Edit tour

Windows Analysis Report
https://cdn.icomoon.io

Overview

General Information

Sample URL:	https://cdn.icomoon.io
Analysis ID:	1672180
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	80%

Signatures

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1944,i,5245722232122276139,15606129003646998553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1872 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.icomoon.io" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://cdn.icomoon.io/

HTTP Parser: Base64 decoded: <?xml version="1.0" encoding="UTF-8"?><svg width="2880px" height="1424px" viewBox="0 0 2880 1424" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <defs> <radialGradient cx="48.4540422%" cy="27.0119...

Source: unknown	HTTPS traffic detected: 192.178.49.196:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 169.150.249.162:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 169.150.249.162:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 38.32.110.58:443 -> 192.168.2.4:49735 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cdn.icomoon.ioConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css?family=Rubik:300,400,500 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://cdn.icomoon.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn.icomoon.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.icomoon.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-500-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-aliveOrigin: https://cdn.icomoon.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-300-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-aliveOrigin: https://cdn.icomoon.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.icomoon.io
Source: global traffic	DNS traffic detected: DNS query: fonts.bunny.net

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 23 Apr 2025 14:56:38 GMTContent-Type: text/htmlContent-Length: 2334Connection: closeVary: Accept-EncodingServer: BunnyCDN-LA1-1108CDN-PullZone: 1460617CDN-Uid: dd4aa74a-23b0-4a02-a963-0a23a001f729CDN-RequestCountryCode: USCDN-RequestId: 418d104fd43497b1a1c0668e1595ffb7Cache-Control: no-cache, no-store, max-age=0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 23 Apr 2025 14:56:39 GMTContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-LA1-1108CDN-PullZone: 1460617CDN-Uid: dd4aa74a-23b0-4a02-a963-0a23a001f729CDN-RequestCountryCode: USCache-Control: public, max-age=5CDN-CachedAt: 04/23/2025 14:56:39CDN-ProxyVer: 1.23CDN-RequestPullCode: 404CDN-RequestPullSuccess: TrueCDN-EdgeStorageId: 994CDN-Status: 404CDN-RequestTime: 0CDN-RequestId: 449a3ae294cadf9f8e20896ad3d818f3CDN-Cache: EXPIRED

Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff2)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff)
Source: chromecache_51.3.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1944,i,5245722232122276139,15606129003646998553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1872 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.icomoon.io"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1944,i,5245722232122276139,15606129003646998553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1872 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Name	IP	Active	Malicious	Reputation
icomoon.b-cdn.net	169.150.249.162	true	false	high
www.google.com	192.178.49.196	true	false	high
bunnyfonts.b-cdn.net	38.32.110.58	true	false	high
fonts.bunny.net	unknown	unknown	false	high
cdn.icomoon.io	unknown	unknown	false	high

IP	Domain	Country	ASN	ASN Name	Malicious
192.178.49.196	www.google.com	United States	15169	GOOGLEUS	false
169.150.249.162	icomoon.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false
38.32.110.58	bunnyfonts.b-cdn.net	United States	174	COGENT-174US	false

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672180
Start date and time:	2025-04-23 16:55:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://cdn.icomoon.io
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@21/8@6/4

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (599)
Category:	downloaded
Size (bytes):	9075
Entropy (8bit):	5.3725868105242895
Encrypted:	false
SSDEEP:	192:cS3aqkFbptPAqjxRP8SDQl03rOkFbptPAqjsJmVEDtum3IekFbptPAqjP9xutYNQ:B3kvdPbKkvdkf1kvdBoYe
MD5:	25D358C2F8ACD93C6A898A37C2FDD5EE
SHA1:	7F834241360EC76FAB72B3BF108B416CFF5E2135
SHA-256:	17497B854752912CCFD39D98EB1984372AE7A42A9DC8C49F832644CD7FB50B2D
SHA-512:	09CE80C5B56D1D3BCDF2AC0057E7797DE7BE07FCA7CFC6B81D99CBD4758B4A71A0D959738A13BAD9E3268CA0582DED5CD4A8373C14EFAD8EA97751673D8E4F9C
Malicious:	false
Reputation:	low
URL:	"https://fonts.bunny.net/css?family=Rubik:300,400,500"
Preview:	/* latin /.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff) format('woff'); . unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;.}../ arabic */.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff) format('woff'); . unicode-range: U+0600-06FF,U+0750-077F,U+0870-088E,U+0890-0891,U+0897-08E1,U+08E3-08FF,U+200C-200E,U+2010-2011,U+204F,U+2E41,U+FB50-FDFF,U+FE70-FE74,U+FE76-FEFC,U+102E0-102FB,U+10E60-10E7E,U+10EC2-10EC4,U+10EFC-10EFF,U+1EE00-1EE03,U+1E

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	314
Entropy (8bit):	5.704604727204042
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZj7lHcLWtpTQgRdWl5JLMP8n+3hAmxCvKgvX3nBtNzUuan:TMHd9BBHcLWIUUXgl3Wn/Nzta
MD5:	88630385696F755E5B1514B9790A07F8
SHA1:	F8216C4B5586AB7EEB9FB58B4B08ACBAF4E6B561
SHA-256:	25924D49B8AE769C8FCDAAAA6D78D8901B5E93DAAED078E3B53F46F2DBB1C549
SHA-512:	228EB28B2C0961C50823E68AD4F796A4213B71C160F2EF36FCE81C74314C27AB8FA7A007716CEBA032CBBB7939241520BDC47131B9E8F14F04302096C4DFC415
Malicious:	false
Reputation:	low
URL:	https://cdn.icomoon.io/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>favicon.ico</Key><RequestId>PPRQRQKWWP6BXMFG</RequestId><HostId>MDE5dsbwx17CEgDkdb4U/F7EWlG2I8JXtmg+I/n1f61gWJo9HeDFf6/UJsZ2npUH5im5tjjy8EXf0UsJpymnKoQPTl+jYYJXb31Omq0niVU=</HostId></Error>

Name	Malicious	Reputation
https://cdn.icomoon.io/	false	high
https://cdn.icomoon.io/favicon.ico	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2	false	high
https://fonts.bunny.net/css?family=Rubik:300,400,500	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2	false	high

Name	Source	Malicious	Reputation
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff2)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff)	chromecache_51.3.dr	false	high
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff)	chromecache_51.3.dr	false	high

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:56:23.836548090 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:24.148591042 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:24.445555925 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 23, 2025 16:56:24.758011103 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:25.961107969 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:26.320483923 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 23, 2025 16:56:28.367351055 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:32.608939886 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:56:33.007765055 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:56:33.195272923 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:33.695138931 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:56:34.195135117 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 23, 2025 16:56:34.913533926 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:56:35.929111958 CEST	49680	443	192.168.2.4	204.79.197.222
Apr 23, 2025 16:56:36.495275974 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:36.495317936 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:36.495471001 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:36.495615005 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:36.495636940 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:36.815299034 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:36.815390110 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:36.820101976 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:36.820113897 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:36.820377111 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:36.868187904 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:37.320705891 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:56:37.620939970 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.620989084 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.621049881 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.621485949 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.621494055 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.621556044 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.621726036 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.621738911 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.621814013 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.621823072 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.930780888 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.930841923 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.933185101 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.933269978 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.974344015 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.974365950 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.974823952 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.976950884 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:37.976960897 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.977245092 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:37.977401018 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:38.024275064 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:38.024379015 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:38.224932909 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:38.224956989 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:38.225016117 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:38.225023031 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:38.225227118 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:38.324721098 CEST	49732	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:38.324747086 CEST	443	49732	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:38.518394947 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:38.518440008 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:38.518620968 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:38.518754959 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:38.518773079 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:38.810147047 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:38.810215950 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:38.811459064 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:38.811470032 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:38.811708927 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:38.812000990 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:38.856276035 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.086999893 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.099199057 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.099257946 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.099289894 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.099307060 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.099322081 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.099359989 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.099386930 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.100653887 CEST	49733	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.100672007 CEST	443	49733	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.146995068 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.147020102 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.147109985 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.147749901 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.147778988 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.147942066 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.148089886 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.148102999 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.148258924 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:39.148345947 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.148360968 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.192277908 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:39.382608891 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:39.383208990 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:39.383259058 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:39.385356903 CEST	49731	443	192.168.2.4	169.150.249.162
Apr 23, 2025 16:56:39.385371923 CEST	443	49731	169.150.249.162	192.168.2.4
Apr 23, 2025 16:56:39.435158014 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.436604023 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.436759949 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.436760902 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.468811989 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.468825102 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.469182968 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.469614983 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.469630003 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.469883919 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.469918013 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.470319986 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.512271881 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.516273022 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.724261999 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.726649046 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.748344898 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.748363018 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.748528957 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.748542070 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.748668909 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.751502037 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.751549006 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.751635075 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.751636028 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.751655102 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.751867056 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.755151033 CEST	49734	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.755160093 CEST	443	49734	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.756565094 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.756634951 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.756659031 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.756808043 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.758954048 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.758961916 CEST	443	49735	38.32.110.58	192.168.2.4
Apr 23, 2025 16:56:39.758995056 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:39.759140968 CEST	49735	443	192.168.2.4	38.32.110.58
Apr 23, 2025 16:56:42.133466005 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:56:42.805643082 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 23, 2025 16:56:46.798203945 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:46.798255920 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:46.798439980 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:47.467289925 CEST	49730	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:56:47.467314005 CEST	443	49730	192.178.49.196	192.168.2.4
Apr 23, 2025 16:56:51.746028900 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 23, 2025 16:57:16.602436066 CEST	49711	80	192.168.2.4	199.232.210.172
Apr 23, 2025 16:57:16.602502108 CEST	49714	80	192.168.2.4	199.232.210.172
Apr 23, 2025 16:57:16.751343012 CEST	80	49714	199.232.210.172	192.168.2.4
Apr 23, 2025 16:57:16.751358032 CEST	80	49714	199.232.210.172	192.168.2.4
Apr 23, 2025 16:57:16.751405001 CEST	49714	80	192.168.2.4	199.232.210.172
Apr 23, 2025 16:57:16.751497984 CEST	80	49711	199.232.210.172	192.168.2.4
Apr 23, 2025 16:57:16.751518011 CEST	80	49711	199.232.210.172	192.168.2.4
Apr 23, 2025 16:57:16.751565933 CEST	49711	80	192.168.2.4	199.232.210.172
Apr 23, 2025 16:57:36.415440083 CEST	49741	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:57:36.415474892 CEST	443	49741	192.178.49.196	192.168.2.4
Apr 23, 2025 16:57:36.415586948 CEST	49741	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:57:36.415745020 CEST	49741	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:57:36.415760040 CEST	443	49741	192.178.49.196	192.168.2.4
Apr 23, 2025 16:57:36.731374025 CEST	443	49741	192.178.49.196	192.168.2.4
Apr 23, 2025 16:57:36.731839895 CEST	49741	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:57:36.731863976 CEST	443	49741	192.178.49.196	192.168.2.4
Apr 23, 2025 16:57:46.726427078 CEST	443	49741	192.178.49.196	192.168.2.4
Apr 23, 2025 16:57:46.726485014 CEST	443	49741	192.178.49.196	192.168.2.4
Apr 23, 2025 16:57:46.726536989 CEST	49741	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:57:47.463016033 CEST	49741	443	192.168.2.4	192.178.49.196
Apr 23, 2025 16:57:47.463049889 CEST	443	49741	192.178.49.196	192.168.2.4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:56:32.528218031 CEST	53	49247	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:32.574354887 CEST	53	62095	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:33.412194967 CEST	53	49257	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:33.774122953 CEST	53	59037	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:36.353895903 CEST	63388	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:56:36.354170084 CEST	60761	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:56:36.494190931 CEST	53	63388	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:36.494410992 CEST	53	60761	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:37.440159082 CEST	65473	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:56:37.440345049 CEST	54379	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:56:37.583899975 CEST	53	65473	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:37.639287949 CEST	53	54379	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:38.375824928 CEST	57808	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:56:38.376033068 CEST	58733	53	192.168.2.4	1.1.1.1
Apr 23, 2025 16:56:38.516083002 CEST	53	57808	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:38.517862082 CEST	53	58733	1.1.1.1	192.168.2.4
Apr 23, 2025 16:56:50.938236952 CEST	53	61669	1.1.1.1	192.168.2.4
Apr 23, 2025 16:57:09.915318966 CEST	53	57674	1.1.1.1	192.168.2.4
Apr 23, 2025 16:57:32.030253887 CEST	53	63200	1.1.1.1	192.168.2.4
Apr 23, 2025 16:57:32.367949009 CEST	53	59322	1.1.1.1	192.168.2.4
Apr 23, 2025 16:57:32.607609987 CEST	138	138	192.168.2.4	192.168.2.255
Apr 23, 2025 16:57:35.040456057 CEST	53	51469	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:56:37 UTC	664	OUT	GET / HTTP/1.1 Host: cdn.icomoon.io Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:56:38 UTC	372	IN	HTTP/1.1 403 Forbidden Date: Wed, 23 Apr 2025 14:56:38 GMT Content-Type: text/html Content-Length: 2334 Connection: close Vary: Accept-Encoding Server: BunnyCDN-LA1-1108 CDN-PullZone: 1460617 CDN-Uid: dd4aa74a-23b0-4a02-a963-0a23a001f729 CDN-RequestCountryCode: US CDN-RequestId: 418d104fd43497b1a1c0668e1595ffb7 Cache-Control: no-cache, no-store, max-age=0
2025-04-23 14:56:38 UTC	2334	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 75 62 69 6b 3a 33 30 30 2c 34 30 30 2c 35 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 Data Ascii: <html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('d

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:56:38 UTC	596	OUT	GET /css?family=Rubik:300,400,500 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://cdn.icomoon.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:56:39 UTC	941	IN	HTTP/1.1 200 OK Date: Wed, 23 Apr 2025 14:56:39 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: BunnyCDN-PHX1-1155 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 Last-Modified: Thu, 17 Apr 2025 16:09:47 GMT CDN-ProxyVer: 1.23 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 04/17/2025 16:09:47 CDN-EdgeStorageId: 1155 CDN-RequestId: 10b10c840c5180299e0992764842ed7e CDN-Cache: HIT CDN-Status: 200 CDN-RequestTime: 1
2025-04-23 14:56:39 UTC	9083	IN	Data Raw: 32 33 37 33 0d 0a 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 74 72 65 74 63 68 3a 20 31 30 30 25 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 72 75 62 69 6b 2f 66 69 6c 65 73 2f 72 75 62 69 6b 2d 6c 61 74 69 6e 2d 33 30 30 2d 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 72 75 62 69 6b 2f 66 69 6c 65 73 2f 72 75 Data Ascii: 2373/* latin */@font-face { font-family: 'Rubik'; font-style: normal; font-weight: 300; font-stretch: 100%; src: url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/ru
2025-04-23 14:56:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:56:39 UTC	591	OUT	GET /favicon.ico HTTP/1.1 Host: cdn.icomoon.io Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cdn.icomoon.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:56:39 UTC	564	IN	HTTP/1.1 404 Not Found Date: Wed, 23 Apr 2025 14:56:39 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: BunnyCDN-LA1-1108 CDN-PullZone: 1460617 CDN-Uid: dd4aa74a-23b0-4a02-a963-0a23a001f729 CDN-RequestCountryCode: US Cache-Control: public, max-age=5 CDN-CachedAt: 04/23/2025 14:56:39 CDN-ProxyVer: 1.23 CDN-RequestPullCode: 404 CDN-RequestPullSuccess: True CDN-EdgeStorageId: 994 CDN-Status: 404 CDN-RequestTime: 0 CDN-RequestId: 449a3ae294cadf9f8e20896ad3d818f3 CDN-Cache: EXPIRED
2025-04-23 14:56:39 UTC	321	IN	Data Raw: 31 33 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 4b 65 79 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 4b 65 79 3e 3c 52 65 71 75 65 73 74 49 64 3e 50 50 52 51 52 51 4b 57 57 50 36 42 58 4d 46 47 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4d 44 45 35 64 73 62 77 78 31 37 43 45 67 44 6b 64 62 34 55 2f 46 37 45 57 6c 47 32 49 38 4a 58 74 6d 67 2b 49 2f 6e 31 66 36 31 67 57 4a 6f 39 48 65 44 46 66 36 2f 55 4a 73 5a 32 6e Data Ascii: 13a<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>favicon.ico</Key><RequestId>PPRQRQKWWP6BXMFG</RequestId><HostId>MDE5dsbwx17CEgDkdb4U/F7EWlG2I8JXtmg+I/n1f61gWJo9HeDFf6/UJsZ2n
2025-04-23 14:56:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:56:39 UTC	616	OUT	GET /rubik/files/rubik-latin-500-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive Origin: https://cdn.icomoon.io sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:56:39 UTC	994	IN	HTTP/1.1 200 OK Date: Wed, 23 Apr 2025 14:56:39 GMT Content-Type: font/woff2 Content-Length: 19140 Connection: close Server: BunnyCDN-PHX1-1155 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "68066afa-4ac4" Last-Modified: Mon, 21 Apr 2025 15:57:46 GMT CDN-StorageServer: LA-1054 CDN-FileServer: 671 CDN-ProxyVer: 1.23 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 04/22/2025 04:21:04 CDN-EdgeStorageId: 1155 CDN-RequestId: 2709a3ff49ffbd88a1f157f13228d13a CDN-Cache: HIT CDN-Status: 200 CDN-RequestTime: 1 Accept-Ranges: bytes
2025-04-23 14:56:39 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 4a c4 00 10 00 00 00 00 bc 90 00 00 4a 5f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f8 04 1c 89 62 06 60 3f 53 54 41 54 44 00 84 76 11 08 0a 81 cd 68 81 a3 17 0b 84 4e 00 01 36 02 24 03 89 18 04 20 05 85 0c 07 8b 55 0c 07 1b d6 a3 07 d8 36 6d 9a 19 74 07 e0 6a 47 75 6d dc 64 ba cd 53 6e 47 a1 dd f6 7c c8 cc 80 b0 71 00 20 d4 ab 66 ff ff 67 24 1d 31 d6 d8 d9 06 1c 5a be f5 10 13 c4 64 59 52 2a a1 42 6f 14 36 aa 76 85 69 24 a6 54 85 13 d5 21 db c8 64 03 2d a7 2e c5 29 b3 b4 e0 28 57 22 a1 98 c2 c4 77 d3 53 18 85 4f 52 e1 a6 9d 4c 10 53 9a f9 8f 7b e3 54 b4 1d 2e a1 ab 07 db a8 32 91 e5 30 21 f3 26 99 1b d5 98 86 d9 1b e7 16 ae d0 eb e7 61 5a 79 f0 25 cf 3e 85 59 da 2f f4 db cb 85 2f 13 Data Ascii: wOF2JJ_>b`?STATDvhN6$ U6mtjGumdSnG\|q fg$1ZdYR*Bo6vi$T!d-.)(W"wSORLS{T.20!&aZy%>Y//
2025-04-23 14:56:39 UTC	2756	IN	Data Raw: 0f dc 57 23 07 b5 2c e4 0c 56 e6 33 75 f2 a7 e3 3f 8e 9d 9a 62 96 e3 bf 08 e5 84 ad ea c6 77 17 58 42 d6 27 5f 8f ed ad 27 c1 73 2c f2 49 6b b5 99 f6 09 33 9b 09 d5 21 72 c5 34 b4 dc 5c 0c 1d 6b 09 cc 94 33 e0 af fb b6 d7 b7 6b 3b 9e 86 13 4b 73 fb b6 8b 48 55 d1 6d db 5a 25 db 76 45 27 1f 3a c6 aa 66 c4 a0 ee 0a b6 81 ee c9 9a e4 c8 54 79 e9 5b 32 89 73 a7 6d 80 8c 2f b7 0a b3 32 b0 5c 29 ce e5 f2 d7 4d 58 3b c0 81 ad f8 04 bb 2a bf a2 7c e3 13 3f ae 11 81 68 94 c5 40 9e 68 ef 1c be 86 ba b0 4f f7 cd e8 7c 0c 61 b0 72 90 9f 3a 03 0e bd 9d 5a 18 01 cd 1f e0 69 3c 8d a5 d9 74 5f f2 52 3a 6a b1 44 5a fc 9b 4e b3 c7 39 5a 67 07 b7 2e 18 ea f8 8a 8d 39 f7 4e 72 91 d3 3a 44 21 94 40 da 89 a5 89 28 68 8f 4c 04 2b 88 b5 5e da 0e 05 08 90 d4 5a ca cd 43 91 72 3a Data Ascii: W#,V3u?bwXB'_'s,Ik3!r4\k3k;KsHUmZ%vE':fTy[2sm/2\)MX;*\|?h@hO\|ar:Zi<t_R:jDZN9Zg.9Nr:D!@(hL+^ZCr:

Timestamp	Bytes transferred	Direction	Data
2025-04-23 14:56:39 UTC	616	OUT	GET /rubik/files/rubik-latin-300-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive Origin: https://cdn.icomoon.io sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-23 14:56:39 UTC	994	IN	HTTP/1.1 200 OK Date: Wed, 23 Apr 2025 14:56:39 GMT Content-Type: font/woff2 Content-Length: 17556 Connection: close Server: BunnyCDN-PHX1-1155 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "68066af5-4494" Last-Modified: Mon, 21 Apr 2025 15:57:41 GMT CDN-StorageServer: LA-1052 CDN-FileServer: 295 CDN-ProxyVer: 1.23 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 04/22/2025 15:58:47 CDN-EdgeStorageId: 1155 CDN-RequestId: 8125da6224b7404efdc7ba8fbee751c2 CDN-Cache: HIT CDN-Status: 200 CDN-RequestTime: 1 Accept-Ranges: bytes
2025-04-23 14:56:39 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 44 94 00 10 00 00 00 00 ba a8 00 00 44 31 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f7 52 1c 89 30 06 60 3f 53 54 41 54 44 00 84 76 11 08 0a 81 cb 34 81 a2 67 0b 84 4a 00 01 36 02 24 03 89 10 04 20 05 84 78 07 8b 26 0c 07 1b f7 a2 07 d8 36 8d f8 59 77 02 a9 b5 26 d9 9d 7c 34 a2 71 3b 28 4a 50 7c f3 11 a9 48 d7 ca fe ff bf 26 c8 31 46 73 d4 21 a8 f5 9f 70 08 47 92 30 ab 54 55 ea 55 4d 1b 92 de 75 d4 ea 9c 63 8a f1 51 6a 4d 18 d3 f7 6b 99 6f 9b f2 65 09 6c df b7 39 d8 bd 72 84 56 26 e6 b7 74 18 97 7b 76 13 06 47 a4 1d d3 2f b5 18 67 b8 09 83 05 8b ca 4e 9d a3 0c 95 ef cb 88 fc f4 8f 76 fc e1 2e 5b a9 6f cc 04 47 e8 10 6a 2e 6c 2d 3d 7a a7 e5 0b bf f1 2f be 08 8c 5b ec a8 33 f3 f2 fc ff Data Ascii: wOF2DD1>R0`?STATDv4gJ6$ x&6Yw&\|4q;(JP\|H&1Fs!pG0TUUMucQjMkoel9rV&t{vG/gNv.[oGj.l-=z/[3
2025-04-23 14:56:39 UTC	1172	IN	Data Raw: 93 14 83 17 6a 7d 7b 51 25 c1 af 8a a6 22 62 c9 76 ec b9 fe 7a b0 9d dd c6 3e 79 ab a5 49 e6 ea 30 0c 80 6b 81 ef e8 7c 12 ef be ba 2f ea 1e 97 5f c5 22 80 e8 ec a2 be 17 71 49 a0 27 54 3d 94 5c 8c af 79 6a 3a ce bd 63 ec 9d 25 e6 bc 44 b2 ef 43 58 e7 cb 0d b1 25 0c 3e 78 36 ff 57 01 ed 05 e5 f2 52 9b 54 82 a6 56 5c 9a a2 5a c9 12 3e d2 77 0d 36 d0 0c 7a 4f e2 ae 56 ae ab 4b 76 2e be 5a 66 48 91 66 66 bb ae ca 65 fb 5c 3e 2e 79 db 26 ed 0e c5 52 98 8e 9f b3 3d e9 a6 b1 d5 cf e1 8a e2 d5 ec 72 4f c1 33 bf c8 ca 19 77 9e 79 af b0 2f 46 3d da b7 f1 7a a5 6d 85 82 49 05 e6 10 9d 5b 41 df 89 f4 3d dd 8c 42 4b 57 b8 90 82 b6 89 2e c6 27 f6 33 07 60 2f c1 01 a1 8c ee c7 24 bb 08 d9 64 81 66 23 65 c2 46 30 c2 5c 58 f8 f3 e5 e5 d7 7a 9f 09 90 d9 26 23 69 46 dc 55 Data Ascii: j}{Q%"bvz>yI0k\|/_"qI'T=\yj:c%DCX%>x6WRTV\Z>w6zOVKv.ZfHffe\>.y&R=rO3wy/F=zmI[A=BKW.'3`/$df#eF0\Xz&#iFU

Target ID:	2
Start time:	10:56:27
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://cdn.icomoon.io

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5872, Parent PID: 3556

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Windows Analysis Report
https://cdn.icomoon.io

Target ID:	3
Start time:	10:56:30
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1944,i,5245722232122276139,15606129003646998553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1872 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	9
Start time:	10:56:36
Start date:	23/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://cdn.icomoon.io"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre