Edit tour

Windows Analysis Report
http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40

Overview

General Information

Sample URL:http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
Analysis ID:1650588
Infos:

Detection

Phisher
Score:68
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
Yara detected Phisher
Performs DNS queries to domains with low reputation
Creates files inside the system directory
Deletes files inside the Windows folder

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • chrome.exe (PID: 5792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,2471850246389426269,11701980283300173567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2024 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
dropped/chromecache_49JoeSecurity_Phisher_2Yara detected PhisherJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-03-27T20:30:19.759443+010028596221Exploit Kit Activity Detected188.132.128.21880192.168.2.749687TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548Avira URL Cloud: Label: phishing

    Phishing

    barindex
    Source: Yara matchFile source: dropped/chromecache_49, type: DROPPED
    Source: http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40HTTP Parser: No favicon
    Source: http://korsrattell.xyz/t/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40HTTP Parser: No favicon
    Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.7:49686 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 69.30.237.86:443 -> 192.168.2.7:49694 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 69.30.237.86:443 -> 192.168.2.7:49695 version: TLS 1.2

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2859622 - Severity 1 - ETPRO EXPLOIT_KIT FoxTDS Initial Check : 188.132.128.218:80 -> 192.168.2.7:49687
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: korsrattell.xyz
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: korsrattell.xyz
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: korsrattell.xyz
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: korsrattell.xyz
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
    Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownTCP traffic detected without corresponding DNS query: 142.251.41.3
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQiA1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548 HTTP/1.1Host: www.worldoneonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://korsrattell.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 HTTP/1.1Host: korsrattell.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: korsrattell.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /t/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 HTTP/1.1Host: korsrattell.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
    Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: korsrattell.xyz
    Source: global trafficDNS traffic detected: DNS query: www.worldoneonline.com
    Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
    Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Address: gin_throttle_mw_7200000000_45.92.229.138X-Ratelimit-Limit: 500X-Ratelimit-Remaining: 496X-Ratelimit-Reset: 1743107456Date: Thu, 27 Mar 2025 19:30:57 GMTContent-Length: 0
    Source: chromecache_49.1.drString found in binary or memory: https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548
    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
    Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
    Source: unknownHTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.7:49686 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 69.30.237.86:443 -> 192.168.2.7:49694 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 69.30.237.86:443 -> 192.168.2.7:49695 version: TLS 1.2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5792_330100481Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5792_330100481Jump to behavior
    Source: classification engineClassification label: mal68.phis.troj.win@22/6@20/4
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,2471850246389426269,11701980283300173567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2024 /prefetch:3
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,2471850246389426269,11701980283300173567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2024 /prefetch:3Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
    Process Injection
    1
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
    Non-Application Layer Protocol
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    File Deletion
    Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
    Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
    Ingress Tool Transfer
    Traffic DuplicationData Destruction
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1650588 URL: http://korsrattell.xyz/4aOt... Startdate: 27/03/2025 Architecture: WINDOWS Score: 68 15 beacons.gvt2.com 2->15 17 beacons.gcp.gvt2.com 2->17 19 beacons-handoff.gcp.gvt2.com 2->19 30 Suricata IDS alerts for network traffic 2->30 32 Antivirus detection for URL or domain 2->32 34 Yara detected Phisher 2->34 36 Performs DNS queries to domains with low reputation 2->36 7 chrome.exe 2 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 21 192.168.2.7, 443, 49672, 49686 unknown unknown 7->21 12 chrome.exe 7->12         started        process6 dnsIp7 23 korsrattell.xyz 12->23 26 www.worldoneonline.com 69.30.237.86, 443, 49694, 49695 WIIUS United States 12->26 28 4 other IPs or domains 12->28 signatures8 38 Performs DNS queries to domains with low reputation 23->38

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X400%Avira URL Cloudsafe
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548100%Avira URL Cloudphishing
    http://korsrattell.xyz/favicon.ico0%Avira URL Cloudsafe

    Download Network PCAP: filteredfull

    NameIPActiveMaliciousAntivirus DetectionReputation
    www.worldoneonline.com
    69.30.237.86
    truefalse
      high
      beacons-handoff.gcp.gvt2.com
      142.251.116.94
      truefalse
        high
        www.google.com
        142.250.81.228
        truefalse
          high
          korsrattell.xyz
          188.132.128.218
          truefalse
            high
            beacons.gvt2.com
            142.250.81.227
            truefalse
              high
              beacons.gcp.gvt2.com
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40false
                  unknown
                  https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548false
                  • Avira URL Cloud: phishing
                  unknown
                  http://c.pki.goog/r/gsr1.crlfalse
                    high
                    http://c.pki.goog/r/r4.crlfalse
                      high
                      http://korsrattell.xyz/favicon.icotrue
                      • Avira URL Cloud: safe
                      unknown
                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                        high
                        http://korsrattell.xyz/t/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40false
                          unknown
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          188.132.128.218
                          korsrattell.xyzTurkey
                          42910PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRfalse
                          69.30.237.86
                          www.worldoneonline.comUnited States
                          32097WIIUSfalse
                          142.250.81.228
                          www.google.comUnited States
                          15169GOOGLEUSfalse
                          IP
                          192.168.2.7
                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1650588
                          Start date and time:2025-03-27 20:29:13 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 3m 9s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:browseurl.jbs
                          Sample URL:http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:14
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal68.phis.troj.win@22/6@20/4
                          EGA Information:Failed
                          HCA Information:
                          • Successful, ratio: 100%
                          • Number of executed functions: 0
                          • Number of non-executed functions: 0
                          • Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe, TextInputHost.exe
                          • Excluded IPs from analysis (whitelisted): 142.251.32.110, 142.250.80.67, 142.251.163.84, 142.250.81.238, 23.210.92.197, 142.251.40.131, 4.245.163.56, 23.9.183.29
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.
                          • VT rate limit hit for: http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
                          No simulations
                          No context
                          No context
                          No context
                          No context
                          No context
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (398)
                          Category:downloaded
                          Size (bytes):458
                          Entropy (8bit):5.131460290374407
                          Encrypted:false
                          SSDEEP:12:8AaJ+dAW1FTWoK9xGixFoBwdNDJNZUSbZkXCABHRsqq+7p:8bJOAWYragNvZUSuzRsqZp
                          MD5:0A3E69B8B37A6DF0ACD7E7F5D9D3B854
                          SHA1:680DE96CFE2AFF1B030BFBD4A7CFA2529993EA61
                          SHA-256:0F3A07F36D6BDDEE418F7D7548BC165B09817E10764A359D2773388CDEC9FF8A
                          SHA-512:9C5C0679E082A5776536835110B90436CD6531E3B2C4FC7A15BDCE7F550D6647447C904E68D660FAF81E39C108E17198830E8B133E86D8559180FA6FB5CE25C7
                          Malicious:false
                          Reputation:low
                          URL:http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
                          Preview:<script>.let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");.</script>..<p style="color:gray;">redirect...</p>.
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):304
                          Entropy (8bit):5.471355015469421
                          Encrypted:false
                          SSDEEP:6:uIRnXHFmmmULhOzXFV9JQcqgidV/FJKSK1YGLhOzXFV9JQcqgiPed/VMCGYoVL:lXHAx+O5JJqldvpQO5JJqle9IL
                          MD5:180D3111BF4B95B105B0AD913DA78812
                          SHA1:3541E6C5346CDFF7442403A15A2C69BC1438F1C3
                          SHA-256:3D9104A90EFD3BB116EE3BAAC3B392E3DE5C0276BC4F70E133C84779749D690E
                          SHA-512:46A1CC7C59E8A471920BDFF03384B16ACB802D865FD88EF9E377891592C8C4573EEEF9F3C3B91791549A310AC10C0E2A89DE0B7BCF1B59026DA9E3487846522C
                          Malicious:false
                          Reputation:low
                          URL:http://korsrattell.xyz/t/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
                          Preview:<script>.setTimeout(function(){. window.location.href = 'https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548'; . console.log('redirecting to https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548');.}, 1000);.</script>.<p></p>.
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (879)
                          Category:downloaded
                          Size (bytes):884
                          Entropy (8bit):5.140994617901
                          Encrypted:false
                          SSDEEP:24:rrgOuPbq/BHslgT1d1uawBATPuoBN2t2t2t2t2t2t2tomffffffo:rrgOu+/KlgJXwBAzuSNYYYYYYYomfffw
                          MD5:1871450607ED8315EA3211DF56301424
                          SHA1:20798060F8A8D2F95F7921AEFFD86D10D98B3FEA
                          SHA-256:ED0D553E726BBDB888F3B942655EF3A60BA948643255F6F1EC85FB833E473F89
                          SHA-512:AE731526FCFC93241F301749EAB16DD58054634D53062D85A170A843806107CB388517186C51594307FB5C5D3FD56B074ACF2D966444D0933C9514E6F17C33BA
                          Malicious:false
                          Reputation:low
                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                          Preview:)]}'.["",["paul thomas anderson trailer","delete genetic data 23andme","louisville president schatzel resigns","rockstar games gta 6 release date","atlantic hurricane season","msu hockey tournament","l2 empuraan movie review","chime instant loans"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"3791042092700688870","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
                          No static file info

                          Download Network PCAP: filteredfull

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2025-03-27T20:30:19.759443+01002859622ETPRO EXPLOIT_KIT FoxTDS Initial Check1188.132.128.21880192.168.2.749687TCP
                          • Total Packets: 117
                          • 443 (HTTPS)
                          • 80 (HTTP)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 27, 2025 20:30:08.092412949 CET49674443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:08.092540026 CET49673443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:08.095788956 CET49675443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:13.126022100 CET4967680192.168.2.723.199.215.203
                          Mar 27, 2025 20:30:13.126041889 CET49677443192.168.2.72.18.98.62
                          Mar 27, 2025 20:30:15.420516968 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:15.420561075 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:15.420680046 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:15.420849085 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:15.420861006 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:15.618704081 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:15.618885040 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:15.620045900 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:15.620054960 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:15.620466948 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:15.670959949 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:16.348294020 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:16.348530054 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:16.358686924 CET49689443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:16.358722925 CET44349689188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:16.358854055 CET49689443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:16.360728025 CET49689443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:16.360739946 CET44349689188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:16.578174114 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:16.578248978 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:17.360760927 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:17.587754965 CET8049688188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:17.587842941 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:17.705451012 CET49673443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:17.705459118 CET49674443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:17.705486059 CET49675443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:18.256206989 CET44349689188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:18.256263018 CET44349689188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:18.256331921 CET49689443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:18.256521940 CET49689443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:18.256541967 CET44349689188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:18.256947994 CET49690443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:18.256993055 CET44349690188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:18.257087946 CET49690443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:18.257211924 CET49690443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:18.257224083 CET44349690188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:18.815535069 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:18.860270977 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:18.934201956 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:18.936623096 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:18.936676979 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:18.971107006 CET49686443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:30:18.971132040 CET44349686142.250.81.228192.168.2.7
                          Mar 27, 2025 20:30:19.158128977 CET44349690188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:19.158157110 CET44349690188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:19.158231020 CET49690443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:19.159899950 CET49690443192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:19.159945965 CET44349690188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:19.202447891 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:19.431339979 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:19.431682110 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:19.479783058 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:19.529114962 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:19.759443045 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:19.814327002 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:20.516860962 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:20.784570932 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:20.837574959 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:20.884015083 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:21.992352962 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:21.992389917 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:21.992440939 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:21.992647886 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:21.992660999 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:21.993057966 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:21.993083954 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:21.993130922 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:21.993283987 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:21.993292093 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.239423990 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.239499092 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.240941048 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.240955114 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.241235971 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.241497993 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.242388964 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.242474079 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.243350983 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.243360996 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.243679047 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.284271955 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.296967030 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.556210041 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.556309938 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.558156967 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.558187962 CET4434969469.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:22.558224916 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:22.566080093 CET49694443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:27.895086050 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:30:27.985615969 CET8049698142.251.41.3192.168.2.7
                          Mar 27, 2025 20:30:27.985713005 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:30:27.985897064 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:30:28.076598883 CET8049698142.251.41.3192.168.2.7
                          Mar 27, 2025 20:30:28.076947927 CET8049698142.251.41.3192.168.2.7
                          Mar 27, 2025 20:30:28.095133066 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:30:28.185807943 CET8049698142.251.41.3192.168.2.7
                          Mar 27, 2025 20:30:28.233189106 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:30:28.912853003 CET49672443192.168.2.72.23.227.208
                          Mar 27, 2025 20:30:28.912873030 CET443496722.23.227.208192.168.2.7
                          Mar 27, 2025 20:30:32.355720997 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:32.355782032 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:30:32.355947971 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:30:32.820305109 CET8049688188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:32.820357084 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:36.118999004 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:36.119240046 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:40.235291958 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:30:40.548239946 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:30:41.155921936 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:30:42.359035015 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:30:44.765049934 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:30:48.046564102 CET8049688188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:48.046618938 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:48.803632021 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:30:49.109265089 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:30:49.577089071 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:30:49.717745066 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:30:50.921279907 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:30:51.348346949 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:30:51.348407984 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:30:53.328140020 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:30:58.140382051 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:30:59.186415911 CET49671443192.168.2.7204.79.197.203
                          Mar 27, 2025 20:31:02.593425989 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:31:02.820975065 CET8049688188.132.128.218192.168.2.7
                          Mar 27, 2025 20:31:05.842550039 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:31:06.071217060 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:31:07.749452114 CET49678443192.168.2.720.189.173.15
                          Mar 27, 2025 20:31:15.392457008 CET49710443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:31:15.392492056 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:15.392556906 CET49710443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:31:15.392748117 CET49710443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:31:15.392762899 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:15.588069916 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:15.588366032 CET49710443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:31:15.588376999 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:17.359962940 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:31:17.359983921 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:31:17.875869989 CET8049688188.132.128.218192.168.2.7
                          Mar 27, 2025 20:31:17.876250982 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:31:18.049679995 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:31:18.276549101 CET8049688188.132.128.218192.168.2.7
                          Mar 27, 2025 20:31:18.276606083 CET4968880192.168.2.7188.132.128.218
                          Mar 27, 2025 20:31:21.078361988 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:31:21.078403950 CET4968780192.168.2.7188.132.128.218
                          Mar 27, 2025 20:31:24.047441006 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:31:24.047461987 CET4434969569.30.237.86192.168.2.7
                          Mar 27, 2025 20:31:24.047560930 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:31:24.047560930 CET49695443192.168.2.769.30.237.86
                          Mar 27, 2025 20:31:25.604482889 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:25.604554892 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:25.604634047 CET49710443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:31:26.047982931 CET49710443192.168.2.7142.250.81.228
                          Mar 27, 2025 20:31:26.048000097 CET44349710142.250.81.228192.168.2.7
                          Mar 27, 2025 20:31:28.436465979 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:31:28.525588989 CET8049698142.251.41.3192.168.2.7
                          Mar 27, 2025 20:31:28.525798082 CET4969880192.168.2.7142.251.41.3
                          Mar 27, 2025 20:31:36.306087017 CET8049687188.132.128.218192.168.2.7
                          Mar 27, 2025 20:31:36.306312084 CET4968780192.168.2.7188.132.128.218
                          TimestampSource PortDest PortSource IPDest IP
                          Mar 27, 2025 20:30:10.939683914 CET53590731.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:11.003848076 CET53645451.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:11.892266989 CET53520461.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:11.924674034 CET53649441.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:15.328526020 CET5025853192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:15.328526020 CET6447953192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:15.419044971 CET53502581.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:15.419056892 CET53644791.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:16.227334023 CET5119753192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:16.230276108 CET5579553192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:16.268137932 CET6293753192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:16.268373013 CET5051053192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:16.343914032 CET53557951.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:16.344357014 CET53511971.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:16.357945919 CET53629371.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:16.357966900 CET53505101.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:21.902324915 CET5694953192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:21.902708054 CET5945153192.168.2.71.1.1.1
                          Mar 27, 2025 20:30:21.991486073 CET53569491.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:21.991769075 CET53594511.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:28.997864962 CET53651091.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:47.767416954 CET53500191.1.1.1192.168.2.7
                          Mar 27, 2025 20:30:52.841727972 CET5361219162.159.36.2192.168.2.7
                          Mar 27, 2025 20:31:10.260528088 CET53502561.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:10.702967882 CET53528601.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:20.051075935 CET5610453192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:20.051075935 CET5888953192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:20.141076088 CET53561041.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:20.141100883 CET53588891.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:21.062694073 CET5480953192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:21.062988043 CET5333853192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:21.152015924 CET53548091.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:21.152040005 CET53533381.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:23.095802069 CET6055353192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:23.184973001 CET53605531.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:24.108516932 CET6055353192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:24.197604895 CET53605531.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:25.108906984 CET6055353192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:25.197608948 CET53605531.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:27.109261036 CET6055353192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:27.198648930 CET53605531.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:31.110740900 CET6055353192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:31.195806980 CET53605531.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:36.050122976 CET5370053192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:36.050309896 CET5825753192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:36.136620998 CET53537001.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:36.136639118 CET53582571.1.1.1192.168.2.7
                          Mar 27, 2025 20:31:37.062091112 CET5807453192.168.2.71.1.1.1
                          Mar 27, 2025 20:31:37.146414995 CET53580741.1.1.1192.168.2.7
                          TimestampSource IPDest IPChecksumCodeType
                          Mar 27, 2025 20:30:11.892297029 CET192.168.2.71.1.1.1c1fc(Port unreachable)Destination Unreachable
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Mar 27, 2025 20:30:15.328526020 CET192.168.2.71.1.1.10x3065Standard query (0)www.google.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:15.328526020 CET192.168.2.71.1.1.10x17ebStandard query (0)www.google.com65IN (0x0001)false
                          Mar 27, 2025 20:30:16.227334023 CET192.168.2.71.1.1.10x33dbStandard query (0)korsrattell.xyzA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:16.230276108 CET192.168.2.71.1.1.10xa6b0Standard query (0)korsrattell.xyz65IN (0x0001)false
                          Mar 27, 2025 20:30:16.268137932 CET192.168.2.71.1.1.10x1dbbStandard query (0)korsrattell.xyzA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:16.268373013 CET192.168.2.71.1.1.10x7bc3Standard query (0)korsrattell.xyz65IN (0x0001)false
                          Mar 27, 2025 20:30:21.902324915 CET192.168.2.71.1.1.10x416fStandard query (0)www.worldoneonline.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:21.902708054 CET192.168.2.71.1.1.10x79Standard query (0)www.worldoneonline.com65IN (0x0001)false
                          Mar 27, 2025 20:31:20.051075935 CET192.168.2.71.1.1.10x6271Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                          Mar 27, 2025 20:31:20.051075935 CET192.168.2.71.1.1.10x9f52Standard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:21.062694073 CET192.168.2.71.1.1.10x29bStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:21.062988043 CET192.168.2.71.1.1.10x4ab6Standard query (0)beacons.gcp.gvt2.com65IN (0x0001)false
                          Mar 27, 2025 20:31:23.095802069 CET192.168.2.71.1.1.10x7dabStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:24.108516932 CET192.168.2.71.1.1.10x7dabStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:25.108906984 CET192.168.2.71.1.1.10x7dabStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:27.109261036 CET192.168.2.71.1.1.10x7dabStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:31.110740900 CET192.168.2.71.1.1.10x7dabStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:36.050122976 CET192.168.2.71.1.1.10x71b0Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:36.050309896 CET192.168.2.71.1.1.10x1b23Standard query (0)beacons.gvt2.com65IN (0x0001)false
                          Mar 27, 2025 20:31:37.062091112 CET192.168.2.71.1.1.10x7f68Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Mar 27, 2025 20:30:15.419044971 CET1.1.1.1192.168.2.70x3065No error (0)www.google.com142.250.81.228A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:15.419056892 CET1.1.1.1192.168.2.70x17ebNo error (0)www.google.com65IN (0x0001)false
                          Mar 27, 2025 20:30:16.344357014 CET1.1.1.1192.168.2.70x33dbNo error (0)korsrattell.xyz188.132.128.218A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:16.357945919 CET1.1.1.1192.168.2.70x1dbbNo error (0)korsrattell.xyz188.132.128.218A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:30:21.991486073 CET1.1.1.1192.168.2.70x416fNo error (0)www.worldoneonline.com69.30.237.86A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:20.141076088 CET1.1.1.1192.168.2.70x6271No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:20.141100883 CET1.1.1.1192.168.2.70x9f52No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:20.141100883 CET1.1.1.1192.168.2.70x9f52No error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:21.152015924 CET1.1.1.1192.168.2.70x29bNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:21.152015924 CET1.1.1.1192.168.2.70x29bNo error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:21.152040005 CET1.1.1.1192.168.2.70x4ab6No error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:23.184973001 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:23.184973001 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:24.197604895 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:24.197604895 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:25.197608948 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:25.197608948 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:27.198648930 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:27.198648930 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:31.195806980 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                          Mar 27, 2025 20:31:31.195806980 CET1.1.1.1192.168.2.70x7dabNo error (0)beacons-handoff.gcp.gvt2.com142.251.116.94A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:36.136620998 CET1.1.1.1192.168.2.70x71b0No error (0)beacons.gvt2.com142.250.81.227A (IP address)IN (0x0001)false
                          Mar 27, 2025 20:31:37.146414995 CET1.1.1.1192.168.2.70x7f68No error (0)beacons.gvt2.com142.250.81.227A (IP address)IN (0x0001)false
                          • www.google.com
                          • korsrattell.xyz
                            • www.worldoneonline.com
                          • c.pki.goog
                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.749687188.132.128.218805304C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          Mar 27, 2025 20:30:19.202447891 CET492OUTGET /4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 HTTP/1.1
                          Host: korsrattell.xyz
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 27, 2025 20:30:19.431682110 CET711INHTTP/1.1 200 OK
                          Content-Type: text/html; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_45.92.229.138
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 497
                          X-Ratelimit-Reset: 1743107456
                          Date: Thu, 27 Mar 2025 19:30:57 GMT
                          Content-Length: 458
                          Data Raw: 3c 73 63 72 69 70 74 3e 0a 6c 65 74 20 65 3d 6e 65 77 20 55 52 4c 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 65 2e 70 61 74 68 6e 61 6d 65 3d 22 2f 74 22 2b 65 2e 70 61 74 68 6e 61 6d 65 3b 6c 65 74 20 6f 3d 65 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 26 26 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 6f 3d 5b 22 67 6f 6f 67 6c 65 62 6f 74 22 2c 22 62 69 6e 67 62 6f 74 22 2c 22 79 61 6e 64 65 78 62 6f 74 22 2c 22 64 75 63 6b 64 75 63 6b 62 6f 74 22 2c 22 73 6c 75 72 70 22 2c 22 62 61 69 64 75 73 70 69 64 65 72 22 2c 22 66 61 63 65 62 6f 74 22 2c 22 69 61 5f 61 72 63 68 69 76 65 72 22 5d 2c 74 3d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 6e 3d 30 3b 6e 3c 6f 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 2e 69 6e 64 65 78 4f 66 28 6f 5b 6e 5d 29 3e 2d 31 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 28 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 29 3f 73 65 74 54 [TRUNCATED]
                          Data Ascii: <script>let e=new URL(window.location.href);e.pathname="/t"+e.pathname;let o=e.toString();navigator.cookieEnabled&&!function(e){for(var o=["googlebot","bingbot","yandexbot","duckduckbot","slurp","baiduspider","facebot","ia_archiver"],t=e.toLowerCase(),n=0;n<o.length;n++)if(t.indexOf(o[n])>-1)return!0;return!1}(navigator.userAgent)?setTimeout((function(){document.location.href=o}),1e3):console.log("bt");</script><p style="color:gray;">redirect...</p>
                          Mar 27, 2025 20:30:19.529114962 CET436OUTGET /favicon.ico HTTP/1.1
                          Host: korsrattell.xyz
                          Connection: keep-alive
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                          Referer: http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 27, 2025 20:30:19.759443045 CET259INHTTP/1.1 404 Not Found
                          Content-Type: text/plain; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_45.92.229.138
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 496
                          X-Ratelimit-Reset: 1743107456
                          Date: Thu, 27 Mar 2025 19:30:57 GMT
                          Content-Length: 0
                          Mar 27, 2025 20:30:20.516860962 CET590OUTGET /t/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40 HTTP/1.1
                          Host: korsrattell.xyz
                          Connection: keep-alive
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Referer: http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40
                          Accept-Encoding: gzip, deflate
                          Accept-Language: en-US,en;q=0.9
                          Mar 27, 2025 20:30:20.837574959 CET557INHTTP/1.1 200 OK
                          Content-Type: text/html; charset=utf-8
                          X-Address: gin_throttle_mw_7200000000_45.92.229.138
                          X-Ratelimit-Limit: 500
                          X-Ratelimit-Remaining: 494
                          X-Ratelimit-Reset: 1743107456
                          Date: Thu, 27 Mar 2025 19:30:58 GMT
                          Content-Length: 304
                          Data Raw: 3c 73 63 72 69 70 74 3e 0a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 6f 6e 65 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 46 42 51 43 54 4b 2f 34 37 39 52 50 36 4c 2f 3f 73 75 62 31 3d 34 30 26 73 75 62 32 3d 31 35 39 2d 32 32 38 33 38 26 73 75 62 33 3d 33 31 33 2d 32 39 38 33 38 2d 33 35 34 38 27 3b 20 0a 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 27 72 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 6f 6e 65 6f 6e 6c 69 6e 65 2e 63 6f 6d 2f 46 42 51 43 54 4b 2f 34 37 39 52 50 36 4c 2f 3f 73 75 62 31 3d 34 30 26 73 75 62 32 3d 31 35 39 2d 32 32 38 33 38 26 73 75 62 33 3d 33 31 33 2d 32 39 38 33 38 2d 33 35 34 38 27 29 3b 0a 7d 2c 20 31 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 70 3e 3c 2f 70 3e 0a
                          Data Ascii: <script>setTimeout(function(){ window.location.href = 'https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548'; console.log('redirecting to https://www.worldoneonline.com/FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548');}, 1000);</script><p></p>
                          Mar 27, 2025 20:31:05.842550039 CET6OUTData Raw: 00
                          Data Ascii:


                          Session IDSource IPSource PortDestination IPDestination Port
                          1192.168.2.749698142.251.41.380
                          TimestampBytes transferredDirectionData
                          Mar 27, 2025 20:30:27.985897064 CET202OUTGET /r/gsr1.crl HTTP/1.1
                          Cache-Control: max-age = 3000
                          Connection: Keep-Alive
                          Accept: */*
                          If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                          User-Agent: Microsoft-CryptoAPI/10.0
                          Host: c.pki.goog
                          Mar 27, 2025 20:30:28.076947927 CET223INHTTP/1.1 304 Not Modified
                          Date: Thu, 27 Mar 2025 18:53:36 GMT
                          Expires: Thu, 27 Mar 2025 19:43:36 GMT
                          Age: 2212
                          Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT
                          Cache-Control: public, max-age=3000
                          Vary: Accept-Encoding
                          Mar 27, 2025 20:30:28.095133066 CET200OUTGET /r/r4.crl HTTP/1.1
                          Cache-Control: max-age = 3000
                          Connection: Keep-Alive
                          Accept: */*
                          If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                          User-Agent: Microsoft-CryptoAPI/10.0
                          Host: c.pki.goog
                          Mar 27, 2025 20:30:28.185807943 CET223INHTTP/1.1 304 Not Modified
                          Date: Thu, 27 Mar 2025 19:03:30 GMT
                          Expires: Thu, 27 Mar 2025 19:53:30 GMT
                          Age: 1618
                          Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                          Cache-Control: public, max-age=3000
                          Vary: Accept-Encoding


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.749688188.132.128.218805304C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          Mar 27, 2025 20:31:02.593425989 CET6OUTData Raw: 00
                          Data Ascii:


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.749686142.250.81.2284435304C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-03-27 19:30:18 UTC575OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                          Host: www.google.com
                          Connection: keep-alive
                          X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQiA1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==
                          Sec-Fetch-Site: none
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          2025-03-27 19:30:18 UTC1303INHTTP/1.1 200 OK
                          Date: Thu, 27 Mar 2025 19:30:18 GMT
                          Pragma: no-cache
                          Expires: -1
                          Cache-Control: no-cache, must-revalidate
                          Content-Type: text/javascript; charset=UTF-8
                          Strict-Transport-Security: max-age=31536000
                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-PdiW41dD0CfDyJN_6UWnkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                          Accept-CH: Downlink
                          Accept-CH: RTT
                          Accept-CH: Sec-CH-UA-Form-Factors
                          Accept-CH: Sec-CH-UA-Platform
                          Accept-CH: Sec-CH-UA-Platform-Version
                          Accept-CH: Sec-CH-UA-Full-Version
                          Accept-CH: Sec-CH-UA-Arch
                          Accept-CH: Sec-CH-UA-Model
                          Accept-CH: Sec-CH-UA-Bitness
                          Accept-CH: Sec-CH-UA-Full-Version-List
                          Accept-CH: Sec-CH-UA-WoW64
                          Permissions-Policy: unload=()
                          Content-Disposition: attachment; filename="f.txt"
                          Server: gws
                          X-XSS-Protection: 0
                          X-Frame-Options: SAMEORIGIN
                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                          Accept-Ranges: none
                          Vary: Accept-Encoding
                          Connection: close
                          Transfer-Encoding: chunked
                          2025-03-27 19:30:18 UTC891INData Raw: 33 37 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 75 6c 20 74 68 6f 6d 61 73 20 61 6e 64 65 72 73 6f 6e 20 74 72 61 69 6c 65 72 22 2c 22 64 65 6c 65 74 65 20 67 65 6e 65 74 69 63 20 64 61 74 61 20 32 33 61 6e 64 6d 65 22 2c 22 6c 6f 75 69 73 76 69 6c 6c 65 20 70 72 65 73 69 64 65 6e 74 20 73 63 68 61 74 7a 65 6c 20 72 65 73 69 67 6e 73 22 2c 22 72 6f 63 6b 73 74 61 72 20 67 61 6d 65 73 20 67 74 61 20 36 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 61 74 6c 61 6e 74 69 63 20 68 75 72 72 69 63 61 6e 65 20 73 65 61 73 6f 6e 22 2c 22 6d 73 75 20 68 6f 63 6b 65 79 20 74 6f 75 72 6e 61 6d 65 6e 74 22 2c 22 6c 32 20 65 6d 70 75 72 61 61 6e 20 6d 6f 76 69 65 20 72 65 76 69 65 77 22 2c 22 63 68 69 6d 65 20 69 6e 73 74 61 6e 74 20 6c 6f 61 6e 73 22 5d 2c 5b
                          Data Ascii: 374)]}'["",["paul thomas anderson trailer","delete genetic data 23andme","louisville president schatzel resigns","rockstar games gta 6 release date","atlantic hurricane season","msu hockey tournament","l2 empuraan movie review","chime instant loans"],[
                          2025-03-27 19:30:18 UTC5INData Raw: 30 0d 0a 0d 0a
                          Data Ascii: 0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.74969469.30.237.864435304C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-03-27 19:30:22 UTC750OUTGET /FBQCTK/479RP6L/?sub1=40&sub2=159-22838&sub3=313-29838-3548 HTTP/1.1
                          Host: www.worldoneonline.com
                          Connection: keep-alive
                          sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
                          sec-ch-ua-mobile: ?0
                          sec-ch-ua-platform: "Windows"
                          Upgrade-Insecure-Requests: 1
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                          Sec-Fetch-Site: cross-site
                          Sec-Fetch-Mode: navigate
                          Sec-Fetch-Dest: document
                          Referer: http://korsrattell.xyz/
                          Accept-Encoding: gzip, deflate, br, zstd
                          Accept-Language: en-US,en;q=0.9
                          2025-03-27 19:30:22 UTC225INHTTP/1.1 204 No Content
                          Server: nginx
                          Date: Thu, 27 Mar 2025 19:30:22 GMT
                          Connection: close
                          Accept-Ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
                          Vary: Origin
                          X-Eflow-Request-Id: 21ed2b64-fa47-4bbd-b612-9b2687c5e971


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.74969569.30.237.864435304C:\Program Files\Google\Chrome\Application\chrome.exe
                          TimestampBytes transferredDirectionData
                          2025-03-27 19:30:32 UTC102INData Raw: 48 54 54 50 2f 31 2e 30 20 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a
                          Data Ascii: HTTP/1.0 408 Request Time-outCache-Control: no-cacheConnection: closeContent-Type: text/html
                          2025-03-27 19:30:32 UTC110INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                          Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>


                          020406080s020406080100

                          Click to jump to process

                          020406080s0.0050100MB

                          Click to jump to process

                          Target ID:0
                          Start time:15:30:07
                          Start date:27/03/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                          Imagebase:0x7ff778810000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          Target ID:1
                          Start time:15:30:08
                          Start date:27/03/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,2471850246389426269,11701980283300173567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2024 /prefetch:3
                          Imagebase:0x7ff778810000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          Target ID:4
                          Start time:15:30:14
                          Start date:27/03/2025
                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://korsrattell.xyz/4aOtHU22838Suwi159gcsfxkvhbv313ZKADSMRFTRQKBHF29838ICNA3548X40"
                          Imagebase:0x7ff778810000
                          File size:3'388'000 bytes
                          MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                          No disassembly