Edit tour

Windows Analysis Report
http://allegro-6999.com/

Overview

General Information

Sample URL:	http://allegro-6999.com/
Analysis ID:	1500139
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2232,i,1626809697608765213,10813932585993829049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://allegro-6999.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_112	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 439Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 22:15:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8b9f6b3579c7437b-EWRalt-svc: h3=":443"; ma=86400

Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: chromecache_112.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_112.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57541 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50885
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57541
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_1892_1826583336

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@23/14@11/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2232,i,1626809697608765213,10813932585993829049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://allegro-6999.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2232,i,1626809697608765213,10813932585993829049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://allegro-6999.com/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://wieistmeineip.de	0%	URL Reputation	safe
https://gliadomain.com	0%	URL Reputation	safe
https://nourishingpursuits.com	0%	URL Reputation	safe
https://johndeere.com	0%	URL Reputation	safe
https://songstats.com	0%	URL Reputation	safe
https://p106.net	0%	URL Reputation	safe
https://mystudentdashboard.com	0%	URL Reputation	safe
https://songshare.com	0%	URL Reputation	safe
https://smaker.pl	0%	URL Reputation	safe
https://p24.hu	0%	URL Reputation	safe
https://cardsayings.net	0%	URL Reputation	safe
https://text.com	0%	URL Reputation	safe
https://hazipatika.com	0%	URL Reputation	safe
https://cognitiveai.ru	0%	URL Reputation	safe
https://drimer.travel	0%	URL Reputation	safe
https://deccoria.pl	0%	URL Reputation	safe
https://salemovetravel.com	0%	URL Reputation	safe
https://welt.de	0%	URL Reputation	safe
https://drimer.io	0%	URL Reputation	safe
https://infoedgeindia.com	0%	URL Reputation	safe
https://cognitive-ai.ru	0%	URL Reputation	safe
https://cafemedia.com	0%	URL Reputation	safe
https://graziadaily.co.uk	0%	URL Reputation	safe
https://thirdspace.org.au	0%	URL Reputation	safe
https://smpn106jkt.sch.id	0%	URL Reputation	safe
https://landyrev.com	0%	URL Reputation	safe
https://the42.ie	0%	URL Reputation	safe
https://helpdesk.com	0%	URL Reputation	safe
https://salemovefinancial.com	0%	URL Reputation	safe
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://indiatodayne.in	0%	URL Reputation	safe
https://medonet.pl	0%	Avira URL Cloud	safe
https://poalim.xyz	0%	Avira URL Cloud	safe
https://unotv.com	0%	Avira URL Cloud	safe
https://mercadolivre.com	0%	Avira URL Cloud	safe
https://reshim.org	0%	Avira URL Cloud	safe
https://mercadoshops.com.br	0%	Avira URL Cloud	safe
https://zdrowietvn.pl	0%	Avira URL Cloud	safe
https://joyreactor.cc	0%	Avira URL Cloud	safe
https://mercadoshops.com.co	0%	Avira URL Cloud	safe
https://baomoi.com	0%	Avira URL Cloud	safe
https://hearty.gift	0%	Avira URL Cloud	safe
https://bolasport.com	0%	Avira URL Cloud	safe
https://supereva.it	0%	Avira URL Cloud	safe
https://elfinancierocr.com	0%	Avira URL Cloud	safe
https://desimartini.com	0%	Avira URL Cloud	safe
https://mercadoshops.com	0%	Avira URL Cloud	safe
https://heartymail.com	0%	Avira URL Cloud	safe
https://hearty.app	0%	Avira URL Cloud	safe
https://rws1nvtvt.com	0%	Avira URL Cloud	safe
https://nlc.hu	0%	Avira URL Cloud	safe
https://radio2.be	0%	Avira URL Cloud	safe
https://finn.no	0%	Avira URL Cloud	safe
https://hc1.com	0%	Avira URL Cloud	safe
https://kompas.tv	0%	Avira URL Cloud	safe
https://24.hu	0%	Avira URL Cloud	safe
https://mercadopago.com.pe	0%	Avira URL Cloud	safe
https://mercadopago.com.mx	0%	Avira URL Cloud	safe
https://mightytext.net	0%	Avira URL Cloud	safe
https://talkdeskqaid.com	0%	Avira URL Cloud	safe
https://joyreactor.com	0%	Avira URL Cloud	safe
https://pudelek.pl	0%	Avira URL Cloud	safe
https://cookreactor.com	0%	Avira URL Cloud	safe
https://wildixin.com	0%	Avira URL Cloud	safe
https://eworkbookcloud.com	0%	Avira URL Cloud	safe
https://nacion.com	0%	Avira URL Cloud	safe
https://chennien.com	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe
https://mercadopago.cl	0%	Avira URL Cloud	safe
https://talkdeskstgid.com	0%	Avira URL Cloud	safe
https://bonvivir.com	0%	Avira URL Cloud	safe
https://naukri.com	0%	Avira URL Cloud	safe
https://interia.pl	0%	Avira URL Cloud	safe
https://carcostadvisor.be	0%	Avira URL Cloud	safe
https://poalim.site	0%	Avira URL Cloud	safe
https://sapo.io	0%	Avira URL Cloud	safe
https://blackrockadvisorelite.it	0%	Avira URL Cloud	safe
https://wpext.pl	0%	Avira URL Cloud	safe
https://mercadoshops.com.ar	0%	Avira URL Cloud	safe
https://elpais.uy	0%	Avira URL Cloud	safe
https://tucarro.com.ve	0%	Avira URL Cloud	safe
https://commentcamarche.com	0%	Avira URL Cloud	safe
https://rws3nvtvt.com	0%	Avira URL Cloud	safe
https://eleconomista.net	0%	Avira URL Cloud	safe
https://07c225f3.online	0%	Avira URL Cloud	safe
https://clmbtech.com	0%	Avira URL Cloud	safe
https://mercadopago.com.br	0%	Avira URL Cloud	safe
https://mercadolivre.com.br	0%	Avira URL Cloud	safe
https://standardsandpraiserepurpose.com	0%	Avira URL Cloud	safe
https://commentcamarche.net	0%	Avira URL Cloud	safe
https://mighty-app.appspot.com	0%	Avira URL Cloud	safe
https://etfacademy.it	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0	0%	Avira URL Cloud	safe
https://hj.rs	0%	Avira URL Cloud	safe
https://mercadolibre.com.gt	0%	Avira URL Cloud	safe
https://hearty.me	0%	Avira URL Cloud	safe
https://allegro-6999.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://timesinternet.in	0%	Avira URL Cloud	safe
https://idbs-staging.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	142.250.185.164	true	false	unknown
allegro-6999.com	104.21.42.180	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://allegro-6999.com/xml/index.html	false		unknown
https://a.nel.cloudflare.com/report/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0	false	Avira URL Cloud: safe	unknown
https://allegro-6999.com/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_112.2.dr	false	Avira URL Cloud: safe	unknown
https://wieistmeineip.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.co	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://gliadomain.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.xyz	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolivre.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://reshim.org	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nourishingpursuits.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://medonet.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://unotv.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://joyreactor.cc	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://zdrowietvn.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://johndeere.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songstats.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://baomoi.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://supereva.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://elfinancierocr.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bolasport.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws1nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://desimartini.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.app	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.gift	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadoshops.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://heartymail.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://nlc.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://p106.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://radio2.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://finn.no	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hc1.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://kompas.tv	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mystudentdashboard.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://songshare.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://smaker.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.mx	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://p24.hu	sets.json.0.dr	false	URL Reputation: safe	unknown
https://talkdeskqaid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://24.hu	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.com.pe	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cardsayings.net	sets.json.0.dr	false	URL Reputation: safe	unknown
https://text.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mightytext.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://pudelek.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hazipatika.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://joyreactor.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cookreactor.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wildixin.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eworkbookcloud.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cognitiveai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://nacion.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://chennien.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://drimer.travel	sets.json.0.dr	false	URL Reputation: safe	unknown
https://deccoria.pl	sets.json.0.dr	false	URL Reputation: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_112.2.dr	false	Avira URL Cloud: safe	unknown
https://mercadopago.cl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://talkdeskstgid.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://naukri.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://interia.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://bonvivir.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://carcostadvisor.be	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovetravel.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://sapo.io	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://wpext.pl	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://welt.de	sets.json.0.dr	false	URL Reputation: safe	unknown
https://poalim.site	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://drimer.io	sets.json.0.dr	false	URL Reputation: safe	unknown
https://infoedgeindia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://blackrockadvisorelite.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://cognitive-ai.ru	sets.json.0.dr	false	URL Reputation: safe	unknown
https://cafemedia.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://graziadaily.co.uk	sets.json.0.dr	false	URL Reputation: safe	unknown
https://thirdspace.org.au	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadoshops.com.ar	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://smpn106jkt.sch.id	sets.json.0.dr	false	URL Reputation: safe	unknown
https://elpais.uy	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://landyrev.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://the42.ie	sets.json.0.dr	false	URL Reputation: safe	unknown
https://commentcamarche.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://tucarro.com.ve	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://rws3nvtvt.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://eleconomista.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://helpdesk.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadolivre.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://clmbtech.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://standardsandpraiserepurpose.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://07c225f3.online	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://salemovefinancial.com	sets.json.0.dr	false	URL Reputation: safe	unknown
https://mercadopago.com.br	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://commentcamarche.net	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://etfacademy.it	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mighty-app.appspot.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hj.rs	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://hearty.me	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://mercadolibre.com.gt	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://timesinternet.in	sets.json.0.dr	false	Avira URL Cloud: safe	unknown
https://indiatodayne.in	sets.json.0.dr	false	URL Reputation: safe	unknown
https://idbs-staging.com	sets.json.0.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.42.180	allegro-6999.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500139
Start date and time:	2024-08-28 00:14:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://allegro-6999.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@23/14@11/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 66.102.1.84, 172.217.18.110, 34.104.35.123, 13.85.23.86, 93.184.221.240, 192.229.221.95, 13.95.31.18, 52.165.164.15, 142.250.185.195
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, 6.d.a.8.b.e.f.b.0.0.0.0.0.0.0.0.4.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://allegro-6999.com/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.021127689065198
Encrypted:	false
SSDEEP:	48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
MD5:	68E6B5733E04AB7BF19699A84D8ABBC2
SHA1:	1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
SHA-256:	F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
SHA-512:	9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9159446964030753
Encrypted:	false
SSDEEP:	3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
MD5:	CFB54589424206D0AE6437B5673F498D
SHA1:	D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
SHA-256:	285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
SHA-512:	70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
Malicious:	false
Reputation:	low
Preview:	1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.4533115571544695
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
MD5:	C3419069A1C30140B77045ABA38F12CF
SHA1:	11920F0C1E55CADC7D2893D1EEBB268B3459762A
SHA-256:	DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
SHA-512:	C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9748
Entropy (8bit):	4.629326694042306
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
MD5:	EEA4913A6625BEB838B3E4E79999B627
SHA1:	1B4966850F1B117041407413B70BFA925FD83703
SHA-256:	20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
SHA-512:	31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4408
Entropy (8bit):	5.087951956134119
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisCkwA2ZLimqrR49PaQxJbGD:1j9jhjYjIK/Vo+tsWZOmqrO9ieJGD
MD5:	412019EB80103ED5E364BA91A3F5A426
SHA1:	F96427D2CC263CF8E1728D47E98046716A3BD4ED
SHA-256:	710C88DE7ACB00EC87E91CDBB29A59B6EBE3DCF0BA36F4F72ABDF8FA3C7EB47E
SHA-512:	79A31E34AC7489CFB8E876F74D6802F55E74D679EEB43666CB15ECF2C060840BC8EC53B59638C1D49F92F06A20B5FE30079E8C28AC622DBA09990120F7E232D9
Malicious:	false
Reputation:	low
URL:	https://allegro-6999.com/xml/index.html
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	6722
Entropy (8bit):	4.290562476999482
Encrypted:	false
SSDEEP:	96:9EJmdzxtFCeZOj+JIej51Dt8X2q0lFWbCAOdQNXbHiresWf5M:KsZlJIW5V2MgVikHirxs5M
MD5:	A76815DB161544F6F2416F19496E99D9
SHA1:	5009F9478C4ACF96A6578CB735CB71B225A88ED8
SHA-256:	9122CAD9D8FC2BE7A6CF8B9BF9FB070C4DF8FF36BF63A0DBAB314849BB6A4765
SHA-512:	B6A8346FA84318A10409E5623D3D64BB7151E000E8E243DAB3159ED0E3DCF0840172E386F5FE63E0133C6D7E44A20B39775B11AC7F21340F30E7AF8C12F6A435
Malicious:	false
Reputation:	low
URL:	https://allegro-6999.com/favicon.ico
Preview:	<!DOCTYPE html>..<html>..<head>.. <meta charset="UTF-8">.. <title>System error</title>.. <meta name="robots" content="noindex,nofollow" />.. <style>.. /* Base */.. body {.. color: #333;.. font: 16px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif;.. margin: 0;.. padding: 0 20px 20px;.. }.. h1{.. margin: 10px 0 0;.. font-size: 28px;.. font-weight: 500;.. line-height: 32px;.. }.. h2{.. color: #4288ce;.. font-weight: 400;.. padding: 6px 0;.. margin: 6px 0 0;.. font-size: 18px;.. border-bottom: 1px solid #eee;.. }.. h3{.. margin: 12px;.. font-size: 16px;.. font-weight: bold;.. }.. abbr{.. cursor: help;.. text-decoration: underline;.. text-decoration-style: dotted;..

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://allegro-6999.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://allegro-6999.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 00:15:05.316837072 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 28, 2024 00:15:06.217216015 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.217246056 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.220576048 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.220777035 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.220791101 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.694154024 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.694674015 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.694689989 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.695732117 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.695801020 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.696974993 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.697040081 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.697244883 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.697252035 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.744143009 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.980880022 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.980943918 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.981015921 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.982196093 CEST	49736	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.982207060 CEST	443	49736	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.987404108 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.987443924 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:06.987633944 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.987847090 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:06.987860918 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.447092056 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.448112011 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.448133945 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.448465109 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.449212074 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.449278116 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.449470043 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.492502928 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578537941 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578587055 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578614950 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578655005 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578684092 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.578696012 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578707933 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.578749895 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.578814983 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.632759094 CEST	49738	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.632772923 CEST	443	49738	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.640033007 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.640050888 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:07.640139103 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.640352964 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:07.640364885 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.106647968 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.149844885 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.307784081 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.307796955 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.308280945 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.309176922 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.309250116 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.309572935 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.352494001 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406064034 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406105042 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406135082 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406150103 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.406162024 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406200886 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406202078 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.406213999 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406261921 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.406267881 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406822920 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.406900883 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.406907082 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.410748005 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.410775900 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.410804987 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.410813093 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.410866022 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.492779016 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.492837906 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.492885113 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.492892027 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.492919922 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.492963076 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.492969036 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.493010044 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.493051052 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.493057013 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.493091106 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.493132114 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.549602985 CEST	49740	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.549612045 CEST	443	49740	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.877402067 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.877429008 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.877551079 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.877769947 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:08.877782106 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:08.928458929 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:08.928492069 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:08.928638935 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:08.929039001 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:08.929054022 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:09.316627026 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:09.316659927 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:09.316951990 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:09.318636894 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:09.318650961 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:09.394800901 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.395508051 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.395520926 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.395951033 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.397032022 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.397119999 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.397300005 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.440501928 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.443933964 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.548909903 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.548985004 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.549130917 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.549757004 CEST	49741	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.549765110 CEST	443	49741	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.561453104 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:09.561691046 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:09.561711073 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:09.562726974 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:09.562793970 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:09.646522045 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:09.646691084 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:09.671849966 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.671879053 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.671977043 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.672588110 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:09.672600031 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:09.692665100 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:09.692678928 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:09.737236023 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:10.742568016 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:10.747973919 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:10.748143911 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:10.785407066 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.892401934 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.892412901 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:10.892952919 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:10.899331093 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:10.899357080 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:10.899696112 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:10.903539896 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.903615952 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:10.904685020 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.904706001 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:10.904804945 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.905837059 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.905849934 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:10.906155109 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:10.941606045 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:10.952487946 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.159754038 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.159801006 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.159837008 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.159940958 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.159953117 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.159991026 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.160017967 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.160020113 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.160032034 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.160056114 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.160114050 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.160238028 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.168519974 CEST	49745	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.168531895 CEST	443	49745	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.183079958 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.224503040 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.371340036 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.371412039 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.371469021 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.371675014 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.371695995 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.371707916 CEST	49744	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.371712923 CEST	443	49744	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.380990028 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.381356955 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.381369114 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.382402897 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.382458925 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.382865906 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.382925987 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.383183956 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.383189917 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.400182962 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.400207043 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.400473118 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.400770903 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:11.400783062 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:11.425996065 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.500577927 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.500648975 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.500799894 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.503978968 CEST	49746	443	192.168.2.4	104.21.42.180
Aug 28, 2024 00:15:11.503997087 CEST	443	49746	104.21.42.180	192.168.2.4
Aug 28, 2024 00:15:11.508239985 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:11.508272886 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:11.508410931 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:11.508855104 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:11.508868933 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:11.671783924 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:11.677881002 CEST	53	57539	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:11.677944899 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:11.678561926 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:11.683427095 CEST	53	57539	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:12.869472980 CEST	53	57539	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:12.869843960 CEST	53	57539	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:12.869947910 CEST	53	57539	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:12.870328903 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:12.870328903 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:12.870615959 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:12.872675896 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:12.872755051 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:12.874111891 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:12.874123096 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:12.874380112 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:12.875613928 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:12.876905918 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:12.877296925 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:12.877315998 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:12.878494978 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:12.878571033 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:12.879112005 CEST	53	57539	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:12.879163980 CEST	57539	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:12.892271042 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:12.892363071 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:12.892493963 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:12.892505884 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:12.916496992 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:12.943217993 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.016151905 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.016220093 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.016310930 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.016555071 CEST	49748	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.016575098 CEST	443	49748	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.017220974 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.017256975 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.017328978 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.017854929 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.017864943 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.158318043 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:13.158380032 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:13.158610106 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:13.160510063 CEST	49747	443	192.168.2.4	184.28.90.27
Aug 28, 2024 00:15:13.160526037 CEST	443	49747	184.28.90.27	192.168.2.4
Aug 28, 2024 00:15:13.472476006 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.474359989 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.474385023 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.474755049 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.475979090 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.476036072 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.476314068 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.516498089 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.603714943 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.603848934 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:13.603914976 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.604274988 CEST	57541	443	192.168.2.4	35.190.80.1
Aug 28, 2024 00:15:13.604295015 CEST	443	57541	35.190.80.1	192.168.2.4
Aug 28, 2024 00:15:19.585778952 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:19.585839987 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:19.585900068 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:21.278484106 CEST	49743	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:15:21.278522968 CEST	443	49743	142.250.185.164	192.168.2.4
Aug 28, 2024 00:15:48.185216904 CEST	49642	53	192.168.2.4	162.159.36.2
Aug 28, 2024 00:15:48.190110922 CEST	53	49642	162.159.36.2	192.168.2.4
Aug 28, 2024 00:15:48.190247059 CEST	49642	53	192.168.2.4	162.159.36.2
Aug 28, 2024 00:15:48.190376997 CEST	49642	53	192.168.2.4	162.159.36.2
Aug 28, 2024 00:15:48.197485924 CEST	53	49642	162.159.36.2	192.168.2.4
Aug 28, 2024 00:15:48.663714886 CEST	53	49642	162.159.36.2	192.168.2.4
Aug 28, 2024 00:15:48.664040089 CEST	49642	53	192.168.2.4	162.159.36.2
Aug 28, 2024 00:15:48.670296907 CEST	53	49642	162.159.36.2	192.168.2.4
Aug 28, 2024 00:15:48.670393944 CEST	49642	53	192.168.2.4	162.159.36.2
Aug 28, 2024 00:16:07.920005083 CEST	50883	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:16:07.926404953 CEST	53	50883	1.1.1.1	192.168.2.4
Aug 28, 2024 00:16:07.926471949 CEST	50883	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:16:07.926497936 CEST	50883	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:16:07.933917046 CEST	53	50883	1.1.1.1	192.168.2.4
Aug 28, 2024 00:16:08.401248932 CEST	53	50883	1.1.1.1	192.168.2.4
Aug 28, 2024 00:16:08.401638985 CEST	50883	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:16:08.406835079 CEST	53	50883	1.1.1.1	192.168.2.4
Aug 28, 2024 00:16:08.406887054 CEST	50883	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:16:08.741513968 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:08.741559982 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:08.741694927 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:08.741993904 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:08.742010117 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:09.435760975 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:09.443252087 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:09.443285942 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:09.443629026 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:09.448035955 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:09.448108912 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:09.490004063 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:19.295305014 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:19.295403004 CEST	443	50885	142.250.185.164	192.168.2.4
Aug 28, 2024 00:16:19.295567036 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:20.977396011 CEST	50885	443	192.168.2.4	142.250.185.164
Aug 28, 2024 00:16:20.977431059 CEST	443	50885	142.250.185.164	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 00:15:05.336344957 CEST	53	52318	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:05.336375952 CEST	53	57097	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:06.167479038 CEST	55367	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:06.172374964 CEST	57228	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:06.183137894 CEST	53	55367	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:06.189094067 CEST	53	57228	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:06.191997051 CEST	52617	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:06.192236900 CEST	62733	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:06.207923889 CEST	53	52617	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:06.228616953 CEST	53	62733	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:06.534181118 CEST	53	61814	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:08.850608110 CEST	49915	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:08.851305962 CEST	50550	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:08.926433086 CEST	53	50550	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:08.926450014 CEST	53	49915	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:09.769591093 CEST	58841	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:09.769983053 CEST	62685	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:10.747021914 CEST	53	58841	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:10.893569946 CEST	58541	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:10.896318913 CEST	53	62685	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:10.907578945 CEST	53	58541	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:11.497760057 CEST	53740	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:11.498006105 CEST	62926	53	192.168.2.4	1.1.1.1
Aug 28, 2024 00:15:11.506635904 CEST	53	53740	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:11.507462978 CEST	53	62926	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:11.671214104 CEST	53	62805	1.1.1.1	192.168.2.4
Aug 28, 2024 00:15:24.386667013 CEST	138	138	192.168.2.4	192.168.2.255
Aug 28, 2024 00:15:48.184323072 CEST	53	56495	162.159.36.2	192.168.2.4
Aug 28, 2024 00:15:48.729087114 CEST	53	64019	1.1.1.1	192.168.2.4
Aug 28, 2024 00:16:04.401756048 CEST	53	58497	1.1.1.1	192.168.2.4
Aug 28, 2024 00:16:07.919564962 CEST	53	55227	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 28, 2024 00:15:06.229288101 CEST	192.168.2.4	1.1.1.1	c22f	(Port unreachable)	Destination Unreachable
Aug 28, 2024 00:15:10.907666922 CEST	192.168.2.4	1.1.1.1	c22f	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 28, 2024 00:15:06.167479038 CEST	192.168.2.4	1.1.1.1	0xc2a2	Standard query (0)	allegro-6999.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:06.172374964 CEST	192.168.2.4	1.1.1.1	0x233c	Standard query (0)	allegro-6999.com	65	IN (0x0001)	false
Aug 28, 2024 00:15:06.191997051 CEST	192.168.2.4	1.1.1.1	0xf350	Standard query (0)	allegro-6999.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:06.192236900 CEST	192.168.2.4	1.1.1.1	0xb556	Standard query (0)	allegro-6999.com	65	IN (0x0001)	false
Aug 28, 2024 00:15:08.850608110 CEST	192.168.2.4	1.1.1.1	0xd487	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:08.851305962 CEST	192.168.2.4	1.1.1.1	0x4d02	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 28, 2024 00:15:09.769591093 CEST	192.168.2.4	1.1.1.1	0x5c4a	Standard query (0)	allegro-6999.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:09.769983053 CEST	192.168.2.4	1.1.1.1	0xbe01	Standard query (0)	allegro-6999.com	65	IN (0x0001)	false
Aug 28, 2024 00:15:10.893569946 CEST	192.168.2.4	1.1.1.1	0x2e65	Standard query (0)	allegro-6999.com	65	IN (0x0001)	false
Aug 28, 2024 00:15:11.497760057 CEST	192.168.2.4	1.1.1.1	0xf65d	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:11.498006105 CEST	192.168.2.4	1.1.1.1	0x2be0	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 28, 2024 00:15:06.183137894 CEST	1.1.1.1	192.168.2.4	0xc2a2	No error (0)	allegro-6999.com		104.21.42.180	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:06.183137894 CEST	1.1.1.1	192.168.2.4	0xc2a2	No error (0)	allegro-6999.com		172.67.207.122	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:06.189094067 CEST	1.1.1.1	192.168.2.4	0x233c	No error (0)	allegro-6999.com			65	IN (0x0001)	false
Aug 28, 2024 00:15:06.207923889 CEST	1.1.1.1	192.168.2.4	0xf350	No error (0)	allegro-6999.com		104.21.42.180	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:06.207923889 CEST	1.1.1.1	192.168.2.4	0xf350	No error (0)	allegro-6999.com		172.67.207.122	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:06.228616953 CEST	1.1.1.1	192.168.2.4	0xb556	No error (0)	allegro-6999.com			65	IN (0x0001)	false
Aug 28, 2024 00:15:08.926433086 CEST	1.1.1.1	192.168.2.4	0x4d02	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 28, 2024 00:15:08.926450014 CEST	1.1.1.1	192.168.2.4	0xd487	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:10.747021914 CEST	1.1.1.1	192.168.2.4	0x5c4a	No error (0)	allegro-6999.com		104.21.42.180	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:10.747021914 CEST	1.1.1.1	192.168.2.4	0x5c4a	No error (0)	allegro-6999.com		172.67.207.122	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:10.896318913 CEST	1.1.1.1	192.168.2.4	0xbe01	No error (0)	allegro-6999.com			65	IN (0x0001)	false
Aug 28, 2024 00:15:10.907578945 CEST	1.1.1.1	192.168.2.4	0x2e65	No error (0)	allegro-6999.com			65	IN (0x0001)	false
Aug 28, 2024 00:15:11.506635904 CEST	1.1.1.1	192.168.2.4	0xf65d	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:20.900650978 CEST	1.1.1.1	192.168.2.4	0x9414	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:15:20.900650978 CEST	1.1.1.1	192.168.2.4	0x9414	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Aug 28, 2024 00:15:34.174293995 CEST	1.1.1.1	192.168.2.4	0x3897	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 00:15:34.174293995 CEST	1.1.1.1	192.168.2.4	0x3897	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

allegro-6999.com

https:

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.21.42.180	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:06 UTC	659	OUT	GET / HTTP/1.1 Host: allegro-6999.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:06 UTC	668	IN	HTTP/1.1 302 Found Date: Tue, 27 Aug 2024 22:15:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-control: no-cache,must-revalidate Location: http://allegro-6999.com/xml/index.html CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYdlSCKM4GaVhuperBHvALMjx87Og4mLqWdbUo42OXGhaghJ6GURdY3M9V%2FIvi4JPLJgo9qEUSFiRk40Q0GNjFEtA2i%2BQ2Vj2ZBcvioLdday6zzig1uzv5OGLN5%2B%2FmdA52P7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9f6b1b4c56421d-EWR alt-svc: h3=":443"; ma=86400
2024-08-27 22:15:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	104.21.42.180	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:07 UTC	673	OUT	GET /xml/index.html HTTP/1.1 Host: allegro-6999.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:07 UTC	541	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:15:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5p2AHZZpzYm%2Fb5UazqygyNjQz8K6S7B2VueMB71g0RZPbQJfDB7zLl6b3UmIdYNqT03Stw0JSoccMUUBVusSE5pfcfy807wii6zYkFfLXu4Dypuk79m4RinEpmB1CMIkQewL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9f6b2009ea0fa8-EWR
2024-08-27 22:15:07 UTC	828	IN	Data Raw: 31 31 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1138<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-08-27 22:15:07 UTC	1369	IN	Data Raw: 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 27 29 Data Ascii: ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert')
2024-08-27 22:15:07 UTC	1369	IN	Data Raw: 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 43 4d 6f 32 38 34 42 7a 4d 53 79 61 55 5a 52 5f 53 72 58 51 4b 4f 75 52 58 72 44 42 75 73 51 30 2e 67 50 70 4a 6f 45 45 72 59 51 2d 31 37 32 34 37 39 36 39 30 37 2d 30 2e 30 2e 31 2e 31 2d 2f 78 6d 6c 2f 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 Data Ascii: <input type="hidden" name="atok" value="CMo284BzMSyaUZR_SrXQKOuRXrDBusQ0.gPpJoEErYQ-1724796907-0.0.1.1-/xml/index.html"> <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" s
2024-08-27 22:15:07 UTC	850	IN	Data Raw: 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 72 61 6e 64 5f 6c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6c 6f 75 64 66 6c 61 72 65 3c 2f Data Ascii: sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</
2024-08-27 22:15:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	104.21.42.180	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:08 UTC	573	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: allegro-6999.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://allegro-6999.com/xml/index.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:08 UTC	411	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:15:08 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Wed, 21 Aug 2024 12:07:35 GMT ETag: "66c5d887-5df3" Server: cloudflare CF-RAY: 8b9f6b253d8b32d3-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 28 Aug 2024 00:15:08 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-27 22:15:08 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-08-27 22:15:08 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	104.21.42.180	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:09 UTC	651	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: allegro-6999.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://allegro-6999.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:09 UTC	409	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:15:09 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 23 Aug 2024 16:44:30 GMT ETag: "66c8bc6e-1c4" Server: cloudflare CF-RAY: 8b9f6b2c5fbf8c8a-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 28 Aug 2024 00:15:09 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-27 22:15:09 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	104.21.42.180	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:10 UTC	602	OUT	GET /favicon.ico HTTP/1.1 Host: allegro-6999.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://allegro-6999.com/xml/index.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:11 UTC	632	IN	HTTP/1.1 404 Not Found Date: Tue, 27 Aug 2024 22:15:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8b9f6b3579c7437b-EWR alt-svc: h3=":443"; ma=86400
2024-08-27 22:15:11 UTC	737	IN	Data Raw: 31 61 34 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 79 73 74 65 6d 20 65 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 Data Ascii: 1a42<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title>System error</title> <meta name="robots" content="noindex,nofollow" /> <style> /* Base */ body { color: #333; font: 16px Ve
2024-08-27 22:15:11 UTC	1369	IN	Data Raw: 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 68 33 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 74 79 Data Ascii: 1px solid #eee; } h3{ margin: 12px; font-size: 16px; font-weight: bold; } abbr{ cursor: help; text-decoration: underline; text-decoration-sty
2024-08-27 22:15:11 UTC	1369	IN	Data Raw: 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75 72 69 65 72 2c 56 65 72 64 61 6e 61 2c 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 20 2e 63 6f 64 65 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 31 32 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 36 70 Data Ascii: font-family: Consolas,"Liberation Mono",Courier,Verdana,""; } .exception .code{ float: left; text-align: center; color: #fff; margin-right: 12px; padding: 16p
2024-08-27 22:15:11 UTC	1369	IN	Data Raw: bb 91 22 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 20 2e 74 72 61 63 65 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75 72 Data Ascii: "; } .exception .trace{ padding: 6px; border: 1px solid #ddd; border-top: 0 none; line-height: 16px; font-size:14px; font-family: Consolas,"Liberation Mono",Cour
2024-08-27 22:15:11 UTC	1369	IN	Data Raw: 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 74 6f 70 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72 20 74 61 62 6c 65 20 74 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 Data Ascii: padding: 0 6px; vertical-align: top; word-break: break-all; } .exception-var table td:first-child{ width: 28%; font-weight: bold; white-space: nowrap;
2024-08-27 22:15:11 UTC	517	IN	Data Raw: 74 79 70 72 69 6e 74 20 2e 64 65 63 2c 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 76 61 72 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 30 36 20 7d 20 20 2f 2a 20 61 20 64 65 63 6c 61 72 61 74 69 6f 6e 3b 20 61 20 76 61 72 69 61 62 6c 65 20 6e 61 6d 65 20 2a 2f 0d 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 66 75 6e 20 7b 20 63 6f 6c 6f 72 3a 20 72 65 64 20 7d 20 20 2f 2a 20 61 20 66 75 6e 63 74 69 6f 6e 20 6e 61 6d 65 20 2a 2f 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 63 68 6f 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 78 Data Ascii: typrint .dec, pre.prettyprint .var { color: #606 } /* a declaration; a variable name / pre.prettyprint .fun { color: red } / a function name */ </style></head><body> <div class="echo"> </div> <div class="ex
2024-08-27 22:15:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 22:15:11 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=62715 Date: Tue, 27 Aug 2024 22:15:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	104.21.42.180	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:11 UTC	386	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: allegro-6999.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:11 UTC	409	IN	HTTP/1.1 200 OK Date: Tue, 27 Aug 2024 22:15:11 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Wed, 21 Aug 2024 12:07:35 GMT ETag: "66c5d887-1c4" Server: cloudflare CF-RAY: 8b9f6b38899072b7-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 28 Aug 2024 00:15:11 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-08-27 22:15:11 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-27 22:15:13 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=66627 Date: Tue, 27 Aug 2024 22:15:13 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-27 22:15:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	35.190.80.1	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:12 UTC	535	OUT	OPTIONS /report/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://allegro-6999.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:13 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Tue, 27 Aug 2024 22:15:12 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	57541	35.190.80.1	443	4500	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-27 22:15:13 UTC	476	OUT	POST /report/v4?s=T9cSTp%2BvTmYYcTlpfctFVVw5XH2oP4bkYJ1dlgD6C1qCLxjipS9k5mdM2E00gNq7e%2FC3J5Y1ZcWY%2FB7RN3LPZVtumsST0fg82WuYA37tDuMK6ybWlwFVyURiAp6Aakdooab0 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 439 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-27 22:15:13 UTC	439	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 33 33 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 34 39 34 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 6c 65 67 72 6f 2d 36 39 39 39 2e 63 6f 6d 2f 78 6d 6c 2f 69 6e 64 65 78 2e 68 74 6d 6c 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 34 32 2e 31 38 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 Data Ascii: [{"age":332,"body":{"elapsed_time":1494,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://allegro-6999.com/xml/index.html","sampling_fraction":1.0,"server_ip":"104.21.42.180","status_code":404,"type":"http.error"},"type":"netw
2024-08-27 22:15:13 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Tue, 27 Aug 2024 22:15:13 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	18:15:00
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	18:15:03
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 --field-trial-handle=2232,i,1626809697608765213,10813932585993829049,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:15:05
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://allegro-6999.com/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_112, type: DROPPED

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: global traffic	TCP traffic: 192.168.2.4:50883 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:57539 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.4:49642 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: allegro-6999.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xml/index.html HTTP/1.1Host: allegro-6999.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: allegro-6999.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://allegro-6999.com/xml/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: allegro-6999.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allegro-6999.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allegro-6999.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allegro-6999.com/xml/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: allegro-6999.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: allegro-6999.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://allegro-6999.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping1892_1180222276\sets.json

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1892, Parent PID: 5640

Windows Analysis Report
http://allegro-6999.com/