Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9

Overview

General Information

Sample URL:https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRU
Analysis ID:1644452
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Creates files inside the system directory
Deletes files inside the Windows folder
Detected suspicious crossdomain redirect

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 2556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,4934498503610984479,299934614537164840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be&Avira URL Cloud: Label: malware
Source: https://xmu.freshreliablelink.com/o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2Avira URL Cloud: Label: malware
Source: unknownHTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.10:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.137.134.154:443 -> 192.168.2.10:49689 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.137.134.154:443 -> 192.168.2.10:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.244.86.218:443 -> 192.168.2.10:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 190.10.8.2:443 -> 192.168.2.10:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 190.10.8.2:443 -> 192.168.2.10:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.6.55:443 -> 192.168.2.10:49703 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: click.convertkit-mail3.com to http://alexandermoss-yy.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: www.streamoptimum.com to https://xmu.topnewlink.com/?kw=1765&s2=44185ec5024c48f3a98876c75f3becf6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: xmu.topnewlink.com to https://xmu.freshreliablelink.com/o/z4llrnst/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: xmu.freshreliablelink.com to https://www.dpvyw6trk.com/7p4rrf/qt9rr8r/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be&
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: click.convertkit-mail3.com to https://www.streamoptimum.com/3t4m7t6/2249pmks/?sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 20 Mar 2025 14:26:04 GMTServer: Apache/2.4.52 (Ubuntu)Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 577Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 53 6d 4f db 30 10 fe ce af 38 5c 69 50 69 89 c9 4a 61 e4 a5 d2 56 98 86 c4 36 34 82 b6 49 7c f1 12 27 b1 70 ec e0 5c 9b 76 68 ff 7d ce cb a0 88 8e 4f 3b 45 ca e5 ee b9 e7 39 e7 ce 61 9d 18 51 e1 4c 64 fb 8d 50 a9 6e 5c a9 13 86 42 2b b7 30 3c 73 85 4a e4 22 e5 f5 3e 19 91 f1 18 b6 61 20 da 1a 76 0d af 24 4b f8 3e bd a1 37 a3 1b 4a f3 d7 7b a3 bd f1 d3 f0 f3 60 17 a2 7b e3 20 a4 43 6b 3b e1 ee e9 97 79 fc e3 f2 0c 0a 2c 25 5c 5e bf bf 38 9f 03 71 28 fd 36 99 53 7a 1a 9f c2 f7 8f f1 a7 0b f0 dc 03 b8 42 23 12 a4 f4 ec 33 01 52 20 56 3e a5 4d d3 b8 cd c4 d5 26 a7 f1 57 ba 6a 59 bc b6 6c 70 9d ba ab 71 53 4c 89 55 eb 44 56 a5 54 75 b4 85 c0 3b 39 39 e9 eb 48 0b f2 25 53 79 44 b8 22 f0 e0 cd c2 82 b3 74 b6 03 d6 42 14 28 f9 ec 1c a1 d1 e6 96 a7 bb f0 aa 4c 59 5d 04 30 d7 a5 50 39 5c 69 ad 42 da a3 fa 8a 92 23 83 56 d8 e1 77 0b b1 8c c8 5c 2b e4 0a 9d 78 5d 71 02 49 ff 15 11 e4 2b a4 6d 23 01 24 05 33 35 c7 e8 3a fe e0 bc 25 74 93 48 b1 92 47 c4 4e b0 fb 99 76 38 1b 0c 71 21 6a b0 0f 83 94 67 6c 21 11 ec 1c f9 0a 2a 96 73 c8 b4 b1 09 c5 1b 48 75 c9 84 72 1f 78 6b 5c 4b 0e 68 bb 19 9a 48 ea 9a f4 b9 d6 7e ea 74 0d f7 99 15 71 6a f1 8b fb de 41 b5 b2 2d 6a a9 8d 3f 3a ee 2c 80 2e 9d b1 52 c8 b5 cf 8c 60 f6 10 2d 95 c3 a4 c8 95 9f d8 f6 b8 09 7e 3f 70 16 de 26 e3 d1 e1 06 e3 b4 b3 00 4a 66 72 a1 7c 38 b6 72 70 00 d3 ee b5 41 51 c1 7d 23 52 2c fc c9 9b ae a1 e7 72 03 85 23 79 86 3e 5b a0 0e 86 80 11 79 31 44 fe 62 50 57 3e 4c 5a 8d 47 85 54 2c ff 8b c6 23 23 f3 a5 50 b7 70 df 1f 15 46 93 c3 e9 e4 e8 dd 13 c0 52 d4 02 79 fa 22 86 25 28 96 fc 45 48 a1 97 dc fc 03 61 6f 62 3b 71 7b 35 68 bf d8 3b 61 3b e3 61 1b 0a 6f 63 bb 2d c2 6b 71 7d be 2d b0 fb 69 9d 3f 91 33 d5 b9 67 04 00 00 Data Ascii: SmO08\iPiJaV64I|'p\vh}O;E9aQLdPn\B+0<sJ">a v$K>7J{`{ Ck;y,%\^8q(6SzB#3R V>M&WjYlpqSLUDVTu;99H%SyD"tB(LY]0P9\iB#Vw\+x]qI+m#$35:%tHGNv8q!jgl!*sHurxk\KhH~tqjA-j?:,.R`-~?p&Jfr|8rpAQ}#R,r#y>[y1DbPW>LZGT,##PpFRy"%(EHaob;q{5h;a;aoc-kq}-i?3g
Source: global trafficHTTP traffic detected: GET /p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224== HTTP/1.1Host: click.convertkit-mail3.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /3T4M7T6/2249PMKS/?sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md HTTP/1.1Host: www.streamoptimum.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://alexandermoss-yy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /3T4M7T6/S5T8TN8/?__rpt=0&__po=16439&__ptid=42556ad7ceac470c8d5fbe749dba82fc&__rpa=1&__rc=1&sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1Host: www.streamoptimum.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""Referer: http://alexandermoss-yy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?kw=1765&s2=44185ec5024c48f3a98876c75f3becf6 HTTP/1.1Host: xmu.topnewlink.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://alexandermoss-yy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2 HTTP/1.1Host: xmu.freshreliablelink.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://alexandermoss-yy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /7P4RRF/QT9RR8R/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be& HTTP/1.1Host: www.dpvyw6trk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://alexandermoss-yy.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: alexandermoss-yy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9 HTTP/1.1Host: alexandermoss-yy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://alexandermoss-yy.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: click.convertkit-mail3.com
Source: global trafficDNS traffic detected: DNS query: alexandermoss-yy.com
Source: global trafficDNS traffic detected: DNS query: www.streamoptimum.com
Source: global trafficDNS traffic detected: DNS query: xmu.topnewlink.com
Source: global trafficDNS traffic detected: DNS query: xmu.freshreliablelink.com
Source: global trafficDNS traffic detected: DNS query: www.dpvyw6trk.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownHTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.10:49688 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.137.134.154:443 -> 192.168.2.10:49689 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.137.134.154:443 -> 192.168.2.10:49690 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.244.86.218:443 -> 192.168.2.10:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 190.10.8.2:443 -> 192.168.2.10:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 190.10.8.2:443 -> 192.168.2.10:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.6.55:443 -> 192.168.2.10:49703 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2660_96763757Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2660_96763757Jump to behavior
Source: classification engineClassification label: mal48.win@22/2@17/7
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,4934498503610984479,299934614537164840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,4934498503610984479,299934614537164840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1644452 URL: https://click.convertkit-ma... Startdate: 20/03/2025 Architecture: WINDOWS Score: 48 22 Antivirus detection for URL or domain 2->22 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.10, 138, 443, 49578 unknown unknown 6->14 11 chrome.exe 6->11         started        process5 dnsIp6 16 www.streamoptimum.com 216.244.86.218, 443, 49697, 49698 WOWUS United States 11->16 18 xmu.topnewlink.com 190.10.8.2, 443, 49699, 49700 RADIOGRAFICACOSTARRICENSECR Costa Rica 11->18 20 5 other IPs or domains 11->20

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM90%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be&100%Avira URL Cloudmalware
https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==0%Avira URL Cloudsafe
https://xmu.freshreliablelink.com/o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2100%Avira URL Cloudmalware
https://www.streamoptimum.com/3T4M7T6/2249PMKS/?sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md0%Avira URL Cloudsafe
http://alexandermoss-yy.com/0%Avira URL Cloudsafe
https://xmu.topnewlink.com/?kw=1765&s2=44185ec5024c48f3a98876c75f3becf60%Avira URL Cloudsafe
https://www.streamoptimum.com/3T4M7T6/S5T8TN8/?__rpt=0&__po=16439&__ptid=42556ad7ceac470c8d5fbe749dba82fc&__rpa=1&__rc=1&sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md&sub4=&sub5=&source_id=&__pcd=90%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.dpvyw6trk.com
35.190.6.55
truefalse
    		unknown
    alexandermoss-yy.com
    		103.100.38.23
    		truefalse
      		unknown
      xmu.freshreliablelink.com
      		190.10.8.2
      		truefalse
        		high
        www.google.com
        		142.250.80.68
        		truefalse
          		high
          www.streamoptimum.com
          		216.244.86.218
          		truefalse
            		unknown
            xmu.topnewlink.com
            		190.10.8.2
            		truefalse
              		high
              click.convertkit-mail3.com
              		3.137.134.154
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://xmu.freshreliablelink.com/o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2false
                • Avira URL Cloud: malware
                		unknown
                https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be&false
                • Avira URL Cloud: malware
                		unknown
                http://alexandermoss-yy.com/false
                • Avira URL Cloud: safe
                		unknown
                https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==false
                • Avira URL Cloud: safe
                		unknown
                https://www.streamoptimum.com/3T4M7T6/S5T8TN8/?__rpt=0&__po=16439&__ptid=42556ad7ceac470c8d5fbe749dba82fc&__rpa=1&__rc=1&sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md&sub4=&sub5=&source_id=&__pcd=9false
                • Avira URL Cloud: safe
                		unknown
                https://xmu.topnewlink.com/?kw=1765&s2=44185ec5024c48f3a98876c75f3becf6false
                • Avira URL Cloud: safe
                		unknown
                https://www.streamoptimum.com/3T4M7T6/2249PMKS/?sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_mdfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.80.68
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                3.137.134.154
                		click.convertkit-mail3.comUnited States
                		16509AMAZON-02USfalse
                190.10.8.2
                		xmu.freshreliablelink.comCosta Rica
                		3790RADIOGRAFICACOSTARRICENSECRfalse
                216.244.86.218
                		www.streamoptimum.comUnited States
                		23033WOWUSfalse
                103.100.38.23
                		alexandermoss-yy.comIndia
                		136956ANATPL-AS-APAssistiveNetworksandtechnologiesPvtLtdINfalse
                35.190.6.55
                		www.dpvyw6trk.comUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.10

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1644452
                Start date and time:2025-03-20 15:25:00 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 2m 55s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:16
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal48.win@22/2@17/7
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, TextInputHost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.251.35.163, 142.250.80.46, 142.250.65.238, 172.253.115.84, 142.250.65.206, 172.253.122.84, 142.251.40.206, 142.251.40.174, 142.250.80.78, 199.232.214.172, 142.251.41.14, 142.251.32.110, 142.250.80.35, 142.251.40.110, 142.251.40.142, 142.251.40.99, 172.202.163.200, 184.30.55.36
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenFile calls found.
                • VT rate limit hit for: https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                Chrome Cache Entry: 49

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:gzip compressed data, from Unix, original size modulo 2^32 1127
                Category:downloaded
                Size (bytes):577
                Entropy (8bit):7.636286762385051
                Encrypted:false
                SSDEEP:12:X35Bp2PN07P8P0DzRJ6CoRUyWUxPgO/bOtshYTkU2fJ7:X3pON0LO0JJ6CoRUyWKb7YTX2V
                MD5:2C8AB6CCF49FBC48B083881E8B6328CB
                SHA1:F2D9ECC6DDE0C2D7E30F59D8349C7F5F8F6A583D
                SHA-256:B8EFBF3285E723EB18E161E4BDBAF64075E91A2EF1D6AE730B573E751CA2B81D
                SHA-512:324722F83218D2E42B5F7D45CF10C6AE7145B6E65671B9E72FA4F5F1817F48DB4A4C4DE2236FB3BC7593D37442DCB0EA378C3CEB41EE936472814F867CD7903C
                Malicious:false
                Reputation:low
                URL:http://alexandermoss-yy.com/
                Preview:...........SmO.0...8\iPi..Ja..V...64..I|..'.p..\.vh.}....O;E....9..a..Q.Ld..P.n\...B+.0<s.J."..>.....a ..v..$K.>..7..J..{......`..{. .Ck;...y.....,%\^..8..q(.6.Sz...........B#....3.R V>.M....&..W.jY..lp...qSL.U.DV.Tu...;99..H..%SyD.".....t...B.(........LY].0.P9\i.B....#.V..w....\+...x]q.I....+.m#.$.35..:..%t.H..G.N...v8..q!j....gl!.....*.s.....Hu.r.xk\K.h...H....~.t....qj...A..-j..?:.,....R..`..-........~?p..&......Jfr.|8.rp...AQ.}#R,.....r..#y.>[.....y1D.bPW>LZ.G.T,...##.P.p...F........R..y.".%(..EH.....aob;q{5h..;a;.a..oc.-.kq}.-..i.?.3.g...

                Static File Info

                No static file info

                Network Behavior

                Download Network PCAP: filteredfull

                Network Port Distribution

                • Total Packets: 138
                • 443 (HTTPS)
                • 80 (HTTP)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Mar 20, 2025 15:25:54.234708071 CET49677443192.168.2.102.23.227.208
                Mar 20, 2025 15:25:54.234728098 CET49676443192.168.2.102.23.227.208
                Mar 20, 2025 15:25:54.234848022 CET49675443192.168.2.102.23.227.208
                Mar 20, 2025 15:26:01.565783978 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:01.565830946 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:01.566083908 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:01.566083908 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:01.566116095 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:01.786657095 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:01.786792994 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:01.787977934 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:01.787990093 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:01.788408995 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:01.841440916 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:02.870739937 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:02.870781898 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:02.871109962 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:02.871321917 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:02.871361971 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:26:02.871428967 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:02.871500969 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:02.871516943 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:02.871638060 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:02.871645927 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.194508076 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.194582939 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.195859909 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.195871115 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.196127892 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.196455002 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.197206974 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.197273016 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.198225021 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.198246956 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.198649883 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.240334988 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.249388933 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.316474915 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.316569090 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.316824913 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.317020893 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.317045927 CET443496893.137.134.154192.168.2.10
                Mar 20, 2025 15:26:03.317055941 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.317193031 CET49689443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:03.469811916 CET49691443192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:03.469857931 CET44349691103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:03.469964027 CET49691443192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:03.470124960 CET49691443192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:03.470134020 CET44349691103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:03.775348902 CET44349691103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:03.776058912 CET49692443192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:03.776110888 CET44349692103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:03.776329994 CET49692443192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:03.776329994 CET49692443192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:03.776369095 CET44349692103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:03.843630075 CET49677443192.168.2.102.23.227.208
                Mar 20, 2025 15:26:03.843630075 CET49676443192.168.2.102.23.227.208
                Mar 20, 2025 15:26:03.843643904 CET49675443192.168.2.102.23.227.208
                Mar 20, 2025 15:26:04.094996929 CET44349692103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:04.277347088 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:04.363253117 CET4969480192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:04.583913088 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:04.586020947 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:04.613571882 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:04.682387114 CET8049694103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:04.682563066 CET4969480192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:04.919709921 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:04.920604944 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:04.971579075 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:05.037452936 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:05.388252020 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:06.792052031 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:06.841299057 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:08.094969988 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.095021963 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.095097065 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.095333099 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.095345974 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.421618938 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.421729088 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.422995090 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.423007965 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.423254013 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.423819065 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.464324951 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.903175116 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.903248072 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.903465033 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.905117035 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.905137062 CET44349697216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.905148029 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.905186892 CET49697443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.907896996 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.907944918 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:08.908027887 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.908189058 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:08.908205032 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:09.280561924 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:09.280854940 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:09.280879021 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:09.281336069 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:09.281361103 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:09.328039885 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:09.641274929 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:09.801019907 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:09.801095963 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:09.801161051 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:09.801620007 CET49698443192.168.2.10216.244.86.218
                Mar 20, 2025 15:26:09.801642895 CET44349698216.244.86.218192.168.2.10
                Mar 20, 2025 15:26:10.079417944 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:10.079469919 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:10.079600096 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:10.079827070 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:10.079833984 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:10.246575117 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:10.467999935 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:10.468128920 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:10.469436884 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:10.469451904 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:10.469783068 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:10.470144987 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:10.516335011 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.065248013 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.065351009 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.065408945 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.065927029 CET49699443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.065952063 CET44349699190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.330235958 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.330281019 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.330332994 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.330540895 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.330550909 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.452524900 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:11.700922966 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.701081038 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.704564095 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.704579115 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.704834938 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.708017111 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:11.752321959 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:11.810237885 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:11.810308933 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:11.810353994 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:11.817545891 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:11.817991018 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:12.409199953 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:12.409308910 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:12.409439087 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:12.410022020 CET49700443192.168.2.10190.10.8.2
                Mar 20, 2025 15:26:12.410037041 CET44349700190.10.8.2192.168.2.10
                Mar 20, 2025 15:26:12.411952019 CET49688443192.168.2.10142.250.80.68
                Mar 20, 2025 15:26:12.411979914 CET44349688142.250.80.68192.168.2.10
                Mar 20, 2025 15:26:12.412034988 CET4969380192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:12.722398043 CET8049693103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:12.727236032 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:12.727344036 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:12.727438927 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:12.727582932 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:12.727615118 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:12.930761099 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:12.930897951 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:12.931974888 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:12.932007074 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:12.932300091 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:12.932571888 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:12.976329088 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:13.163892031 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:13.163970947 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:13.164028883 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:13.164499044 CET49703443192.168.2.1035.190.6.55
                Mar 20, 2025 15:26:13.164518118 CET4434970335.190.6.55192.168.2.10
                Mar 20, 2025 15:26:13.856652021 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:14.169219017 CET4970780192.168.2.10142.251.32.99
                Mar 20, 2025 15:26:14.266114950 CET8049707142.251.32.99192.168.2.10
                Mar 20, 2025 15:26:14.266205072 CET4970780192.168.2.10142.251.32.99
                Mar 20, 2025 15:26:14.266385078 CET4970780192.168.2.10142.251.32.99
                Mar 20, 2025 15:26:14.363843918 CET8049707142.251.32.99192.168.2.10
                Mar 20, 2025 15:26:14.364423990 CET8049707142.251.32.99192.168.2.10
                Mar 20, 2025 15:26:14.370286942 CET4970780192.168.2.10142.251.32.99
                Mar 20, 2025 15:26:14.467006922 CET8049707142.251.32.99192.168.2.10
                Mar 20, 2025 15:26:14.513292074 CET4970780192.168.2.10142.251.32.99
                Mar 20, 2025 15:26:17.841818094 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:18.153784990 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:18.669677019 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:18.764810085 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:19.967473984 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:22.372790098 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:27.186634064 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:28.278795958 CET49672443192.168.2.10204.79.197.203
                Mar 20, 2025 15:26:36.121881008 CET8049694103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:36.122035980 CET4969480192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:36.796329021 CET49678443192.168.2.1020.189.173.26
                Mar 20, 2025 15:26:48.200817108 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:26:48.200845957 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:26:49.685112000 CET4969480192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:49.988940954 CET8049694103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:56.446307898 CET8049694103.100.38.23192.168.2.10
                Mar 20, 2025 15:26:56.446398020 CET4969480192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:56.811952114 CET4969480192.168.2.10103.100.38.23
                Mar 20, 2025 15:26:57.135148048 CET8049694103.100.38.23192.168.2.10
                Mar 20, 2025 15:27:01.484175920 CET49716443192.168.2.10142.250.80.68
                Mar 20, 2025 15:27:01.484224081 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:01.484293938 CET49716443192.168.2.10142.250.80.68
                Mar 20, 2025 15:27:01.484591007 CET49716443192.168.2.10142.250.80.68
                Mar 20, 2025 15:27:01.484602928 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:01.682899952 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:01.683387995 CET49716443192.168.2.10142.250.80.68
                Mar 20, 2025 15:27:01.683408022 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:03.196602106 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:27:03.196675062 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:27:03.196742058 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:27:03.390201092 CET49690443192.168.2.103.137.134.154
                Mar 20, 2025 15:27:03.390235901 CET443496903.137.134.154192.168.2.10
                Mar 20, 2025 15:27:11.682720900 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:11.682794094 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:11.682843924 CET49716443192.168.2.10142.250.80.68
                Mar 20, 2025 15:27:13.393107891 CET49716443192.168.2.10142.250.80.68
                Mar 20, 2025 15:27:13.393151045 CET44349716142.250.80.68192.168.2.10
                Mar 20, 2025 15:27:14.670562983 CET4970780192.168.2.10142.251.32.99
                Mar 20, 2025 15:27:14.803591967 CET8049707142.251.32.99192.168.2.10
                Mar 20, 2025 15:27:14.803886890 CET4970780192.168.2.10142.251.32.99
                TimestampSource PortDest PortSource IPDest IP
                Mar 20, 2025 15:25:57.005536079 CET53567501.1.1.1192.168.2.10
                Mar 20, 2025 15:25:57.421503067 CET53582281.1.1.1192.168.2.10
                Mar 20, 2025 15:25:57.515650988 CET53652631.1.1.1192.168.2.10
                Mar 20, 2025 15:25:58.186470032 CET53644171.1.1.1192.168.2.10
                Mar 20, 2025 15:26:01.420402050 CET6024353192.168.2.101.1.1.1
                Mar 20, 2025 15:26:01.420576096 CET5946653192.168.2.101.1.1.1
                Mar 20, 2025 15:26:01.533005953 CET53594661.1.1.1192.168.2.10
                Mar 20, 2025 15:26:01.564762115 CET53602431.1.1.1192.168.2.10
                Mar 20, 2025 15:26:02.742484093 CET5117353192.168.2.101.1.1.1
                Mar 20, 2025 15:26:02.744654894 CET5094653192.168.2.101.1.1.1
                Mar 20, 2025 15:26:02.847415924 CET53509461.1.1.1192.168.2.10
                Mar 20, 2025 15:26:02.869951010 CET53511731.1.1.1192.168.2.10
                Mar 20, 2025 15:26:03.322218895 CET6129453192.168.2.101.1.1.1
                Mar 20, 2025 15:26:03.322582006 CET6264153192.168.2.101.1.1.1
                Mar 20, 2025 15:26:03.437474966 CET53612941.1.1.1192.168.2.10
                Mar 20, 2025 15:26:03.476687908 CET53626411.1.1.1192.168.2.10
                Mar 20, 2025 15:26:04.098401070 CET6309253192.168.2.101.1.1.1
                Mar 20, 2025 15:26:04.098762035 CET5084253192.168.2.101.1.1.1
                Mar 20, 2025 15:26:04.252360106 CET53630921.1.1.1192.168.2.10
                Mar 20, 2025 15:26:04.276834965 CET53508421.1.1.1192.168.2.10
                Mar 20, 2025 15:26:06.802881956 CET5200653192.168.2.101.1.1.1
                Mar 20, 2025 15:26:06.803041935 CET5784053192.168.2.101.1.1.1
                Mar 20, 2025 15:26:06.979427099 CET53578401.1.1.1192.168.2.10
                Mar 20, 2025 15:26:07.826797962 CET6027253192.168.2.101.1.1.1
                Mar 20, 2025 15:26:08.094393969 CET53602721.1.1.1192.168.2.10
                Mar 20, 2025 15:26:09.803993940 CET4957853192.168.2.101.1.1.1
                Mar 20, 2025 15:26:09.804177046 CET4986753192.168.2.101.1.1.1
                Mar 20, 2025 15:26:10.062480927 CET53498671.1.1.1192.168.2.10
                Mar 20, 2025 15:26:10.078068018 CET53495781.1.1.1192.168.2.10
                Mar 20, 2025 15:26:11.068389893 CET6475353192.168.2.101.1.1.1
                Mar 20, 2025 15:26:11.068645954 CET5104953192.168.2.101.1.1.1
                Mar 20, 2025 15:26:11.316073895 CET53647531.1.1.1192.168.2.10
                Mar 20, 2025 15:26:11.329721928 CET53510491.1.1.1192.168.2.10
                Mar 20, 2025 15:26:12.412328005 CET4967353192.168.2.101.1.1.1
                Mar 20, 2025 15:26:12.412477970 CET5598853192.168.2.101.1.1.1
                Mar 20, 2025 15:26:12.644701004 CET53559881.1.1.1192.168.2.10
                Mar 20, 2025 15:26:12.726608038 CET53496731.1.1.1192.168.2.10
                Mar 20, 2025 15:26:15.155695915 CET53564991.1.1.1192.168.2.10
                Mar 20, 2025 15:26:34.280849934 CET53611471.1.1.1192.168.2.10
                Mar 20, 2025 15:26:56.821136951 CET53580541.1.1.1192.168.2.10
                Mar 20, 2025 15:26:56.951287985 CET53654701.1.1.1192.168.2.10
                Mar 20, 2025 15:26:59.879765987 CET53579901.1.1.1192.168.2.10
                Mar 20, 2025 15:27:16.489485979 CET138138192.168.2.10192.168.2.255
                TimestampSource IPDest IPChecksumCodeType
                Mar 20, 2025 15:25:57.418183088 CET192.168.2.101.1.1.1c239(Port unreachable)Destination Unreachable
                Mar 20, 2025 15:26:03.476784945 CET192.168.2.101.1.1.1c236(Port unreachable)Destination Unreachable

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 20, 2025 15:26:01.420402050 CET192.168.2.101.1.1.10xad91Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:01.420576096 CET192.168.2.101.1.1.10x9eeaStandard query (0)www.google.com65IN (0x0001)false
                Mar 20, 2025 15:26:02.742484093 CET192.168.2.101.1.1.10x9dc3Standard query (0)click.convertkit-mail3.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:02.744654894 CET192.168.2.101.1.1.10x6435Standard query (0)click.convertkit-mail3.com65IN (0x0001)false
                Mar 20, 2025 15:26:03.322218895 CET192.168.2.101.1.1.10xf08eStandard query (0)alexandermoss-yy.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:03.322582006 CET192.168.2.101.1.1.10xd3c0Standard query (0)alexandermoss-yy.com65IN (0x0001)false
                Mar 20, 2025 15:26:04.098401070 CET192.168.2.101.1.1.10xb5beStandard query (0)alexandermoss-yy.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:04.098762035 CET192.168.2.101.1.1.10x52a0Standard query (0)alexandermoss-yy.com65IN (0x0001)false
                Mar 20, 2025 15:26:06.802881956 CET192.168.2.101.1.1.10xbee7Standard query (0)www.streamoptimum.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:06.803041935 CET192.168.2.101.1.1.10x16f5Standard query (0)www.streamoptimum.com65IN (0x0001)false
                Mar 20, 2025 15:26:07.826797962 CET192.168.2.101.1.1.10x4ca1Standard query (0)www.streamoptimum.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:09.803993940 CET192.168.2.101.1.1.10xee7cStandard query (0)xmu.topnewlink.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:09.804177046 CET192.168.2.101.1.1.10x7e91Standard query (0)xmu.topnewlink.com65IN (0x0001)false
                Mar 20, 2025 15:26:11.068389893 CET192.168.2.101.1.1.10x73e0Standard query (0)xmu.freshreliablelink.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:11.068645954 CET192.168.2.101.1.1.10x3772Standard query (0)xmu.freshreliablelink.com65IN (0x0001)false
                Mar 20, 2025 15:26:12.412328005 CET192.168.2.101.1.1.10xaadfStandard query (0)www.dpvyw6trk.comA (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:12.412477970 CET192.168.2.101.1.1.10xa58aStandard query (0)www.dpvyw6trk.com65IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 20, 2025 15:26:01.533005953 CET1.1.1.1192.168.2.100x9eeaNo error (0)www.google.com65IN (0x0001)false
                Mar 20, 2025 15:26:01.564762115 CET1.1.1.1192.168.2.100xad91No error (0)www.google.com142.250.80.68A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:02.869951010 CET1.1.1.1192.168.2.100x9dc3No error (0)click.convertkit-mail3.com3.137.134.154A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:02.869951010 CET1.1.1.1192.168.2.100x9dc3No error (0)click.convertkit-mail3.com3.141.235.236A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:02.869951010 CET1.1.1.1192.168.2.100x9dc3No error (0)click.convertkit-mail3.com3.20.113.100A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:03.437474966 CET1.1.1.1192.168.2.100xf08eNo error (0)alexandermoss-yy.com103.100.38.23A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:04.252360106 CET1.1.1.1192.168.2.100xb5beNo error (0)alexandermoss-yy.com103.100.38.23A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:08.094393969 CET1.1.1.1192.168.2.100x4ca1No error (0)www.streamoptimum.com216.244.86.218A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:10.078068018 CET1.1.1.1192.168.2.100xee7cNo error (0)xmu.topnewlink.com190.10.8.2A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:11.316073895 CET1.1.1.1192.168.2.100x73e0No error (0)xmu.freshreliablelink.com190.10.8.2A (IP address)IN (0x0001)false
                Mar 20, 2025 15:26:12.726608038 CET1.1.1.1192.168.2.100xaadfNo error (0)www.dpvyw6trk.com35.190.6.55A (IP address)IN (0x0001)false

                HTTP Request Dependency Graph

                • click.convertkit-mail3.com
                • alexandermoss-yy.com
                  • www.streamoptimum.com
                  • xmu.topnewlink.com
                  • xmu.freshreliablelink.com
                  • www.dpvyw6trk.com
                • c.pki.goog

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.1049693103.100.38.23802556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                Mar 20, 2025 15:26:04.613571882 CET435OUTGET / HTTP/1.1
                Host: alexandermoss-yy.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Mar 20, 2025 15:26:04.920604944 CET829INHTTP/1.1 200 OK
                Date: Thu, 20 Mar 2025 14:26:04 GMT
                Server: Apache/2.4.52 (Ubuntu)
                Vary: Accept-Encoding
                Content-Encoding: gzip
                Content-Length: 577
                Keep-Alive: timeout=5, max=100
                Connection: Keep-Alive
                Content-Type: text/html; charset=UTF-8
                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 53 6d 4f db 30 10 fe ce af 38 5c 69 50 69 89 c9 4a 61 e4 a5 d2 56 98 86 c4 36 34 82 b6 49 7c f1 12 27 b1 70 ec e0 5c 9b 76 68 ff 7d ce cb a0 88 8e 4f 3b 45 ca e5 ee b9 e7 39 e7 ce 61 9d 18 51 e1 4c 64 fb 8d 50 a9 6e 5c a9 13 86 42 2b b7 30 3c 73 85 4a e4 22 e5 f5 3e 19 91 f1 18 b6 61 20 da 1a 76 0d af 24 4b f8 3e bd a1 37 a3 1b 4a f3 d7 7b a3 bd f1 d3 f0 f3 60 17 a2 7b e3 20 a4 43 6b 3b e1 ee e9 97 79 fc e3 f2 0c 0a 2c 25 5c 5e bf bf 38 9f 03 71 28 fd 36 99 53 7a 1a 9f c2 f7 8f f1 a7 0b f0 dc 03 b8 42 23 12 a4 f4 ec 33 01 52 20 56 3e a5 4d d3 b8 cd c4 d5 26 a7 f1 57 ba 6a 59 bc b6 6c 70 9d ba ab 71 53 4c 89 55 eb 44 56 a5 54 75 b4 85 c0 3b 39 39 e9 eb 48 0b f2 25 53 79 44 b8 22 f0 e0 cd c2 82 b3 74 b6 03 d6 42 14 28 f9 ec 1c a1 d1 e6 96 a7 bb f0 aa 4c 59 5d 04 30 d7 a5 50 39 5c 69 ad 42 da a3 fa 8a 92 23 83 56 d8 e1 77 0b b1 8c c8 5c 2b e4 0a 9d 78 5d 71 02 49 ff 15 11 e4 2b a4 6d 23 01 24 05 33 35 c7 e8 3a fe e0 bc 25 74 93 48 b1 92 47 c4 4e b0 fb 99 76 38 1b 0c 71 [TRUNCATED]
                Data Ascii: SmO08\iPiJaV64I|'p\vh}O;E9aQLdPn\B+0<sJ">a v$K>7J{`{ Ck;y,%\^8q(6SzB#3R V>M&WjYlpqSLUDVTu;99H%SyD"tB(LY]0P9\iB#Vw\+x]qI+m#$35:%tHGNv8q!jgl!*sHurxk\KhH~tqjA-j?:,.R`-~?p&Jfr|8rpAQ}#R,r#y>[y1DbPW>LZGT,##PpFRy"%(EHaob;q{5h;a;aoc-kq}-i?3g
                Mar 20, 2025 15:26:05.037452936 CET618OUTGET /dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9 HTTP/1.1
                Host: alexandermoss-yy.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Referer: http://alexandermoss-yy.com/
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Mar 20, 2025 15:26:06.792052031 CET488INHTTP/1.1 302 Found
                Date: Thu, 20 Mar 2025 14:26:05 GMT
                Server: Apache/2.4.52 (Ubuntu)
                Location: https://www.streamoptimum.com/3T4M7T6/2249PMKS/?sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md
                Content-Length: 164
                Keep-Alive: timeout=5, max=99
                Connection: Keep-Alive
                Content-Type: text/html; charset=UTF-8
                Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a
                Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script>


                Session IDSource IPSource PortDestination IPDestination Port
                1192.168.2.1049707142.251.32.9980
                TimestampBytes transferredDirectionData
                Mar 20, 2025 15:26:14.266385078 CET202OUTGET /r/gsr1.crl HTTP/1.1
                Cache-Control: max-age = 3000
                Connection: Keep-Alive
                Accept: */*
                If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                User-Agent: Microsoft-CryptoAPI/10.0
                Host: c.pki.goog
                Mar 20, 2025 15:26:14.364423990 CET223INHTTP/1.1 304 Not Modified
                Date: Thu, 20 Mar 2025 13:49:48 GMT
                Expires: Thu, 20 Mar 2025 14:39:48 GMT
                Age: 2186
                Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                Cache-Control: public, max-age=3000
                Vary: Accept-Encoding
                Mar 20, 2025 15:26:14.370286942 CET200OUTGET /r/r4.crl HTTP/1.1
                Cache-Control: max-age = 3000
                Connection: Keep-Alive
                Accept: */*
                If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                User-Agent: Microsoft-CryptoAPI/10.0
                Host: c.pki.goog
                Mar 20, 2025 15:26:14.467006922 CET223INHTTP/1.1 304 Not Modified
                Date: Thu, 20 Mar 2025 13:40:24 GMT
                Expires: Thu, 20 Mar 2025 14:30:24 GMT
                Age: 2750
                Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                Cache-Control: public, max-age=3000
                Vary: Accept-Encoding


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                2192.168.2.1049694103.100.38.23802556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                Mar 20, 2025 15:26:49.685112000 CET6OUTData Raw: 00
                Data Ascii:


                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.10496893.137.134.1544432556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-03-20 14:26:03 UTC782OUTGET /p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224== HTTP/1.1
                Host: click.convertkit-mail3.com
                Connection: keep-alive
                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: none
                Sec-Fetch-Mode: navigate
                Sec-Fetch-User: ?1
                Sec-Fetch-Dest: document
                Accept-Encoding: gzip, deflate, br, zstd
                Accept-Language: en-US,en;q=0.9
                2025-03-20 14:26:03 UTC471INHTTP/1.1 302 Found
                Server: nginx/1.18.0
                Date: Thu, 20 Mar 2025 14:26:03 GMT
                Content-Type: text/html; charset=utf-8
                Content-Length: 0
                Connection: close
                x-frame-options: SAMEORIGIN
                x-xss-protection: 0
                x-content-type-options: nosniff
                x-permitted-cross-domain-policies: none
                referrer-policy: strict-origin-when-cross-origin
                location: http://alexandermoss-yy.com/
                cache-control: no-cache
                x-request-id: 86688a65-b8cc-4383-b5b5-101f258e6eb1
                x-runtime: 0.007968


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                1192.168.2.1049697216.244.86.2184432556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-03-20 14:26:08 UTC771OUTGET /3T4M7T6/2249PMKS/?sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md HTTP/1.1
                Host: www.streamoptimum.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: cross-site
                Sec-Fetch-Mode: navigate
                Sec-Fetch-Dest: document
                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Referer: http://alexandermoss-yy.com/
                Accept-Encoding: gzip, deflate, br, zstd
                Accept-Language: en-US,en;q=0.9
                2025-03-20 14:26:08 UTC646INHTTP/1.1 302 Found
                Server: nginx
                Date: Thu, 20 Mar 2025 14:26:08 GMT
                Content-Type: text/html; charset=utf-8
                Content-Length: 276
                Connection: close
                Accept-Ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
                Location: https://www.streamoptimum.com/3T4M7T6/S5T8TN8/?__rpt=0&__po=16439&__ptid=42556ad7ceac470c8d5fbe749dba82fc&__rpa=1&__rc=1&sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md&sub4=&sub5=&source_id=&__pcd=9
                Set-Cookie: uniqueClick_2249PMKS=343dcc77-6d0b-432b-b2dc-7ed1e314e7ed:1742480768; Path=/; Expires=Fri, 21 Mar 2025 14:26:08 GMT; SameSite=None
                Vary: Origin
                X-Eflow-Request-Id: 4608524a-81dd-4f86-8d5c-187996e45924
                2025-03-20 14:26:08 UTC276INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 72 65 61 6d 6f 70 74 69 6d 75 6d 2e 63 6f 6d 2f 33 54 34 4d 37 54 36 2f 53 35 54 38 54 4e 38 2f 3f 5f 5f 72 70 74 3d 30 26 61 6d 70 3b 5f 5f 70 6f 3d 31 36 34 33 39 26 61 6d 70 3b 5f 5f 70 74 69 64 3d 34 32 35 35 36 61 64 37 63 65 61 63 34 37 30 63 38 64 35 66 62 65 37 34 39 64 62 61 38 32 66 63 26 61 6d 70 3b 5f 5f 72 70 61 3d 31 26 61 6d 70 3b 5f 5f 72 63 3d 31 26 61 6d 70 3b 73 75 62 31 3d 34 26 61 6d 70 3b 73 75 62 32 3d 31 32 31 36 32 36 5f 32 30 26 61 6d 70 3b 73 75 62 33 3d 33 37 37 5f 34 32 39 31 39 38 5f 31 35 36 35 38 37 30 36 5f 32 32 37 36 33 30 31 5f 6d 64 26 61 6d 70 3b 73 75 62 34 3d 26 61 6d 70 3b 73 75 62 35 3d 26 61 6d 70 3b 73 6f 75 72 63 65 5f 69 64 3d 26 61 6d 70 3b
                Data Ascii: <a href="https://www.streamoptimum.com/3T4M7T6/S5T8TN8/?__rpt=0&amp;__po=16439&amp;__ptid=42556ad7ceac470c8d5fbe749dba82fc&amp;__rpa=1&amp;__rc=1&amp;sub1=4&amp;sub2=121626_20&amp;sub3=377_429198_15658706_2276301_md&amp;sub4=&amp;sub5=&amp;source_id=&amp;


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                2192.168.2.1049698216.244.86.2184432556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-03-20 14:26:09 UTC934OUTGET /3T4M7T6/S5T8TN8/?__rpt=0&__po=16439&__ptid=42556ad7ceac470c8d5fbe749dba82fc&__rpa=1&__rc=1&sub1=4&sub2=121626_20&sub3=377_429198_15658706_2276301_md&sub4=&sub5=&source_id=&__pcd=9 HTTP/1.1
                Host: www.streamoptimum.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: cross-site
                Sec-Fetch-Mode: navigate
                Sec-Fetch-Dest: document
                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                sec-ch-ua-platform-version: "10.0.0"
                sec-ch-ua-model: ""
                Referer: http://alexandermoss-yy.com/
                Accept-Encoding: gzip, deflate, br, zstd
                Accept-Language: en-US,en;q=0.9
                2025-03-20 14:26:09 UTC629INHTTP/1.1 302 Found
                Server: nginx
                Date: Thu, 20 Mar 2025 14:26:09 GMT
                Content-Type: text/html; charset=utf-8
                Content-Length: 98
                Connection: close
                Accept-Ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
                Location: https://xmu.topnewlink.com/?kw=1765&s2=44185ec5024c48f3a98876c75f3becf6
                Set-Cookie: uniqueClick_S5T8TN8=d2878a6c-4e7f-4add-942e-2741e1e8f3dd:1742480769; Path=/; Expires=Fri, 21 Mar 2025 14:26:09 GMT; SameSite=None
                Set-Cookie: transaction_id=44185ec5024c48f3a98876c75f3becf6; Path=/; Expires=Wed, 18 Jun 2025 14:26:09 GMT; SameSite=None
                Vary: Origin
                X-Eflow-Request-Id: 9e4a3ac8-2314-47fc-8527-d0dc2cc55028
                2025-03-20 14:26:09 UTC98INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 78 6d 75 2e 74 6f 70 6e 65 77 6c 69 6e 6b 2e 63 6f 6d 2f 3f 6b 77 3d 31 37 36 35 26 61 6d 70 3b 73 32 3d 34 34 31 38 35 65 63 35 30 32 34 63 34 38 66 33 61 39 38 38 37 36 63 37 35 66 33 62 65 63 66 36 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                Data Ascii: <a href="https://xmu.topnewlink.com/?kw=1765&amp;s2=44185ec5024c48f3a98876c75f3becf6">Found</a>.


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                3192.168.2.1049699190.10.8.24432556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-03-20 14:26:10 UTC737OUTGET /?kw=1765&s2=44185ec5024c48f3a98876c75f3becf6 HTTP/1.1
                Host: xmu.topnewlink.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: cross-site
                Sec-Fetch-Mode: navigate
                Sec-Fetch-Dest: document
                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Referer: http://alexandermoss-yy.com/
                Accept-Encoding: gzip, deflate, br, zstd
                Accept-Language: en-US,en;q=0.9
                2025-03-20 14:26:11 UTC833INHTTP/1.1 302 Found
                date: Thu, 20 Mar 2025 14:26:10 GMT
                content-type: text/html; charset=utf-8
                content-length: 718
                cache-control: no-cache, private
                location: https://xmu.freshreliablelink.com/o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2
                x-redir: true
                set-cookie: yredir_session=eyJpdiI6ImcxL0J4N2F2dmpDdVVrK3c5N3dxd3c9PSIsInZhbHVlIjoibG5Eand4OVkzY3pVc2dGVW4xU0xZaWVVSFNWUEdrTnB3eFZnaGFtVFFoSWJlckJOZElram82U2dpclppMUVwUHdKR2FQNmZsZm9yeitWS1I4N3E1cm0zTnlzVGV3WTVGSno3d1dBaE5JNWhTOXVTOG5mRG9DMXozNDI1SDRWKzQiLCJtYWMiOiI3YTQwYWVkMzM0MTJkNGY1MzljYWE4MDA1N2NlNGUyNzI2ODdmMWExMDcyNjQzZjkyYzVlNjgyYWRjNWJiYzY2IiwidGFnIjoiIn0%3D; expires=Thu, 20-Mar-2025 16:26:10 GMT; path=/; httponly; samesite=lax
                server: swoole-http-server
                strict-transport-security: max-age=15768000
                connection: close
                2025-03-20 14:26:11 UTC718INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 78 6d 75 2e 66 72 65 73 68 72 65 6c 69 61 62 6c 65 6c 69 6e 6b 2e 63 6f 6d 2f 6f 2f 5a 34 4c 4c 52 4e 53 54 2f 34 35 34 32 38 30 39 36 2d 30 35 39 37 2d 31 31 66 30 2d 61 39 66 64 2d 30 33 37 35 37 32 33 37 30 35 33 65 2f 34 35 34 64 36 61 33 38 2d 30 35 39 37 2d 31 31 66 30 2d 39 34 35 61 2d 33 39 31 34 33 63 30 66 31 34 61 32 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74
                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://xmu.freshreliablelink.com/o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2'" /> <tit


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                4192.168.2.1049700190.10.8.24432556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-03-20 14:26:11 UTC784OUTGET /o/Z4LLRNST/45428096-0597-11f0-a9fd-03757237053e/454d6a38-0597-11f0-945a-39143c0f14a2 HTTP/1.1
                Host: xmu.freshreliablelink.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: cross-site
                Sec-Fetch-Mode: navigate
                Sec-Fetch-Dest: document
                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Referer: http://alexandermoss-yy.com/
                Accept-Encoding: gzip, deflate, br, zstd
                Accept-Language: en-US,en;q=0.9
                2025-03-20 14:26:12 UTC811INHTTP/1.1 302 Found
                date: Thu, 20 Mar 2025 14:26:12 GMT
                content-type: text/html; charset=utf-8
                content-length: 662
                cache-control: no-cache, private
                location: https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be&
                x-redir: true
                set-cookie: yredir_session=eyJpdiI6IlIyVC9ZT1N2MVpsMXZ5ckJ3V2MvZ0E9PSIsInZhbHVlIjoiMnhnYVRhY2RxTEZITThINlYrS0szTlVMTlNyVGlabldhK1BPcDlidFZ3NndBYW9aeitFV1o0V3paVzRtdDg2VDVIUEVSdDFoVDdFTFJueDk1UjBCM3AzTDVRbm9oWUdrUU9IbTh5dXcvdXZpNTA0YmhlOG5lV2J1V3IzUzV2NlciLCJtYWMiOiIwZTU2NDBjODZkZmJjM2M5MmRjYjk2OTIwYTJjZGQ3OGU3NTE0Y2ZiZTRmYzkzZGY2MzU5Y2FhMDhmNGY0MTRjIiwidGFnIjoiIn0%3D; expires=Thu, 20-Mar-2025 16:26:12 GMT; path=/; httponly; samesite=lax
                server: swoole-http-server
                strict-transport-security: max-age=15768000
                connection: close
                2025-03-20 14:26:12 UTC662INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 70 76 79 77 36 74 72 6b 2e 63 6f 6d 2f 37 50 34 52 52 46 2f 51 54 39 52 52 38 52 2f 3f 73 75 62 31 3d 31 30 33 39 38 39 26 61 6d 70 3b 73 75 62 32 3d 34 36 30 64 36 38 65 63 2d 30 35 39 37 2d 31 31 66 30 2d 62 37 39 39 2d 32 37 39 64 37 33 33 32 37 33 62 65 26 61 6d 70 3b 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67
                Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.dpvyw6trk.com/7P4RRF/QT9RR8R/?sub1=103989&amp;sub2=460d68ec-0597-11f0-b799-279d733273be&amp;'" /> <title>Redirecting


                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                5192.168.2.104970335.190.6.554432556C:\Program Files\Google\Chrome\Application\chrome.exe
                TimestampBytes transferredDirectionData
                2025-03-20 14:26:12 UTC762OUTGET /7P4RRF/QT9RR8R/?sub1=103989&sub2=460d68ec-0597-11f0-b799-279d733273be& HTTP/1.1
                Host: www.dpvyw6trk.com
                Connection: keep-alive
                Upgrade-Insecure-Requests: 1
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                Sec-Fetch-Site: cross-site
                Sec-Fetch-Mode: navigate
                Sec-Fetch-Dest: document
                sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                sec-ch-ua-mobile: ?0
                sec-ch-ua-platform: "Windows"
                Referer: http://alexandermoss-yy.com/
                Accept-Encoding: gzip, deflate, br, zstd
                Accept-Language: en-US,en;q=0.9
                2025-03-20 14:26:13 UTC299INHTTP/1.1 204 No Content
                server: nginx
                date: Thu, 20 Mar 2025 14:26:13 GMT
                accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
                vary: Origin
                x-eflow-request-id: 1bdee84b-87f7-476f-9f61-f797136bc88e
                Via: 1.1 google
                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                Connection: close


                Statistics

                CPU Usage

                020406080s020406080100

                Click to jump to process

                Memory Usage

                020406080s0.0050100MB

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:10:25:55
                Start date:20/03/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                Imagebase:0x7ff7ea9f0000
                File size:3'388'000 bytes
                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false
                Show Windows behavior

                File Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                COM Activities

                Show Windows behavior

                Process Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Memory Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Process Token Activities


                General

                Target ID:1
                Start time:10:25:55
                Start date:20/03/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,4934498503610984479,299934614537164840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3
                Imagebase:0x7ff7ea9f0000
                File size:3'388'000 bytes
                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:false
                Show Windows behavior

                File Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                Show Windows behavior

                Memory Activities

                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                General

                Target ID:5
                Start time:10:26:02
                Start date:20/03/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.convertkit-mail3.com/p9up9gom8kb9h226rgmtqhpn5o333hr/l2hehmhl56p999b6/zlFhiaJ8BbBSEcPFc3ACzWUXL68bravVsl61ZdxQNjnUhzShEZyq224==#dDBQWGNXNGYzMHd4ZHpCMEtqcm5LTE5zb0YzVlQzR1BiMG43QVA3aUNLRUszekhxdDlWVUMzWFhldlJlMGppK21UY0NZcXpGS2QxMjdPS2VuTnRzWU9FUXovZ2RzZXJhK0VLRDNLMkViNHM9"
                Imagebase:0x7ff7ea9f0000
                File size:3'388'000 bytes
                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Disassembly

                No disassembly