Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://z2.ink/roetmop2

Overview

General Information

Sample URL:https://z2.ink/roetmop2
Analysis ID:1669370
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 1228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 3940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,5461521184637409868,13752564822457302708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2572 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 6824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://z2.ink/roetmop2" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Phishing
  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://z2.ink/roetmop2Avira URL Cloud: detection malicious, Label: malware
Source: http://rabz475port.ns02.info/rabs/antibot/captcha.phpHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 108.177.122.105:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.151.22.94:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.151.22.94:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.131.111.57:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /roetmop2 HTTP/1.1Host: z2.inkConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rabs/antibot/captcha.php HTTP/1.1Host: rabz475port.ns02.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: rabz475port.ns02.infoConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://rabz475port.ns02.info/rabs/antibot/captcha.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: z2.ink
Source: global trafficDNS traffic detected: DNS query: rabz475port.ns02.info
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Sat, 19 Apr 2025 19:33:31 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: Keep-AliveData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Sat, 19 Apr 2025 19:33:32 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: Keep-AliveData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 108.177.122.105:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.151.22.94:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 54.151.22.94:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.131.111.57:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: classification engineClassification label: mal48.win@22/4@10/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,5461521184637409868,13752564822457302708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2572 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://z2.ink/roetmop2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,5461521184637409868,13752564822457302708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2572 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1669370 URL: https://z2.ink/roetmop2 Startdate: 19/04/2025 Architecture: WINDOWS Score: 48 26 Antivirus / Scanner detection for submitted sample 2->26 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.13 unknown unknown 6->14 16 192.168.2.15 unknown unknown 6->16 18 192.168.2.4, 138, 443, 49500 unknown unknown 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 rabz475port.ns02.info 45.131.111.57, 443, 49730, 49731 SERVERDESTROYERSUS Germany 11->20 22 www.google.com 108.177.122.105, 443, 49724, 49742 GOOGLEUS United States 11->22 24 z2.ink 54.151.22.94, 443, 49726, 49727 AMAZON-02US United States 11->24

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://z2.ink/roetmop2100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://rabz475port.ns02.info/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
rabz475port.ns02.info
45.131.111.57
truefalse
    		unknown
    z2.ink
    		54.151.22.94
    		truefalse
      		unknown
      www.google.com
      		108.177.122.105
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://c.pki.goog/r/r4.crlfalse
          		high
          http://rabz475port.ns02.info/rabs/antibot/captcha.phpfalse
            		unknown
            https://z2.ink/roetmop2true
              		unknown
              http://rabz475port.ns02.info/favicon.icofalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              45.131.111.57
              		rabz475port.ns02.infoGermany
              		398373SERVERDESTROYERSUSfalse
              54.151.22.94
              		z2.inkUnited States
              		16509AMAZON-02USfalse
              108.177.122.105
              		www.google.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.4
              192.168.2.13
              192.168.2.15

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1669370
              Start date and time:2025-04-19 21:32:24 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 0s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:https://z2.ink/roetmop2
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:20
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal48.win@22/4@10/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 108.177.122.100, 108.177.122.102, 108.177.122.113, 108.177.122.101, 108.177.122.138, 108.177.122.139, 64.233.185.94, 64.233.177.101, 64.233.177.139, 64.233.177.138, 64.233.177.113, 64.233.177.100, 64.233.177.102, 64.233.176.84, 142.250.9.102, 142.250.9.113, 142.250.9.139, 142.250.9.138, 142.250.9.101, 142.250.9.100, 173.194.219.102, 173.194.219.101, 173.194.219.138, 173.194.219.100, 173.194.219.139, 173.194.219.113, 74.125.138.113, 74.125.138.100, 74.125.138.138, 74.125.138.102, 74.125.138.139, 74.125.138.101, 23.4.43.62, 23.218.145.76, 74.125.21.113, 74.125.21.139, 74.125.21.100, 74.125.21.101, 74.125.21.102, 74.125.21.138, 74.125.136.100, 74.125.136.101, 74.125.136.113, 74.125.136.138, 74.125.136.102, 74.125.136.139, 172.253.124.94, 172.217.215.94, 184.28.213.193, 172.202.163.200
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtOpenFile calls found.
              • VT rate limit hit for: https://z2.ink/roetmop2

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 51

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 1249
              Category:downloaded
              Size (bytes):711
              Entropy (8bit):7.6978975119068265
              Encrypted:false
              SSDEEP:12:XqFm2VObdRrSuTN2jgXnZo/sR7hc/HX5cSYDJO9VUAoKy6QASz1ozTNRYHJu:X+m2VC5ScA8JIsR2X55NVUAoKQAlzTGw
              MD5:046AC5043B606BEA91F54ABE92149E3B
              SHA1:FBAA978DB1DD8012698F71ABAD4FF9A2CA71BADD
              SHA-256:26416C685F276E880BC924272D2C97A72499E28B7ADCFD0C477F933FCFA0614F
              SHA-512:67BB43EE494E57A883F79906980CDDAB844EAE8CA1B30921E87EBA611BDD1C8CA79C061C4D3BFC2FFC050C7BC40C747626332402CCEA04F2F2FDE5B0348AE035
              Malicious:false
              Reputation:low
              URL:http://rabz475port.ns02.info/favicon.ico
              Preview:..........eTkk.0..^...M...'v.a;fc.6.[.....u...')....].I....|ut.9W*.?..t.........p~.p1.(..gI...._.8}Z..4k)`-q...GP..Q..h#....kYc... ......`.18a..........t/....8....W....Y1..R..E..\v......2.p...qf..*.w....6@.!.E....d.....t.,....C....H.4....Y.7.b...)H.n;....>ZJm..P...QvL...M.'.....\4M...\.P.......a.J.....[.1%.:..L@.C.|.>&..."..%...dg..bt.*g..c..t.\.]..9....B$....@.%r..f..UR..0..l...(N..2)....=.... l..M.h<*.........Y.:t...y.T.+..,....Z.F....9.F{^L;......}".h.8.gY..>...q..2...h........k.k...^.O.....$Nh.u...B.+c9.>.(..:...+v...6I.W....`.l2...x....cxz..+:..}_..-ohW.vT...$d.....m.4.......7.../.k....D.a-4._Jt.].. ..%.6.$...Y.vL.i>.F..j.3.....b..C{....~......p..../...+.a....

              Chrome Cache Entry: 52

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, from Unix, original size modulo 2^32 1249
              Category:downloaded
              Size (bytes):711
              Entropy (8bit):7.6978975119068265
              Encrypted:false
              SSDEEP:12:XqFm2VObdRrSuTN2jgXnZo/sR7hc/HX5cSYDJO9VUAoKy6QASz1ozTNRYHJu:X+m2VC5ScA8JIsR2X55NVUAoKQAlzTGw
              MD5:046AC5043B606BEA91F54ABE92149E3B
              SHA1:FBAA978DB1DD8012698F71ABAD4FF9A2CA71BADD
              SHA-256:26416C685F276E880BC924272D2C97A72499E28B7ADCFD0C477F933FCFA0614F
              SHA-512:67BB43EE494E57A883F79906980CDDAB844EAE8CA1B30921E87EBA611BDD1C8CA79C061C4D3BFC2FFC050C7BC40C747626332402CCEA04F2F2FDE5B0348AE035
              Malicious:false
              Reputation:low
              URL:http://rabz475port.ns02.info/rabs/antibot/captcha.php
              Preview:..........eTkk.0..^...M...'v.a;fc.6.[.....u...')....].I....|ut.9W*.?..t.........p~.p1.(..gI...._.8}Z..4k)`-q...GP..Q..h#....kYc... ......`.18a..........t/....8....W....Y1..R..E..\v......2.p...qf..*.w....6@.!.E....d.....t.,....C....H.4....Y.7.b...)H.n;....>ZJm..P...QvL...M.'.....\4M...\.P.......a.J.....[.1%.:..L@.C.|.>&..."..%...dg..bt.*g..c..t.\.]..9....B$....@.%r..f..UR..0..l...(N..2)....=.... l..M.h<*.........Y.:t...y.T.+..,....Z.F....9.F{^L;......}".h.8.gY..>...q..2...h........k.k...^.O.....$Nh.u...B.+c9.>.(..:...+v...6I.W....`.l2...x....cxz..+:..}_..-ohW.vT...$d.....m.4.......7.../.k....D.a-4._Jt.].. ..%.6.$...Y.vL.i>.F..j.3.....b..C{....~......p..../...+.a....

              Static File Info

              No static file info

              Network Behavior

              Download Network PCAP: filteredfull

              Network Port Distribution

              • Total Packets: 105
              • 443 (HTTPS)
              • 80 (HTTP)
              • 53 (DNS)
              TimestampSource PortDest PortSource IPDest IP
              Apr 19, 2025 21:33:14.924334049 CEST49680443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:22.550826073 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:22.956684113 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:23.564613104 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:24.533390045 CEST49680443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:24.767751932 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:26.420450926 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:26.420495987 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:26.420591116 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:26.420720100 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:26.420731068 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:26.634716988 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:26.634787083 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:26.635768890 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:26.635775089 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:26.636034966 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:26.690059900 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:27.174463987 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:27.727128983 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:27.727216005 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:33:27.727433920 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:27.727433920 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:27.727514982 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:33:27.771177053 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:27.771220922 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:27.771344900 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:27.771832943 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:27.771847963 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.060121059 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.062633991 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.100292921 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.100385904 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.169871092 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.169897079 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.170239925 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.170845985 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.170871973 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.171235085 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.171272993 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.212287903 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.212824106 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.463531017 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.464011908 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.464106083 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.465621948 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.465650082 CEST4434972754.151.22.94192.168.2.4
              Apr 19, 2025 21:33:28.465665102 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:28.465696096 CEST49727443192.168.2.454.151.22.94
              Apr 19, 2025 21:33:31.254617929 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.254682064 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.254736900 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.255031109 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.255045891 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.321482897 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:31.579153061 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.629256010 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:31.741107941 CEST4973280192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.786973953 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.787106991 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.788749933 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.948420048 CEST804973245.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.948498964 CEST4973280192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.975322008 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:31.995939970 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.996578932 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.996680975 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:31.996748924 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:31.996761084 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.039800882 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:32.130089045 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:32.238704920 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:32.337318897 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.337500095 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.337537050 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.337615013 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:32.337650061 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.380436897 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:32.701513052 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.701590061 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:33:32.705159903 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:33:32.705172062 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.705377102 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:33:32.752019882 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:33:33.455174923 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:33.744978905 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:33:34.048821926 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:33:34.070460081 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.072313070 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.073508024 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.172343016 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.173563004 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.173615932 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.173619032 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.173655033 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.174163103 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.174177885 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.175364017 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.175421000 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.176995993 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.177014112 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.177057028 CEST49710443192.168.2.4204.79.197.222
              Apr 19, 2025 21:33:34.275996923 CEST44349710204.79.197.222192.168.2.4
              Apr 19, 2025 21:33:34.521142006 CEST4973580192.168.2.474.125.21.94
              Apr 19, 2025 21:33:34.623353958 CEST804973574.125.21.94192.168.2.4
              Apr 19, 2025 21:33:34.623420000 CEST4973580192.168.2.474.125.21.94
              Apr 19, 2025 21:33:34.623541117 CEST4973580192.168.2.474.125.21.94
              Apr 19, 2025 21:33:34.658770084 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:33:34.725742102 CEST804973574.125.21.94192.168.2.4
              Apr 19, 2025 21:33:34.726207972 CEST804973574.125.21.94192.168.2.4
              Apr 19, 2025 21:33:34.783263922 CEST4973580192.168.2.474.125.21.94
              Apr 19, 2025 21:33:35.861635923 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:33:35.861643076 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:36.627455950 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:36.627511978 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:36.627561092 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:37.380517960 CEST49724443192.168.2.4108.177.122.105
              Apr 19, 2025 21:33:37.380558968 CEST44349724108.177.122.105192.168.2.4
              Apr 19, 2025 21:33:37.910868883 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:37.910959959 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:38.267936945 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:33:38.379856110 CEST4973180192.168.2.445.131.111.57
              Apr 19, 2025 21:33:38.586987972 CEST804973145.131.111.57192.168.2.4
              Apr 19, 2025 21:33:40.673938036 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:41.580285072 CEST49671443192.168.2.4204.79.197.203
              Apr 19, 2025 21:33:43.080379009 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:33:50.281285048 CEST49678443192.168.2.420.189.173.27
              Apr 19, 2025 21:33:52.680854082 CEST4968180192.168.2.42.17.190.73
              Apr 19, 2025 21:34:03.367356062 CEST804973245.131.111.57192.168.2.4
              Apr 19, 2025 21:34:03.367450953 CEST4973280192.168.2.445.131.111.57
              Apr 19, 2025 21:34:13.174506903 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:34:13.174524069 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:34:16.955703974 CEST4973280192.168.2.445.131.111.57
              Apr 19, 2025 21:34:17.163155079 CEST804973245.131.111.57192.168.2.4
              Apr 19, 2025 21:34:17.721292019 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:34:17.721327066 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:34:26.379487038 CEST49742443192.168.2.4108.177.122.105
              Apr 19, 2025 21:34:26.379542112 CEST44349742108.177.122.105192.168.2.4
              Apr 19, 2025 21:34:26.379631996 CEST49742443192.168.2.4108.177.122.105
              Apr 19, 2025 21:34:26.379825115 CEST49742443192.168.2.4108.177.122.105
              Apr 19, 2025 21:34:26.379839897 CEST44349742108.177.122.105192.168.2.4
              Apr 19, 2025 21:34:26.588293076 CEST44349742108.177.122.105192.168.2.4
              Apr 19, 2025 21:34:26.588622093 CEST49742443192.168.2.4108.177.122.105
              Apr 19, 2025 21:34:26.588656902 CEST44349742108.177.122.105192.168.2.4
              Apr 19, 2025 21:34:28.215020895 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:34:28.215092897 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:34:28.215214968 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:34:28.378663063 CEST49726443192.168.2.454.151.22.94
              Apr 19, 2025 21:34:28.378676891 CEST4434972654.151.22.94192.168.2.4
              Apr 19, 2025 21:34:32.379304886 CEST4973280192.168.2.445.131.111.57
              Apr 19, 2025 21:34:32.586803913 CEST804973245.131.111.57192.168.2.4
              Apr 19, 2025 21:34:32.586883068 CEST4973280192.168.2.445.131.111.57
              Apr 19, 2025 21:34:33.380887985 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:34:33.381031990 CEST4434973045.131.111.57192.168.2.4
              Apr 19, 2025 21:34:33.381102085 CEST49730443192.168.2.445.131.111.57
              Apr 19, 2025 21:34:35.049787045 CEST4973580192.168.2.474.125.21.94
              Apr 19, 2025 21:34:35.153127909 CEST804973574.125.21.94192.168.2.4
              Apr 19, 2025 21:34:35.153187037 CEST4973580192.168.2.474.125.21.94
              Apr 19, 2025 21:34:36.613854885 CEST44349742108.177.122.105192.168.2.4
              Apr 19, 2025 21:34:36.613928080 CEST44349742108.177.122.105192.168.2.4
              Apr 19, 2025 21:34:36.613998890 CEST49742443192.168.2.4108.177.122.105
              Apr 19, 2025 21:34:37.379599094 CEST49742443192.168.2.4108.177.122.105
              Apr 19, 2025 21:34:37.379632950 CEST44349742108.177.122.105192.168.2.4
              TimestampSource PortDest PortSource IPDest IP
              Apr 19, 2025 21:33:22.435329914 CEST53524381.1.1.1192.168.2.4
              Apr 19, 2025 21:33:22.460829973 CEST53621931.1.1.1192.168.2.4
              Apr 19, 2025 21:33:23.209420919 CEST53495001.1.1.1192.168.2.4
              Apr 19, 2025 21:33:23.380872011 CEST53630511.1.1.1192.168.2.4
              Apr 19, 2025 21:33:26.316169024 CEST5176353192.168.2.41.1.1.1
              Apr 19, 2025 21:33:26.316214085 CEST5426953192.168.2.41.1.1.1
              Apr 19, 2025 21:33:26.419015884 CEST53517631.1.1.1192.168.2.4
              Apr 19, 2025 21:33:26.419699907 CEST53542691.1.1.1192.168.2.4
              Apr 19, 2025 21:33:27.585021019 CEST5249253192.168.2.41.1.1.1
              Apr 19, 2025 21:33:27.585411072 CEST5595853192.168.2.41.1.1.1
              Apr 19, 2025 21:33:27.721189022 CEST53559581.1.1.1192.168.2.4
              Apr 19, 2025 21:33:27.726015091 CEST53524921.1.1.1192.168.2.4
              Apr 19, 2025 21:33:28.468082905 CEST4981753192.168.2.41.1.1.1
              Apr 19, 2025 21:33:28.468228102 CEST6315253192.168.2.41.1.1.1
              Apr 19, 2025 21:33:29.487293959 CEST6354753192.168.2.41.1.1.1
              Apr 19, 2025 21:33:29.487598896 CEST5250653192.168.2.41.1.1.1
              Apr 19, 2025 21:33:30.272453070 CEST53525061.1.1.1192.168.2.4
              Apr 19, 2025 21:33:31.183340073 CEST53631521.1.1.1192.168.2.4
              Apr 19, 2025 21:33:31.253894091 CEST53635471.1.1.1192.168.2.4
              Apr 19, 2025 21:33:31.253933907 CEST53498171.1.1.1192.168.2.4
              Apr 19, 2025 21:33:31.473965883 CEST6084053192.168.2.41.1.1.1
              Apr 19, 2025 21:33:31.474106073 CEST5196753192.168.2.41.1.1.1
              Apr 19, 2025 21:33:31.578341007 CEST53519671.1.1.1192.168.2.4
              Apr 19, 2025 21:33:31.578665018 CEST53608401.1.1.1192.168.2.4
              Apr 19, 2025 21:33:40.341105938 CEST53583761.1.1.1192.168.2.4
              Apr 19, 2025 21:33:59.357451916 CEST53606391.1.1.1192.168.2.4
              Apr 19, 2025 21:34:21.842256069 CEST53508301.1.1.1192.168.2.4
              Apr 19, 2025 21:34:21.907809973 CEST53521651.1.1.1192.168.2.4
              Apr 19, 2025 21:34:24.731281996 CEST53577641.1.1.1192.168.2.4
              Apr 19, 2025 21:34:30.899091959 CEST138138192.168.2.4192.168.2.255
              TimestampSource IPDest IPChecksumCodeType
              Apr 19, 2025 21:33:31.183408022 CEST192.168.2.41.1.1.1c22f(Port unreachable)Destination Unreachable

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Apr 19, 2025 21:33:26.316169024 CEST192.168.2.41.1.1.10x915Standard query (0)www.google.comA (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.316214085 CEST192.168.2.41.1.1.10xfa31Standard query (0)www.google.com65IN (0x0001)false
              Apr 19, 2025 21:33:27.585021019 CEST192.168.2.41.1.1.10xb846Standard query (0)z2.inkA (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:27.585411072 CEST192.168.2.41.1.1.10xdfbaStandard query (0)z2.ink65IN (0x0001)false
              Apr 19, 2025 21:33:28.468082905 CEST192.168.2.41.1.1.10xca3eStandard query (0)rabz475port.ns02.infoA (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:28.468228102 CEST192.168.2.41.1.1.10x371fStandard query (0)rabz475port.ns02.info65IN (0x0001)false
              Apr 19, 2025 21:33:29.487293959 CEST192.168.2.41.1.1.10xd15fStandard query (0)rabz475port.ns02.infoA (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:29.487598896 CEST192.168.2.41.1.1.10x4037Standard query (0)rabz475port.ns02.info65IN (0x0001)false
              Apr 19, 2025 21:33:31.473965883 CEST192.168.2.41.1.1.10x5c41Standard query (0)rabz475port.ns02.infoA (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:31.474106073 CEST192.168.2.41.1.1.10xce91Standard query (0)rabz475port.ns02.info65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Apr 19, 2025 21:33:26.419015884 CEST1.1.1.1192.168.2.40x915No error (0)www.google.com108.177.122.105A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.419015884 CEST1.1.1.1192.168.2.40x915No error (0)www.google.com108.177.122.106A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.419015884 CEST1.1.1.1192.168.2.40x915No error (0)www.google.com108.177.122.103A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.419015884 CEST1.1.1.1192.168.2.40x915No error (0)www.google.com108.177.122.99A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.419015884 CEST1.1.1.1192.168.2.40x915No error (0)www.google.com108.177.122.104A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.419015884 CEST1.1.1.1192.168.2.40x915No error (0)www.google.com108.177.122.147A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:26.419699907 CEST1.1.1.1192.168.2.40xfa31No error (0)www.google.com65IN (0x0001)false
              Apr 19, 2025 21:33:27.726015091 CEST1.1.1.1192.168.2.40xb846No error (0)z2.ink54.151.22.94A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:31.253894091 CEST1.1.1.1192.168.2.40xd15fNo error (0)rabz475port.ns02.info45.131.111.57A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:31.253933907 CEST1.1.1.1192.168.2.40xca3eNo error (0)rabz475port.ns02.info45.131.111.57A (IP address)IN (0x0001)false
              Apr 19, 2025 21:33:31.578665018 CEST1.1.1.1192.168.2.40x5c41No error (0)rabz475port.ns02.info45.131.111.57A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • z2.ink
              • rabz475port.ns02.info
              • c.pki.goog

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44973145.131.111.57803940C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Apr 19, 2025 21:33:31.788749933 CEST460OUTGET /rabs/antibot/captcha.php HTTP/1.1
              Host: rabz475port.ns02.info
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Apr 19, 2025 21:33:31.996578932 CEST284INHTTP/1.1 404 Not Found
              content-type: text/html
              cache-control: private, no-cache, max-age=0
              pragma: no-cache
              date: Sat, 19 Apr 2025 19:33:31 GMT
              server: LiteSpeed
              content-encoding: gzip
              vary: Accept-Encoding
              transfer-encoding: chunked
              connection: Keep-Alive
              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
              Data Ascii: a
              Apr 19, 2025 21:33:31.996680975 CEST708INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4
              Apr 19, 2025 21:33:31.996761084 CEST5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0
              Apr 19, 2025 21:33:32.130089045 CEST410OUTGET /favicon.ico HTTP/1.1
              Host: rabz475port.ns02.info
              Connection: keep-alive
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Referer: http://rabz475port.ns02.info/rabs/antibot/captcha.php
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Apr 19, 2025 21:33:32.337500095 CEST284INHTTP/1.1 404 Not Found
              content-type: text/html
              cache-control: private, no-cache, max-age=0
              pragma: no-cache
              date: Sat, 19 Apr 2025 19:33:32 GMT
              server: LiteSpeed
              content-encoding: gzip
              vary: Accept-Encoding
              transfer-encoding: chunked
              connection: Keep-Alive
              Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
              Data Ascii: a
              Apr 19, 2025 21:33:32.337537050 CEST708INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
              Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4
              Apr 19, 2025 21:33:32.337650061 CEST5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination Port
              1192.168.2.44973574.125.21.9480
              TimestampBytes transferredDirectionData
              Apr 19, 2025 21:33:34.623541117 CEST200OUTGET /r/r4.crl HTTP/1.1
              Cache-Control: max-age = 3000
              Connection: Keep-Alive
              Accept: */*
              If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: c.pki.goog
              Apr 19, 2025 21:33:34.726207972 CEST1242INHTTP/1.1 200 OK
              Accept-Ranges: bytes
              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
              Cross-Origin-Resource-Policy: cross-origin
              Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
              Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
              Content-Length: 530
              X-Content-Type-Options: nosniff
              Server: sffe
              X-XSS-Protection: 0
              Date: Sat, 19 Apr 2025 19:23:12 GMT
              Expires: Sat, 19 Apr 2025 20:13:12 GMT
              Cache-Control: public, max-age=3000
              Age: 622
              Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
              Content-Type: application/pkix-crl
              Vary: Accept-Encoding
              Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
              Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.44973245.131.111.57803940C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Apr 19, 2025 21:34:16.955703974 CEST6OUTData Raw: 00
              Data Ascii:


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44972754.151.22.944433940C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2025-04-19 19:33:28 UTC664OUTGET /roetmop2 HTTP/1.1
              Host: z2.ink
              Connection: keep-alive
              sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              Accept-Encoding: gzip, deflate, br, zstd
              Accept-Language: en-US,en;q=0.9
              2025-04-19 19:33:28 UTC356INHTTP/1.1 301 Moved Permanently
              Cache-Control: no-store, no-cache, must-revalidate
              Content-Type: text/html; charset=utf-8
              Date: Sat, 19 Apr 2025 19:33:28 GMT
              Edge: smart-1.high-performance.network
              Location: http://rabz475port.ns02.info/rabs/antibot/captcha.php
              Server: LINKSGPT
              Vary: Accept-Encoding
              Connection: close
              Transfer-Encoding: chunked
              2025-04-19 19:33:28 UTC114INData Raw: 36 63 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 54 68 69 73 20 50 61 67 65 20 48 61 76 65 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 50 61 67 65 20 48 61 76 65 20 4d 6f 76 65 64 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
              Data Ascii: 6c<html><head><title>This Page Have Moved</title></head><body><h1>This Page Have Moved</h1></body></html>
              2025-04-19 19:33:28 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Statistics

              CPU Usage

              020406080s020406080100

              Click to jump to process

              Memory Usage

              020406080s0.0050100MB

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:1
              Start time:15:33:17
              Start date:19/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff786830000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              COM Activities

              Show Windows behavior

              Process Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Process Token Activities


              General

              Target ID:2
              Start time:15:33:21
              Start date:19/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2300,i,5461521184637409868,13752564822457302708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2572 /prefetch:3
              Imagebase:0x7ff786830000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false
              Show Windows behavior

              File Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Memory Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              General

              Target ID:4
              Start time:15:33:26
              Start date:19/04/2025
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://z2.ink/roetmop2"
              Imagebase:0x7ff786830000
              File size:3'388'000 bytes
              MD5 hash:E81F54E6C1129887AEA47E7D092680BF
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              No disassembly