Edit tour

Windows Analysis Report
http://googlle.com

Overview

General Information

Sample URL:	http://googlle.com
Analysis ID:	880895
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4908 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,9270715840034612609,4984599360076910508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6348 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://googlle.com MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

cleanup

String found in binary or memory: b,"vert.pix");break;case "PERCENT":aA(d.verticalThresholds,b,"vert.pct")}Yw("sdl","init",!1)?Yw("sdl","pending",!1)||J(function(){return bA()}):(Ww("sdl","init",!0),Ww("sdl","pending",!0),J(function(){bA();if(cA()){var e=dA();tc(z,"scroll",e);tc(z,"resize",e)}else Ww("sdl","init",!1)}));return b}hA.J="internal.enableAutoEventOnScroll";var dc=ca(["data-gtm-yt-inspected-"]),iA=["www.youtube.com","www.youtube-nocookie.com"],jA,kA=!1; equals www.youtube.com (Youtube)

Source: chromecache_121.1.dr	String found in binary or memory: http://test.de
Source: chromecache_123.1.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_126.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_115.1.dr	String found in binary or memory: https://developers.google.com/publisher-tag.
Source: chromecache_127.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/cabinsketch/v19/QGYpz_kZZAGCONcK2A4bGOj8mNhN.woff2)
Source: chromecache_127.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/neucha/v17/q5uGsou0JOdh94bfuQltOxU.woff2)
Source: chromecache_127.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/neucha/v17/q5uGsou0JOdh94bfvQlt.woff2)
Source: chromecache_120.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJbecmNE.woff2)
Source: chromecache_120.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2)
Source: chromecache_120.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJnecmNE.woff2)
Source: chromecache_126.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_126.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_126.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_123.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_123.1.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_126.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_123.1.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_123.1.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_123.1.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_123.1.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_126.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: chromecache_123.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_126.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog/mc/collect

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg

Source: classification engine

Classification label: mal56.win@24/18@10/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,9270715840034612609,4984599360076910508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://googlle.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,9270715840034612609,4984599360076910508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://googlle.com	0%	Avira URL Cloud	safe
http://googlle.com	7%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://www.merchant-center-analytics.goog/mc/collect	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
http://googlle.com/favicon.ico	0%	Avira URL Cloud	safe
http://googlle.com/assets/images/summer_ballon.jpg	0%	Avira URL Cloud	safe
http://googlle.com/banner_ads.js	0%	Avira URL Cloud	safe
http://googlle.com/	7%	Virustotal		Browse
http://googlle.com/assets/images/summer_ballon.jpg	9%	Virustotal		Browse
http://googlle.com/banner_ads.js	3%	Virustotal		Browse
http://googlle.com/favicon.ico	6%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
track.traffic.club	147.135.143.184	true	false	high
static.traffic.club	78.46.152.77	true	false	high
accounts.google.com	142.250.203.109	true	false	high
securepubads46.g.doubleclick.net	142.250.203.98	true	false	high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
www.google.com	142.250.203.100	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
googlle.com	23.88.53.29	true	false	unknown
stats.g.doubleclick.net	108.177.126.155	true	false	high
securepubads.g.doubleclick.net	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://googlle.com/favicon.ico	true	6%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://googlle.com/	true	7%, Virustotal, Browse	unknown
http://track.traffic.club/feed.php?direct=g4tcd&mid=140&f=140&keyword=googlle.com&domain=googlle.com	false		high
https://securepubads.g.doubleclick.net/static/glade.js	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://static.traffic.club/feed.js	false		high
http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css	false		high
http://googlle.com/banner_ads.js	true	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://googlle.com/assets/images/summer_ballon.jpg	true	9%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0	false		high
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-43967021-7&cid=1629361200.1685771813&jid=1882257702&gjid=757249319&_gid=1187469835.1685771813&_u=YADAAEAAAAAAACAAI~&z=1946060893	false		high
http://googlle.com/	true	7%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://developers.google.com/publisher-tag.	chromecache_115.1.dr	false		high
https://stats.g.doubleclick.net/g/collect	chromecache_126.1.dr	false		high
https://www.google.com/ads/ga-audiences	chromecache_123.1.dr	false		high
https://www.merchant-center-analytics.goog/mc/collect	chromecache_126.1.dr	false	URL Reputation: safe	unknown
https://www.google.%/ads/ga-audiences	chromecache_123.1.dr	false	URL Reputation: safe	low
https://td.doubleclick.net	chromecache_126.1.dr	false		high
http://test.de	chromecache_121.1.dr	false		high
https://stats.g.doubleclick.net/g/collect?v=2&	chromecache_126.1.dr	false		high
https://tagassistant.google.com/	chromecache_123.1.dr	false		high
https://stats.g.doubleclick.net/j/collect	chromecache_123.1.dr	false		high
https://ampcid.google.com/v1/publisher:getClientId	chromecache_123.1.dr	false		high
https://cct.google/taggy/agent.js	chromecache_126.1.dr	false	URL Reputation: safe URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
147.135.143.184	track.traffic.club	France	16276	OVHFR	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
23.88.53.29	googlle.com	United States	18978	ENZUINC-US	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
108.177.126.155	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
78.46.152.77	static.traffic.club	Germany	24940	HETZNER-ASDE	false
142.250.203.98	securepubads46.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.22

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	880895
Start date and time:	2023-06-02 22:55:59 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://googlle.com
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@24/18@10/11
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.250.203.99, 34.104.35.123, 172.217.168.10, 142.250.203.104, 142.250.203.110, 216.58.215.234, 172.217.168.42, 142.250.203.106, 216.239.32.36, 216.239.34.36
Excluded domains from analysis (whitelisted): fonts.googleapis.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, fonts.gstatic.com, www.googletagmanager.com, update.googleapis.com, clientservices.googleapis.com, region1.google-analytics.com, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max compression, original size modulo 2^32 52082
Category:	downloaded
Size (bytes):	20737
Entropy (8bit):	7.990233112002254
Encrypted:	true
SSDEEP:	384:TZZGH44LHLjQ0AUfLgfysuwaVGaQnx6UG73gm+ROcDpAHKYRMPZ9noCaQo:TZAH9/jTAUfLOysuwaVlXUGgm1rrMPZu
MD5:	39307E27138B106E53F1A4AF27D63094
SHA1:	9C2FBFB3F19BF72A282A101D1C802C287DBB5FAB
SHA-256:	07C09B206FAA8934E6B12C518A4F834D8BD5B2BBE92A07A4F169173AB620B464
SHA-512:	8E48C468CCEAB8DFB296C62C2FCF4E82ADDE92FC06E3B14418A4CC08DEA5712AAA7F61EB5421B9D5FBC0803B1B8F2B05A344A2E3DB7831212AF9E2579972BC52
Malicious:	false
Reputation:	low
URL:	http://www.google-analytics.com/analytics.js
Preview:	............kW..0.._Q...v#B.(mc.,J).-...-.,YR....@I.o?3#...g..=g...Y.F...\..'..~...7...<.....5~t.R..:..d..}h.C>.{.;....Qq.......?......T.q..V.....-.^).V.l....G.G.V{4..T..zQ.J....G.8.t.c.+zA..D.y..F..HL..'U..S....@...DQ.q...x:u.\|.....>......2...%.../.vs..A....w.-...(.k".u.X[..Qt..Rb\....>..rkXT.?..L...~..L.}9..Y....J../.....u^..F$..O..G.,.c.}......o....{.......g._.~....y..g...Q.=>R~P.J......g._._z.k^.).a..l.....a.......l.z$]x.h.....B.:..m...t:.Q'0..`.........O.o..j4..A0n..7...Cx.w...op.#...H.D_.{.#>~./..Jv.pf...]G..)LL8.&.).r..".<&a..XU....5.....lo.,.8..-X.dmm.....]......0.bs....0..R.jg.2m.\|....V#...j6wv..*[.i...J..v.p.....Z.Ee..A0......r.l..........A....z#L.....t...].N.#.Sq..[\|tr..8...p\|.......'..?.w..16......!..........Xv...~...Z..`T.vy.3.O..AP...V7j.j<..:&...`.M._E7...=.(.....w.u$.b.........N8.7.....i..W..O:.r.K..<\......2..f.`nj_.....a,.`t.....,..V.A...c..T...{..~...t.'Np.{...E.7....a!.H.U...Ji..~.-x.rf.........m9.........2..

Source: http://googlle.com/	Virustotal: Detection: 6%	Perma Link
Source: http://googlle.com/assets/images/summer_ballon.jpg	Virustotal: Detection: 8%	Perma Link
Source: http://googlle.com/favicon.ico	Virustotal: Detection: 5%	Perma Link

Source: http://googlle.com/	HTTP Parser: No favicon
Source: http://googlle.com/	HTTP Parser: No favicon

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: global traffic	HTTP traffic detected: GET /feed.js HTTP/1.1Host: static.traffic.clubConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://googlle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/glade.js HTTP/1.1Host: securepubads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEIlqHLAQj8qswBCLy8zAEI5bzMAQiywcwBCMTBzAEI18HMAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://googlle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUkzjscYZ52NAY8n0cT95jijV6W0yuM6NwF8WWQoBrDcA-yxPPCjwWHtVTdU
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: googlle.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /banner_ads.js HTTP/1.1Host: googlle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Referer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: ndsp=eyJkb21haW5OYW1lIjoiZ29vZ2xsZS5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRzX2xhbmRpbmdfNSIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC8xMDQuMC4wLjAgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiZWRmN2I5MDk1MDA2N2I2YjFlOGI1Y2I1YzdkODcxNGQiLCJ0aW1lX2luaXQiOjE2ODU3Mzg2NzZ9
Source: global traffic	HTTP traffic detected: GET /font-awesome/4.1.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/summer_ballon.jpg HTTP/1.1Host: googlle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: ndsp=eyJkb21haW5OYW1lIjoiZ29vZ2xsZS5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRzX2xhbmRpbmdfNSIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC8xMDQuMC4wLjAgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiZWRmN2I5MDk1MDA2N2I2YjFlOGI1Y2I1YzdkODcxNGQiLCJ0aW1lX2luaXQiOjE2ODU3Mzg2NzZ9
Source: global traffic	HTTP traffic detected: GET /font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0 HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: http://googlle.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Referer: http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /feed.php?direct=g4tcd&mid=140&f=140&keyword=googlle.com&domain=googlle.com HTTP/1.1Host: track.traffic.clubConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Origin: http://googlle.comReferer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: googlle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: ndsp=eyJkb21haW5OYW1lIjoiZ29vZ2xsZS5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRzX2xhbmRpbmdfNSIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC8xMDQuMC4wLjAgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiZWRmN2I5MDk1MDA2N2I2YjFlOGI1Y2I1YzdkODcxNGQiLCJ0aW1lX2luaXQiOjE2ODU3Mzg2NzZ9; _ga_LTZ10XBX1X=GS1.1.1685771813.1.0.1685771813.0.0.0; _ga=GA1.2.1629361200.1685771813; _gid=GA1.2.1187469835.1685771813; _gat_mainCounter=1; _gat_tcCounter=1
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: googlle.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: ndsp=eyJkb21haW5OYW1lIjoiZ29vZ2xsZS5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRzX2xhbmRpbmdfNSIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC8xMDQuMC4wLjAgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiZWRmN2I5MDk1MDA2N2I2YjFlOGI1Y2I1YzdkODcxNGQiLCJ0aW1lX2luaXQiOjE2ODU3Mzg2NzZ9; _ga_LTZ10XBX1X=GS1.1.1685771813.1.0.1685771813.0.0.0; _ga=GA1.2.1629361200.1685771813; _gid=GA1.2.1187469835.1685771813; _gat_mainCounter=1; _gat_tcCounter=1
Source: global traffic	HTTP traffic detected: GET /feed.php?direct=g4tcd&mid=140&f=140&keyword=googlle.com&domain=googlle.com HTTP/1.1Host: track.traffic.clubConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Origin: http://googlle.comReferer: http://googlle.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/summer_ballon.jpg HTTP/1.1Host: googlle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: ndsp=eyJkb21haW5OYW1lIjoiZ29vZ2xsZS5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRzX2xhbmRpbmdfNSIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC8xMDQuMC4wLjAgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiZWRmN2I5MDk1MDA2N2I2YjFlOGI1Y2I1YzdkODcxNGQiLCJ0aW1lX2luaXQiOjE2ODU3Mzg2NzZ9; _gid=GA1.2.1187469835.1685771813; _gat_mainCounter=1; _gat_tcCounter=1; _ga=GA1.1.1629361200.1685771813; _ga_LTZ10XBX1X=GS1.1.1685771813.1.1.1685771814.0.0.0
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: googlle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: ndsp=eyJkb21haW5OYW1lIjoiZ29vZ2xsZS5jb20iLCJtZW1iZXIiOiIxMTMiLCJ0ZW1wbGF0ZSI6InRzX2xhbmRpbmdfNSIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC8xMDQuMC4wLjAgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiZWRmN2I5MDk1MDA2N2I2YjFlOGI1Y2I1YzdkODcxNGQiLCJ0aW1lX2luaXQiOjE2ODU3Mzg2NzZ9; _gid=GA1.2.1187469835.1685771813; _gat_mainCounter=1; _gat_tcCounter=1; _ga=GA1.1.1629361200.1685771813; _ga_LTZ10XBX1X=GS1.1.1685771813.1.1.1685771814.0.0.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 2, 2023 22:56:51.092463970 CEST	56924	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:51.093240976 CEST	60625	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:51.125871897 CEST	53	56924	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:51.147176981 CEST	53	60625	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:52.005326986 CEST	52955	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:52.028553009 CEST	53	52955	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:52.607930899 CEST	57134	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:52.613894939 CEST	62050	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:52.639262915 CEST	53	62050	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:52.855791092 CEST	53	57134	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:52.869398117 CEST	55638	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:52.902108908 CEST	53	55638	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:53.379668951 CEST	60767	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:53.412492037 CEST	53	60767	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:53.774502039 CEST	57571	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:53.794703007 CEST	53	57571	8.8.8.8	192.168.2.3
Jun 2, 2023 22:56:54.641850948 CEST	53305	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:56:54.656610012 CEST	53	53305	8.8.8.8	192.168.2.3
Jun 2, 2023 22:57:54.686021090 CEST	50784	53	192.168.2.3	8.8.8.8
Jun 2, 2023 22:57:54.700901985 CEST	53	50784	8.8.8.8	192.168.2.3

Timestamp	kBytes transferred	Direction	Data
Jun 2, 2023 22:56:52.668807983 CEST	551	OUT	GET /font-awesome/4.1.0/css/font-awesome.min.css HTTP/1.1 Host: maxcdn.bootstrapcdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://googlle.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 2, 2023 22:56:52.691742897 CEST	552	IN	HTTP/1.1 200 OK Date: Fri, 02 Jun 2023 20:56:52 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: US CDN-EdgeStorageId: 718 CDN-EdgeStorageId: 718 Last-Modified: Mon, 25 Jan 2021 22:04:53 GMT CDN-CachedAt: 2021-06-08 13:23:45 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 Cache-Control: public, max-age=31919000 timing-allow-origin: * cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff CDN-RequestId: 9d2aceeed0bcc462db274a476322cef8 Content-Encoding: gzip CDN-Cache: HIT CF-Cache-Status: HIT Age: 3523243 Server: cloudflare CF-RAY: 7d129b013f380472-FRA alt-svc: h3=":443"; ma=86400 Data Raw: 31 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 5c cb 8e e3 c8 95 dd fb 2b 64 37 3c 55 65 34 b3 14 52 2a 33 a5 82 67 da f6 c0 40 03 6d 78 d1 5e 78 31 9b 20 19 94 a2 92 62 b0 f8 c8 47 25 fa df e7 46 f0 5e 8a cc 3c c1 6e a3 1a bd a8 64 5c c6 f3 c4 7d 1e ea e3 9f 7e ff bb d5 9f 56 ab bf bb aa 5b fd e5 d1 b4 ee 6c 56 d7 57 ea 6a bd 4a 9f 57 3f e4 fa c1 1c 75 95 3f af 92 d5 a9 eb ea c3 c7 8f 05 49 ea 41 f0 ca 3a 7a fe c3 e4 49 e8 eb 27 9b 99 aa 35 b1 57 3e 96 dc fe de 0f 7a 58 fd fc e3 4f ab 7f fe fd a7 95 ba 52 df af fe f6 f3 cf 87 d5 3f 7e fc 97 74 f2 81 7a fc 18 46 48 0a 9d 99 17 fe d7 d9 96 cf 87 77 fe 7d 9e f3 bb 4f 6d 93 1d fa a6 7c ff ee ea 2a cc b1 9d ce 34 79 34 a9 7f 78 65 5c f7 3f 0f 7f 0e 0b 7c f7 e1 3f 78 e7 3b 6b 0a fb f4 5f e3 ab ab c2 35 67 dd bd 7f 67 ce a9 c9 73 93 27 ae 36 55 f7 5c 9b 77 1f be ff f5 69 3c ba a2 b8 cc 63 ec cc 3f fe 4d ef 77 1d 7a bd 6b 7a f3 9b a7 d0 3e 1c 65 06 df 4d 4e b0 31 c7 be d4 cd bb 0f e3 a4 48 90 b6 2a 6c fc a3 b1 c7 53 77 a8 fc da cb e1 51 db 3d 97 86 9f fc 72 55 e8 97 dc b6 75 a9 9f 0f b6 2a 6d 65 92 b4 74 d9 fd 20 5a e8 70 6c 93 53 7b db 05 1a 27 f4 73 1a 86 56 9f fc 51 de 5b 82 83 9f 50 7b 76 ae 3b d9 ea 78 d0 55 67 75 69 75 6b f2 4f c9 d9 7d 4d 5c fb f4 5a e6 d8 e8 e7 36 d3 a5 f1 13 4d ca e3 80 a6 d6 7e 35 07 75 b5 e5 ff cc f9 d3 74 c0 ab db 1d 3d 79 30 4d 67 e9 cd 84 86 38 56 87 44 ed fe 18 fa Data Ascii: 1446\+d7<Ue4R3g@mx^x1 bG%F^<nd\}~V[lVWjJW?u?IA:zI'5W>zXOR?~tzFHw}Om\|4y4xe\?\|?x;k_5ggs'6U\wi<c?Mwzkz>eMN1HlSwQ=rUumet ZplS{'sVQ[P{v;xUguiukO}M\Z6M~5ut=y0Mg8VD
Jun 2, 2023 22:56:52.691785097 CEST	553	IN	Data Raw: d8 3c 4d fa d8 98 73 78 b8 9d 3e dc f2 c3 eb e9 c3 6b 7e b8 9b 3e a4 71 c2 eb c5 e3 cb a3 cd bb 13 cd 69 73 b7 bb 55 d7 9b 3d cd a0 33 4f 1d 8f 4e b7 ab 33 4d 90 ed cb 97 5a e7 39 6d 40 52 9a a2 3b ac 3f 9d 75 73 b4 d5 f0 d7 e6 8a 5e 0e 5d 84 45 Data Ascii: <Msx>k~>qisU=3ON3MZ9m@R;?us^]E_:ju1A+\|#%u>L(-V\|w&7,pE{V?@3j}Gcy-wWe4/Etw~\|~wwx!4W\|.I[E
Jun 2, 2023 22:56:52.691813946 CEST	555	IN	Data Raw: c2 6a 4d 7e 18 14 60 80 b5 3e 7b 86 3a 60 60 91 af 1a 5d 10 83 26 2c 68 41 6e c7 d0 09 3b b4 24 c7 e0 31 9f 4d 06 b1 b3 63 ec d0 b1 3d 34 2e ae 2b 76 8c 21 91 8b 6a 81 1d 23 c6 7b 6f 6c b6 d1 5e ec 18 2e c1 7b 5b 92 63 b0 74 de 69 5c 92 63 c8 0c Data Ascii: jM~`>{:``]&,hAn;$1Mc=4.+v!j#{ol^.{[cti\c\8~/2f(G"8?G'm:cMW;c,XHP0 nKCW1t{LjLY59t nP+nkl=yJ=$t:1v
Jun 2, 2023 22:56:52.691842079 CEST	556	IN	Data Raw: 7b db c5 cc 7f c1 80 4b 69 87 f1 2e 68 09 47 a9 38 67 f0 38 82 a3 be 2b 4d 03 b5 56 c1 28 0a d5 df 50 e6 81 f0 2f 24 60 e8 6d 19 28 a4 58 8a b1 43 4b af 7d ed 29 22 25 9e e0 99 4e 58 57 19 9e 3a e3 e7 6c 72 62 f0 c2 4d 94 d4 84 27 5a d2 89 7c c6 Data Ascii: {Ki.hG8g8+MV(P/$`m(XCK})"%NXW:lrbM'Z\|\|iD_$$r=&zPZ38ZfX:jJjfRI2H2;XWk{\PkFQCtBj:?#\|jad}] [TTA$+aD
Jun 2, 2023 22:56:52.691868067 CEST	557	IN	Data Raw: 52 bc 4f 6c 88 a8 2c 4d ff c3 f1 59 6b d4 44 1b f7 d5 3c 54 ea 51 77 62 8a 82 6a 59 c8 9f ab 3b 46 c0 ac ac 1e e7 1f a8 3b d1 21 f3 af 77 62 17 67 a4 d5 0c fe d7 eb 32 cc 2b 0f 2c da 0b fb 60 b9 23 ae 07 7f 30 84 f6 46 98 37 8f 27 63 4a 1f f7 43 Data Ascii: ROl,MYkD<TQwbjY;F;!wbg2+,`#0F7'cJC#b#bSI3t03"V9mM=VSb"{4~S{Q>TYQY~X"?b01z$b+MN(aTYH,U)!<J>Cmp}([wa!
Jun 2, 2023 22:56:52.691890955 CEST	557	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Jun 2, 2023 22:57:37.698961973 CEST	1797	OUT	Data Raw: 00 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
Jun 2, 2023 22:56:53.571304083 CEST	1082	OUT	GET /font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0 HTTP/1.1 Host: maxcdn.bootstrapcdn.com Connection: keep-alive Origin: http://googlle.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Referer: http://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 2, 2023 22:56:53.596832991 CEST	1098	IN	HTTP/1.1 200 OK Date: Fri, 02 Jun 2023 20:56:53 GMT Content-Type: font/woff Content-Length: 83760 Connection: keep-alive CDN-PullZone: 252412 CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74 CDN-RequestCountryCode: DE Access-Control-Allow-Origin: * Cache-Control: public, max-age=31919000 ETag: "fdf491ce5ff5b2da02708cd0e9864719" Last-Modified: Mon, 25 Jan 2021 22:04:53 GMT CDN-CachedAt: 08/25/2022 04:48:59 CDN-ProxyVer: 1.02 CDN-RequestPullCode: 200 CDN-RequestPullSuccess: True CDN-EdgeStorageId: 860 timing-allow-origin: * cross-origin-resource-policy: cross-origin X-Content-Type-Options: nosniff CDN-Status: 200 CDN-RequestId: 5f64340206f2cf385cc9bebeb99b08a5 CDN-Cache: HIT CF-Cache-Status: HIT Age: 226623 Accept-Ranges: bytes Vary: Accept-Encoding Server: cloudflare CF-RAY: 7d129b06dc576949-FRA alt-svc: h3=":443"; ma=86400 Data Raw: 77 4f 46 46 00 01 00 00 00 01 47 30 00 11 00 00 00 02 28 fc 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 46 54 4d 00 00 01 80 00 00 00 1c 00 00 00 1c 67 2b 8e 59 47 44 45 46 00 00 01 9c 00 00 00 1f 00 00 00 20 02 1d 00 04 4f 53 2f 32 00 00 01 bc 00 00 00 3e 00 00 00 60 8b 02 7a 37 63 6d 61 70 00 00 01 fc 00 00 01 41 00 00 02 a2 e0 80 b8 4a 63 76 74 20 00 00 03 40 00 00 00 28 00 00 00 28 05 83 08 a8 66 70 67 6d 00 00 03 68 00 00 01 b1 00 00 02 65 53 b4 2f a7 67 61 73 70 00 00 05 1c 00 00 00 08 00 00 00 08 00 00 00 10 67 6c 79 66 00 00 05 24 00 01 2e 20 00 01 fe 9c 92 ab 42 c6 68 65 61 64 00 01 33 44 00 00 00 31 00 00 00 36 07 68 38 11 68 68 65 61 00 01 33 78 00 00 00 1f 00 00 00 24 0f 02 09 b2 68 6d 74 78 00 01 33 98 00 00 02 1f 00 00 07 8a f3 a4 11 7e 6c 6f 63 61 00 01 35 b8 00 00 03 ab 00 00 03 e2 bd 12 3d 9c 6d 61 78 70 00 01 39 64 00 00 00 1f 00 00 00 20 03 1c 04 7b 6e 61 6d 65 00 01 39 84 00 00 01 8c 00 00 03 58 50 fb 78 86 70 6f 73 74 00 01 3b 10 00 00 0b e5 00 00 13 ef ad ae 1b a8 70 72 65 70 00 01 46 f8 00 00 00 2e 00 00 00 2e b0 f2 2b 14 77 65 62 66 00 01 47 28 00 00 00 06 00 00 00 06 c6 ea 53 73 00 00 00 01 00 00 00 00 cc 3d a2 cf 00 00 00 00 cb 54 74 20 00 00 00 00 cf 99 77 69 78 da 63 60 64 60 60 e0 03 62 Data Ascii: wOFFG0(FFTMg+YGDEF OS/2>`z7cmapAJcvt @((fpgmheS/gaspglyf$. Bhead3D16h8hhea3x$hmtx3~loca5=maxp9d {name9XPxpost;prepF..+webfG(Ss=Tt wixc`d``b
Jun 2, 2023 22:56:53.596915007 CEST	1099	IN	Data Raw: 09 06 10 60 62 60 64 60 64 7c 0f 24 59 c0 3c 06 00 0e 9b 01 23 00 78 da 63 60 66 63 63 9c c0 c0 ca c0 c2 d2 c3 62 cc c0 c0 d0 06 a1 99 8a 19 a2 c0 7c 9c a0 a0 b2 a8 98 c1 81 41 e1 2b 03 1b c3 7f 20 9f 8d 81 51 19 48 31 22 29 51 60 60 04 00 b3 12 Data Ascii: `b`d`d\|$Y<#xc`fccb\|A+ QH1")Q``8xJqVYZbB@MP6""Z2/M40g8pF'R2-g\|z>Ei9tJE:+6yz_<D%.IIKVRT!m6Fq$Fy
Jun 2, 2023 22:56:53.596962929 CEST	1101	IN	Data Raw: 6e 13 4a de 60 3e df d3 eb c8 8c b0 e9 94 5b c8 f4 e5 48 5f 3a e5 72 0a 0e 2b 1b 4a b0 d5 6a ad 7a 4a d6 1c bc b6 fb ba 1d 52 2b 57 30 f3 f1 7e 38 db 79 ed c1 35 6a e5 02 a3 9e de 78 f5 a6 4e 67 8c fb 56 5b da 44 18 4d 7f fc fc 4c 0a 2a 9c 9d 9b Data Ascii: nJ`>[H_:r+JjzJR+W0~8y5jxNgV[DMLh=A0 )JLCIqdc&0lYQG~,apC}eu9aXC1dc/-i%NvD2}?q'769r*/D)\v
Jun 2, 2023 22:56:53.597009897 CEST	1102	IN	Data Raw: 8f 21 74 4a 7c 40 9d 04 9e 78 8a 42 a8 07 88 47 61 0b 94 f3 95 d2 f8 e5 f8 cd 97 a6 a1 ee 78 11 ca d7 55 4a b7 dc 9f 4a 95 1e a7 90 1b ae 42 c2 4f 54 48 08 d9 8b 9f 93 ec ff b7 ed fb e3 a4 10 ef ef 8f 2b 73 78 5c b9 cc 16 ff cf b5 9a a6 e7 78 60 Data Ascii: !tJ\|@xBGaxUJJBOTH+sx\x`+hD*QPxGZ,oQ~G\eD)9Z7OV.O-!2V5e\{f3`Cq?G$1[~z}G>7k`F82
Jun 2, 2023 22:56:53.597059965 CEST	1103	IN	Data Raw: 03 c9 cd 0c 4d 6d df 7d 35 d5 f3 a8 4c 4c 8e 2a 24 61 34 83 b5 09 55 e5 ff b3 02 ac 2f c4 d1 8a 97 47 48 56 08 8a cb a6 8d 18 84 a1 0d ea f4 e2 db 4e 2f 92 5d 67 db 84 ac d0 26 db 3a 92 c5 39 30 bd 67 6c 1e e4 ac 69 98 4e 8c d5 c6 71 05 ce 66 9d Data Ascii: Mm}5LL$a4U/GHVN/]g&:90gliNqf/dGoR?XI&OG3[OnhpE!^?0?;idY'gC4zc@r1T<tFNU_J@tVd[Je}E')O0;j7aekpa`. 0AcM
Jun 2, 2023 22:56:53.597130060 CEST	1105	IN	Data Raw: 12 ae 40 7e 3a 32 cc c6 9b 43 a1 e6 85 7f 1c 1e 51 5a 01 a7 59 ef dc 1c 67 e2 c8 eb 0a cf 9a 2f 58 0f 62 28 85 2d 19 b3 78 c3 98 55 87 07 6d 0a 22 0c cf 4b 1a a3 89 f3 b4 2d 1b 8c c8 c5 07 03 ba d6 e7 a6 3a 15 ca e7 5e 8c 9c 07 82 6d 6c 20 10 58 Data Ascii: @~:2CQZYg/Xb(-xUm"K-:^ml X8kx>pQ/bT},4{!C=hAd'U.VJY$!^&P2t:]<E8deALO!iPF 1$H}N?W5qW7ykFb8gQ`$?#cj
Jun 2, 2023 22:56:53.597178936 CEST	1106	IN	Data Raw: 07 53 f2 6a be b4 1d ea 0f 54 ca db 0f 60 fd f6 09 a8 bf 32 55 3a 8a cb fd f4 75 40 94 2d fa ce 91 f5 21 3a 81 de 79 a7 dd 19 ea c0 93 91 54 6d 1d d5 f4 01 c3 53 bb 36 42 70 da 41 45 0c 95 cf 17 b4 78 a7 20 bb 3a d6 ef 98 d8 b6 6d c2 d1 0f 5c 84 Data Ascii: SjT`2U:u@-!:yTmS6BpAEx :m\Cst o'">}[$Ez-w~[>=,((Z{i"<I~NhKS(wfTseVUr8NX]@IgI@JY \|kr-JWb&)
Jun 2, 2023 22:56:53.597227097 CEST	1107	IN	Data Raw: da e5 44 be 26 ab 54 c5 c8 36 6a 3d 48 d7 98 d7 aa 3f 27 f5 79 d0 aa 4b 56 18 4f 83 35 c5 e9 0d 9b 0b fd 71 76 26 3e ed 7b da 17 2f 6c be 41 b4 9c 55 e5 99 b3 20 e2 15 b9 e2 3c 7c 66 e2 fd 0b b0 c4 50 ad e7 0c 99 d9 7c 03 1b 40 0b c3 d3 be e9 f8 Data Ascii: D&T6j=H?'yKVO5qv&>{/lAU <\|fP\|@iP?@\QGG233UKI;vp#.FR'Gj+A..RlKkkAt4:pQ=(-i@eY=2^S_{S
Jun 2, 2023 22:56:53.597275019 CEST	1109	IN	Data Raw: 42 0f b5 c7 6e 87 1d e6 4f 8d bc d9 88 2e 82 14 0c 56 33 e0 93 fa 84 0c 8b de aa 48 e5 a8 ae d9 ca ea 25 06 d7 45 b8 79 54 75 b3 44 d3 0f fc 8c 8d ba 58 6e ed 33 7f 0b 26 50 e4 d1 08 89 ea 5a 9b 9c 56 43 87 c6 a1 61 b5 31 7f b3 9f e3 2d 44 67 16 Data Ascii: BnO.V3H%EyTuDXn3&PZVCa1-Dg~V*)`$LDW:joqAo=eK1MZ`4rUi-19fknN>n%vK'd[>Zn_0Q'2G`g
Jun 2, 2023 22:56:53.597321987 CEST	1110	IN	Data Raw: 45 68 f6 41 17 b6 32 b9 b0 15 e7 7a 4e 92 fe 15 15 d3 cf d7 62 5f 34 ea 1c 72 c3 0c 42 03 98 48 3d 89 39 78 63 4f 35 9e 19 2d df e8 39 0c 2f de 8c 9e c3 02 0c 02 c7 36 99 a8 1c e5 16 51 e2 aa 5a ba 99 00 83 aa 75 2b 41 d5 ba 54 8b 18 20 5d e4 33 Data Ascii: EhA2zNb_4rBH=9xcO5-9/6QZu+AT ]3+<_%]]7.(IAN>&2k`Co0^+x^(ia+B'<kN\;CRnq!pT*JDM^eK%2H
Jun 2, 2023 22:56:53.597579956 CEST	1112	IN	Data Raw: 7e d7 a0 c5 23 0e cc c5 7f 89 c2 e0 76 ed 9d da 7b 31 23 0c 76 b7 8a 2d 52 d0 ad ed 71 bb cf 7d d7 1d 9c d6 ce 79 1d 96 85 56 4b 04 0f 0e a6 81 1f 41 fe d6 c7 50 c7 ce 65 11 b0 55 06 7b 79 d6 96 e8 b2 f3 5a 9a 11 05 8e 5c b1 f1 ac b0 a8 91 69 d4 Data Ascii: ~#v{1#v-Rq}yVKAPeU{yZ\iHK\|mL+S+"7>pL_^E!dF7x87MF,kgdk,AE}x%(<Pypy=y/4/:x0J@L
Jun 2, 2023 22:57:38.636434078 CEST	1797	OUT	Data Raw: 00 Data Ascii:

Timestamp	kBytes transferred	Direction	Data
Jun 2, 2023 22:56:53.579993010 CEST	1083	OUT	GET /feed.php?direct=g4tcd&mid=140&f=140&keyword=googlle.com&domain=googlle.com HTTP/1.1 Host: track.traffic.club Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Origin: http://googlle.com Referer: http://googlle.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 2, 2023 22:56:53.856256962 CEST	1279	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 02 Jun 2023 20:56:53 GMT Content-Type: text/html; charset=utf8 Content-Length: 3065 Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Encoding: none X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-IPLB-Request-ID: 66818F2B:C230_93878FB8:0050_647A5795_2AF9335:4828 X-IPLB-Instance: 45836 Data Raw: 7b 22 63 6f 75 6e 74 22 3a 34 2c 22 61 64 73 22 3a 5b 7b 22 74 69 74 6c 65 22 3a 22 45 6c 65 63 74 72 6f 6e 69 63 73 20 4f 6e 6c 69 6e 65 20 53 74 6f 72 65 20 2d 20 42 75 79 20 45 6c 65 63 74 72 6f 6e 69 63 73 20 4f 6e 6c 69 6e 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 46 72 65 65 20 73 68 69 70 70 69 6e 67 20 61 6e 64 20 6d 6f 6e 74 68 6c 79 20 70 61 79 6d 65 6e 74 20 6f 70 74 69 6f 6e 73 20 61 72 65 20 61 76 61 69 6c 61 Data Ascii: {"count":4,"ads":[{"title":"Electronics Online Store - Buy Electronics Online","description":"Free shipping and monthly payment options are availa
Jun 2, 2023 22:56:53.856312990 CEST	1280	IN	Data Raw: 62 6c 65 20 66 6f 72 20 73 65 6c 65 63 74 65 64 20 65 6c 65 63 74 72 6f 6e 69 63 73 2e 20 42 75 79 20 74 68 65 20 6c 61 74 65 73 74 20 65 6c 65 63 74 72 6f 6e 69 63 73 20 77 69 74 68 20 65 61 73 65 2e 22 2c 22 73 69 74 65 22 3a 22 68 74 74 70 3a Data Ascii: ble for selected electronics. Buy the latest electronics with ease.","site":"http:\/\/getTheBestOffers.com\/electronics","clickurl":"track.vcdc.com\/proceed.php?domain=googlle.com&hash=4fcc6a9232ef980ca69618cfbb9ffe7c&u=eyJ0aW1lc3RhbXAiOjE2ODU
Jun 2, 2023 22:56:53.856333971 CEST	1281	IN	Data Raw: 49 69 77 69 59 6d 6c 6b 49 6a 6f 69 4d 43 34 77 4d 44 41 69 66 51 3d 3d 22 2c 22 62 69 64 22 3a 30 2c 22 70 72 69 63 65 22 3a 22 54 4f 50 20 4f 46 46 45 52 22 2c 22 69 6d 61 67 65 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 74 72 61 66 66 69 63 63 6c Data Ascii: IiwiYmlkIjoiMC4wMDAifQ==","bid":0,"price":"TOP OFFER","image":"https:\/\/trafficclub-nde.netdna-ssl.com\/assets\/banner\/computer-min.png"},{"title":"Vacations, Hotels, Flights, Cruises, Coupons and ...","description":"Save up to 70% on Luxury
Jun 2, 2023 22:56:53.856352091 CEST	1281	IN	Data Raw: 5a 43 49 36 49 6a 45 30 4d 43 49 73 49 6d 46 6b 64 6d 56 79 64 47 6c 7a 5a 58 4a 66 61 57 51 69 4f 69 49 35 4f 54 6b 35 49 69 77 69 64 47 46 79 5a 32 56 30 49 6a 6f 69 61 48 52 30 63 44 70 63 4c 31 77 76 64 48 4a 68 59 32 73 75 64 6d 4e 6b 59 79 Data Ascii: ZCI6IjE0MCIsImFkdmVydGlzZXJfaWQiOiI5OTk5IiwidGFyZ2V0IjoiaHR0cDpcL1wvdHJhY2sudmNkYy5jb21cLz9taWQ9MTQwJmY9MTQwJmRvbWFpbj1nb29nbGxlLmNvbSZrZXl3b3JkPVRyYXZlbCIsImlwX2FkZHJlc3MiOiIxMDIuMTI5LjE0My40MyIsInR5cGUiOiJjbGljayIsImJpZCI6IjAuMDAwIn0=","bid"
Jun 2, 2023 22:56:53.856369972 CEST	1282	IN	Data Raw: 3f 64 6f 6d 61 69 6e 3d 67 6f 6f 67 6c 6c 65 2e 63 6f 6d 26 68 61 73 68 3d 38 65 33 64 39 61 39 35 39 62 38 33 36 63 31 32 62 37 63 36 30 62 62 62 32 65 63 37 61 35 32 37 26 75 3d 65 79 4a 30 61 57 31 6c 63 33 52 68 62 58 41 69 4f 6a 45 32 4f 44 Data Ascii: ?domain=googlle.com&hash=8e3d9a959b836c12b7c60bbb2ec7a527&u=eyJ0aW1lc3RhbXAiOjE2ODU3Mzk0MTMsImRvbWFpbiI6Imdvb2dsbGUuY29tIiwiZG9tYWluX2lkIjoiMTQ5MTM0MiIsIm1pZCI6IjE0MCIsImFkdmVydGlzZXJfaWQiOiI5OTk5IiwidGFyZ2V0IjoiaHR0cDpcL1wvdHJhY2sudmNkYy5jb21
Jun 2, 2023 22:56:53.856388092 CEST	1282	IN	Data Raw: 73 2c 20 46 72 65 65 62 69 65 73 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 65 65 20 74 68 65 20 6c 61 72 67 65 73 74 20 73 65 6c 65 63 74 69 6f 6e 20 6f 66 20 65 78 70 65 72 74 6c 79 2d 70 69 63 6b 65 64 20 64 65 61 6c 73 2c 20 63 6f Data Ascii: s, Freebies","description":"See the largest selection of expertly-picked deals, coupons, and freebies for your home and business - with product reviews, deal alerts and more.","site":"http:\/\/getTheBestOffers.com\/best-deals","clickurl":"trac
Jun 2, 2023 22:56:53.856405020 CEST	1283	IN	Data Raw: 46 70 62 6a 31 6e 62 32 39 6e 62 47 78 6c 4c 6d 4e 76 62 53 5a 72 5a 58 6c 33 62 33 4a 6b 50 55 4a 6c 63 33 51 72 52 47 56 68 62 48 4d 69 4c 43 4a 70 63 46 39 68 5a 47 52 79 5a 58 4e 7a 49 6a 6f 69 4d 54 41 79 4c 6a 45 79 4f 53 34 78 4e 44 4d 75 Data Ascii: Fpbj1nb29nbGxlLmNvbSZrZXl3b3JkPUJlc3QrRGVhbHMiLCJpcF9hZGRyZXNzIjoiMTAyLjEyOS4xNDMuNDMiLCJ0eXBlIjoiY2xpY2siLCJiaWQiOiIwLjAwMCJ9","bid":0,"price":"TOP OFFER","image":"https:\/\/trafficclub-nde.netdna-ssl.com\/assets\/banner\/sale-min.png"}]}
Jun 2, 2023 22:56:54.396872044 CEST	1314	OUT	GET /feed.php?direct=g4tcd&mid=140&f=140&keyword=googlle.com&domain=googlle.com HTTP/1.1 Host: track.traffic.club Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept: / Origin: http://googlle.com Referer: http://googlle.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jun 2, 2023 22:56:54.674463987 CEST	1589	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 02 Jun 2023 20:56:54 GMT Content-Type: text/html; charset=utf8 Content-Length: 3065 Cache-Control: no-cache, must-revalidate Access-Control-Allow-Origin: * Content-Encoding: none X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-IPLB-Request-ID: 66818F2B:C230_93878FB8:0050_647A5795_2AF9337:4828 X-IPLB-Instance: 45836 Data Raw: 7b 22 63 6f 75 6e 74 22 3a 34 2c 22 61 64 73 22 3a 5b 7b 22 74 69 74 6c 65 22 3a 22 45 6c 65 63 74 72 6f 6e 69 63 73 20 4f 6e 6c 69 6e 65 20 53 74 6f 72 65 20 2d 20 42 75 79 20 45 6c 65 63 74 72 6f 6e 69 63 73 20 4f 6e 6c 69 6e 65 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 46 72 65 65 20 73 68 69 70 70 69 6e 67 20 61 6e 64 20 6d 6f 6e 74 68 6c 79 20 70 61 79 6d 65 6e 74 20 6f 70 74 69 6f 6e 73 20 61 72 65 20 61 76 61 69 6c 61 Data Ascii: {"count":4,"ads":[{"title":"Electronics Online Store - Buy Electronics Online","description":"Free shipping and monthly payment options are availa
Jun 2, 2023 22:56:54.675168037 CEST	1590	IN	Data Raw: 62 6c 65 20 66 6f 72 20 73 65 6c 65 63 74 65 64 20 65 6c 65 63 74 72 6f 6e 69 63 73 2e 20 42 75 79 20 74 68 65 20 6c 61 74 65 73 74 20 65 6c 65 63 74 72 6f 6e 69 63 73 20 77 69 74 68 20 65 61 73 65 2e 22 2c 22 73 69 74 65 22 3a 22 68 74 74 70 3a Data Ascii: ble for selected electronics. Buy the latest electronics with ease.","site":"http:\/\/getTheBestOffers.com\/electronics","clickurl":"track.vcdc.com\/proceed.php?domain=googlle.com&hash=4fcc6a9232ef980ca69618cfbb9ffe7c&u=eyJ0aW1lc3RhbXAiOjE2ODU
Jun 2, 2023 22:56:54.675193071 CEST	1590	IN	Data Raw: 49 69 77 69 59 6d 6c 6b 49 6a 6f 69 4d 43 34 77 4d 44 41 69 66 51 3d 3d 22 2c 22 62 69 64 22 3a 30 2c 22 70 72 69 63 65 22 3a 22 54 4f 50 20 4f 46 46 45 52 22 2c 22 69 6d 61 67 65 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 74 72 61 66 66 69 63 63 6c Data Ascii: IiwiYmlkIjoiMC4wMDAifQ==","bid":0,"price":"TOP OFFER","image":"https:\/\/trafficclub-nde.netdna-ssl.com\/assets\/banner\/computer-min.png"},{"title":"Vacations, Hotels, Flights, Cruises, Coupons and ...","description":"Save up to 70% on Luxury
Jun 2, 2023 22:56:54.675215006 CEST	1591	IN	Data Raw: 5a 43 49 36 49 6a 45 30 4d 43 49 73 49 6d 46 6b 64 6d 56 79 64 47 6c 7a 5a 58 4a 66 61 57 51 69 4f 69 49 35 4f 54 6b 35 49 69 77 69 64 47 46 79 5a 32 56 30 49 6a 6f 69 61 48 52 30 63 44 70 63 4c 31 77 76 64 48 4a 68 59 32 73 75 64 6d 4e 6b 59 79 Data Ascii: ZCI6IjE0MCIsImFkdmVydGlzZXJfaWQiOiI5OTk5IiwidGFyZ2V0IjoiaHR0cDpcL1wvdHJhY2sudmNkYy5jb21cLz9taWQ9MTQwJmY9MTQwJmRvbWFpbj1nb29nbGxlLmNvbSZrZXl3b3JkPVRyYXZlbCIsImlwX2FkZHJlc3MiOiIxMDIuMTI5LjE0My40MyIsInR5cGUiOiJjbGljayIsImJpZCI6IjAuMDAwIn0=","bid"
Jun 2, 2023 22:56:54.675235987 CEST	1592	IN	Data Raw: 3f 64 6f 6d 61 69 6e 3d 67 6f 6f 67 6c 6c 65 2e 63 6f 6d 26 68 61 73 68 3d 38 65 33 64 39 61 39 35 39 62 38 33 36 63 31 32 62 37 63 36 30 62 62 62 32 65 63 37 61 35 32 37 26 75 3d 65 79 4a 30 61 57 31 6c 63 33 52 68 62 58 41 69 4f 6a 45 32 4f 44 Data Ascii: ?domain=googlle.com&hash=8e3d9a959b836c12b7c60bbb2ec7a527&u=eyJ0aW1lc3RhbXAiOjE2ODU3Mzk0MTQsImRvbWFpbiI6Imdvb2dsbGUuY29tIiwiZG9tYWluX2lkIjoiMTQ5MTM0MiIsIm1pZCI6IjE0MCIsImFkdmVydGlzZXJfaWQiOiI5OTk5IiwidGFyZ2V0IjoiaHR0cDpcL1wvdHJhY2sudmNkYy5jb21

Timestamp	kBytes transferred	Direction	Data
2023-06-02 20:56:51 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: CONSENT=PENDING+904; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg
2023-06-02 20:56:51 UTC	0	OUT	Data Raw: 20 Data Ascii:
2023-06-02 20:56:51 UTC	0	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 02 Jun 2023 20:56:51 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-HNtMtXb7jtj6THL7Zd93fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-06-02 20:56:51 UTC	2	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-06-02 20:56:51 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-06-02 20:56:52 UTC	2	OUT	GET /feed.js HTTP/1.1 Host: static.traffic.club Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://googlle.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-06-02 20:56:52 UTC	2	IN	HTTP/1.1 200 OK Date: Fri, 02 Jun 2023 20:56:52 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close Last-Modified: Thu, 16 Feb 2023 09:01:25 GMT ETag: "35a1-5f4cd71024340" Accept-Ranges: bytes Content-Length: 13729 Content-Type: application/javascript
2023-06-02 20:56:52 UTC	2	IN	Data Raw: 20 20 20 66 75 6e 63 74 69 6f 6e 20 67 65 74 54 63 41 64 73 28 74 72 61 66 66 69 63 43 6c 75 62 4f 70 74 69 6f 6e 73 29 7b 0a 0a 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 74 72 61 66 66 69 63 43 6c 75 62 4f 70 74 69 6f 6e 73 20 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 72 61 66 66 69 63 43 6c 75 62 4f 70 74 69 6f 6e 73 20 3d 20 7b 20 63 75 73 74 6f 6d 65 72 3a 20 27 31 33 36 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 75 73 74 6f 6d 65 72 48 61 73 68 3a 20 27 36 31 62 31 32 62 65 33 37 39 34 66 37 35 32 64 63 63 32 33 62 33 66 61 34 30 34 39 33 30 63 62 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: function getTcAds(trafficClubOptions){ if (typeof trafficClubOptions == 'undefined') { var trafficClubOptions = { customer: '136', customerHash: '61b12be3794f752dcc23b3fa404930cb',
2023-06-02 20:56:52 UTC	10	IN	Data Raw: 27 75 72 6c 27 3a 27 68 74 74 70 3a 2f 2f 74 65 73 74 2e 64 65 27 2c 20 27 62 69 64 27 20 3a 20 30 2e 31 7d 3b 7d 0a 20 20 20 20 20 20 20 20 69 66 28 74 72 61 66 66 69 63 43 6c 75 62 4f 70 74 69 6f 6e 73 2e 69 6e 76 6f 63 61 74 69 6f 6e 20 3d 3d 20 27 66 65 65 64 27 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 63 73 74 79 6c 65 73 20 3d 20 22 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6e 65 77 53 53 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 6c 69 6e 6b 27 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 65 77 53 53 2e 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: 'url':'http://test.de', 'bid' : 0.1};} if(trafficClubOptions.invocation == 'feed') { var tcstyles = ""; var newSS=document.createElement('link'); newSS.rel='stylesheet';

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	281
Entropy (8bit):	4.672948163040024
Encrypted:	false
SSDEEP:	6:S8unpZwidQpUFptlsjR2UokQ21FD2QpUFN2zYAIvG2R8HJ3P:SzpZw9cpfgR2Ux/D5cNjAIvzRW1P
MD5:	527CD4BF29C09D6365E9DE5F50BF694E
SHA1:	4AE6E5E04DAF386E2D4995855C9F207436077E61
SHA-256:	F26E40109B0475BACEA3FC2FCAD5A91F2003E11C4BBE736141982DA246AC155E
SHA-512:	9896398EB8A3A61C709797FBA8C2E78CB60972C868AF1B436355F4B6C0EFB1766031DC550C423DDAB5FFBF1A0698157252C6F6E6C9EE4E94757BA0376F82137F
Malicious:	false
Reputation:	low
URL:	https://securepubads.g.doubleclick.net/static/glade.js
Preview:	console.warn("Sunset Notice: Beginning May 22, 2022, the Google Publisher Tag Light (Glade) will no longer be able to request ads. To avoid a disruption in service, update your site to use the Google Publisher Tag (GPT) instead. See https://developers.google.com/publisher-tag.");.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1770x1073, components 3
Category:	dropped
Size (bytes):	170012
Entropy (8bit):	7.985551471523919
Encrypted:	false
SSDEEP:	3072:hwwsoDpYD6HZiKVOOY9FReIkO/ftxysbKiWKXuJhb6StLPe1nJYDwobJI+hXv3V6:eFofkKu7RIO/ftx99HuJhbjxPe1JYJb8
MD5:	BF6ED69CA6641DFC86BC73DF7A591876
SHA1:	4596F492B6C6676F16B4E30A03B5938B6DD3379B
SHA-256:	A91A4A6D81038E8390EB5FD8DD83FB146BAC24B5128F25820F321643E7FFD229
SHA-512:	E5E5A189A74FBDE1B595EBA823267F4A84D46CAD9555CB8E635EF7A5870F3C47366A99B9D331A4769EA89A2933B059B4CDFC8957ADA61BA090C45AB6FEF35BDB
Malicious:	false
Reputation:	low
Preview:	......JFIF.....................................................................&""&0-0>>T.......................................................&""&0-0>>T......1...."...................................................6l....&\..d.&L.2d.w..%.J.........&L.re...7<=d.._...}."R....fb&"&bI.....6...$.H. HI .Q".RI$.I.....S."q.DF8...c.0.l...l.r..&\.2e.y2.L.y...VJ.Wuuy2VK.y2...L.......&L..........JR..fb"&"beH...6.n....!$..B...I$.$......f.Sffff"q.9.....c...._7..6l.r...\.rd.y2^K....d.....]]^L...d.&l.re.}..&l..-..o...!JII331...D.).D ...n....D...D.HI!I(.RJIJT..S..S.31......1..\|.c6l.r...L.&L...]..y+%]....e.w..e.&l.2.(.v.L...c..C.. ..2.g.DF8...I .c.m...BB.....$H.IH..T.2D..%.......s.b1.Dc....e..\.6k.&K.w...U.K.....wWWyk%...\....."2.f..%........BI.%3.."1.D.HB`.6.UM..$. B.....$..)I$.J..T)....13..8..DN(....g..L.3d.&L.y+%]...y.......&L....5./.M.......a...Lw......#.7..>....s.""a)H..66.S(.$!...!$...E).II)JeJ.P.eLJ.........q."\|6l.sd.%d.&L.w...].^K.....WuU.&K.6L.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1043
Entropy (8bit):	5.366803079077883
Encrypted:	false
SSDEEP:	24:lPAOYsZc++DAOYsZc+6RVc+o/rAOYsZc+wwy96DGSSf7:SOLOYOLOlRVc+okOLOrN0oD
MD5:	36CECF1F0F14544D2C5920DC6002DA52
SHA1:	B8C7DCF86038C9B81F28AB29FFDE4DC304FA3CA4
SHA-256:	2E120707B7A0DE913A32DA3E779B975BD342672CA68C9AA373029F38C90CFB56
SHA-512:	8BCFF8A43BFF14E4DBF51241F17DFFC84B77BE7417466F7007F41C19DB22168A44941E4EF92AEEA85A84A2F527E8D2D7EBDC64FCF5843BDBEE19F9465BCED04F
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/css?family=Poppins
Preview:	/* devanagari /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJbecmNE.woff2) format('woff2');. unicode-range: U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+25CC, U+A830-A839, U+A8E0-A8FF;.}./ latin-ext /.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJnecmNE.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191,

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (472)
Category:	downloaded
Size (bytes):	13729
Entropy (8bit):	4.578851535782598
Encrypted:	false
SSDEEP:	192:oyG0Ze4cF8Jo3HWSkFJq1jMwFax8MQ06l1vl5Qeo3vC3CB9AVQNe3o+daZirKJ0M:ul4p7ET1t513o8HM
MD5:	CE5610D1967A9435C9D065B082534EFC
SHA1:	6519074D0DC4E137CAAE0F9D012BBC79E94685BD
SHA-256:	23BEC1376312BE873FDFF35109BD4F2499F0FB8EE7742B3CAF8EEF22E9B96AE8
SHA-512:	00718F4E25A966522A37621F4A4EDC309DCBE9E72D3495CE7C7D062FBC842A960CCB28C6840C65004BDEB52247B6DEE6503492C0C63F602300DCB05C8BBD37F1
Malicious:	false
Reputation:	low
URL:	https://static.traffic.club/feed.js
Preview:	function getTcAds(trafficClubOptions){.. if (typeof trafficClubOptions == 'undefined') {. var trafficClubOptions = { customer: '136',. customerHash: '61b12be3794f752dcc23b3fa404930cb',. customerFolder: 'nxdrtb',. keyword: document.title,. invocation: 'feed' /* pop \| redirect \| custom \| feed */. };. . }. if(!trafficClubOptions.minimumBid){trafficClubOptions.minimumBid = 0.000;}. if(!trafficClubOptions.wait){trafficClubOptions.wait = 120;}. if(!trafficClubOptions.cap){trafficClubOptions.cap = 10;}. if(!trafficClubOptions.delay){trafficClubOptions.delay = 500;}. if(!trafficClubOptions.domain){trafficClubOptions.domain = window.location.hostname;}. if(!trafficClubOptions.container){trafficClubOptions.container = 'tcitems';}. if(!trafficClubOptions.maxItems){trafficClubOptions.max

Timestamp	kBytes transferred	Direction	Data
2023-06-02 20:56:53 UTC	16	OUT	GET /static/glade.js HTTP/1.1 Host: securepubads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEIlqHLAQj8qswBCLy8zAEI5bzMAQiywcwBCMTBzAEI18HMAQ== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: http://googlle.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUkzjscYZ52NAY8n0cT95jijV6W0yuM6NwF8WWQoBrDcA-yxPPCjwWHtVTdU
2023-06-02 20:56:53 UTC	17	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs" Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} Content-Length: 281 Date: Fri, 02 Jun 2023 20:56:53 GMT Expires: Fri, 09 Jun 2023 20:56:53 GMT Cache-Control: public, max-age=604800 Last-Modified: Mon, 08 Aug 2022 15:14:26 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-06-02 20:56:53 UTC	17	IN	Data Raw: 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 53 75 6e 73 65 74 20 4e 6f 74 69 63 65 3a 20 42 65 67 69 6e 6e 69 6e 67 20 4d 61 79 20 32 32 2c 20 32 30 32 32 2c 20 74 68 65 20 47 6f 6f 67 6c 65 20 50 75 62 6c 69 73 68 65 72 20 54 61 67 20 4c 69 67 68 74 20 28 47 6c 61 64 65 29 20 77 69 6c 6c 20 6e 6f 20 6c 6f 6e 67 65 72 20 62 65 20 61 62 6c 65 20 74 6f 20 72 65 71 75 65 73 74 20 61 64 73 2e 20 54 6f 20 61 76 6f 69 64 20 61 20 64 69 73 72 75 70 74 69 6f 6e 20 69 6e 20 73 65 72 76 69 63 65 2c 20 75 70 64 61 74 65 20 79 6f 75 72 20 73 69 74 65 20 74 6f 20 75 73 65 20 74 68 65 20 47 6f 6f 67 6c 65 20 50 75 62 6c 69 73 68 65 72 20 54 61 67 20 28 47 50 54 29 20 69 6e 73 74 65 61 64 2e 20 53 65 65 20 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 67 6f 6f Data Ascii: console.warn("Sunset Notice: Beginning May 22, 2022, the Google Publisher Tag Light (Glade) will no longer be able to request ads. To avoid a disruption in service, update your site to use the Google Publisher Tag (GPT) instead. See https://developers.goo

Timestamp	kBytes transferred	Direction	Data
2023-06-02 20:56:53 UTC	17	OUT	POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-43967021-7&cid=1629361200.1685771813&jid=1882257702&gjid=757249319&_gid=1187469835.1685771813&_u=YADAAEAAAAAAACAAI~&z=1946060893 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Content-Type: text/plain Accept: / Origin: http://googlle.com X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEIlqHLAQj8qswBCLy8zAEI5bzMAQiywcwBCMTBzAEI18HMAQ== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://googlle.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: IDE=AHWqTUkzjscYZ52NAY8n0cT95jijV6W0yuM6NwF8WWQoBrDcA-yxPPCjwWHtVTdU
2023-06-02 20:56:54 UTC	18	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: http://googlle.com Strict-Transport-Security: max-age=10886400; includeSubDomains; preload Date: Fri, 02 Jun 2023 20:56:53 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Last-Modified: Sun, 17 May 1998 03:00:00 GMT Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Server: Golfe2 Content-Length: 1 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2023-06-02 20:56:54 UTC	19	IN	Data Raw: 31 Data Ascii: 1

Target ID:	0
Start time:	22:56:48
Start date:	02/06/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	1
Start time:	22:56:49
Start date:	02/06/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1732,i,9270715840034612609,4984599360076910508,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Target ID:	2
Start time:	22:56:51
Start date:	02/06/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://googlle.com
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://googlle.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Windows Analysis Report
http://googlle.com

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre