Edit tour

Windows Analysis Report
http://www.ysb238.cc/

Overview

General Information

Sample URL:	http://www.ysb238.cc/
Analysis ID:	1520323
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTML body contains password input but no form action

HTML body with high number of embedded images detected

HTML title does not match URL

Sample execution stops while process was sleeping (likely an evasion)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2104,i,10249913158765710233,4527019494180493909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ysb238.cc/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

conhost.exe (PID: 6368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

HTTP traffic detected: POST /visitor.ashx?siteId=60003589 HTTP/1.1Host: 09i32g.uuie34661.comConnection: keep-aliveContent-Length: 69sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://www.ysb238.cc:8989Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ysb238.cc:8989/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: kngx/1.10.2Date: Fri, 27 Sep 2024 06:15:19 GMTContent-Type: text/htmlContent-Length: 570Connection: closeKs-Deny-Reason: secure-time-arg-time-not-foundX-Cdn-Request-ID: c112e25c70065981270422909d9cf4a7x-link-via: xjp21:443;
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Fri, 27 Sep 2024 06:15:33 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Fri, 27 Sep 2024 06:15:38 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found, conatact supportServer: CloudFrontDate: Fri, 27 Sep 2024 06:15:46 GMTContent-Length: 0Connection: closeX-Cache: FunctionGeneratedResponse from cloudfrontVia: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P6X-Amz-Cf-Id: OT25haSd8WI6YMw0kuqGjOKyHL3jHUlPab1HkrA_c6R9FsSusAfpgA==
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Fri, 27 Sep 2024 06:16:11 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Fri, 27 Sep 2024 06:16:19 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Fri, 27 Sep 2024 06:16:20 GMTContent-Type: text/htmlContent-Length: 520Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found, conatact supportServer: CloudFrontDate: Fri, 27 Sep 2024 06:16:21 GMTContent-Length: 0Connection: closeX-Cache: FunctionGeneratedResponse from cloudfrontVia: 1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P6X-Amz-Cf-Id: ZeD4Yu1tOltexaMFhYhUQX-CjspemuWiymlOmz_sN6n51i1MdhL2PQ==

Source: chromecache_205.2.dr, chromecache_280.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_522.2.dr	String found in binary or memory: http://www.idangero.us/swiper/
Source: chromecache_406.2.dr	String found in binary or memory: https://09i32g.uuie34661.com
Source: chromecache_512.2.dr	String found in binary or memory: https://3656fkapp.com/xiazai.html
Source: chromecache_524.2.dr, chromecache_512.2.dr	String found in binary or memory: https://365kkf.cc/
Source: chromecache_524.2.dr, chromecache_512.2.dr	String found in binary or memory: https://365pina.cc:8989/
Source: chromecache_527.2.dr, chromecache_406.2.dr	String found in binary or memory: https://9j91gbh.uuie34661.com/fileservice/v1
Source: chromecache_524.2.dr, chromecache_512.2.dr	String found in binary or memory: https://b.3656azjul11.cc:8989/verify-page/index.html
Source: chromecache_524.2.dr, chromecache_512.2.dr	String found in binary or memory: https://b.365jul10.com:8989/
Source: chromecache_527.2.dr, chromecache_406.2.dr	String found in binary or memory: https://n3igha.uuie34661.com
Source: chromecache_527.2.dr, chromecache_406.2.dr	String found in binary or memory: https://psowoexvd.n2vu8zpu2f6.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 50193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50253
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50257
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50264
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50270
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50273
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50279
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50281
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@19/579@23/11

Source: C:\Windows\System32\conhost.exe

Mutant created: \BaseNamedObjects\Local\SM0:6368:120:WilError_03

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2104,i,10249913158765710233,4527019494180493909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.ysb238.cc/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2104,i,10249913158765710233,4527019494180493909,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: chromecache_484.2.dr	Binary or memory string: Zr2SudqbE4jT7X7pKtoagmBl3zzUfBXMD3oEki+1ATWYfdbhgfs8nTenERqEhNnXfS8pxxRFoo8+
Source: chromecache_231.2.dr, chromecache_310.2.dr	Binary or memory string: I/MiMTmSrilSngfrheUTlDZTRC9uFHXiRAScJlqV/NyU7RBjeaNyxVheCzP4pf7hD5QEMuAHiCXW
Source: chromecache_283.2.dr	Binary or memory string: PEO/MBD8MM/jbolASxzE9KPw6HJ6zRzyOjjMYhGfShVhYeSytWYV5KTWgcjRk2yw1lFJ4nur/905
Source: chromecache_484.2.dr	Binary or memory string: A5PPwGjYwKG0g2ftEzipHgfsLEDVCuBMCULnxVHl1ZFGfajw5PPoWpfD4NXnwl2/ATS3CP3QDGqV
Source: chromecache_484.2.dr	Binary or memory string: 4eH7D8C38yjXQkYcOobsec80gG9NJ/jaPV/HoGPi3DVjuPKsLXjBxjVMcinS3JzuSXtDTtr5e6K1

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.ysb238.cc/	100%	Avira URL Cloud	phishing
http://www.ysb238.cc/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
http://www.idangero.us/swiper/	0%	URL Reputation	safe
https://o1tyg6.innittapp.com/fserver/files/sportTeam/football/en04.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/api-tabs-sprite-black.png	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-gray01.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-silver.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/floatImage/230/1727320957925.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-02.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/index-chess.jpg.base64	0%	Avira URL Cloud	safe
https://3656fkapp.com/xiazai.html	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/icon-heart2.png	0%	Avira URL Cloud	safe
https://9j91gbh.uuie34661.com/fileservice/v1	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_154_SFG_WDNezhaFishingLegend.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/icon-close-game.png	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/icon-sprite-desktop.svg?v=2.base64	0%	Avira URL Cloud	safe
https://b.365jul10.com:8989/	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/gui-skin-default.css	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js	0%	Avira URL Cloud	safe
https://psowoexvd.n2vu8zpu2f6.com/livechat.ashx?siteId=60003589	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-white.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/game-bg1.jpg	0%	Avira URL Cloud	safe
https://09i32g.uuie34661.com	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/890_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/gui-base.js	0%	Avira URL Cloud	safe
https://365pina.cc:8989/	100%	Avira URL Cloud	malware
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/betNow.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/layer.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/inco2.png.base64	0%	Avira URL Cloud	safe
https://n3igha.uuie34661.com	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/float.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-03.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/app_logo/app_logo_627.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/220_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10301/1726506503813.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/jquery.raty.css	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10248/1705841616831.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-title-03.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1850_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://b.3656azjul11.cc:8989/verify-page/index.html	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl//commonPage/themes/images/hongbao/icon-close-1.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_154_SFG_WDMerryIslandFishing.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1727078840674	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-brown01.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/bg-products.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/body-bg.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/141/sportTeam/5/1724050324679.png.base64	0%	Avira URL Cloud	safe
https://09i32g.uuie34661.com/campaign.ashx?siteId=60003589&campaignId=847d9721-1d78-4b66-ad51-16bcd1ada948&lastUpdateTime=88C739F8	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-04.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl//commonPage/commonContent/nav/images/navbar-sub-sprite2.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/play.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-title-02.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/740_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/style/common.css	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1370_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10369/1718644154338.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/hb/css/pc.css	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/fish_btn.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/favicon/favicon_627.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/Casino-banner-img1.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_154_SFG_WDGoldenFortuneFishing.png.base64	0%	Avira URL Cloud	safe
https://psowoexvd.n2vu8zpu2f6.com/visitorside/js/common.14cb3f7d.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/icon-fullscreen.png	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10383/1695644169263.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/icon_match_prev.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-01.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/logo-foot.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl//commonPage/commonContent/nav/images/icon-menu-api.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/game-casino.css	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/index-game.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl//commonPage/commonContent/nav/images/icon-menu-api-chess.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/idangerous.swiper.css	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/sportTeam/football/en03.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-title-01.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/860_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-06.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/Casino-banner-img2.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-04.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1990_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1890_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/floatImage/225/1704100920201.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10182/1694949241591.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-gold.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/fserver/files/sportTeam/football/en01.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/Casino-banner-img1.gif.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/sports-infos-bg.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/moment.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-03.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-07.png.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/side-banner_zh_CN.jpg.base64	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js	0%	Avira URL Cloud	safe
https://psowoexvd.n2vu8zpu2f6.com	0%	Avira URL Cloud	safe
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-black.png.base64	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
d2fbug8oy6zx3g.cloudfront.net	13.225.78.122	true	false	unknown
l5-global.gslb.ksyuncdn.com	103.155.16.134	true	false	unknown
cluster91f2e088.hysjs168.com	20.239.97.157	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
a48d7a3baeaba2a67.awsglobalaccelerator.com	99.83.207.187	true	false	unknown
d30ye5lgbv8wkd.cloudfront.net	108.138.7.4	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
o1tyg6.innittapp.com	unknown	unknown	false	unknown
www.ysb238.cc	unknown	unknown	false	unknown
_8989._https.www.ysb238.cc	unknown	unknown	false	unknown
vue.livehelp100servicestandby.com	unknown	unknown	false	unknown
09i32g.uuie34661.com	unknown	unknown	false	unknown
psowoexvd.n2vu8zpu2f6.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/api-tabs-sprite-black.png	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/icon-heart2.png	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-02.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_ds_1001.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-silver.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-gray01.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/sportTeam/football/en04.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/floatImage/230/1727320957925.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/index-chess.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_154_SFG_WDNezhaFishingLegend.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/icon-close-game.png	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/icon-sprite-desktop.svg?v=2.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/theme/default/layer.css?v=3.1.0	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_018.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/gui-skin-default.css	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/jquery/jquery-1.11.3.min.js	false	Avira URL Cloud: safe	unknown
https://psowoexvd.n2vu8zpu2f6.com/livechat.ashx?siteId=60003589	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/game-bg1.jpg	false	Avira URL Cloud: safe	unknown
https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111	false		unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-white.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/890_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/betNow.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/gui-base.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/layer.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/inco2.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/float.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10301/1726506503813.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-03.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/jquery/jquery.nicescroll.min.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/220_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/app_logo/app_logo_627.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/jquery.raty.css	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10248/1705841616831.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-title-03.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl//commonPage/themes/images/hongbao/icon-close-1.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1850_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_154_SFG_WDMerryIslandFishing.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/jquery/jquery.super-marquee.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/061410/rcenter/common/static/js/gb.validation.min.js?v=1727078840674	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/body-bg.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-brown01.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/bg-products.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/141/sportTeam/5/1724050324679.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-04.png.base64	false	Avira URL Cloud: safe	unknown
https://09i32g.uuie34661.com/campaign.ashx?siteId=60003589&campaignId=847d9721-1d78-4b66-ad51-16bcd1ada948&lastUpdateTime=88C739F8	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl//commonPage/commonContent/nav/images/navbar-sub-sprite2.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/play.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_020.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/740_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-title-02.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/style/common.css	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_90_at2_030.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1370_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/hb/css/pc.css	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10369/1718644154338.jpg.base64	false	Avira URL Cloud: safe	unknown
https://psowoexvd.n2vu8zpu2f6.com/visitorside/js/common.14cb3f7d.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/favicon/favicon_627.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/fish_btn.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_154_SFG_WDGoldenFortuneFishing.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/Casino-banner-img1.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/icon-fullscreen.png	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/icon_match_prev.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10383/1695644169263.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-01.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/logo-foot.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl//commonPage/commonContent/nav/images/icon-menu-api.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/idangerous.swiper.css	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/game-casino.css	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/index-game.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/sportTeam/football/en03.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl//commonPage/commonContent/nav/images/icon-menu-api-chess.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-title-01.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/860_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/Casino-banner-img2.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-06.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-04.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1990_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/carousel/10182/1694949241591.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/0/game/NEWKY/1/1890_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-gold.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/gb/627/floatImage/225/1704100920201.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/fserver/files/sportTeam/football/en01.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/Casino-banner-img1.gif.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/themes/images/sports-infos-bg.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/partner-logo-07.png.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/moment.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/bet365-627/images/casino-banner-03.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/js/websocket/CometMarathon.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/themes/casino/images/side-banner_zh_CN.jpg.base64	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/061410/rcenter/common/js/gamebox/common/jquery.validate.extend.msites.js	false	Avira URL Cloud: safe	unknown
https://o1tyg6.innittapp.com/ftl/commonPage/images/partner/partner-hongtu-black.png.base64	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://3656fkapp.com/xiazai.html	chromecache_512.2.dr	false	Avira URL Cloud: safe	unknown
https://9j91gbh.uuie34661.com/fileservice/v1	chromecache_527.2.dr, chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown
https://b.365jul10.com:8989/	chromecache_524.2.dr, chromecache_512.2.dr	false	Avira URL Cloud: safe	unknown
https://09i32g.uuie34661.com	chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown
https://365pina.cc:8989/	chromecache_524.2.dr, chromecache_512.2.dr	false	Avira URL Cloud: malware	unknown
https://n3igha.uuie34661.com	chromecache_527.2.dr, chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown
https://b.3656azjul11.cc:8989/verify-page/index.html	chromecache_524.2.dr, chromecache_512.2.dr	false	Avira URL Cloud: safe	unknown
http://www.idangero.us/swiper/	chromecache_522.2.dr	false	URL Reputation: safe	unknown
https://psowoexvd.n2vu8zpu2f6.com	chromecache_527.2.dr, chromecache_406.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.225.78.122	d2fbug8oy6zx3g.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
103.155.16.134	l5-global.gslb.ksyuncdn.com	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
75.2.42.240	unknown	United States	16509	AMAZON-02US	false
108.138.7.4	d30ye5lgbv8wkd.cloudfront.net	United States	16509	AMAZON-02US	false
13.225.78.58	unknown	United States	16509	AMAZON-02US	false
99.83.207.187	a48d7a3baeaba2a67.awsglobalaccelerator.com	United States	16509	AMAZON-02US	false
20.239.97.157	cluster91f2e088.hysjs168.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520323
Start date and time:	2024-09-27 08:13:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.ysb238.cc/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@19/579@23/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.174, 64.233.184.84, 34.104.35.123, 52.165.165.26, 93.184.221.240, 40.69.42.241, 192.229.221.95, 142.250.185.74, 142.250.185.234, 142.250.186.170, 216.58.206.42, 142.250.181.234, 142.250.185.202, 142.250.184.234, 142.250.184.202, 216.58.212.138, 172.217.23.106, 216.58.206.74, 142.250.185.106, 216.58.212.170, 142.250.185.170, 172.217.18.106, 142.250.185.138, 142.250.184.227, 142.250.186.78
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://www.ysb238.cc/

Input	Output
URL: https://www.ysb238.cc:8989/ Model: jbxai	{ "brand":["bet365"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.ysb238.cc:8989/ Model: jbxai	{ "brand":["bet365"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.ysb238.cc:8989/ Model: jbxai	{ "brand":["bet365"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111 Model: jbxai	{ "brand":["bet365"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111 Model: jbxai	{ "brand":["Don Quixote"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111 Model: jbxai	{ "brand":["bet365"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 250 x 215, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	20484
Entropy (8bit):	7.976704647129774
Encrypted:	false
SSDEEP:	384:pBLLZvqURTXN5npCsJ+a+UIgmoZAkVTzWKZizN/k84LL2BD0M/DoDznNDBDKwJo:ptLBRTXxCsJficWKAzNN4aDBe/a
MD5:	7FACD57D474585A0C9E3B2B6D4762969
SHA1:	814362F72BEBA19C7DFB93B8D2BC760F87A2A00E
SHA-256:	3BF01B8E569DBD7060D7DCB2222E7E3EBC9E42F715535DF2315C877FED9046BD
SHA-512:	792D38344EFCBCD8765C1695770BE65D6576AB04463178D1F601DABEC10DE958A47149033FCB18F1B94A6D9AC518747B5388D488AA8EC65ECC359FAA9066DCEF
Malicious:	false
Reputation:	low
URL:	https://www.ysb238.cc:8989/ftl/resource/chess/public/game/game01/2x/zh_CN/game_fish_60_7006.png
Preview:	.PNG........IHDR.....................PLTE.................S+.x....o+...\|l..?.....b$..e..~{ZG..._...-.3...hT.x_.<...w(.q.......I......x;.....Q....\...w?.r2...X@.n..C...2.A..L..:.:..G....w.)..0..2..!......Q.\|.H....&....>...u.J......`.o.n>.-..(.9...%..3.....!.....!.?.H...V...{...g.4..o..D`......Ko.....+...R$I.Qp..,.3..s'..yD....4.@.wA.B..f.3.W.\.k>.^-.f4......_.,C./..+.....+.b...Xo...F...\|..D....O..h ..(...(.c.P.<..S .7...........x9&.t..f.N.l7.c.Y".}[.p..5.E!.Y.........^...D ..`.S..d..@.vfX......W..s.8.l!v.9Q!.&..\|(}.`:.+../a....R.}R.b..!.r... U...e.h.T.....b..S..st.uC.`..U.1..m\.tCS'!.....s.W:.K+...ZL.\|..V.....o...RQ.lL.A.a..>G.I.J.}.dm.}q.&5.J....bWt.<....q..@.....Jr......;.....m.S].8...tG@.0;....Xj....6o.JJ.U..n..c..........tV~H8K...6.th....tRNS.5.#....O.#<.yAv.p[............b.m.........$>\|..L.IDATx....k"g..p...!4...B.6E.. &.88..D.. .d!0...e..P.....^+..C..J...j..9.!.....b-=x......<.L'...m6.....fK?.>.;.u..ll.].e.\|v

Source: http://www.ysb238.cc/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://www.ysb238.cc/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Source: https://www.ysb238.cc:8989/	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111	HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://www.ysb238.cc:8989/	HTTP Parser: Total embedded image size: 4450775
Source: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111	HTTP Parser: Total embedded image size: 495064

Source: https://www.ysb238.cc:8989/	HTTP Parser: Title: bet365 -No.1 does not match URL
Source: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111	HTTP Parser: Title: bet365 -No.1 does not match URL

Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="author".. found
Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="author".. found
Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="author".. found
Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="author".. found
Source: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111	HTTP Parser: No <meta name="author".. found

Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ysb238.cc:8989/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ysb238.cc:8989/chess.html?apiType=5&apiId=111	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.ysb238.cc
Source: global traffic	DNS traffic detected: DNS query: _8989._https.www.ysb238.cc
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: o1tyg6.innittapp.com
Source: global traffic	DNS traffic detected: DNS query: psowoexvd.n2vu8zpu2f6.com
Source: global traffic	DNS traffic detected: DNS query: 09i32g.uuie34661.com
Source: global traffic	DNS traffic detected: DNS query: vue.livehelp100servicestandby.com

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 08:14:54.769129992 CEST	192.168.2.4	1.1.1.1	0x39fd	Standard query (0)	www.ysb238.cc	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:54.769426107 CEST	192.168.2.4	1.1.1.1	0xa137	Standard query (0)	www.ysb238.cc	65	IN (0x0001)	false
Sep 27, 2024 08:14:56.183715105 CEST	192.168.2.4	1.1.1.1	0x7113	Standard query (0)	www.ysb238.cc	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:56.183902025 CEST	192.168.2.4	1.1.1.1	0x9901	Standard query (0)	_8989._https.www.ysb238.cc	65	IN (0x0001)	false
Sep 27, 2024 08:14:56.866065025 CEST	192.168.2.4	1.1.1.1	0x81e8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:56.866326094 CEST	192.168.2.4	1.1.1.1	0xa183	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 27, 2024 08:14:58.836977959 CEST	192.168.2.4	1.1.1.1	0xc24d	Standard query (0)	o1tyg6.innittapp.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:58.837160110 CEST	192.168.2.4	1.1.1.1	0xbcc4	Standard query (0)	o1tyg6.innittapp.com	65	IN (0x0001)	false
Sep 27, 2024 08:14:59.849323988 CEST	192.168.2.4	1.1.1.1	0xf034	Standard query (0)	o1tyg6.innittapp.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:59.907649994 CEST	192.168.2.4	1.1.1.1	0x4a0b	Standard query (0)	www.ysb238.cc	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:59.907975912 CEST	192.168.2.4	1.1.1.1	0x32bd	Standard query (0)	_8989._https.www.ysb238.cc	65	IN (0x0001)	false
Sep 27, 2024 08:15:01.874763966 CEST	192.168.2.4	1.1.1.1	0x8d6b	Standard query (0)	o1tyg6.innittapp.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:01.875212908 CEST	192.168.2.4	1.1.1.1	0x27c9	Standard query (0)	o1tyg6.innittapp.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:24.150763988 CEST	192.168.2.4	1.1.1.1	0x6927	Standard query (0)	psowoexvd.n2vu8zpu2f6.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:24.151279926 CEST	192.168.2.4	1.1.1.1	0x51d8	Standard query (0)	psowoexvd.n2vu8zpu2f6.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:25.994647980 CEST	192.168.2.4	1.1.1.1	0xe05b	Standard query (0)	psowoexvd.n2vu8zpu2f6.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:25.994812965 CEST	192.168.2.4	1.1.1.1	0x4579	Standard query (0)	psowoexvd.n2vu8zpu2f6.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:29.618103027 CEST	192.168.2.4	1.1.1.1	0xd7e5	Standard query (0)	09i32g.uuie34661.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:29.618344069 CEST	192.168.2.4	1.1.1.1	0x5edd	Standard query (0)	09i32g.uuie34661.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:32.381884098 CEST	192.168.2.4	1.1.1.1	0x91a3	Standard query (0)	09i32g.uuie34661.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:32.382272005 CEST	192.168.2.4	1.1.1.1	0x5c38	Standard query (0)	09i32g.uuie34661.com	65	IN (0x0001)	false
Sep 27, 2024 08:15:43.524075985 CEST	192.168.2.4	1.1.1.1	0xf857	Standard query (0)	vue.livehelp100servicestandby.com	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:43.524236917 CEST	192.168.2.4	1.1.1.1	0xeeaf	Standard query (0)	vue.livehelp100servicestandby.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 08:14:55.296231031 CEST	1.1.1.1	192.168.2.4	0xa137	No error (0)	www.ysb238.cc	site.36ok56cname.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:55.296231031 CEST	1.1.1.1	192.168.2.4	0xa137	No error (0)	site.36ok56cname.com	ee754749.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:55.314685106 CEST	1.1.1.1	192.168.2.4	0x39fd	No error (0)	www.ysb238.cc	site.36ok56cname.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:55.314685106 CEST	1.1.1.1	192.168.2.4	0x39fd	No error (0)	site.36ok56cname.com	ee754749.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:55.314685106 CEST	1.1.1.1	192.168.2.4	0x39fd	No error (0)	ee754749.hysjs168.com	cluster91f2e088.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:55.314685106 CEST	1.1.1.1	192.168.2.4	0x39fd	No error (0)	cluster91f2e088.hysjs168.com		20.239.97.157	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:56.620222092 CEST	1.1.1.1	192.168.2.4	0x7113	No error (0)	www.ysb238.cc	site.36ok56cname.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:56.620222092 CEST	1.1.1.1	192.168.2.4	0x7113	No error (0)	site.36ok56cname.com	ee754749.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:56.620222092 CEST	1.1.1.1	192.168.2.4	0x7113	No error (0)	ee754749.hysjs168.com	cluster91f2e088.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:56.620222092 CEST	1.1.1.1	192.168.2.4	0x7113	No error (0)	cluster91f2e088.hysjs168.com		20.239.97.157	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:56.872999907 CEST	1.1.1.1	192.168.2.4	0x81e8	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:14:56.873094082 CEST	1.1.1.1	192.168.2.4	0xa183	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 27, 2024 08:14:56.879585981 CEST	1.1.1.1	192.168.2.4	0x9901	Name error (3)	_8989._https.www.ysb238.cc	none	none	65	IN (0x0001)	false
Sep 27, 2024 08:14:59.725928068 CEST	1.1.1.1	192.168.2.4	0xbcc4	No error (0)	o1tyg6.innittapp.com	o1tyg6.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:59.725928068 CEST	1.1.1.1	192.168.2.4	0xbcc4	No error (0)	o1tyg6.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:59.848572969 CEST	1.1.1.1	192.168.2.4	0xc24d	No error (0)	o1tyg6.innittapp.com	o1tyg6.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:59.848572969 CEST	1.1.1.1	192.168.2.4	0xc24d	No error (0)	o1tyg6.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:14:59.848572969 CEST	1.1.1.1	192.168.2.4	0xc24d	No error (0)	l5-global.gslb.ksyuncdn.com		103.155.16.134	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:00.344352007 CEST	1.1.1.1	192.168.2.4	0xf034	No error (0)	o1tyg6.innittapp.com	o1tyg6.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:00.344352007 CEST	1.1.1.1	192.168.2.4	0xf034	No error (0)	o1tyg6.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:00.344352007 CEST	1.1.1.1	192.168.2.4	0xf034	No error (0)	l5-global.gslb.ksyuncdn.com		103.155.16.134	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:00.375874043 CEST	1.1.1.1	192.168.2.4	0x32bd	Name error (3)	_8989._https.www.ysb238.cc	none	none	65	IN (0x0001)	false
Sep 27, 2024 08:15:00.488519907 CEST	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	www.ysb238.cc	site.36ok56cname.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:00.488519907 CEST	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	site.36ok56cname.com	ee754749.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:00.488519907 CEST	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	ee754749.hysjs168.com	cluster91f2e088.hysjs168.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:00.488519907 CEST	1.1.1.1	192.168.2.4	0x4a0b	No error (0)	cluster91f2e088.hysjs168.com		20.239.97.157	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:02.314358950 CEST	1.1.1.1	192.168.2.4	0x27c9	No error (0)	o1tyg6.innittapp.com	o1tyg6.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:02.314358950 CEST	1.1.1.1	192.168.2.4	0x27c9	No error (0)	o1tyg6.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:02.320223093 CEST	1.1.1.1	192.168.2.4	0x8d6b	No error (0)	o1tyg6.innittapp.com	o1tyg6.innittapp.com.download.ks-cdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:02.320223093 CEST	1.1.1.1	192.168.2.4	0x8d6b	No error (0)	o1tyg6.innittapp.com.download.ks-cdn.com	l5-global.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:02.320223093 CEST	1.1.1.1	192.168.2.4	0x8d6b	No error (0)	l5-global.gslb.ksyuncdn.com		103.155.16.134	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:09.489931107 CEST	1.1.1.1	192.168.2.4	0xcbe4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:09.489931107 CEST	1.1.1.1	192.168.2.4	0xcbe4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:24.197783947 CEST	1.1.1.1	192.168.2.4	0x6927	No error (0)	psowoexvd.n2vu8zpu2f6.com	vueselfdomain.livehelp100service.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:24.197783947 CEST	1.1.1.1	192.168.2.4	0x6927	No error (0)	vueselfdomain.livehelp100service.com	d2fbug8oy6zx3g.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:24.197783947 CEST	1.1.1.1	192.168.2.4	0x6927	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.122	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:24.197783947 CEST	1.1.1.1	192.168.2.4	0x6927	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.104	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:24.197783947 CEST	1.1.1.1	192.168.2.4	0x6927	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.62	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:24.197783947 CEST	1.1.1.1	192.168.2.4	0x6927	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.58	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:24.360059977 CEST	1.1.1.1	192.168.2.4	0x51d8	No error (0)	psowoexvd.n2vu8zpu2f6.com	vueselfdomain.livehelp100service.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:24.360059977 CEST	1.1.1.1	192.168.2.4	0x51d8	No error (0)	vueselfdomain.livehelp100service.com	d2fbug8oy6zx3g.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:26.039868116 CEST	1.1.1.1	192.168.2.4	0x4579	No error (0)	psowoexvd.n2vu8zpu2f6.com	vueselfdomain.livehelp100service.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:26.039868116 CEST	1.1.1.1	192.168.2.4	0x4579	No error (0)	vueselfdomain.livehelp100service.com	d2fbug8oy6zx3g.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:26.040920973 CEST	1.1.1.1	192.168.2.4	0xe05b	No error (0)	psowoexvd.n2vu8zpu2f6.com	vueselfdomain.livehelp100service.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:26.040920973 CEST	1.1.1.1	192.168.2.4	0xe05b	No error (0)	vueselfdomain.livehelp100service.com	d2fbug8oy6zx3g.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:26.040920973 CEST	1.1.1.1	192.168.2.4	0xe05b	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.58	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:26.040920973 CEST	1.1.1.1	192.168.2.4	0xe05b	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.62	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:26.040920973 CEST	1.1.1.1	192.168.2.4	0xe05b	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.104	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:26.040920973 CEST	1.1.1.1	192.168.2.4	0xe05b	No error (0)	d2fbug8oy6zx3g.cloudfront.net		13.225.78.122	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:26.611200094 CEST	1.1.1.1	192.168.2.4	0x1cf	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:26.611200094 CEST	1.1.1.1	192.168.2.4	0x1cf	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:29.645366907 CEST	1.1.1.1	192.168.2.4	0x5edd	No error (0)	09i32g.uuie34661.com	a48d7a3baeaba2a67.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:29.931694984 CEST	1.1.1.1	192.168.2.4	0xd7e5	No error (0)	09i32g.uuie34661.com	a48d7a3baeaba2a67.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:29.931694984 CEST	1.1.1.1	192.168.2.4	0xd7e5	No error (0)	a48d7a3baeaba2a67.awsglobalaccelerator.com		99.83.207.187	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:29.931694984 CEST	1.1.1.1	192.168.2.4	0xd7e5	No error (0)	a48d7a3baeaba2a67.awsglobalaccelerator.com		75.2.42.240	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:32.409495115 CEST	1.1.1.1	192.168.2.4	0x5c38	No error (0)	09i32g.uuie34661.com	a48d7a3baeaba2a67.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:32.409971952 CEST	1.1.1.1	192.168.2.4	0x91a3	No error (0)	09i32g.uuie34661.com	a48d7a3baeaba2a67.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:32.409971952 CEST	1.1.1.1	192.168.2.4	0x91a3	No error (0)	a48d7a3baeaba2a67.awsglobalaccelerator.com		75.2.42.240	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:32.409971952 CEST	1.1.1.1	192.168.2.4	0x91a3	No error (0)	a48d7a3baeaba2a67.awsglobalaccelerator.com		99.83.207.187	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:44.279623985 CEST	1.1.1.1	192.168.2.4	0xeeaf	No error (0)	vue.livehelp100servicestandby.com	d30ye5lgbv8wkd.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:44.303786993 CEST	1.1.1.1	192.168.2.4	0xf857	No error (0)	vue.livehelp100servicestandby.com	d30ye5lgbv8wkd.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:44.303786993 CEST	1.1.1.1	192.168.2.4	0xf857	No error (0)	d30ye5lgbv8wkd.cloudfront.net		108.138.7.4	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:44.303786993 CEST	1.1.1.1	192.168.2.4	0xf857	No error (0)	d30ye5lgbv8wkd.cloudfront.net		108.138.7.54	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:44.303786993 CEST	1.1.1.1	192.168.2.4	0xf857	No error (0)	d30ye5lgbv8wkd.cloudfront.net		108.138.7.52	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:44.303786993 CEST	1.1.1.1	192.168.2.4	0xf857	No error (0)	d30ye5lgbv8wkd.cloudfront.net		108.138.7.65	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:15:46.106661081 CEST	1.1.1.1	192.168.2.4	0xb19c	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:15:46.106661081 CEST	1.1.1.1	192.168.2.4	0xb19c	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 27, 2024 08:16:06.262211084 CEST	1.1.1.1	192.168.2.4	0xaec1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 27, 2024 08:16:06.262211084 CEST	1.1.1.1	192.168.2.4	0xaec1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Sep 27, 2024 08:14:55.320458889 CEST	428	OUT	GET / HTTP/1.1 Host: www.ysb238.cc Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 27, 2024 08:14:56.179526091 CEST	232	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=utf-8 Location: https://www.ysb238.cc:8989/ Date: Fri, 27 Sep 2024 06:14:56 GMT Content-Length: 62 Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 73 62 32 33 38 2e 63 63 3a 38 39 38 39 2f 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://www.ysb238.cc:8989/">Moved Permanently</a>.
Sep 27, 2024 08:15:41.217720985 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:14:59 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:14:59 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37875 Date: Fri, 27 Sep 2024 06:14:59 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-27 06:15:00 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=37820 Date: Fri, 27 Sep 2024 06:15:00 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-27 06:15:00 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	570	OUT	GET /ftl/commonPage/themes/gui-base.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:01 UTC	693	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 17137 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05 ETag: W/"66bc0c2d-145e6" Date: Thu, 26 Sep 2024 13:01:33 GMT Last-Modified: Wed, 14 Aug 2024 01:45:17 GMT Expires: Sat, 26 Oct 2024 13:01:33 GMT Age: 62008 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-213 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-05 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-08 X-Cdn-Request-ID: 8db9c531d7b4e4ad7f462948af918834
2024-09-27 06:15:01 UTC	15691	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 7d 79 93 e4 c6 75 e7 ff fa 14 50 33 18 9c 21 ab 8a 00 ea ee 0a 4e 88 94 ad 23 2c d9 5e 51 d6 1e 14 83 81 02 b2 aa c0 41 01 25 00 d5 07 3b ca a1 f0 5a 22 ad b5 0e cb b2 b4 3a bc a2 7c 2d ad 90 e4 db 26 45 4a fe 32 ec 99 e1 5f fe 0a ce 1b 79 bc 44 a1 7b 64 ef 76 93 d3 55 99 bf 7c f9 f2 bd 97 2f ef cc 67 9f fe f0 87 bc a7 bd 8f 47 5b f4 42 71 f1 3b 9f ec bf 10 55 c8 bb 73 fd c3 9f 3f fc d1 17 3f f8 9f 6f 5d bf f1 e5 bb 04 70 86 ca 2a 2d 72 2f 18 f8 83 39 09 78 7e 5f 6f 8a f2 d4 7b b1 46 67 28 27 21 bf 16 d5 c8 db 16 49 ba 4a 51 e2 85 7e 30 ed fb f3 be 1f e2 b8 67 3f f4 ec d3 de c3 9f ff d9 f5 1f 7e e9 c1 9b ff 72 fd de d7 49 d0 47 d2 ed ae 28 6b 6f 5f 66 77 4e 36 45 be 5e 46 c5 20 ae aa 93 bb 0b 02 bf fe d2 5b d7 7f f7 c5 eb Data Ascii: }yuP3!N#,^QA%;Z":\|-&EJ2_yD{dvU\|/gG[Bq;Us??o]p*-r/9x~_o{Fg('!IJQ~0g?~rIG(ko_fwN6E^F [
2024-09-27 06:15:01 UTC	1446	IN	Data Raw: 9c df 4e 75 f3 26 d2 63 75 13 12 2b af a6 06 8f b8 fd df a7 7d fc 2f ee d6 28 9a ef 2b ab e2 9e 0a 12 ad 88 d7 b9 74 10 fb 78 08 fe 9f c9 87 6e 15 64 fc ff 1f 9d e3 6d f5 6a 08 e6 3f 4b a9 d8 81 fa d6 e0 05 bb 5d e6 75 57 78 e0 bb 79 f0 f5 6f be ff ee 3f 3f f8 fa 37 3e f8 f2 37 ff ed bd ef 11 b7 cb fa 24 fd 3a dd e9 be d6 f7 e7 2b b4 92 1e 7f 48 6e ac 50 fa 41 0b 55 11 ea d0 93 21 d5 de 05 3f 98 ad dd 89 42 5b 05 45 5e a4 c0 0d 27 83 28 c3 7e 4d ba 2a df d3 a3 95 0b 46 9a ab 45 3c be b5 47 87 7a 3b 68 2c 00 0f 6f f4 84 03 fc 8f b4 96 db 12 89 14 7b 55 07 37 6a a7 85 ca ab 25 6f fa 85 ec fc 82 da 19 ae 91 c9 58 1d 93 8d e8 37 6a 6f 64 12 53 f4 b3 fb 2c 5c cc 4c 10 35 fa 52 8d e4 b3 35 f0 75 b0 24 8e 8f 48 c6 ec 51 b0 9a 92 ed e2 b1 6d 84 1a e7 fb bf f8 e3 Data Ascii: Nu&cu+}/(+txndmj?K]uWxyo??7>7$:+HnPAU!?B[E^'(~M*FE<Gz;h,o{U7j%oX7jodS,\L5R5u$HQm

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	578	OUT	GET /ftl/commonPage/themes/gui-skin-default.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:01 UTC	693	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 6253 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06 ETag: W/"64ad1569-7b6e" Date: Thu, 05 Sep 2024 23:09:35 GMT Last-Modified: Tue, 11 Jul 2023 08:40:09 GMT Expires: Sat, 05 Oct 2024 23:09:35 GMT Age: 1839926 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-206 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-06 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-05 X-Cdn-Request-ID: fd3fedb4a59643af1c49faacd483f33c
2024-09-27 06:15:01 UTC	6253	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3d 6b 8f 1c c7 71 df f5 2b c6 14 08 de f1 6e 96 b3 cf bb dd 05 0f 3e 92 47 8a 72 68 4b 7c 58 24 65 7d 98 9d e9 dd 1d 71 76 66 31 33 cb bb e3 e2 00 05 49 04 2b 8e f3 70 92 0f 81 23 20 8c 11 c3 5f ec 0f 09 02 24 91 6d fd 97 c0 a4 c4 4f fe 0b e9 e7 4c 3f 6a 1e 7b 52 00 11 d0 1d a5 9b ed ae ae ae aa ae ae ae ae ae e9 fd e3 67 9f 5f b9 fc 9d 37 ac cb d6 2d 77 81 ae c5 27 0f 6e db f7 9e 04 91 7d 03 4d dd 55 98 59 5b af 7e f1 d7 2f ff e5 b7 af fe ec 57 2f 7e fc f1 1f 7f fb c9 ff 7e f4 0f f8 df 17 ff f4 bb 2f 3f f9 f7 2f fe e3 33 56 4b da 3f 45 49 1a c4 91 d5 6e 39 ad 21 29 38 5c 65 f3 38 19 59 f7 32 f4 14 45 a4 e4 86 9b 21 6b 11 fb c1 34 40 be d5 71 da 7b b6 33 b4 3b 6d 5c 77 85 50 71 35 ff b1 fc 24 5e fa f1 71 94 5a 7f f8 af 9f Data Ascii: =kq+n>GrhK\|X$e}qvf13I+p# _$mOL?j{Rg_7-w'n}MUY[~/W/~~/?/3VK?EIn9!)8\e8Y2E!k4@q{3;m\wPq5$^qZ

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	574	OUT	GET /ftl/bet365-627/themes/style/common.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:01 UTC	676	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 55877 Connection: close Server: Default-server-KS-CLOUD-XJP-12-04 ETag: "6327fe95-da45" Date: Mon, 16 Sep 2024 14:23:15 GMT Last-Modified: Mon, 19 Sep 2022 05:31:01 GMT Expires: Wed, 16 Oct 2024 14:23:15 GMT Age: 921106 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: MISS uuid: - out-line: gb-cdn-212 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-04 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-20 X-Cdn-Request-ID: 31595a22bfd56f55d9d8120ee7c88a5f
2024-09-27 06:15:01 UTC	15708	IN	Data Raw: ef bb bf 2f 2a 21 0a 20 2a 20 42 65 74 33 36 35 0a 20 2a 20 41 75 74 68 6f 72 3a 20 53 74 65 76 65 6e 0a 20 2a 20 55 70 64 61 74 65 20 62 79 20 32 30 31 37 2d 30 32 2d 32 30 0a 20 2a 2f 0a 0a 2f 2a 20 e7 a6 81 e7 94 a8 e5 93 8d e5 ba 94 20 2a 2f 0a 2e 63 6f 6e 74 61 69 6e 65 72 2d 66 6c 75 69 64 2c 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 31 30 30 70 78 7d 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 39 30 70 78 29 7b 0a 09 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 33 33 35 70 78 3b 7d 0a 7d 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 0a 09 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 33 33 35 70 78 3b 7d 0a 7d 0a 2e 73 63 72 65 65 6e 2d 6c 67 20 2e 63 6f 6e 74 61 69 6e Data Ascii: /! Bet365 * Author: Steven * Update by 2017-02-20 // */.container-fluid,.container{width:1100px}@media (min-width:990px){.container{width:1335px;}}@media (min-width:1200px){.container{width:1335px;}}.screen-lg .contain
2024-09-27 06:15:01 UTC	16384	IN	Data Raw: 63 6f 6c 6f 72 3a 23 46 46 44 46 31 42 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 33 3b 7d 0a 0a 2f 2a 20 69 6e 64 65 78 2d 73 6c 69 64 65 20 2a 2f 0a 2e 69 6e 64 65 78 2d 77 72 61 70 20 2e 6d 61 69 6e 2d 77 72 61 70 7b 77 69 64 74 68 3a 38 36 30 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 33 33 3b 70 61 64 64 69 6e 67 3a 35 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 7d 0a 2e 69 6e 64 65 78 2d 73 6c 69 64 65 7b 77 69 64 74 68 3a 38 34 34 70 78 3b 68 65 69 67 68 74 3a 32 32 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 62 6f 72 64 65 72 3a 33 70 78 20 73 6f 6c 69 64 20 23 36 33 36 33 36 33 3b 6d 61 72 67 69 6e 3a 35 70 Data Ascii: color:#FFDF1B;background-color:#333;}/* index-slide */.index-wrap .main-wrap{width:860px;float:left;background:#333;padding:5px;overflow:hidden;margin-bottom:0;}.index-slide{width:844px;height:220px;position:relative;border:3px solid #636363;margin:5p
2024-09-27 06:15:01 UTC	16384	IN	Data Raw: 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 7d 0a 2e 63 61 73 69 6e 6f 2d 6e 61 76 69 20 61 2e 69 63 6f 32 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 31 37 31 70 78 3b 7d 0a 2e 63 61 73 69 6e 6f 2d 6e 61 76 69 20 61 2e 69 63 6f 33 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 32 32 38 70 78 3b 7d 0a 2e 63 61 73 69 6e 6f 2d 61 64 62 6f 78 20 69 6d 67 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 7d 0a 2e 63 61 73 69 6e 6f 2d 61 64 62 6f 78 20 69 6d 67 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 39 39 65 39 65 3b 7d 0a 2e 63 61 73 69 6e 6f 2d 6c 69 73 74 20 75 6c 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 7d 0a 2e Data Ascii: t;color:#fff;}.casino-navi a.ico2{background-position:0 -171px;}.casino-navi a.ico3{background-position:0 -228px;}.casino-adbox img{border:1px solid #000;width:100%;}.casino-adbox img:hover{border-color:#199e9e;}.casino-list ul{padding:0;margin:0;}.
2024-09-27 06:15:01 UTC	7401	IN	Data Raw: 65 72 2d 70 61 6e 65 6c 20 2e 6d 65 6d 62 65 72 73 2d 64 72 6f 70 64 6f 77 6e 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 33 33 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 62 62 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 30 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 33 29 3b 63 6f 6c 6f 72 3a 23 33 33 33 3b 7d 0a 2e 68 65 61 64 65 72 2d 70 61 6e 65 6c 20 2e 6d 65 6d 62 65 72 73 2d 64 72 6f 70 64 6f 77 6e 3e 6c 69 7b 6d 61 72 67 69 6e 3a 33 70 78 20 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 7d 0a 2e 68 65 61 64 65 72 2d 70 61 6e 65 6c 20 2e 6d 65 6d 62 65 72 73 2d 64 72 6f 70 64 6f 77 Data Ascii: er-panel .members-dropdown{margin-top:0;padding:0;border:1px solid #333;border-radius:4px;background-color:#bbb;box-shadow:0 0 10px rgba(0,0,0,.3);color:#333;}.header-panel .members-dropdown>li{margin:3px 0;font-size:12px;}.header-panel .members-dropdow

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	588	OUT	GET /ftl/bet365-627/themes/style/bootstrap-dialog.min.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:01 UTC	674	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 2780 Connection: close Server: Default-server-KS-CLOUD-XJP-12-04 ETag: "6156cab3-adc" Date: Mon, 16 Sep 2024 14:23:17 GMT Last-Modified: Fri, 01 Oct 2021 08:45:39 GMT Expires: Wed, 16 Oct 2024 14:23:17 GMT Age: 921104 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: MISS uuid: - out-line: gb-cdn-212 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-04 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-03 X-Cdn-Request-ID: 428e74f18b4743b825206b7d6a5d5474
2024-09-27 06:15:01 UTC	2780	IN	Data Raw: 2e 62 6f 6f 74 73 74 72 61 70 2d 64 69 61 6c 6f 67 20 2e 6d 6f 64 61 6c 2d 68 65 61 64 65 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 20 34 70 78 0a 7d 0a 0a 2e 62 6f 6f 74 73 74 72 61 70 2d 64 69 61 6c 6f 67 20 2e 62 6f 6f 74 73 74 72 61 70 2d 64 69 61 6c 6f 67 2d 74 69 74 6c 65 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 0a 7d 0a 0a 2e 62 6f 6f 74 73 74 72 61 70 2d 64 69 61 6c 6f 67 20 2e 62 6f 6f 74 73 74 72 61 70 2d 64 69 61 6c 6f 67 2d 6d 65 73 73 61 67 65 20 Data Ascii: .bootstrap-dialog .modal-header { border-top-left-radius: 4px; border-top-right-radius: 4px}.bootstrap-dialog .bootstrap-dialog-title { color: #fff; text-align: center; font-size: 18px}.bootstrap-dialog .bootstrap-dialog-message

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	584	OUT	GET /ftl/bet365-627/themes/style/swiper-4.3.3.min.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:01 UTC	692	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 19773 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-05 ETag: "615c2c2b-4d3d" Date: Mon, 16 Sep 2024 14:23:18 GMT Last-Modified: Tue, 05 Oct 2021 10:42:51 GMT Expires: Wed, 16 Oct 2024 14:23:18 GMT Age: 921103 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: MISS uuid: - out-line: gb-cdn-213 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-05 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-02 X-Cdn-Request-ID: 780c4500d10e715845635dd9e5d32576
2024-09-27 06:15:01 UTC	15692	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 53 77 69 70 65 72 20 34 2e 33 2e 33 0a 20 2a 20 4d 6f 73 74 20 6d 6f 64 65 72 6e 20 6d 6f 62 69 6c 65 20 74 6f 75 63 68 20 73 6c 69 64 65 72 20 61 6e 64 20 66 72 61 6d 65 77 6f 72 6b 20 77 69 74 68 20 68 61 72 64 77 61 72 65 20 61 63 63 65 6c 65 72 61 74 65 64 20 74 72 61 6e 73 69 74 69 6f 6e 73 0a 20 2a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 69 64 61 6e 67 65 72 6f 2e 75 73 2f 73 77 69 70 65 72 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 34 2d 32 30 31 38 20 56 6c 61 64 69 6d 69 72 20 4b 68 61 72 6c 61 6d 70 69 64 69 0a 20 2a 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 6f 6e 3a 20 4a 75 6e 65 20 35 2c 20 32 30 31 Data Ascii: /** * Swiper 4.3.3 * Most modern mobile touch slider and framework with hardware accelerated transitions * http://www.idangero.us/swiper/ * * Copyright 2014-2018 Vladimir Kharlampidi * * Released under the MIT License * * Released on: June 5, 201
2024-09-27 06:15:01 UTC	4081	IN	Data Raw: 44 27 36 30 27 25 32 30 78 32 25 33 44 27 36 30 27 25 32 30 79 31 25 33 44 27 37 27 25 32 30 79 32 25 33 44 27 32 37 27 25 32 30 73 74 72 6f 6b 65 25 33 44 27 25 32 33 66 66 66 27 25 32 30 73 74 72 6f 6b 65 2d 77 69 64 74 68 25 33 44 27 31 31 27 25 32 30 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 25 33 44 27 72 6f 75 6e 64 27 25 32 46 25 33 45 25 33 43 25 32 46 64 65 66 73 25 33 45 25 33 43 67 25 33 45 25 33 43 75 73 65 25 32 30 78 6c 69 6e 6b 25 33 41 68 72 65 66 25 33 44 27 25 32 33 6c 27 25 32 30 6f 70 61 63 69 74 79 25 33 44 27 2e 32 37 27 25 32 46 25 33 45 25 33 43 75 73 65 25 32 30 78 6c 69 6e 6b 25 33 41 68 72 65 66 25 33 44 27 25 32 33 6c 27 25 32 30 6f 70 61 63 69 74 79 25 33 44 27 2e 32 37 27 25 32 30 74 72 61 6e 73 66 6f 72 6d 25 33 44 27 72 6f Data Ascii: D'60'%20x2%3D'60'%20y1%3D'7'%20y2%3D'27'%20stroke%3D'%23fff'%20stroke-width%3D'11'%20stroke-linecap%3D'round'%2F%3E%3C%2Fdefs%3E%3Cg%3E%3Cuse%20xlink%3Ahref%3D'%23l'%20opacity%3D'.27'%2F%3E%3Cuse%20xlink%3Ahref%3D'%23l'%20opacity%3D'.27'%20transform%3D'ro

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:00 UTC	567	OUT	GET /ftl/commonPage/js/jquery/jquery-1.11.3.min.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:01 UTC	708	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 33545 Connection: close Server: Default-server-KS-CLOUD-XJP-12-04 ETag: W/"5d848f4f-176d4" Date: Tue, 24 Sep 2024 18:27:36 GMT Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT Expires: Thu, 24 Oct 2024 18:27:36 GMT Age: 215245 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-206 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-04 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-02 X-Cdn-Request-ID: e84f9d57f9d99d35b9fd99cb8fd43176
2024-09-27 06:15:01 UTC	15676	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dc bd 79 7b e3 c6 b1 2e fe ff f9 14 22 e2 43 03 c3 16 25 8e ed dc 13 70 20 3e b6 c7 8e ed 78 4b 66 1c 3b a1 68 3f d8 48 42 e2 26 92 1a 8d 2c 32 9f fd d6 5b d5 dd 68 2c 1c 3b e7 dc df f2 5c 27 23 62 69 f4 5a 5d 5b d7 72 f1 ac 73 76 f3 d7 fb 7c fb 78 f6 66 d0 1f 0c fa 1f 9c 1d ce fc 34 38 7b 7e 79 f9 91 a2 bf 83 8f cc fb cf d7 f7 ab 2c de 17 eb 95 3a fb 72 95 f6 a9 e0 cd 1d de f4 d7 db d9 c5 a2 48 f3 d5 2e 3f 7b 76 f1 1f 9d e9 fd 2a 45 39 3f 56 49 f0 e4 ad 93 9b 3c dd 7b 51 b4 7f dc e4 eb e9 d9 72 9d dd 2f f2 6e f7 c4 8b 7e fe 76 b3 de ee 77 a3 ea 6d 14 f7 b3 75 7a bf cc 57 fb 51 42 35 77 2e 83 b0 6c 28 78 2a a6 7e a7 2c 12 ec e7 db f5 c3 d9 2a 7f 38 fb 6c bb 5d 6f 7d 4f 8f 62 9b df dd 17 db 7c 77 16 9f 3d 14 ab 8c ca 3c 14 fb Data Ascii: y{."C%p >xKf;h?HB&,2[h,;\'#biZ][rsv\|xf48{~y,:rH.?{vE9?VI<{Qr/n~vwmuzWQB5w.l(x~,*8l]o}Ob\|w=<
2024-09-27 06:15:01 UTC	16384	IN	Data Raw: 79 bd cc ca 8b 3d 68 12 92 9c a8 76 7e bf 92 65 72 b9 96 aa c7 56 19 1f 47 b8 17 e8 0c c1 77 15 ab 78 a1 95 88 7e ed 49 5f 5a e7 43 2a fb 1d cc eb d4 ae 58 de 2f 2a 6e 90 5a 95 27 fb 3d 2f 35 b5 0e 15 82 d1 08 6b 2b 62 55 ec 5e e9 1a 38 a5 43 a5 55 c2 af c7 60 98 8d 6a 62 84 9f 9b ec ca 4d f5 b7 56 7c c0 59 ed 84 b4 94 36 f8 41 e0 4b 57 3f 14 b5 3a db 8c aa 03 04 af dd 52 0a 73 d9 e6 7a c3 46 75 f5 44 dc a5 e7 b7 1c 22 0d 2b be 36 b4 0a 5a 9d 11 4b 26 6a 18 f6 f3 a5 48 61 55 c7 1c 88 fa 01 06 22 43 68 25 2c 00 b8 4a c4 2b 29 3c f2 d9 cf 8f 8f 15 04 28 2b ab 60 62 34 b1 28 aa f9 1c 7e d0 9c df c8 86 82 b4 8f 1c 64 d3 7c 29 b3 55 42 16 58 f6 51 1c 87 89 89 e2 25 6d c2 3d dc 82 11 6f b4 44 87 47 b0 a4 3a 92 21 98 5b 68 fc 56 24 c3 8a 78 20 c6 3c 25 0b 07 55 Data Ascii: y=hv~erVGwx~I_ZCX/nZ'=/5k+bU^8CU`jbMV\|Y6AKW?:RszFuD"+6ZK&jHaU"Ch%,J+)<(+`b4(~d\|)UBXQ%m=oDG:![hV$x <%U
2024-09-27 06:15:01 UTC	1485	IN	Data Raw: 6c 03 b6 3a bd 60 32 1b f4 58 f8 11 56 f8 41 42 07 2c 92 20 45 5d 66 05 74 19 f1 c7 a2 ad 79 09 69 17 74 9e 93 c6 6c 15 0d 19 9b 99 35 23 00 d3 d9 85 c4 c3 01 f3 94 c2 f4 79 15 ed 11 8f 15 69 21 dd c4 69 05 c3 4a e3 3e 5f 1d cd 17 eb 23 6c 23 e6 9c 4f 68 0a 76 2a 9c 92 54 18 a8 ec 91 be 82 84 bc 0a 6a 9e 38 65 fb 9d 1a b7 f8 79 97 02 4c 12 f3 f0 c2 c9 2d 1b 93 f5 41 fb 54 86 96 d9 44 bc 9a d8 b9 87 7f fc ba 33 61 4e dd 24 ad 5d 80 17 0b a7 fc 18 81 ac 23 c3 0e f2 7c 42 46 69 1d c1 bc 45 4f 3c 0f f4 c4 5b 8d a0 b4 22 2e 60 3b ab a9 7c 12 75 5c 30 f5 21 c6 e6 10 7a 70 dc 3c b4 61 c5 c6 d9 b0 68 80 55 c4 e0 8e 47 09 07 06 28 36 04 2b 5e 2e f3 09 7f a1 e3 c7 e4 ae f8 2d 15 1a 9f 26 81 66 43 03 a6 0e 46 76 53 2d 27 55 67 08 3f 79 1e af 4a f3 6e 0a 71 fe c9 7a Data Ascii: l:`2XVAB, E]ftyitl5#yi!iJ>_#l#Ohv*Tj8eyL-ATD3aN$]#\|BFiEO<[".`;\|u\0!zp<ahUG(6+^.-&fCFvS-'Ug?yJnqz

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:02 UTC	605	OUT	GET /ftl/commonPage/themes/hongbao.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://o1tyg6.innittapp.com/ftl/commonPage/themes/gui-base.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:03 UTC	693	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 5666 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01 ETag: W/"64252e4f-d530" Date: Sun, 22 Sep 2024 08:00:44 GMT Last-Modified: Thu, 30 Mar 2023 06:38:07 GMT Expires: Tue, 22 Oct 2024 08:00:44 GMT Age: 425659 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-211 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-01 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-18 X-Cdn-Request-ID: 0810958c2b1f5ae036403a06a89fdaef
2024-09-27 06:15:03 UTC	5666	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 5d 7b 8f dc d6 75 ff df 9f 82 85 61 44 16 c4 59 92 b3 b3 4f a4 30 92 d8 a8 5b 20 30 da f4 81 fe b3 e0 ce 70 76 18 71 87 83 19 ae 56 6b 41 40 d2 d8 75 ad 2a 51 9b 36 51 9a c4 68 15 c4 8a 9a c2 8f c2 8e 65 2b 86 fd 65 34 fb f8 16 bd 7c 9f 4b de 7b 79 cf bd 77 bc 56 25 41 da 99 e1 f0 fc ce fb 9c 1f 39 a3 b5 ab af 7d fb e2 e1 cf 2f 1e fc 61 f9 f9 67 67 bf bf bf fc ec cb e5 bf de 39 fd af c7 cb cf ef d9 fb c1 41 38 bd ba f6 5c 6f 18 1f da fe e8 46 30 4f c2 45 70 18 4c 13 fb 78 ee cf 7a 91 7f 72 14 da e4 ef 60 6e dd b2 f6 fd e1 f5 83 79 7c 34 1d d9 c3 38 8a e7 3b d6 f3 e3 f1 d8 fa 93 f0 70 16 cf 13 7f 9a ec 5a b7 a5 4e 05 1f d8 8b 20 39 0e a7 f4 73 c3 28 5e 04 a9 c4 78 3e 4a 1f 16 d2 bc 51 fa 7b d7 6a 3e 66 49 25 ef 1e 85 8b 19 Data Ascii: ]{uaDYO0[ 0pvqVkA@u*Q6Qhe+e4\|K{ywV%A9}/agg9A8\oF0OEpLxzr`ny\|48;pZN 9s(^x>JQ{j>fI%

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.ysb238.cc/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 204

Chrome Cache Entry: 205

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 210

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 216

Chrome Cache Entry: 217

Chrome Cache Entry: 218

Chrome Cache Entry: 219

Chrome Cache Entry: 220

Chrome Cache Entry: 221

Chrome Cache Entry: 222

Chrome Cache Entry: 223

Chrome Cache Entry: 224

Chrome Cache Entry: 225

Chrome Cache Entry: 226

Chrome Cache Entry: 227

Windows Analysis Report
http://www.ysb238.cc/

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:02 UTC	607	OUT	GET /ftl/commonPage/themes/gui-layer.css HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://o1tyg6.innittapp.com/ftl/commonPage/themes/gui-base.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:03 UTC	693	IN	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 6923 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01 ETag: W/"64ddd5e1-c760" Date: Sun, 22 Sep 2024 08:00:47 GMT Last-Modified: Thu, 17 Aug 2023 08:10:09 GMT Expires: Tue, 22 Oct 2024 08:00:47 GMT Age: 425656 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-211 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-01 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-17 X-Cdn-Request-ID: 104ff706c588568d9ebd42359b0f3e4a
2024-09-27 06:15:03 UTC	6923	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 5d 7b 8f 23 c7 71 ff 5f 9f 62 b2 82 e0 3b eb 86 37 1c 92 bb cb 25 64 24 b6 7c 96 1c 2b 09 22 29 7e c1 20 86 64 93 1c 2d 39 43 cd 0c 6f 6f 45 08 f0 de 29 88 6c 39 b1 13 e4 22 cb b0 0d 39 39 c5 71 12 01 c2 39 81 57 51 f2 97 85 7c 8e 35 36 96 60 e9 f2 1d d2 8f e9 99 7e ce 8b 33 7b 7b 11 4f 77 f3 ec aa ae ae ae ae fa 75 75 cf ef 8f e7 4e 10 82 c8 d8 79 f1 85 1b e6 fe ce e0 b1 d6 c2 39 5e bb 26 fc 1b 04 c6 c6 18 fb 0b 3f 38 30 1e ef 74 3a 03 63 ea 7b 91 19 ba af 80 03 a3 dd 5d dd 1a 18 23 67 7c 38 0b fc b5 37 31 e3 07 a3 c0 f1 c2 95 13 00 2f 32 7e cf 5d ae fc 20 72 bc 68 60 bc ca 17 cc 9e 98 a3 c8 83 94 56 ce 64 e2 7a b3 03 c3 32 da bd d5 2d c3 b6 78 0a 90 89 e9 74 0a af f8 c1 04 bd e4 47 91 bf 34 17 60 1a 99 81 33 71 d7 e1 81 Data Ascii: ]{#q_b;7%d$\|+")~ d-9CooE)l9"99q9WQ\|56`~3{{OwuuNy9^&?80t:c{]#g\|871/2~] rh`Vdz2-xtG4`3q

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:03 UTC	548	OUT	GET /ftl/commonPage/js/float.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:04 UTC	722	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 1929 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06 ETag: W/"612747ba-1b2f" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202036 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-205 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-06 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-18 X-Cdn-Request-ID: 588369374b3a3293894b616371d964dc
2024-09-27 06:15:04 UTC	1929	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 59 5b 6f 13 47 14 7e cf af 18 52 84 77 61 e3 38 54 b4 52 4c 5a ca a5 2a 12 15 55 8b d4 07 84 aa 8d 3d 4e b6 ac 77 a3 dd 75 12 44 23 45 22 a1 81 10 9c 16 28 24 10 c2 25 10 a0 e0 b4 e2 12 93 0b bf c6 b3 b6 ff 45 cf cc ec d5 f6 7a 1d da 48 9d 17 ef ec 9c 39 97 ef 5c e6 cc ba 77 ff fe 2e b4 1f 21 fb 6d 89 cc de 42 42 fd c1 7c ed d9 2b 52 7c 5d 29 5f 45 96 3e d2 df 77 28 25 32 8a 23 78 5c ce 8f a8 18 21 b4 57 e8 fe 44 c9 76 8b c9 af 55 5d b6 04 31 4d 09 8e 8c c8 86 9c 47 fa e0 cf a8 1f 5d 84 ad 3f 28 59 4c b7 4b 83 ba 65 e9 79 36 4d c8 05 4b 4f 48 39 ba ef 7b 65 68 d8 ea 4f fd d2 27 99 74 e9 90 94 51 75 13 f7 9b 58 c5 19 4b 37 26 80 69 6f d7 de 64 4e e3 62 d0 00 ca 15 b4 8c a5 e8 1a 12 40 8a 88 2e 76 81 2e 68 54 36 10 56 61 d5 Data Ascii: Y[oG~Rwa8TRLZ*U=NwuD#E"($%EzH9\w.!mBB\|+R\|])_E>w(%2#x\!WDvU]1MG]?(YLKey6MKOH9{ehO'tQuXK7&iodNb@.v.hT6Va

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:03 UTC	564	OUT	GET /ftl/commonPage/js/idangerous.swiper.min.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:04 UTC	708	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 11957 Connection: close Server: Default-server-KS-CLOUD-XJP-12-07 ETag: W/"64d5b951-b083" Date: Tue, 03 Sep 2024 18:20:02 GMT Last-Modified: Fri, 11 Aug 2023 04:30:09 GMT Expires: Thu, 03 Oct 2024 18:20:02 GMT Age: 2030102 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-213 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-07 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-19 X-Cdn-Request-ID: d613849f7167789341b44623f6501bb8
2024-09-27 06:15:04 UTC	11957	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 7d fd 73 db b8 d1 f0 ef fd 2b 64 4e eb 23 2d 4a 96 92 6b 9f 96 0a a5 c9 39 ce 9d 7b f1 25 4d dc bb e4 5c 4f 06 e2 87 44 5b 16 15 4a 8a e3 58 fa df 9f dd 05 40 02 20 28 3b b9 74 9e 77 de 99 c4 22 f1 b1 58 2c 16 8b c5 62 b1 3c 3c f8 53 eb a0 f5 e6 26 5b 24 45 eb 51 f7 7f ba 3d 7c 3f cd c7 d9 2c 69 ad f2 75 34 6d 2d 67 59 0c 99 6c 1e b7 d2 82 5d 27 37 79 71 d5 ba c9 56 d3 d6 94 15 f1 0d 2b 92 16 8b a2 64 96 14 6c 95 c4 ad 55 c1 e6 cb 6c 95 e5 f3 25 80 42 68 d3 d5 6a 11 1c 1e de dc dc 74 b3 98 cd 27 49 91 77 d7 cb 43 0e 17 7e a9 f1 43 51 f8 28 5f dc 16 d9 64 ba 6a 3d ea f5 7b 1d f8 f3 bd df fa 75 c6 e2 ec 3a 2b 5a 3f 43 93 33 76 bd c8 e2 0c 0b 9f 4d 93 56 f6 ac 04 b9 a3 31 01 fd 45 16 25 f3 25 60 b9 9e 63 9f 7e 7c f5 a2 b5 df Data Ascii: }s+dN#-Jk9{%M\OD[JX@ (;tw"X,b<<S&[$EQ=\|?,iu4m-gYl]'7yqV+dlUl%Bhjt'IwC~CQ(_dj={u:+Z?C3vMV1E%%`c~\|

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:04 UTC	558	OUT	GET /ftl/commonPage/js/websocket/Comet.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:04 UTC	706	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 4031 Connection: close Server: Default-server-KS-CLOUD-XJP-12-02 ETag: W/"60f60fb5-43bc" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Mon, 19 Jul 2021 23:50:13 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202036 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-205 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-02 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-17 X-Cdn-Request-ID: 97565f6fe1a4f65aa30b01fe11d33508
2024-09-27 06:15:04 UTC	4031	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 1b fd 53 1b c7 f5 77 fe 8a 8b 26 63 04 16 92 d3 9f 3a a2 d4 05 a1 26 34 36 30 16 6e c7 f5 78 34 42 3a b0 12 71 a7 b9 3b d9 61 1c 66 14 d7 89 f1 b7 27 f1 77 28 8d 1d d7 a6 49 01 3b e9 d8 18 70 fc c7 94 93 c4 4f f9 17 ba 6f f7 76 6f 77 6f 57 12 ce 47 d3 99 ee 30 e8 b4 bb ef ed db b7 6f df e7 29 d5 df df 63 c0 5f aa 67 a6 66 15 bd b2 6d 19 87 73 65 cf cc d8 73 a6 17 ef 33 ce f4 2c f4 f4 84 3d c9 aa 63 7b b6 37 5f 35 8d 21 34 d6 63 a0 96 ea ef 37 5a eb cf 1b 4f cf fa d7 ce 36 6e 3e f1 af 5f f9 7e fb 9e 7f fd 72 63 f5 ef 80 18 e6 e4 8e 8d 67 de 39 32 31 3e f6 e7 6c fe dd ec b1 b4 11 cb e7 f2 99 89 c3 d9 a9 58 82 21 21 20 7e 7d 1b c0 17 3f f7 b7 36 5b af 96 1b 57 19 92 cc c4 f8 78 36 33 35 36 31 9e ff e3 f0 a1 a3 59 84 25 a3 01 Data Ascii: Sw&c:&460nx4B:q;af'w(I;pOovowoWG0o)c_gfmses3,=c{7_5!4c7ZO6n>_~rcg921>lX!! ~}?6[Wx63561Y%

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:04 UTC	566	OUT	GET /ftl/commonPage/js/websocket/CometMarathon.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:04 UTC	722	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 3316 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01 ETag: W/"6260ddd4-2f13" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202036 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-205 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-01 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-10 X-Cdn-Request-ID: 080ffca92117eac5426f5d2bd31cd2a6
2024-09-27 06:15:04 UTC	3316	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 1a 6d 4f 1b 47 fa 3b bf 62 b3 3a 15 93 18 3b d5 7d 39 99 e3 ee c0 b8 0d d7 60 50 4c ee 94 8b 22 6b b1 07 70 6b 76 ad dd 75 38 94 22 39 b9 a4 21 ef d1 35 ef a5 5c 93 a6 29 6d 8f bc b4 55 42 08 6d 7e cc b1 6b f3 29 7f e1 9e 79 d9 d9 99 d9 5d 03 69 a5 ae 10 b6 67 e6 79 9d 67 9e b7 d9 ec fe fd 3d 1a fe cb f6 4c 37 cd 8a 5b b3 4c 6d ac 54 73 51 de 9a 43 ee 98 61 1b ee ac 65 a6 fa b4 53 3d 8b 3d 3d d1 99 4c c3 b6 5c cb 5d 68 20 6d 10 d6 f4 68 f0 64 f7 ef d7 3a 4f 5e f8 cf ce 78 d7 ce f8 37 9f 7a d7 af bc d9 bc e7 5d bf ec af 7d 85 09 e1 35 a5 63 c5 fc a1 23 e3 c5 d1 7f 14 ca 1f 14 8e e5 34 bd 5c 2a e7 c7 c7 0a 93 7a 9a 23 a1 20 5e 6b 13 83 2f 7d e6 bd da e8 bc 5e f1 af 72 24 f9 f1 62 b1 90 9f 1c 1d 2f 96 ff 36 74 f8 68 01 b0 e4 Data Ascii: mOG;b:;}9`PL"kpkvu8"9!5\)mUBm~k)y]igyg=L7[LmTsQCaeS===L\]h mhd:O^x7z]}5c#4\*z# ^k/}^r$b/6th

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:04 UTC	558	OUT	GET /ftl/commonPage/js/websocket/PopUp.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:04 UTC	704	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 797 Connection: close Server: Default-server-KS-CLOUD-XJP-12-08 ETag: W/"6260ddd4-828" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Thu, 21 Apr 2022 04:30:12 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202036 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-205 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-08 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-03 X-Cdn-Request-ID: 7649493a1e20acdcf15c1d185d6054ec
2024-09-27 06:15:04 UTC	797	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 56 5b 4f d4 40 14 7e ef af 18 9b 0d ed c2 d2 35 31 f1 61 09 51 2e 2f 98 00 26 e0 93 31 64 b6 9d dd 2d f4 96 e9 94 4b 48 13 45 d1 0d 9a 80 09 8a 97 08 91 f8 60 8c c1 35 26 c8 65 f9 37 b4 85 27 ff 82 33 bd ec b6 cb 8a 3e f0 e0 79 99 ed 39 df 9c f3 f5 9c 6f a6 5b 71 0c 99 a8 a6 01 c6 a7 54 82 ee 9a d6 3d 4b cc 83 65 97 e3 da 0e c9 c2 26 31 c9 92 85 c0 20 58 e6 38 40 4d 51 a1 66 56 47 a0 a6 0d 43 79 ae 04 2a 49 1e 51 81 04 d2 0c 21 8a d9 3c c4 80 f9 26 cb b3 74 7b 4e b2 20 b6 d1 9d a9 c9 89 08 39 d0 02 ca a6 61 9b 1a 92 54 a3 62 8a fc d9 de ee f9 9b d5 e0 fb b1 b7 fd fc f4 e0 88 07 7d 49 16 c9 76 ca b6 8c d5 32 9a 66 94 fa 00 1f bc 7b 12 c3 57 0e fd cd 7d af de f0 f7 eb fe a3 6f bf 9a 2f fc fa 86 b7 b6 73 d6 78 1c 6c 7e f6 de Data Ascii: V[O@~51aQ./&1d-KHE`5&e7'3>y9o[qT=Ke&1 X8@MQfVGCy*IQ!<&t{N 9aTb}Iv2f{W}o/sxl~

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:04 UTC	551	OUT	GET /ftl/commonPage/js/lazyload.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:04 UTC	705	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 2731 Connection: close Server: Default-server-KS-CLOUD-XJP-12-04 ETag: W/"64d05f66-2f79" Date: Tue, 24 Sep 2024 22:07:49 GMT Last-Modified: Mon, 07 Aug 2023 03:05:10 GMT Expires: Thu, 24 Oct 2024 22:07:49 GMT Age: 202035 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-205 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: HIT from KS-CLOUD-XJP-12-04 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-08 X-Cdn-Request-ID: e1bc0ebfd628a562785d496c40cb64cb
2024-09-27 06:15:04 UTC	2731	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 5a 6f 8f db 48 19 7f bf 9f 62 1a ad 1a a7 9b b5 d3 8a 72 dc 86 bd a3 77 57 d0 a2 2d 85 6b 0b 2f 96 05 79 ed 49 e2 d6 f1 98 f1 b8 69 e8 e5 1d 82 de 49 85 43 9c 7a e8 5e 21 71 02 84 44 8b 84 04 12 a2 c7 97 69 7a f0 2d 78 9e 99 b1 3d 76 9c c4 d9 6e 7b f7 82 51 d5 75 66 9e f9 cd f3 7f 9e f1 d8 b9 70 6e 8b 5c 20 87 ee 4f a7 e4 90 b9 3e d9 25 df 76 ef ba 37 3c 1e c4 82 c4 61 3a 0c 22 32 60 9c 84 48 11 02 45 10 0d 49 30 76 87 34 81 89 38 f7 6d 16 4f 79 30 1c 09 62 79 1d 72 a9 d7 7b 6d f7 52 ef e2 eb e4 5a 70 c7 25 37 d3 34 66 a1 ab 49 0f 03 8f 46 09 f5 49 1a f9 94 13 31 a2 e4 da c1 4d 12 aa ee 3d 24 21 64 24 44 bc e7 38 93 c9 c4 66 31 f4 b3 94 7b d4 66 7c e8 68 ba c4 19 07 62 57 ff b0 e3 51 ac d1 bf cb d9 6d ea 09 32 62 63 13 2b Data Ascii: ZoHbrwW-k/yIiICz^!qDiz-x=vn{Qufpn\ O>%v7<a:"2`HEI0v48mOy0byr{mRZp%74fIFI1M=$!d$D8f1{f\|hbWQm2bc+

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:05 UTC	370	OUT	GET /ftl/commonPage/js/float.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:05 UTC	722	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 1929 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-06 ETag: W/"612747ba-1b2f" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Thu, 26 Aug 2021 07:50:18 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202037 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-205 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-FOREIGN-12-06 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-18 X-Cdn-Request-ID: 1ff4331a3d631f2ef6b5ace7b4c7f6e2
2024-09-27 06:15:05 UTC	1929	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 59 5b 6f 13 47 14 7e cf af 18 52 84 77 61 e3 38 54 b4 52 4c 5a ca a5 2a 12 15 55 8b d4 07 84 aa 8d 3d 4e b6 ac 77 a3 dd 75 12 44 23 45 22 a1 81 10 9c 16 28 24 10 c2 25 10 a0 e0 b4 e2 12 93 0b bf c6 b3 b6 ff 45 cf cc ec d5 f6 7a 1d da 48 9d 17 ef ec 9c 39 97 ef 5c e6 cc ba 77 ff fe 2e b4 1f 21 fb 6d 89 cc de 42 42 fd c1 7c ed d9 2b 52 7c 5d 29 5f 45 96 3e d2 df 77 28 25 32 8a 23 78 5c ce 8f a8 18 21 b4 57 e8 fe 44 c9 76 8b c9 af 55 5d b6 04 31 4d 09 8e 8c c8 86 9c 47 fa e0 cf a8 1f 5d 84 ad 3f 28 59 4c b7 4b 83 ba 65 e9 79 36 4d c8 05 4b 4f 48 39 ba ef 7b 65 68 d8 ea 4f fd d2 27 99 74 e9 90 94 51 75 13 f7 9b 58 c5 19 4b 37 26 80 69 6f d7 de 64 4e e3 62 d0 00 ca 15 b4 8c a5 e8 1a 12 40 8a 88 2e 76 81 2e 68 54 36 10 56 61 d5 Data Ascii: Y[oG~Rwa8TRLZ*U=NwuD#E"($%EzH9\w.!mBB\|+R\|])_E>w(%2#x\!WDvU]1MG]?(YLKey6MKOH9{ehO'tQuXK7&iodNb@.v.hT6Va

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:05 UTC	551	OUT	GET /ftl/commonPage/js/gui-base.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:05 UTC	707	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 15779 Connection: close Server: Default-server-KS-CLOUD-XJP-12-03 ETag: W/"64ddbaed-ee5c" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Thu, 17 Aug 2023 06:15:09 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202037 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-206 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: MISS from KS-CLOUD-XJP-12-03 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-18 X-Cdn-Request-ID: 65a9ae6d4c8e67093d4e9b44d9043f1b
2024-09-27 06:15:05 UTC	15677	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 97 1b c7 71 e0 cf e6 5f 31 3b 5a ef ce 2c 06 58 80 34 65 0b d8 d9 7d e4 92 b4 68 4b 22 45 52 92 93 bd 95 de 00 18 2c 86 c4 62 20 60 c0 25 b5 8b 7b 4a 62 47 92 2d c5 8a f3 61 c7 71 72 96 e3 17 e9 e9 22 39 f7 12 df 39 b2 7d f9 e1 fe 94 d3 2e c9 9f f2 2f 5c 55 57 77 4f f7 4c cf 00 4b 4a 79 ef 60 8b 3b d3 1f d5 55 d5 55 d5 d5 d5 1f 63 ad af 2d 9d b1 d6 ac 6f 06 fb e1 c5 f8 de 4b 57 ab df ba 59 6d 07 93 d0 72 8e ff db 67 0f 3e 78 f3 e1 77 7f 7a f2 b3 7f fa 8f df bd 83 a5 ee 86 e3 49 14 0f ad 46 ad 5e 6b 60 c2 85 69 d2 8f c7 4d eb 66 12 de 0d 87 98 72 29 48 42 6b 3f ee 46 bd 28 ec 5a 67 eb 8d af 57 eb 5f ab 9e 7d 06 f2 d6 cf 58 ac 35 5f fe ac 4e bc bf 1f 0f ab c7 df fb a7 e3 ef fd 0f 6a 4a c9 a6 3a bd e9 b0 93 60 ab e3 70 Data Ascii: }q_1;Z,X4e}hK"ER,b `%{JbG-aqr"99}./\UWwOLKJy`;UUc-oKWYmrg>xwzIF^k`iMfr)HBk?F(ZgW_}X5_NjJ:`p
2024-09-27 06:15:05 UTC	102	IN	Data Raw: 94 50 16 e4 ca c3 93 9c 1f b1 b9 f9 64 67 55 02 b0 18 84 d5 dd 54 c6 67 2e 33 05 40 04 a7 51 60 88 a6 bd 0f 36 31 1c 57 93 08 2f 0c e7 57 1e 9d d1 da cd 95 a2 9b f8 5a 92 35 4b a2 bb 55 ca f5 5a 56 2d 4e fa f0 d8 e9 8f d5 66 8a 0a 77 71 af 54 8d 0d 40 4e e3 7c 5d d1 d7 59 eb ff 01 44 bd cf 01 5c ee 00 00 Data Ascii: PdgUTg.3@Q`61W/WZ5KUZV-NfwqT@N\|]YD\

Timestamp	Bytes transferred	Direction	Data
2024-09-27 06:15:06 UTC	563	OUT	GET /ftl/commonPage/js/bootstrap-dialog.min.js HTTP/1.1 Host: o1tyg6.innittapp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.ysb238.cc:8989/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-27 06:15:06 UTC	721	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 5007 Connection: close Server: Default-server-KS-CLOUD-XJP-FOREIGN-12-01 ETag: W/"5d848f4f-4ea4" Date: Tue, 24 Sep 2024 22:07:48 GMT Last-Modified: Fri, 20 Sep 2019 08:35:27 GMT Expires: Thu, 24 Oct 2024 22:07:48 GMT Age: 202038 Cache-Control: max-age=86400 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * X-Frame-Options: SAMEORIGIN X-Cache: HIT uuid: - out-line: gb-cdn-204 x-link-via: xjp21:443;xjp12:80; X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-12-01 X-Cache-Status: HIT from KS-CLOUD-XJP-FOREIGN-21-09 X-Cdn-Request-ID: bb1350fd9ba30646bb537f11f09d2723
2024-09-27 06:15:06 UTC	5007	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 3c 0d 73 db 36 b2 7f c5 e1 74 7c e4 85 62 9c a4 f7 31 52 99 8e 63 3b a9 a7 89 9d 67 bb d7 eb 39 9a 0c 25 82 14 6d 8a d4 91 54 12 9f c2 ff fe 76 f1 45 00 04 25 a5 cd 7b 6f 5e a7 e3 48 c0 2e b0 d8 2f ec 2e 00 b9 c9 ba 98 37 59 59 b8 91 3f f3 36 59 e2 36 0f 2b 52 26 07 cb 32 5e e7 e4 51 18 3a eb 22 26 49 56 90 d8 39 3c 64 ad 01 f9 bc 2a ab a6 f6 36 fa f7 70 e6 56 e4 df eb ac 22 ae 73 f7 ef 35 a9 1e 1c cf 8d 3c af 25 79 4d 94 b1 d9 78 21 8c 2d 66 87 a1 59 63 10 2d 63 6f c3 3e bb ce ac 2c 9b ba a9 a2 d5 28 ce a2 bc 4c 1d ff 56 0c 3c f5 25 e5 73 6f 53 91 66 5d 15 07 33 f8 dc f2 e9 a2 e0 a5 c0 3e a5 c8 40 5d 14 dc fd 17 62 7b 6d db ba cd 22 ab bb 41 60 d6 8f 51 75 30 0b e3 20 29 02 58 57 94 07 27 65 01 f8 eb 79 53 56 13 ec 9c 87 Data Ascii: <s6t\|b1Rc;g9%mTvE%{o^H./.7YY?6Y6+R&2^Q:"&IV9<d*6pV"s5<%yMx!-fYc-co>,(LV<%soSf]3>@]b{m"A`Qu0 )XW'eySV