                  NameMaliciousAntivirus DetectionReputation
                  http://czm11.cavernbeatles.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3false
                    unknown
                    http://czm11.cavernbeatles.com/assets/styles.csstrue
                    • Avira URL Cloud: safe
                    unknown
                    http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19true
                      unknown
                      http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19false
                        unknown
                        http://czm11.cavernbeatles.com/false
                          unknown
                          http://czm11.cavernbeatles.com/favicon.icotrue
                          • Avira URL Cloud: safe
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          https://feeds.foxnews.com/foxnews/worldchromecache_49.2.drfalse
                            high
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            185.246.85.93
                            czm11.cavernbeatles.comFrance
                            21409IKOULAFRtrue
                            142.250.185.132
                            www.google.comUnited States
                            15169GOOGLEUSfalse
                            151.101.2.132
                            j.sni.global.fastly.netUnited States
                            54113FASTLYUSfalse
                            IP
                            192.168.2.4
                            Joe Sandbox version:42.0.0 Malachite
                            Analysis ID:1637986
                            Start date and time:2025-03-14 01:52:45 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 18s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:browseurl.jbs
                            Sample URL:http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:21
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal48.win@20/10@24/4
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.185.206, 142.250.186.142, 64.233.184.84, 199.232.210.172, 2.23.77.188, 216.58.212.170, 216.58.206.74, 172.217.18.10, 142.250.186.138, 142.250.185.106, 172.217.23.106, 142.250.185.138, 142.250.184.202, 142.250.184.234, 142.250.186.170, 142.250.186.42, 142.250.185.74, 142.250.186.74, 142.250.185.202, 142.250.186.106, 142.250.185.170, 142.250.186.163, 142.250.185.238, 74.125.206.84
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenFile calls found.
                            • VT rate limit hit for: http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            No simulations
                            No context
                            No context
                            No context
                            No context
                            No context
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:downloaded
                            Size (bytes):2883
                            Entropy (8bit):4.855223108468014
                            Encrypted:false
                            SSDEEP:48:Z+dEJJpI4LLIk6ddLHJy8A3SXUV/ot5CjsEn+yxw4Dj7jvj:j3LLIk6T9yvGssE5x7
                            MD5:4C70E6AE58B22DD268F5106D4EE3AE44
                            SHA1:0C5646A9F164D08F74FE393211B2F4DC0421010B
                            SHA-256:BF7E3FCFBDA05EA1397C425FC2CE4F3D669059AC6F9BBE762A27111AFF3FF310
                            SHA-512:DB248ED77A34E0177622C314DE834BC2A215C1B2EABF5D6BDEC717A61C20436A19FB94B4C0C54EDC32636728D2F163B91644EB34E6CC005CD3307EAB89BAA1E0
                            Malicious:false
                            Reputation:low
                            URL:http://czm11.cavernbeatles.com/
                            Preview:.............<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Coming Soon - aeroportodiancona.info</title>.. <link rel="stylesheet" href="/assets/styles.css">..</head>.<body>.<div class="container">. <h1>Our Website is Coming Soon!</h1>. <p>We are working hard to give you the best experience. Stay tuned!</p>. <div class="countdown">. <div class="countdown-item">. <span id="days">00</span>. <label>Days</label>. </div>. <div class="countdown-item">. <span id="hours">00</span>. <label>Hours</label>. </div>. <div class="countdown-item">. <span id="minutes">00</span>. <label>Minutes</label>. </div>. <div class="countdown-item">. <span id="seconds">00</span>. <label>Seconds</label>. </div>. </div>.. <form id="subscription-form" on
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:ASCII text
                            Category:downloaded
                            Size (bytes):1435
                            Entropy (8bit):4.7130828204283555
                            Encrypted:false
                            SSDEEP:24:UkvMuGRKe7+U6eSEMDSaGvMdufqGmnoSPfzS7pvMugQrYFv0CGSTYFUL9MtDY3Ss:Uk9w7x9sHGgufRNkz09fcFMCGJFUL9MO
                            MD5:1FB5EDFEA0AF10D301EFCD56738BA30A
                            SHA1:1AAC6EB08825AD63AC334CFF1F816CC9ECA71219
                            SHA-256:161D0961994DD86814FAFBA6EDD6FA7A75D17B19B2E60E1EE01ADAA9EA19DADC
                            SHA-512:A0C3F78B663E01D24DDD53AF6D0D1E3E9DD743C3E4CB6FC8F45588BCC37AB3923A2992505C4842D9E451692A7E7495155F58BFED056BCFE57E02204603F962DD
                            Malicious:false
                            Reputation:low
                            URL:http://czm11.cavernbeatles.com/assets/styles.css
                            Preview:body {. font-family: Arial, sans-serif;. background-color: #f0f0f0;. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. padding: 0;.}...container {. background-color: #ffffff;. padding: 30px;. border-radius: 10px;. box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);. text-align: center;.}..h1 {. font-size: 36px;. margin-bottom: 20px;. color: #333;.}..p {. font-size: 18px;. color: #777;. margin-bottom: 40px;.}...countdown {. display: flex;. justify-content: center;. margin-bottom: 40px;.}...countdown-item {. display: inline-block;. margin: 0 10px;.}...countdown-item span {. font-size: 24px;. color: #444;.}...countdown-item label {. display: block;. font-size: 14px;. color: #999;.}..form {. display: flex;. justify-content: center;. align-items: center;. flex-direction: column;.}..input[type="email"] {. font-size: 16px;. padding: 10px;. border: 1px sol
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:downloaded
                            Size (bytes):210
                            Entropy (8bit):5.098105294030167
                            Encrypted:false
                            SSDEEP:6:uIRnXHFmmmJ0S2IcENFJKSK/xIcEo/VMCGYoVL:lXHAx6S2SRcJ9IL
                            MD5:05DA576EB71641B10811A1AEF60A853D
                            SHA1:5E7C7F426430C30209FE270AB129A9C0100BDEE9
                            SHA-256:58B98E11D36F9689D4AF3C1CB3755528817709300FACF6D314C99CE91BD90B4B
                            SHA-512:2DAC5452E42E24043F512741B01E08CDEE464771A13C2D38D3F9958F75FCEA079F67A7B704AC6753C0BAB02DFDDD434AE7024D4674E3A532A70D50C5D6A72937
                            Malicious:false
                            Reputation:low
                            URL:http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            Preview:<script>.setTimeout(function(){. window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; . console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');.}, 1000);.</script>.<p></p>.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:downloaded
                            Size (bytes):235
                            Entropy (8bit):4.996687328840349
                            Encrypted:false
                            SSDEEP:6:HXQI4ySmfH1A7YmmBi7YmjA0VhM+yp7YmmJyR13YoVL:HXYknxJX0VM2xYwIL
                            MD5:41735C0E24BE1E5BD89C1F6531207494
                            SHA1:9EAE1BFA3B43E52C21E87FABCD63A4C2A3E55554
                            SHA-256:A594B117BC9C64745935F48B866C3CAA70CDED9C35EE02841A28277F3E75FFE3
                            SHA-512:2CE91960620061DE0C91383930CC83BA32CCAD82E75C6CF8678CCF907021EA8D2901B327AF67565593D765873FD7988AA533753A2B8E94E2FB38D71C3A3C787F
                            Malicious:false
                            Reputation:low
                            URL:http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            Preview:<script>.var tarcking_param = window.location.href.split('#')[1];.if(!tarcking_param){..document.location.href = document.location.href.replace("/rd/", "/t/");.}else{..document.location.href = '/t/'+tarcking_param;.}.</script>.<p></p>.
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:HTML document, ASCII text
                            Category:downloaded
                            Size (bytes):3201
                            Entropy (8bit):4.575164851274125
                            Encrypted:false
                            SSDEEP:48:vuzdIC1AFRZpvtph6F6BgxVbaCdQciJ2ZBgof6PM5FGxs7vtj:vuz1Yd6ygx4cA2
                            MD5:858A2F5241103487BF39784412AA424E
                            SHA1:2174BBF56CD7355C60990E3859346BA5643030CF
                            SHA-256:054A6365422992FB2B7DCD2D5C1E79319C189A3D0F63949ACB6957D24EA79BB7
                            SHA-512:F86208CECF3D4F1EA9537FA294116F3893C81A0DD370C15CD71235216BCAFBA17DE0FD41F4F9A99803AD107A073CDB8974A0E032DD490B7ADE0FC1398F200881
                            Malicious:false
                            Reputation:low
                            URL:http://czm11.cavernbeatles.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3
                            Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Fox News World RSS Feed - aeroportodiancona.info </title>. <style>. body {. font-family: Arial, sans-serif;. background-color: #f4f6f9;. color: #333;. margin: 0;. padding: 0;. }.. .container {. width: 80%;. margin: 0 auto;. }.. h1 {. font-size: 2rem;. margin: 2rem 0;. }.. .news-item {. background-color: white;. padding: 1.5rem;. margin-bottom: 1rem;. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);. }.. .news-item h2 {. font-size: 1.5rem;. margin-bottom: 1rem;. }.. .news-item a {. color: #1a73e8;. text-decoration: none;. }.. .news-ite
                            No static file info

                            Download Network PCAP: filteredfull

                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2025-03-14T01:53:51.278764+01002859624ETPRO EXPLOIT_KIT FoxTDS Filtered Blacklisted1185.246.85.9380192.168.2.449731TCP
                            • Total Packets: 154
                            • 443 (HTTPS)
                            • 80 (HTTP)
                            • 53 (DNS)
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 14, 2025 01:53:43.028965950 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:53:43.338982105 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:53:44.010864973 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:53:45.307789087 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:53:47.713844061 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:53:48.191029072 CET49726443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:53:48.191087008 CET44349726142.250.185.132192.168.2.4
                            Mar 14, 2025 01:53:48.191226006 CET49726443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:53:48.191492081 CET49726443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:53:48.191515923 CET44349726142.250.185.132192.168.2.4
                            Mar 14, 2025 01:53:48.389930010 CET44349726142.250.185.132192.168.2.4
                            Mar 14, 2025 01:53:48.390753031 CET49727443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:53:48.390799999 CET44349727142.250.185.132192.168.2.4
                            Mar 14, 2025 01:53:48.390995026 CET49727443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:53:48.391357899 CET49727443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:53:48.391374111 CET44349727142.250.185.132192.168.2.4
                            Mar 14, 2025 01:53:48.589823961 CET44349727142.250.185.132192.168.2.4
                            Mar 14, 2025 01:53:50.030682087 CET4973080192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.030802011 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.035830975 CET8049730185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.036262035 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.036345005 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.036350965 CET4973080192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.062822104 CET49732443192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.062872887 CET44349732185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.062941074 CET49732443192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.063225031 CET49732443192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.063241005 CET44349732185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.221271038 CET49733443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.221323013 CET4434973323.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.221417904 CET49733443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.223429918 CET49733443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.223444939 CET4434973323.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.224080086 CET4434973323.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.245995045 CET49734443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.246037960 CET4434973423.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.246114016 CET49734443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.246452093 CET49734443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.246465921 CET4434973423.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.246889114 CET4434973423.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.247201920 CET49735443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.247323036 CET4434973523.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.249629021 CET49735443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.253242970 CET49735443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.253293991 CET4434973523.60.203.209192.168.2.4
                            Mar 14, 2025 01:53:50.253351927 CET49735443192.168.2.423.60.203.209
                            Mar 14, 2025 01:53:50.261593103 CET44349732185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.262582064 CET49736443192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.262598991 CET44349736185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.262684107 CET49736443192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.262979984 CET49736443192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.262993097 CET44349736185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.461664915 CET44349736185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.531416893 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.536206961 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.706698895 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:50.759968042 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.944650888 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:50.949681997 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:51.216758966 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:51.266678095 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:51.274039984 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:51.278764009 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:51.449297905 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:51.493920088 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:51.776316881 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:53:52.076679945 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:53:52.280495882 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:52.285300970 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:52.456248045 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:52.456268072 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:52.456279993 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:52.456291914 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:53:52.456321955 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:52.456352949 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:53:52.514936924 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:53:52.548381090 CET49739443192.168.2.4151.101.2.132
                            Mar 14, 2025 01:53:52.548415899 CET44349739151.101.2.132192.168.2.4
                            Mar 14, 2025 01:53:52.548504114 CET49739443192.168.2.4151.101.2.132
                            Mar 14, 2025 01:53:52.549041033 CET49739443192.168.2.4151.101.2.132
                            Mar 14, 2025 01:53:52.549062967 CET44349739151.101.2.132192.168.2.4
                            Mar 14, 2025 01:53:52.679879904 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:53:52.749385118 CET44349739151.101.2.132192.168.2.4
                            Mar 14, 2025 01:53:52.749917030 CET49740443192.168.2.4151.101.2.132
                            Mar 14, 2025 01:53:52.749974966 CET44349740151.101.2.132192.168.2.4
                            Mar 14, 2025 01:53:52.750030994 CET49740443192.168.2.4151.101.2.132
                            Mar 14, 2025 01:53:52.750333071 CET49740443192.168.2.4151.101.2.132
                            Mar 14, 2025 01:53:52.750350952 CET44349740151.101.2.132192.168.2.4
                            Mar 14, 2025 01:53:52.949479103 CET44349740151.101.2.132192.168.2.4
                            Mar 14, 2025 01:53:53.885481119 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:53:56.291785955 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:53:56.523350000 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:53:56.823049068 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:53:57.432410002 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:53:58.318084955 CET49745443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.318151951 CET4434974520.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.322179079 CET49745443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.323199034 CET49745443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.323219061 CET4434974520.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.323821068 CET4434974520.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.383498907 CET49746443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.383543015 CET4434974620.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.383852959 CET49746443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.383948088 CET49746443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.383965015 CET4434974620.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.384447098 CET4434974620.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.429555893 CET49747443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.429603100 CET4434974720.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.429733992 CET49747443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.430180073 CET49747443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.430197954 CET4434974720.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.430783987 CET4434974720.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.464066029 CET49748443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.464107990 CET4434974820.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.464243889 CET49748443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.466104984 CET49748443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.466124058 CET4434974820.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.466540098 CET4434974820.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.529576063 CET49749443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.529649973 CET4434974920.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.529757023 CET49749443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.530066967 CET49749443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.530080080 CET4434974920.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.530524015 CET4434974920.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.553687096 CET49750443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.553741932 CET4434975020.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.553845882 CET49750443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.554085970 CET49750443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.554100037 CET4434975020.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.554445028 CET4434975020.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.593417883 CET49751443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.593452930 CET4434975120.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.593511105 CET49751443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.593808889 CET49751443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.593823910 CET4434975120.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.594249964 CET4434975120.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.635569096 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:53:58.645361900 CET49752443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.645473957 CET4434975220.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.645569086 CET49752443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.645906925 CET49752443192.168.2.420.12.23.50
                            Mar 14, 2025 01:53:58.645940065 CET4434975220.12.23.50192.168.2.4
                            Mar 14, 2025 01:53:58.646469116 CET4434975220.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:01.042247057 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:54:01.104768991 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:54:02.120795965 CET49671443192.168.2.4204.79.197.203
                            Mar 14, 2025 01:54:05.854757071 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:54:10.715507984 CET49678443192.168.2.420.189.173.27
                            Mar 14, 2025 01:54:15.411890030 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:15.417423964 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:15.465759993 CET4968180192.168.2.42.17.190.73
                            Mar 14, 2025 01:54:15.587939024 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:15.587966919 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:15.587985039 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:15.588047028 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:15.638113976 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:15.838443995 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:15.843194008 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:16.013895988 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:16.013910055 CET8049731185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:16.013958931 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:21.208086967 CET4976580192.168.2.4172.217.18.3
                            Mar 14, 2025 01:54:21.212806940 CET8049765172.217.18.3192.168.2.4
                            Mar 14, 2025 01:54:21.212867975 CET4976580192.168.2.4172.217.18.3
                            Mar 14, 2025 01:54:21.213356018 CET4976580192.168.2.4172.217.18.3
                            Mar 14, 2025 01:54:21.217977047 CET8049765172.217.18.3192.168.2.4
                            Mar 14, 2025 01:54:21.835282087 CET8049765172.217.18.3192.168.2.4
                            Mar 14, 2025 01:54:21.840696096 CET4976580192.168.2.4172.217.18.3
                            Mar 14, 2025 01:54:21.845371962 CET8049765172.217.18.3192.168.2.4
                            Mar 14, 2025 01:54:22.021383047 CET8049765172.217.18.3192.168.2.4
                            Mar 14, 2025 01:54:22.088449001 CET4976580192.168.2.4172.217.18.3
                            Mar 14, 2025 01:54:34.961442947 CET49773443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:34.961494923 CET4434977320.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:34.961575031 CET49773443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:34.961899996 CET49773443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:34.961915016 CET4434977320.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:34.962515116 CET4434977320.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:34.965487003 CET49774443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:34.965534925 CET4434977420.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:34.965603113 CET49774443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:34.965873003 CET49774443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:34.965886116 CET4434977420.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:34.966257095 CET4434977420.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.002146959 CET49775443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.002186060 CET4434977520.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.002264023 CET49775443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.002557993 CET49775443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.002568960 CET4434977520.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.002918959 CET4434977520.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.021733999 CET49776443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.021770000 CET4434977620.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.021826029 CET49776443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.022114992 CET49776443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.022129059 CET4434977620.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.022538900 CET4434977620.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.041498899 CET4973080192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:35.046149969 CET49777443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.046224117 CET4434977720.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.046305895 CET49777443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.046566963 CET49777443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.046586037 CET4434977720.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.046905041 CET4434977720.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.046926975 CET8049730185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:35.081752062 CET49778443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.081845999 CET4434977820.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.081926107 CET49778443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.082212925 CET49778443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.082231045 CET4434977820.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.082582951 CET4434977820.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.116449118 CET49779443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.116497993 CET4434977920.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.116558075 CET49779443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.116904020 CET49779443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.116914988 CET4434977920.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.117286921 CET4434977920.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.150599957 CET49780443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.150623083 CET4434978020.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.150669098 CET49780443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.150959969 CET49780443192.168.2.420.12.23.50
                            Mar 14, 2025 01:54:35.150969982 CET4434978020.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:35.151335955 CET4434978020.12.23.50192.168.2.4
                            Mar 14, 2025 01:54:48.246721029 CET49790443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:54:48.246793032 CET44349790142.250.185.132192.168.2.4
                            Mar 14, 2025 01:54:48.246860981 CET49790443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:54:48.247178078 CET49790443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:54:48.247195959 CET44349790142.250.185.132192.168.2.4
                            Mar 14, 2025 01:54:48.445298910 CET44349790142.250.185.132192.168.2.4
                            Mar 14, 2025 01:54:48.445888996 CET49791443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:54:48.445929050 CET44349791142.250.185.132192.168.2.4
                            Mar 14, 2025 01:54:48.446002007 CET49791443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:54:48.446306944 CET49791443192.168.2.4142.250.185.132
                            Mar 14, 2025 01:54:48.446319103 CET44349791142.250.185.132192.168.2.4
                            Mar 14, 2025 01:54:48.645543098 CET44349791142.250.185.132192.168.2.4
                            Mar 14, 2025 01:54:50.715437889 CET4973080192.168.2.4185.246.85.93
                            Mar 14, 2025 01:54:50.720448017 CET8049730185.246.85.93192.168.2.4
                            Mar 14, 2025 01:54:50.720526934 CET4973080192.168.2.4185.246.85.93
                            Mar 14, 2025 01:55:01.026643991 CET4973180192.168.2.4185.246.85.93
                            Mar 14, 2025 01:55:01.031450033 CET8049731185.246.85.93192.168.2.4
                            TimestampSource PortDest PortSource IPDest IP
                            Mar 14, 2025 01:53:44.648801088 CET53547601.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:44.714888096 CET53556481.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:48.183479071 CET6332353192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:48.183619022 CET4983653192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:48.190181971 CET53498361.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:48.190196991 CET53633231.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:50.013650894 CET5913053192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:50.016819954 CET5935553192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:50.026855946 CET53591301.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:50.029987097 CET53593551.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:50.040178061 CET6517253192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:50.040328026 CET6100153192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:50.061614037 CET53610011.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:50.062058926 CET53651721.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:52.524221897 CET5724053192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:52.524712086 CET5596853192.168.2.41.1.1.1
                            Mar 14, 2025 01:53:52.546314955 CET53559681.1.1.1192.168.2.4
                            Mar 14, 2025 01:53:52.546994925 CET53572401.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:16.063039064 CET53521031.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:44.208892107 CET53514121.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:44.618257046 CET53606811.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:45.351607084 CET53537231.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:46.365870953 CET5410753192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:46.366156101 CET5780053192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:46.372828960 CET53541071.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:46.372844934 CET53578001.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:47.385952950 CET6131353192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:47.386089087 CET5222653192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:47.392752886 CET53613131.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:47.392931938 CET53522261.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:49.423064947 CET5708953192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:49.429709911 CET53570891.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:50.432570934 CET5708953192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:50.439208031 CET53570891.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:51.420296907 CET138138192.168.2.4192.168.2.255
                            Mar 14, 2025 01:54:51.433108091 CET5708953192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:51.439837933 CET53570891.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:53.448519945 CET5708953192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:53.455379009 CET53570891.1.1.1192.168.2.4
                            Mar 14, 2025 01:54:57.463745117 CET5708953192.168.2.41.1.1.1
                            Mar 14, 2025 01:54:57.470390081 CET53570891.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:01.671489954 CET5047253192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:01.671771049 CET4929753192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:01.678333998 CET53492971.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:01.678350925 CET53504721.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:02.682746887 CET6418553192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:02.691037893 CET53641851.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:04.716048002 CET6423153192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:04.722959042 CET53642311.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:05.729640961 CET6423153192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:05.738375902 CET53642311.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:06.729918003 CET6423153192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:06.737422943 CET53642311.1.1.1192.168.2.4
                            Mar 14, 2025 01:55:08.745157957 CET6423153192.168.2.41.1.1.1
                            Mar 14, 2025 01:55:08.752121925 CET53642311.1.1.1192.168.2.4
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Mar 14, 2025 01:53:48.183479071 CET192.168.2.41.1.1.10x7771Standard query (0)www.google.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:48.183619022 CET192.168.2.41.1.1.10xe419Standard query (0)www.google.com65IN (0x0001)false
                            Mar 14, 2025 01:53:50.013650894 CET192.168.2.41.1.1.10xe1d9Standard query (0)czm11.cavernbeatles.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:50.016819954 CET192.168.2.41.1.1.10x237bStandard query (0)czm11.cavernbeatles.com65IN (0x0001)false
                            Mar 14, 2025 01:53:50.040178061 CET192.168.2.41.1.1.10xa8a0Standard query (0)czm11.cavernbeatles.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:50.040328026 CET192.168.2.41.1.1.10xac19Standard query (0)czm11.cavernbeatles.com65IN (0x0001)false
                            Mar 14, 2025 01:53:52.524221897 CET192.168.2.41.1.1.10x948eStandard query (0)feeds.foxnews.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:52.524712086 CET192.168.2.41.1.1.10x4daaStandard query (0)feeds.foxnews.com65IN (0x0001)false
                            Mar 14, 2025 01:54:46.365870953 CET192.168.2.41.1.1.10x255eStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:46.366156101 CET192.168.2.41.1.1.10xc6d3Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                            Mar 14, 2025 01:54:47.385952950 CET192.168.2.41.1.1.10xf1daStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:47.386089087 CET192.168.2.41.1.1.10x8e4eStandard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                            Mar 14, 2025 01:54:49.423064947 CET192.168.2.41.1.1.10x7015Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:50.432570934 CET192.168.2.41.1.1.10x7015Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:51.433108091 CET192.168.2.41.1.1.10x7015Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:53.448519945 CET192.168.2.41.1.1.10x7015Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:57.463745117 CET192.168.2.41.1.1.10x7015Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:01.671489954 CET192.168.2.41.1.1.10x380eStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:01.671771049 CET192.168.2.41.1.1.10x8337Standard query (0)beacons.gvt2.com65IN (0x0001)false
                            Mar 14, 2025 01:55:02.682746887 CET192.168.2.41.1.1.10x176Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:04.716048002 CET192.168.2.41.1.1.10x597fStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:05.729640961 CET192.168.2.41.1.1.10x597fStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:06.729918003 CET192.168.2.41.1.1.10x597fStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:08.745157957 CET192.168.2.41.1.1.10x597fStandard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Mar 14, 2025 01:53:48.190181971 CET1.1.1.1192.168.2.40xe419No error (0)www.google.com65IN (0x0001)false
                            Mar 14, 2025 01:53:48.190196991 CET1.1.1.1192.168.2.40x7771No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:50.026855946 CET1.1.1.1192.168.2.40xe1d9No error (0)czm11.cavernbeatles.com185.246.85.93A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:50.062058926 CET1.1.1.1192.168.2.40xa8a0No error (0)czm11.cavernbeatles.com185.246.85.93A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:52.546314955 CET1.1.1.1192.168.2.40x4daaNo error (0)feeds.foxnews.comj.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:53:52.546994925 CET1.1.1.1192.168.2.40x948eNo error (0)feeds.foxnews.comj.sni.global.fastly.netCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:53:52.546994925 CET1.1.1.1192.168.2.40x948eNo error (0)j.sni.global.fastly.net151.101.2.132A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:52.546994925 CET1.1.1.1192.168.2.40x948eNo error (0)j.sni.global.fastly.net151.101.66.132A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:52.546994925 CET1.1.1.1192.168.2.40x948eNo error (0)j.sni.global.fastly.net151.101.130.132A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:53:52.546994925 CET1.1.1.1192.168.2.40x948eNo error (0)j.sni.global.fastly.net151.101.194.132A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:46.372828960 CET1.1.1.1192.168.2.40x255eNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:46.372828960 CET1.1.1.1192.168.2.40x255eNo error (0)beacons-handoff.gcp.gvt2.com142.251.143.35A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:46.372844934 CET1.1.1.1192.168.2.40xc6d3No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:47.392752886 CET1.1.1.1192.168.2.40xf1daNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:47.392752886 CET1.1.1.1192.168.2.40xf1daNo error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:47.392931938 CET1.1.1.1192.168.2.40x8e4eNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:49.429709911 CET1.1.1.1192.168.2.40x7015No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:49.429709911 CET1.1.1.1192.168.2.40x7015No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:50.439208031 CET1.1.1.1192.168.2.40x7015No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:50.439208031 CET1.1.1.1192.168.2.40x7015No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:51.439837933 CET1.1.1.1192.168.2.40x7015No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:51.439837933 CET1.1.1.1192.168.2.40x7015No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:53.455379009 CET1.1.1.1192.168.2.40x7015No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:53.455379009 CET1.1.1.1192.168.2.40x7015No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:54:57.470390081 CET1.1.1.1192.168.2.40x7015No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:54:57.470390081 CET1.1.1.1192.168.2.40x7015No error (0)beacons-handoff.gcp.gvt2.com142.250.180.99A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:01.678350925 CET1.1.1.1192.168.2.40x380eNo error (0)beacons.gvt2.combeacons6.gvt2.comCNAME (Canonical name)IN (0x0001)false
                            Mar 14, 2025 01:55:01.678350925 CET1.1.1.1192.168.2.40x380eNo error (0)beacons6.gvt2.com142.250.186.35A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:02.691037893 CET1.1.1.1192.168.2.40x176No error (0)beacons.gvt2.com142.250.181.227A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:04.722959042 CET1.1.1.1192.168.2.40x597fNo error (0)beacons.gvt2.com216.58.206.35A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:05.738375902 CET1.1.1.1192.168.2.40x597fNo error (0)beacons.gvt2.com216.58.206.35A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:06.737422943 CET1.1.1.1192.168.2.40x597fNo error (0)beacons.gvt2.com216.58.206.35A (IP address)IN (0x0001)false
                            Mar 14, 2025 01:55:08.752121925 CET1.1.1.1192.168.2.40x597fNo error (0)beacons.gvt2.com216.58.206.35A (IP address)IN (0x0001)false
                            • czm11.cavernbeatles.com
                            • c.pki.goog
                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.449731185.246.85.93802800C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            Mar 14, 2025 01:53:50.531416893 CET502OUTGET /rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19 HTTP/1.1
                            Host: czm11.cavernbeatles.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Mar 14, 2025 01:53:50.706698895 CET487INHTTP/1.1 200 OK
                            Content-Type: text/html; charset=utf-8
                            X-Address: gin_throttle_mw_7200000000_8.46.123.189
                            X-Ratelimit-Limit: 500
                            X-Ratelimit-Remaining: 499
                            X-Ratelimit-Reset: 1741917230
                            Date: Fri, 14 Mar 2025 00:53:50 GMT
                            Content-Length: 235
                            Data Raw: 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 73 70 6c 69 74 28 27 23 27 29 5b 31 5d 3b 0a 69 66 28 21 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 29 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 22 2f 72 64 2f 22 2c 20 22 2f 74 2f 22 29 3b 0a 7d 65 6c 73 65 7b 0a 09 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 74 2f 27 2b 74 61 72 63 6b 69 6e 67 5f 70 61 72 61 6d 3b 0a 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a
                            Data Ascii: <script>var tarcking_param = window.location.href.split('#')[1];if(!tarcking_param){document.location.href = document.location.href.replace("/rd/", "/t/");}else{document.location.href = '/t/'+tarcking_param;}</script><p></p>
                            Mar 14, 2025 01:53:50.944650888 CET607OUTGET /t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19 HTTP/1.1
                            Host: czm11.cavernbeatles.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Referer: http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Mar 14, 2025 01:53:51.216758966 CET462INHTTP/1.1 200 OK
                            Content-Type: text/html; charset=utf-8
                            X-Address: gin_throttle_mw_7200000000_8.46.123.189
                            X-Ratelimit-Limit: 500
                            X-Ratelimit-Remaining: 498
                            X-Ratelimit-Reset: 1741917230
                            Date: Fri, 14 Mar 2025 00:53:51 GMT
                            Content-Length: 210
                            Data Raw: 3c 73 63 72 69 70 74 3e 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 3b 20 0a 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 6e 65 77 73 3f 71 3d 49 50 20 70 72 6f 76 69 64 65 72 20 69 73 20 62 6c 61 63 6b 6c 69 73 74 65 64 21 20 4c 45 56 45 4c 33 27 29 3b 0a 7d 2c 20 31 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a
                            Data Ascii: <script>setTimeout(function(){ window.location.href = '/news?q=IP provider is blacklisted! LEVEL3'; console.log('redirecting to /news?q=IP provider is blacklisted! LEVEL3');}, 1000);</script><p></p>
                            Mar 14, 2025 01:53:51.274039984 CET453OUTGET /favicon.ico HTTP/1.1
                            Host: czm11.cavernbeatles.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Referer: http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Mar 14, 2025 01:53:51.449297905 CET258INHTTP/1.1 404 Not Found
                            Content-Type: text/plain; charset=utf-8
                            X-Address: gin_throttle_mw_7200000000_8.46.123.189
                            X-Ratelimit-Limit: 500
                            X-Ratelimit-Remaining: 497
                            X-Ratelimit-Reset: 1741917230
                            Date: Fri, 14 Mar 2025 00:53:51 GMT
                            Content-Length: 0
                            Mar 14, 2025 01:53:52.280495882 CET592OUTGET /news?q=IP%20provider%20is%20blacklisted!%20LEVEL3 HTTP/1.1
                            Host: czm11.cavernbeatles.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Referer: http://czm11.cavernbeatles.com/t/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Mar 14, 2025 01:53:52.456248045 CET1236INHTTP/1.1 200 OK
                            Content-Type: text/html; charset=utf-8
                            X-Address: gin_throttle_mw_7200000000_8.46.123.189
                            X-Ratelimit-Limit: 500
                            X-Ratelimit-Remaining: 496
                            X-Ratelimit-Reset: 1741917230
                            Date: Fri, 14 Mar 2025 00:53:52 GMT
                            Transfer-Encoding: chunked
                            Data Raw: 38 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 20 20 2d 20 61 65 72 6f 70 6f 72 74 6f 64 69 61 6e 63 6f 6e 61 2e 69 6e 66 6f 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 34 66 36 66 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED]
                            Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Fox News World RSS Feed - aeroportodiancona.info </title> <style> body { font-family: Arial, sans-serif; background-color: #f4f6f9; color: #333; margin: 0; padding: 0; } .container { width: 80%; margin: 0 auto; } h1 { font-size: 2rem; margin: 2rem 0; } .news-item { background-color: white; padding: 1.5rem; margin-bottom: 1rem; box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24); } .news-item h2 { font-size: 1.5rem; margin-bottom: 1rem; } .news-item a { color: #1a73e8; text-decoration: none;
                            Mar 14, 2025 01:53:52.456268072 CET224INData Raw: 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 65 77 73 2d 69 74 65 6d 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20
                            Data Ascii: } .news-item a:hover { text-decoration: underline; } .news-item p { font-size: 1rem; margin-bottom: 0; } </style></head><body><div class="
                            Mar 14, 2025 01:53:52.456279993 CET1236INData Raw: 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 46 6f 78 20 4e 65 77 73 20 57 6f 72 6c 64 20 52 53 53 20 46 65 65 64 3c 2f 68 31 3e 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 42 61 63 6b 20 74 6f 20 74 68 65 20 6d 61 69 6e 20
                            Data Ascii: container"> <h1>Fox News World RSS Feed</h1> <a href="/">Back to the main page</a> <br> <h6 id="msg"></h6> <hr> <div id="news-items"> </div></div><script> const fetchRSSFeed = async (url) => {
                            Mar 14, 2025 01:53:52.456291914 CET783INData Raw: 63 6f 6e 74 65 6e 74 45 6c 65 6d 65 6e 74 20 3f 20 63 6f 6e 74 65 6e 74 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3a 20 22 4e 6f 20 63 6f 6e 74 65 6e 74 20 61 76 61 69 6c 61 62 6c 65 2e 22 3b 0a 0a 20 20 20 20 20 20 20 20 20 20
                            Data Ascii: contentElement ? contentElement.textContent : "No content available."; const newsItem = document.createElement("div"); newsItem.classList.add("news-item"); newsItem.innerHTML = ` <h2><a href="$
                            Mar 14, 2025 01:54:15.411890030 CET529OUTGET / HTTP/1.1
                            Host: czm11.cavernbeatles.com
                            Connection: keep-alive
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Referer: http://czm11.cavernbeatles.com/news?q=IP%20provider%20is%20blacklisted!%20LEVEL3
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Mar 14, 2025 01:54:15.587939024 CET1236INHTTP/1.1 200 OK
                            Content-Type: text/html; charset=utf-8
                            X-Address: gin_throttle_mw_7200000000_8.46.123.189
                            X-Ratelimit-Limit: 500
                            X-Ratelimit-Remaining: 495
                            X-Ratelimit-Reset: 1741917230
                            Date: Fri, 14 Mar 2025 00:54:15 GMT
                            Transfer-Encoding: chunked
                            Data Raw: 38 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 6d 69 6e 67 20 53 6f 6f 6e 20 2d 20 61 65 72 6f 70 6f 72 74 6f 64 69 61 6e 63 6f 6e 61 2e 69 6e 66 6f 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 73 74 79 6c 65 73 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 3c 68 31 3e 4f 75 72 20 57 65 62 73 69 74 65 20 69 73 20 43 6f 6d 69 [TRUNCATED]
                            Data Ascii: 800<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Coming Soon - aeroportodiancona.info</title> <link rel="stylesheet" href="/assets/styles.css"></head><body><div class="container"> <h1>Our Website is Coming Soon!</h1> <p>We are working hard to give you the best experience. Stay tuned!</p> <div class="countdown"> <div class="countdown-item"> <span id="days">00</span> <label>Days</label> </div> <div class="countdown-item"> <span id="hours">00</span> <label>Hours</label> </div> <div class="countdown-item"> <span id="minutes">00</span> <label>Minutes</label> </div> <div class="countdown-item"> <span id="seconds">00</span> <label>Seconds</label> </div> </div> <fo
                            Mar 14, 2025 01:54:15.587966919 CET1236INData Raw: 72 6d 20 69 64 3d 22 73 75 62 73 63 72 69 70 74 69 6f 6e 2d 66 6f 72 6d 22 20 6f 6e 73 75 62 6d 69 74 3d 22 73 75 62 6d 69 74 46 6f 72 6d 28 65 76 65 6e 74 29 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 65 6d 61 69 6c
                            Data Ascii: rm id="subscription-form" onsubmit="submitForm(event)"> <input type="email" id="email" placeholder="Enter your email" required> <button type="submit">Subscribe</button> <p id="subscription-message"></p> </form>
                            Mar 14, 2025 01:54:15.587985039 CET689INData Raw: 65 6d 61 69 6e 69 6e 67 20 25 20 28 31 30 30 30 20 2a 0a 20 20 20 20 20 20 20 20 20 20 20 20 36 30 29 29 20 2f 20 31 30 30 30 29 3b 0a 0a 20 20 20 20 20 20 20 20 64 61 79 73 45 6c 65 6d 65 6e 74 2e 74 65 78 74 43 6f 6e 74 65 6e 74 20 3d 20 64 61
                            Data Ascii: emaining % (1000 * 60)) / 1000); daysElement.textContent = days.toString().padStart(2, '0'); hoursElement.textContent = hours.toString().padStart(2, '0'); minutesElement.textContent = minutes.toString().pad
                            Mar 14, 2025 01:54:15.838443995 CET350OUTGET /assets/styles.css HTTP/1.1
                            Host: czm11.cavernbeatles.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                            Accept: text/css,*/*;q=0.1
                            Referer: http://czm11.cavernbeatles.com/
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Mar 14, 2025 01:54:16.013895988 CET1236INHTTP/1.1 200 OK
                            Accept-Ranges: bytes
                            Content-Length: 1435
                            Content-Type: text/css; charset=utf-8
                            Last-Modified: Tue, 11 Mar 2025 23:57:36 GMT
                            Date: Fri, 14 Mar 2025 00:54:15 GMT
                            Data Raw: 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 30 66 30 66 30 3b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 33 30 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 31 30 70 78 3b 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 34 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 3b 0a 20 20 20 20 [TRUNCATED]
                            Data Ascii: body { font-family: Arial, sans-serif; background-color: #f0f0f0; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; padding: 0;}.container { background-color: #ffffff; padding: 30px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1); text-align: center;}h1 { font-size: 36px; margin-bottom: 20px; color: #333;}p { font-size: 18px; color: #777; margin-bottom: 40px;}.countdown { display: flex; justify-content: center; margin-bottom: 40px;}.countdown-item { display: inline-block; margin: 0 10px;}.countdown-item span { font-size: 24px; color: #444;}.countdown-item label { display: block; font-size: 14px; color: #999;}form { display: flex; justify-content: center; align-items: center; flex-direction: column;}input[type="email"] { font-size: 16px; padding: 10px; border: 1px solid #ccc; [TRUNCATED]
                            Mar 14, 2025 01:54:16.013910055 CET384INData Raw: 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 33 30 30 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 7d 0a 0a 62 75 74 74 6f 6e 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20
                            Data Ascii: max-width: 300px; margin-bottom: 20px;}button { font-size: 16px; padding: 10px 20px; background-color: #333; color: #fff; border: none; border-radius: 5px; cursor: pointer; transition: background-color
                            Mar 14, 2025 01:55:01.026643991 CET6OUTData Raw: 00
                            Data Ascii:


                            Session IDSource IPSource PortDestination IPDestination Port
                            1192.168.2.449765172.217.18.380
                            TimestampBytes transferredDirectionData
                            Mar 14, 2025 01:54:21.213356018 CET202OUTGET /r/gsr1.crl HTTP/1.1
                            Cache-Control: max-age = 3000
                            Connection: Keep-Alive
                            Accept: */*
                            If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                            User-Agent: Microsoft-CryptoAPI/10.0
                            Host: c.pki.goog
                            Mar 14, 2025 01:54:21.835282087 CET223INHTTP/1.1 304 Not Modified
                            Date: Fri, 14 Mar 2025 00:34:27 GMT
                            Expires: Fri, 14 Mar 2025 01:24:27 GMT
                            Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                            Cache-Control: public, max-age=3000
                            Vary: Accept-Encoding
                            Age: 1194
                            Mar 14, 2025 01:54:21.840696096 CET200OUTGET /r/r4.crl HTTP/1.1
                            Cache-Control: max-age = 3000
                            Connection: Keep-Alive
                            Accept: */*
                            If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                            User-Agent: Microsoft-CryptoAPI/10.0
                            Host: c.pki.goog
                            Mar 14, 2025 01:54:22.021383047 CET223INHTTP/1.1 304 Not Modified
                            Date: Fri, 14 Mar 2025 00:34:22 GMT
                            Expires: Fri, 14 Mar 2025 01:24:22 GMT
                            Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                            Cache-Control: public, max-age=3000
                            Vary: Accept-Encoding
                            Age: 1199


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.449730185.246.85.93802800C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            Mar 14, 2025 01:54:35.041498899 CET6OUTData Raw: 00
                            Data Ascii:


                            020406080s020406080100

                            Click to jump to process

                            020406080s0.0050100MB

                            Click to jump to process

                            Target ID:1
                            Start time:20:53:40
                            Start date:13/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                            Imagebase:0x7ff786830000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Target ID:2
                            Start time:20:53:42
                            Start date:13/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,6001787884130247300,2422151676545335571,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2288 /prefetch:3
                            Imagebase:0x7ff786830000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Target ID:4
                            Start time:20:53:48
                            Start date:13/03/2025
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://czm11.cavernbeatles.com/rd/4EiHFs5060pdwZ594ueemlltgbq246DXCLIFRFRUUFCZD7792KXRQ15860r19"
                            Imagebase:0x7ff786830000
                            File size:3'388'000 bytes
                            MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            No disassembly