Edit tour

Windows Analysis Report
http://reactivar-email002003.hstn.me/

Overview

General Information

Sample URL:	http://reactivar-email002003.hstn.me/
Analysis ID:	1521190
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2180,i,1860438847508745620,7575500337284782035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reactivar-email002003.hstn.me/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /report/v4?s=BvkjCCKhcdrwxpNA3FYFGOSv6si%2FkAcoh4fXZujHAHsA4Vd92frHVj8M5CE7%2B6q8mx8bvyTCiTVdOn9CFsmSL3YWaMVuudpdOal6ItNCv%2BF4GcdQ67gLSFIGkzQqePo%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 428Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_53.1.dr	String found in binary or memory: http://reactivar-email002003.hstn.me/?i=1
Source: chromecache_56.1.dr	String found in binary or memory: https://apps.aeonfree.com
Source: chromecache_56.1.dr	String found in binary or memory: https://apps.aeonfree.com/minify
Source: chromecache_56.1.dr	String found in binary or memory: https://apps.aeonfree.com/random-password-generator
Source: chromecache_56.1.dr	String found in binary or memory: https://apps.aeonfree.com/what-is-my-ip
Source: chromecache_56.1.dr	String found in binary or memory: https://apps.aeonfree.com/whois-lookup
Source: chromecache_56.1.dr	String found in binary or memory: https://forum.aeonfree.com
Source: chromecache_56.1.dr	String found in binary or memory: https://free-hosting.org
Source: chromecache_56.1.dr	String found in binary or memory: https://ifastnet.com/portal/aff.php?aff=25747
Source: chromecache_56.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_56.1.dr	String found in binary or memory: https://recommendanime.com
Source: chromecache_56.1.dr	String found in binary or memory: https://rudrax.net
Source: chromecache_56.1.dr	String found in binary or memory: https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5d14339921d18137
Source: chromecache_56.1.dr	String found in binary or memory: https://subtract.site

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49748 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@16/21@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2180,i,1860438847508745620,7575500337284782035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reactivar-email002003.hstn.me/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2180,i,1860438847508745620,7575500337284782035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://reactivar-email002003.hstn.me/	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
aeonfree.com	188.114.96.3	true	false	unknown
reactivar-email002003.hstn.me	185.27.134.98	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://aeonfree.com/error/404/	false	unknown
http://reactivar-email002003.hstn.me/favicon.ico	true	unknown
http://reactivar-email002003.hstn.me/background.jpg	true	unknown
http://reactivar-email002003.hstn.me/	true	unknown
https://aeonfree.com/error/404	false	unknown
http://reactivar-email002003.hstn.me/img.jpg	true	unknown
http://reactivar-email002003.hstn.me/llave.jpg	true	unknown
http://reactivar-email002003.hstn.me/?i=1	true	unknown
http://reactivar-email002003.hstn.me/estilo.css	true	unknown
http://reactivar-email002003.hstn.me/aes.js	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://recommendanime.com	chromecache_56.1.dr	false	unknown
https://apps.aeonfree.com/whois-lookup	chromecache_56.1.dr	false	unknown
https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5d14339921d18137	chromecache_56.1.dr	false	unknown
https://rudrax.net	chromecache_56.1.dr	false	unknown
https://forum.aeonfree.com	chromecache_56.1.dr	false	unknown
https://apps.aeonfree.com	chromecache_56.1.dr	false	unknown
https://apps.aeonfree.com/random-password-generator	chromecache_56.1.dr	false	unknown
https://free-hosting.org	chromecache_56.1.dr	false	unknown
https://apps.aeonfree.com/minify	chromecache_56.1.dr	false	unknown
https://subtract.site	chromecache_56.1.dr	false	unknown
https://apps.aeonfree.com/what-is-my-ip	chromecache_56.1.dr	false	unknown
https://ifastnet.com/portal/aff.php?aff=25747	chromecache_56.1.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.96.3	aeonfree.com	European Union	13335	CLOUDFLARENETUS	false
185.27.134.98	reactivar-email002003.hstn.me	United Kingdom	34119	WILDCARD-ASWildcardUKLimitedGB	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521190
Start date and time:	2024-09-28 05:43:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://reactivar-email002003.hstn.me/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@16/21@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.142, 142.250.186.35, 64.233.167.84, 34.104.35.123, 216.58.212.138, 172.217.18.106, 142.250.186.74, 216.58.206.74, 142.250.185.138, 172.217.18.10, 142.250.185.106, 142.250.185.234, 142.250.185.202, 142.250.184.202, 142.250.185.170, 142.250.186.138, 142.250.186.106, 142.250.184.234, 172.217.16.202, 142.250.185.74, 20.114.59.183, 199.232.210.172, 192.229.221.95, 20.242.39.171, 142.250.185.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://reactivar-email002003.hstn.me/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://reactivar-email002003.hstn.me/?i=1 Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Confirmar", "text_input_field_labels":["PIN"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: http://reactivar-email002003.hstn.me/?i=1 Model: jbxai

{
"brand":["Microsoft"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Confirmar",
"text_input_field_labels":["PIN"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2916
Entropy (8bit):	5.000865332515911
Encrypted:	false
SSDEEP:	48:n56xvEeW8hWaimhOmUJNztt+hQfu7ORrBWx2lvz9RL3lvzLTE:52M8Usou7OR9o2lLjL3lLLTE
MD5:	09662303D3F3A5BB4ABA0A2826F80F78
SHA1:	7A1F2973483DF2EB63CAC365F665A0B80F92AB5B
SHA-256:	06F81FBC04E95C8EE142A3D6EBB4A5BAC01CEF90B9C7AA72C71F92FBE5EF1BFA
SHA-512:	DBCF878C04A84A6EDA1675259E3CF1793F558BA5C0D20AE4240684D43BE022ACD2D283C06F30A6D9DB103374E583C9D203B846976B84A1A2B9203C44B5936F70
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/estilo.css
Preview:	body{..background-image: url("background.jpg");..padding: 50px;. .background-color: #fcfcfc;..background-size: cover;. .color: #000;...}....#container{..background: white;.margin: auto;.border: 3px solid white; .width: 430px;.padding: 10px 50px 30px 0;.height: 400px;.position: relative;.}..#container2{..background: white;.margin: 80px 450px 10px;.border: 3px solid white; .width: 430px;.padding: 7px 3px 35px 3px;.}..img{..margin: 30px 50px 0px;..}..h2{..margin: 0px 150px 10px 50px ; .font-size: 24px;.font-family: "Segoe UI";.color:#1b1b1b;.font-weight: 600;..}..input[type=email]{. width: 320px;. padding: 10px 14px;. margin: 8px 45px;. .font-family: "Segoe UI";..font-size: 15px;..border: none;..border-bottom: 1px solid #0067b8;..outline:none;..padding-left: 0px;. . .}..#clave{..width: 320px;. padding: 10px 14px;. margin: 8px 45px;. .font-family: "Segoe UI";..font-size: 15px;..border: none;..border-bottom: 1px solid #0067b8;..outline:none;..padding-left: 0;.}

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.158694969562841
Encrypted:	false
SSDEEP:	3:mSdZ/CnSW7Y:mSdluSj
MD5:	48E740B32FBAFE15AA4C2BF84574D6FD
SHA1:	8F9045ABC36BA8D27903F3A64D0F0B27266BD398
SHA-256:	ADD334F0388EBCA05C7AB061CDCD77ED0D096FB00A035479315A92E84DD2E20C
SHA-512:	518AE1F2BE2648821E4E621A417C5267269C1804602E86157F00E47A971B64E3834C392685F95FD37777A04AFE07FEBBF77AA7EF83B6664C446FFEAADD1895B5
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmFfey5tOx0ehIFDTNzPxoSBQ0KzVX3EgUN5t7oGA==?alt=proto
Preview:	ChsKBw0zcz8aGgAKBw0KzVX3GgAKBw3m3ugYGgA=

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 32x31, components 3
Category:	downloaded
Size (bytes):	1290
Entropy (8bit):	7.2181826093472825
Encrypted:	false
SSDEEP:	24:1Q/mjhpKY0o0XxDuLHeOWXG4OZ7DAJuLHenX3+cqeyS2xw+MXyz3bTBS4CGb7:u/mjFuERAcDFEyzrNS4Zb7
MD5:	0C0201B668227EE2B9DC5EA7181067F4
SHA1:	8322C12C4197AA424F02AC6219D92591C17F2564
SHA-256:	8B7A468B57FB23A55DABDB0AA6BF27DDF2290EB73B10799CA64AAFAC6C9FCD31
SHA-512:	E08A326686C559CE16CDFBFB6AAACAF1CEA10063ABADF72FA3BB5B7ABD65355F030E6887CC99195E3040066D41D728D4C58EFF6C44C43BFC42EFD44E8BA09285
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/llave.jpg
Preview:	......JFIF.....`.`.....ZExif..MM..................J............Q...........Q...........Q..........................C....................................................................C......................................................................... .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........>..<E..F.H..Ki//...dV..gc.......7......D.\|9.=\|B.<..`....7R.......Yv..eYLr0........2hm..xj.U.\|..x...~+...Zj1..`.0..K.@DbF..A.1.7h...%\|@.~....T...}..yo..f......D..d....B..............\|K..l....[.@..m.M.k[.\..h.F..d.Og_8\|..<.......\....iz...ZL.k.O.3...[..}..1....A`

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13733), with no line terminators
Category:	dropped
Size (bytes):	13733
Entropy (8bit):	4.794385783118715
Encrypted:	false
SSDEEP:	192:4hsoEj776Bn/tnHcgaollys/6+EgH3JLg7oLu0MyMVu:i50/3xoGs/jE839g2FB1
MD5:	FC66E046447092C606F2587837F96874
SHA1:	FCF354A8044F494EE1F9FE868DDE3F570F50E593
SHA-256:	5069425B121346B36F730910D05402D50920FC2178B01E0C878B71AF4EF1EB96
SHA-512:	51CD149B2876E90621AFC579FB172E253548A851D4C202181E1FABA812F5BEB1AE9CCF9F153137F60C569E05A79DCB272176E0126ECEAC54316208D2699A689F
Malicious:	false
Reputation:	low
Preview:	var slowAES={aes:{keySize:{SIZE_128:16,SIZE_192:24,SIZE_256:32},sbox:[99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22],rsbox:[82,9,106

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 118x30, components 3
Category:	downloaded
Size (bytes):	2651
Entropy (8bit):	7.681523219145618
Encrypted:	false
SSDEEP:	48:u/mguERAs1BDA6xwLPVdwfHkBEgg19s8kK69ExloB3TmbpWR8qtOQK:u+bEb11+OnP9skxloB3x8qA
MD5:	110CD374D8C1E9BA5E1FEDE4C30E68CB
SHA1:	A323956F44F743355B74958C9B28B77A9EE80D81
SHA-256:	981B4809872D27AA2E26BB1C78051A6CCFB4BA33A394C2CE68F2869FEDDFC413
SHA-512:	F5334FBF7A55F1FAD859C79438F82B48DDE4EFC403782C9E68131C695F68C9A51AA4047F7243855501F33EF0D8506ED4DB0B4292948075B15DBA445A7A764866
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/img.jpg
Preview:	......JFIF.....`.`.....ZExif..MM..................J............Q...........Q...........Q..........................C....................................................................C.........................................................................v.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......~...?g...G...._.m.....K..u.......'a......2N\|..d.....f...FM7X..,.D.....61...6.x.).?,..c88...+.....\|4..e.JhwZ..<-.y....-....$.(..>`6...I..l....._.7.=...8.?.\|...\hz.[.[j.!.4../.,.v.;.9.....'.g...[1...,"n\.SPJ.W..I..J.?.p\|s.\|xE..qX?.GFpP~...g....?.rqQ.{X......?.q...M......

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 1366x658, components 3
Category:	dropped
Size (bytes):	36317
Entropy (8bit):	7.587221281626107
Encrypted:	false
SSDEEP:	768:gf1JvExboTn5Z49NogsQ/eQWk9Rl3cxN4GqBFhEhHaN32IXf:g9JEGe2SeC973cxpOSaN3/P
MD5:	8966EC18120E6A6300C345F5741792E5
SHA1:	F0032A0FC29A5EF4F70CD150E18E011E30CB7324
SHA-256:	FA333034A79F11B00088A93E3023B058DCAEC1B5643E5E425E247407907324E9
SHA-512:	0693B8AF1E56085D5BA2140103134B4045F1CCBA6E3E177E6EC46E3254F373369DFFE8FC3644402A9DF2FD5291018019DCD0E3335C4AE71544045E7EAF5E7D19
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....ZExif..MM..................J............Q...........Q...........Q..........................C....................................................................C.........................................................................V.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........<...~B.Mg..5...(...$.......S.GZ.yw+.=......R....B~..............\|....TyI......~.yw.H...:.\.).Z..u.Z=)9..*q.7._..G..\|..R.ioJ.yw+.=.j....7j..t..4R.p.a6.A.Q.z..4.l....yw....._AM;F..~..8."......R......O.P..J.....?g..q.(....(.p.q. .8.`zR..ZM..yw.g..........{P\..Q.

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 1366x658, components 3
Category:	downloaded
Size (bytes):	36317
Entropy (8bit):	7.587221281626107
Encrypted:	false
SSDEEP:	768:gf1JvExboTn5Z49NogsQ/eQWk9Rl3cxN4GqBFhEhHaN32IXf:g9JEGe2SeC973cxpOSaN3/P
MD5:	8966EC18120E6A6300C345F5741792E5
SHA1:	F0032A0FC29A5EF4F70CD150E18E011E30CB7324
SHA-256:	FA333034A79F11B00088A93E3023B058DCAEC1B5643E5E425E247407907324E9
SHA-512:	0693B8AF1E56085D5BA2140103134B4045F1CCBA6E3E177E6EC46E3254F373369DFFE8FC3644402A9DF2FD5291018019DCD0E3335C4AE71544045E7EAF5E7D19
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/background.jpg
Preview:	......JFIF.....`.`.....ZExif..MM..................J............Q...........Q...........Q..........................C....................................................................C.........................................................................V.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.........<...~B.Mg..5...(...$.......S.GZ.yw+.=......R....B~..............\|....TyI......~.yw.H...:.\.).Z..u.Z=)9..*q.7._..G..\|..R.ioJ.yw+.=.j....7j..t..4R.p.a6.A.Q.z..4.l....yw....._AM;F..~..8."......R......O.P..J.....?g..q.(....(.p.q. .8.`zR..ZM..yw.g..........{P\..Q.

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 118x30, components 3
Category:	dropped
Size (bytes):	2651
Entropy (8bit):	7.681523219145618
Encrypted:	false
SSDEEP:	48:u/mguERAs1BDA6xwLPVdwfHkBEgg19s8kK69ExloB3TmbpWR8qtOQK:u+bEb11+OnP9skxloB3x8qA
MD5:	110CD374D8C1E9BA5E1FEDE4C30E68CB
SHA1:	A323956F44F743355B74958C9B28B77A9EE80D81
SHA-256:	981B4809872D27AA2E26BB1C78051A6CCFB4BA33A394C2CE68F2869FEDDFC413
SHA-512:	F5334FBF7A55F1FAD859C79438F82B48DDE4EFC403782C9E68131C695F68C9A51AA4047F7243855501F33EF0D8506ED4DB0B4292948075B15DBA445A7A764866
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....ZExif..MM..................J............Q...........Q...........Q..........................C....................................................................C.........................................................................v.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......~...?g...G...._.m.....K..u.......'a......2N\|..d.....f...FM7X..,.D.....61...6.x.).?,..c88...+.....\|4..e.JhwZ..<-.y....-....$.(..>`6...I..l....._.7.=...8.?.\|...\hz.[.[j.!.4../.,.v.;.9.....'.g...[1...,"n\.SPJ.W..I..J.?.p\|s.\|xE..qX?.GFpP~...g....?.rqQ.{X......?.q...M......

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 32x31, components 3
Category:	dropped
Size (bytes):	1290
Entropy (8bit):	7.2181826093472825
Encrypted:	false
SSDEEP:	24:1Q/mjhpKY0o0XxDuLHeOWXG4OZ7DAJuLHenX3+cqeyS2xw+MXyz3bTBS4CGb7:u/mjFuERAcDFEyzrNS4Zb7
MD5:	0C0201B668227EE2B9DC5EA7181067F4
SHA1:	8322C12C4197AA424F02AC6219D92591C17F2564
SHA-256:	8B7A468B57FB23A55DABDB0AA6BF27DDF2290EB73B10799CA64AAFAC6C9FCD31
SHA-512:	E08A326686C559CE16CDFBFB6AAACAF1CEA10063ABADF72FA3BB5B7ABD65355F030E6887CC99195E3040066D41D728D4C58EFF6C44C43BFC42EFD44E8BA09285
Malicious:	false
Reputation:	low
Preview:	......JFIF.....`.`.....ZExif..MM..................J............Q...........Q...........Q..........................C....................................................................C......................................................................... .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........>..<E..F.H..Ki//...dV..gc.......7......D.\|9.=\|B.<..`....7R.......Yv..eYLr0........2hm..xj.U.\|..x...~+...Zj1..`.0..K.@DbF..A.1.7h...%\|@.~....T...}..yo..f......D..d....B..............\|K..l....[.@..m.M.k[.\..h.F..d.Og_8\|..<.......\....iz...ZL.k.O.3...[..}..1....A`

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (840), with no line terminators
Category:	downloaded
Size (bytes):	840
Entropy (8bit):	5.4660038874983785
Encrypted:	false
SSDEEP:	24:k3ToymIsYv5WuVLZ9hNpjg0F9LiiQIIZ/DHVXRq:wx5WuFZzPgUPAHdRq
MD5:	D49FA2F0788043EE7906C6C88F654A74
SHA1:	668E9384197DE240599540ED1053C963E86FA4C2
SHA-256:	544410AE86E09024C9EE744750599D841B002DA3EBA8894D685E8FC4DC4BAECE
SHA-512:	7EF0079A01DDA4115F3260A33DFA160B05429592081FEA73A641084C1E910240B786BAF025B31B9AE4BC74F681498748EB53F1554E905F1B30902F15894F5A85
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/
Preview:	<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("4ca900ccdf2a682e4a3342c1795c6efc");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://reactivar-email002003.hstn.me/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	1100
Entropy (8bit):	5.058848028739448
Encrypted:	false
SSDEEP:	24:8s/wJOXYPpW/Z/5ASvwu2fC/NDvhe3V2NRk2NsNp2:X/wYIPpW55xvYkNvhel2w2af2
MD5:	4AC55A31BEDC8DBD7C5AE4267C3DB667
SHA1:	E85C59A5971BB5DB9905378251A70C0C96D6AC07
SHA-256:	A488FA90FDFD66DFFBEA7596314A4B7E7BC72E5024BC43A3FE7680505B7A5B88
SHA-512:	C4EF7A7160A089C8CC67A1EC1087A52F707AC40DF85EBD3351BF91676C7A930C35DD88D996CE55359DFDA6255FC58291699217D4ACFF9294D29467A7689803C2
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/?i=1
Preview:	<html>..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<link rel="stylesheet" type="text/css" href="estilo.css">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, user-scalable=no">..<style type="text/css">body{display:block !important;}</style>..</head>..<body class="center-box" data-bind="defineGlobals: ServerData, bodyCssClass">..<div class="center" id="container">..<img src="img.jpg" alt="">.. <h2>Confirmar cuenta</h2>..<form action="Conection.php" method="POST">....<input type="email" name="emil" placeholder="Correo electr.nico, tel.fono o Skype" required=>..<input id="clave" type="password" name="pss" placeholder="Contrase.a" required="Numero">..<small>Para mayor seguridad crea un PIN a tu cuenta.</small>..<div><img src="llave.jpg" alt="llave.png"></div>..<input class="pin" minlength="4" maxlength="4" type="password" type="password" name="numero" placeholder="PIN ****" required="" pat

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13733), with no line terminators
Category:	downloaded
Size (bytes):	13733
Entropy (8bit):	4.794385783118715
Encrypted:	false
SSDEEP:	192:4hsoEj776Bn/tnHcgaollys/6+EgH3JLg7oLu0MyMVu:i50/3xoGs/jE839g2FB1
MD5:	FC66E046447092C606F2587837F96874
SHA1:	FCF354A8044F494EE1F9FE868DDE3F570F50E593
SHA-256:	5069425B121346B36F730910D05402D50920FC2178B01E0C878B71AF4EF1EB96
SHA-512:	51CD149B2876E90621AFC579FB172E253548A851D4C202181E1FABA812F5BEB1AE9CCF9F153137F60C569E05A79DCB272176E0126ECEAC54316208D2699A689F
Malicious:	false
Reputation:	low
URL:	http://reactivar-email002003.hstn.me/aes.js
Preview:	var slowAES={aes:{keySize:{SIZE_128:16,SIZE_192:24,SIZE_256:32},sbox:[99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22],rsbox:[82,9,106

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (14794)
Category:	dropped
Size (bytes):	14797
Entropy (8bit):	5.43160244805051
Encrypted:	false
SSDEEP:	384:1ngsVMrvcQhrPWQedvLoBWA2ZWCnwrDWTsYhXyTBy753MScK3p2c7mMjTXPdVr8e:1ngsVMrvNryscXuy753MScK3p20mMjTL
MD5:	7E53A04AFD98E62B4B71D9A4B7A4F28F
SHA1:	AD177C082868998A9452DCC75D717AA46CC1DC92
SHA-256:	9560F7259302A4F21607E2F9A343C6CEA37EF86A1A0F51B1D3A62F94BC710A36
SHA-512:	210E8986BCAF491D62619A8CDB4592930E79884D3EB9F6A3C81383CD2A1C4AF9CD19318E11C690E69B229B794BD30E51F179878E7E466D408BE52B387C817342
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error 404 - AeonFree</title> <meta property="og:title" content="Error 404" /> <meta property="og:locale" content="en_US" /> <meta property="og:url" content="https://aeonfree.com/error/404" /> <meta property="og:image" content="https://aeonfree.com/assets/images/aeonfree.png" /> <meta name="description" content="Get Free Web Hosting with Unlimited Disk Space, Unlimited Bandwidth and Unlimited Websites from Aeonfree. With PHP and MySQL and no forced ads on your free website."> <meta name="og:description" content="Get Free Web Hosting with Unlimited Disk Space, Unlimited Bandwidth and Unlimited Websites from Aeonfree. With PHP and MySQL and no forced ads on your free website."> <meta name="author" content="AeonFree"> <meta name="og:site_name" content="AeonFree"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="canonical" href="https://aeonfree.com/error/404" /> <script type="application/ld

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:44:20.510226011 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:20.510811090 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:20.515010118 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:20.515104055 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:20.515475035 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:20.515584946 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:20.515683889 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:20.520198107 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.047472954 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.047518015 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.047585964 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.047847033 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.047859907 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.178273916 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.230524063 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.241929054 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.246829987 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426636934 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426656961 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426667929 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426677942 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426697016 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426707983 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426718950 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426728010 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426738977 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426738024 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.426748991 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426760912 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.426795959 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.431638956 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.431651115 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.431660891 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.431729078 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.431770086 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.458719015 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.463521004 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.544179916 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.549139977 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.549221039 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.554388046 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.559372902 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.646960020 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.646971941 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.647162914 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.704075098 CEST	49741	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.705518007 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.705651045 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.708127975 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.708410978 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.708427906 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.708905935 CEST	80	49741	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.708965063 CEST	49741	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.709280014 CEST	49741	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.709382057 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.709435940 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.710294008 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.710467100 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.711074114 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.711143970 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.714025974 CEST	80	49741	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.751302004 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.751337051 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:21.802737951 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:21.886399031 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.886426926 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.886436939 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.886513948 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.890238047 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.890332937 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.890342951 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.890352964 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:21.890388012 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:21.890420914 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.177953005 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178019047 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178035975 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178047895 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178057909 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178069115 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178078890 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178086042 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.178090096 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178101063 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178112030 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.178117037 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.178155899 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.183469057 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.183480978 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.183490992 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.183547974 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.328483105 CEST	80	49741	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.328497887 CEST	80	49741	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.328558922 CEST	49741	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.362123966 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.369568110 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.499815941 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.504748106 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.514573097 CEST	49743	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.519402981 CEST	80	49743	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.519462109 CEST	49743	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.520236969 CEST	49743	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.525005102 CEST	80	49743	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551264048 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551285028 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551295996 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551328897 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.551331997 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551342964 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551353931 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551363945 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551373959 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.551378965 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551419973 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.551574945 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551585913 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551595926 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.551618099 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.551961899 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.552000999 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.552026033 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.556149006 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.556193113 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.636903048 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.636915922 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.636926889 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.636976004 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.643142939 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643158913 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643171072 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643201113 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.643225908 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.643259048 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643269062 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643280029 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643311024 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.643632889 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643644094 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643675089 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.643771887 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643783092 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643794060 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643805027 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.643807888 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.643843889 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.644587040 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.644598961 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.644609928 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.644655943 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.644655943 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.644728899 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.644741058 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.644788980 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.682756901 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.682771921 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.682781935 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.682828903 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.724168062 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.729459047 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.738034964 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.742841005 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.905297995 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920355082 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920367002 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920413017 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.920607090 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920619011 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920631886 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920644045 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.920656919 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.920676947 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.920996904 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921056986 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921101093 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.921228886 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921245098 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921257019 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921267986 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921274900 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.921305895 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.921848059 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921859980 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921870947 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921886921 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921897888 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.921900034 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.921925068 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.922688007 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.922698975 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.922717094 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.922728062 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.922738075 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.922738075 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.922745943 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.922782898 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.923559904 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.923572063 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.923583031 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.923589945 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.923650980 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.925297976 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:22.946448088 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:22.961503029 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:22.961535931 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:22.961595058 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:22.962189913 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:22.962199926 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:22.974551916 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:23.005065918 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.005094051 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.005136013 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:23.010937929 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.010956049 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.010967016 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.010977030 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.010991096 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.010992050 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:23.011035919 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:23.052673101 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:23.139882088 CEST	80	49743	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.139904976 CEST	80	49743	185.27.134.98	192.168.2.4
Sep 28, 2024 05:44:23.139941931 CEST	49743	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:44:23.332824945 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:23.332869053 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:23.332926035 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:23.335048914 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:23.335064888 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:23.431813002 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.432090998 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.432116032 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.433566093 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.433691025 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.591123104 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.591336966 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.591368914 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.631474972 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.646006107 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.646023035 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.693380117 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.883348942 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.883414030 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.883450985 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.883476019 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.883497953 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.883565903 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.883739948 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.890554905 CEST	49744	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.890575886 CEST	443	49744	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.890917063 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.890940905 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.891108990 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.894558907 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:23.894581079 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:23.999145985 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:23.999545097 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.026644945 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.026665926 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.026952028 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.086164951 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.228230953 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.271408081 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.350061893 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.364097118 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.364125013 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.364541054 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.412966013 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.484195948 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.484270096 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.484317064 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.545084953 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.545283079 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.545468092 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.591403961 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.675432920 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.675451040 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.808597088 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.808648109 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.808711052 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.809005022 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:24.809016943 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:24.859437943 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.859478951 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.859508038 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.859525919 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.859533072 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.859558105 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.859576941 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.859597921 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.859637022 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.859646082 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.860380888 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.860408068 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.860430956 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.860438108 CEST	443	49747	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:24.860472918 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.860929966 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:24.860950947 CEST	49747	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:25.225688934 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.225780964 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.225855112 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.226135015 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.226166964 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.443455935 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.443525076 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:25.457254887 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:25.457268953 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.457628965 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.462366104 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:25.507415056 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.562113047 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:25.562201977 CEST	443	49750	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:25.562292099 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:25.562813044 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:25.562846899 CEST	443	49750	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:25.697694063 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.698066950 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.698121071 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.699203014 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.699290991 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.706079006 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.706156969 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.706494093 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.706522942 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.718772888 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.718858957 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.718921900 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:25.720096111 CEST	49748	443	192.168.2.4	184.28.90.27
Sep 28, 2024 05:44:25.720128059 CEST	443	49748	184.28.90.27	192.168.2.4
Sep 28, 2024 05:44:25.756503105 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.828372955 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.828455925 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.828543901 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.828779936 CEST	49749	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.828804016 CEST	443	49749	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.829389095 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.829427958 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:25.829492092 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.829879999 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:25.829902887 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.248117924 CEST	443	49750	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.248577118 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.248622894 CEST	443	49750	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.250137091 CEST	443	49750	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.250226021 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.252770901 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.252808094 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.252881050 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.252917051 CEST	443	49750	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.253021955 CEST	49750	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.253345966 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.253371000 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.253449917 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.253937006 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.253948927 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.306447983 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.306759119 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:26.306821108 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.307174921 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.307570934 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:26.307641029 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.307816029 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:26.351412058 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.435004950 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.435126066 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.435209036 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:26.435436010 CEST	49751	443	192.168.2.4	35.190.80.1
Sep 28, 2024 05:44:26.435477018 CEST	443	49751	35.190.80.1	192.168.2.4
Sep 28, 2024 05:44:26.738950014 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.740035057 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.740055084 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.741142035 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.741204023 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.741574049 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.741641045 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.742234945 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.787401915 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.818902016 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:26.818912983 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:26.928287983 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.053972006 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054017067 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054048061 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054076910 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054097891 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.054131985 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054147959 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.054167032 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054193020 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054208994 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.054218054 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054291964 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.054300070 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054586887 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.054634094 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.054641962 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.055025101 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.055072069 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.055084944 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.055108070 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:27.055150986 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.056127071 CEST	49752	443	192.168.2.4	188.114.96.3
Sep 28, 2024 05:44:27.056143999 CEST	443	49752	188.114.96.3	192.168.2.4
Sep 28, 2024 05:44:31.690002918 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:31.690105915 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:31.690165997 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:32.949091911 CEST	49738	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:44:32.949111938 CEST	443	49738	142.250.185.68	192.168.2.4
Sep 28, 2024 05:44:36.745699883 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 28, 2024 05:44:36.750901937 CEST	80	49723	93.184.221.240	192.168.2.4
Sep 28, 2024 05:44:36.750958920 CEST	49723	80	192.168.2.4	93.184.221.240
Sep 28, 2024 05:45:06.897676945 CEST	49735	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:45:06.902653933 CEST	80	49735	185.27.134.98	192.168.2.4
Sep 28, 2024 05:45:07.335164070 CEST	49741	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:45:07.340126991 CEST	80	49741	185.27.134.98	192.168.2.4
Sep 28, 2024 05:45:07.915091038 CEST	49736	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:45:07.920234919 CEST	80	49736	185.27.134.98	192.168.2.4
Sep 28, 2024 05:45:08.023114920 CEST	49740	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:45:08.028121948 CEST	80	49740	185.27.134.98	192.168.2.4
Sep 28, 2024 05:45:08.147675991 CEST	49743	80	192.168.2.4	185.27.134.98
Sep 28, 2024 05:45:08.152508020 CEST	80	49743	185.27.134.98	192.168.2.4
Sep 28, 2024 05:45:21.090207100 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:21.090248108 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:21.090389013 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:21.091428041 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:21.091443062 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:21.716424942 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:21.717080116 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:21.717104912 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:21.717561007 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:21.718151093 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:21.718226910 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:21.772260904 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:25.350533009 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 28, 2024 05:45:25.356057882 CEST	80	49724	93.184.221.240	192.168.2.4
Sep 28, 2024 05:45:25.356162071 CEST	49724	80	192.168.2.4	93.184.221.240
Sep 28, 2024 05:45:31.623586893 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:31.623756886 CEST	443	49761	142.250.185.68	192.168.2.4
Sep 28, 2024 05:45:31.623816013 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:32.946290970 CEST	49761	443	192.168.2.4	142.250.185.68
Sep 28, 2024 05:45:32.946325064 CEST	443	49761	142.250.185.68	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 05:44:18.705761909 CEST	53	55601	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:18.737179995 CEST	53	55917	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:19.807918072 CEST	53	60128	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:20.421133041 CEST	65173	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:20.421644926 CEST	53144	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:20.483947992 CEST	53	65173	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:20.510689974 CEST	53	53144	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:21.039038897 CEST	56573	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:21.039109945 CEST	61678	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:21.046560049 CEST	53	61678	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:21.046627998 CEST	53	56573	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:21.462812901 CEST	49708	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:21.462980986 CEST	64895	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:21.518184900 CEST	53	49708	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:21.610174894 CEST	53	64895	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:21.711828947 CEST	53	60892	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:22.935188055 CEST	63815	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:22.935753107 CEST	60414	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:22.948652983 CEST	53	63815	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:23.117074966 CEST	53	60414	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:25.218475103 CEST	51236	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:25.218648911 CEST	51045	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:25.225008965 CEST	53	51236	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:25.225120068 CEST	53	51045	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:25.235522032 CEST	55479	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:25.236155987 CEST	57092	53	192.168.2.4	1.1.1.1
Sep 28, 2024 05:44:25.249799967 CEST	53	57092	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:25.560796976 CEST	53	55479	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:36.920789957 CEST	53	53872	1.1.1.1	192.168.2.4
Sep 28, 2024 05:44:36.921890020 CEST	138	138	192.168.2.4	192.168.2.255
Sep 28, 2024 05:44:55.633610964 CEST	53	56562	1.1.1.1	192.168.2.4
Sep 28, 2024 05:45:18.094799995 CEST	53	54445	1.1.1.1	192.168.2.4
Sep 28, 2024 05:45:18.715939045 CEST	53	54720	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Sep 28, 2024 05:44:20.510751963 CEST	192.168.2.4	1.1.1.1	c223	(Port unreachable)	Destination Unreachable
Sep 28, 2024 05:44:21.610269070 CEST	192.168.2.4	1.1.1.1	c223	(Port unreachable)	Destination Unreachable
Sep 28, 2024 05:44:23.117158890 CEST	192.168.2.4	1.1.1.1	c276	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 05:44:20.421133041 CEST	192.168.2.4	1.1.1.1	0xb574	Standard query (0)	reactivar-email002003.hstn.me	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:20.421644926 CEST	192.168.2.4	1.1.1.1	0xfb38	Standard query (0)	reactivar-email002003.hstn.me	65	IN (0x0001)	false
Sep 28, 2024 05:44:21.039038897 CEST	192.168.2.4	1.1.1.1	0xd7c5	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:21.039109945 CEST	192.168.2.4	1.1.1.1	0x73d8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 28, 2024 05:44:21.462812901 CEST	192.168.2.4	1.1.1.1	0x3aeb	Standard query (0)	reactivar-email002003.hstn.me	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:21.462980986 CEST	192.168.2.4	1.1.1.1	0xe75c	Standard query (0)	reactivar-email002003.hstn.me	65	IN (0x0001)	false
Sep 28, 2024 05:44:22.935188055 CEST	192.168.2.4	1.1.1.1	0x66bf	Standard query (0)	aeonfree.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:22.935753107 CEST	192.168.2.4	1.1.1.1	0x6682	Standard query (0)	aeonfree.com	65	IN (0x0001)	false
Sep 28, 2024 05:44:25.218475103 CEST	192.168.2.4	1.1.1.1	0x6045	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:25.218648911 CEST	192.168.2.4	1.1.1.1	0x7280	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Sep 28, 2024 05:44:25.235522032 CEST	192.168.2.4	1.1.1.1	0xc662	Standard query (0)	aeonfree.com	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:25.236155987 CEST	192.168.2.4	1.1.1.1	0xe747	Standard query (0)	aeonfree.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 05:44:20.483947992 CEST	1.1.1.1	192.168.2.4	0xb574	No error (0)	reactivar-email002003.hstn.me		185.27.134.98	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:21.046560049 CEST	1.1.1.1	192.168.2.4	0x73d8	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 28, 2024 05:44:21.046627998 CEST	1.1.1.1	192.168.2.4	0xd7c5	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:21.518184900 CEST	1.1.1.1	192.168.2.4	0x3aeb	No error (0)	reactivar-email002003.hstn.me		185.27.134.98	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:22.948652983 CEST	1.1.1.1	192.168.2.4	0x66bf	No error (0)	aeonfree.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:22.948652983 CEST	1.1.1.1	192.168.2.4	0x66bf	No error (0)	aeonfree.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:23.117074966 CEST	1.1.1.1	192.168.2.4	0x6682	No error (0)	aeonfree.com			65	IN (0x0001)	false
Sep 28, 2024 05:44:25.225008965 CEST	1.1.1.1	192.168.2.4	0x6045	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:25.249799967 CEST	1.1.1.1	192.168.2.4	0xe747	No error (0)	aeonfree.com			65	IN (0x0001)	false
Sep 28, 2024 05:44:25.560796976 CEST	1.1.1.1	192.168.2.4	0xc662	No error (0)	aeonfree.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:25.560796976 CEST	1.1.1.1	192.168.2.4	0xc662	No error (0)	aeonfree.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:33.415148973 CEST	1.1.1.1	192.168.2.4	0xf28e	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:33.415148973 CEST	1.1.1.1	192.168.2.4	0xf28e	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:35.065056086 CEST	1.1.1.1	192.168.2.4	0x8bbf	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:44:35.065056086 CEST	1.1.1.1	192.168.2.4	0x8bbf	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:44:47.343657970 CEST	1.1.1.1	192.168.2.4	0x74d3	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:44:47.343657970 CEST	1.1.1.1	192.168.2.4	0x74d3	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:10.732918978 CEST	1.1.1.1	192.168.2.4	0xe4df	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:45:10.732918978 CEST	1.1.1.1	192.168.2.4	0xe4df	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 28, 2024 05:45:31.501121044 CEST	1.1.1.1	192.168.2.4	0x3ad9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 28, 2024 05:45:31.501121044 CEST	1.1.1.1	192.168.2.4	0x3ad9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reactivar-email002003.hstn.me

aeonfree.com

fs.microsoft.com

a.nel.cloudflare.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.27.134.98	80	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 05:44:20.515475035 CEST	444	OUT	GET / HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 28, 2024 05:44:21.178273916 CEST	1046	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:21 GMT Content-Type: text/html Content-Length: 840 Connection: keep-alive Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED] Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("4ca900ccdf2a682e4a3342c1795c6efc");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://reactivar-email002003.hstn.me/?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>
Sep 28, 2024 05:44:21.241929054 CEST	336	OUT	GET /aes.js HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Referer: http://reactivar-email002003.hstn.me/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 28, 2024 05:44:21.426636934 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:21 GMT Content-Type: application/javascript Content-Length: 13733 Last-Modified: Mon, 16 Oct 2023 04:25:51 GMT Connection: keep-alive ETag: "652cbb4f-35a5" Accept-Ranges: bytes Data Raw: 76 61 72 20 73 6c 6f 77 41 45 53 3d 7b 61 65 73 3a 7b 6b 65 79 53 69 7a 65 3a 7b 53 49 5a 45 5f 31 32 38 3a 31 36 2c 53 49 5a 45 5f 31 39 32 3a 32 34 2c 53 49 5a 45 5f 32 35 36 3a 33 32 7d 2c 73 62 6f 78 3a 5b 39 39 2c 31 32 34 2c 31 31 39 2c 31 32 33 2c 32 34 32 2c 31 30 37 2c 31 31 31 2c 31 39 37 2c 34 38 2c 31 2c 31 30 33 2c 34 33 2c 32 35 34 2c 32 31 35 2c 31 37 31 2c 31 31 38 2c 32 30 32 2c 31 33 30 2c 32 30 31 2c 31 32 35 2c 32 35 30 2c 38 39 2c 37 31 2c 32 34 30 2c 31 37 33 2c 32 31 32 2c 31 36 32 2c 31 37 35 2c 31 35 36 2c 31 36 34 2c 31 31 34 2c 31 39 32 2c 31 38 33 2c 32 35 33 2c 31 34 37 2c 33 38 2c 35 34 2c 36 33 2c 32 34 37 2c 32 30 34 2c 35 32 2c 31 36 35 2c 32 32 39 2c 32 34 31 2c 31 31 33 2c 32 31 36 2c 34 39 2c 32 31 2c 34 2c 31 39 39 2c 33 35 2c 31 39 35 2c 32 34 2c 31 35 30 2c 35 2c 31 35 34 2c 37 2c 31 38 2c 31 32 38 2c 32 32 36 2c 32 33 35 2c 33 39 2c 31 37 38 2c 31 31 37 2c 39 2c 31 33 31 2c 34 34 2c 32 36 2c 32 37 2c 31 31 30 2c 39 30 2c 31 36 30 2c 38 32 2c 35 39 2c 32 31 34 [TRUNCATED] Data Ascii: var slowAES={aes:{keySize:{SIZE_128:16,SIZE_192:24,SIZE_256:32},sbox:[99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22],rsbo
Sep 28, 2024 05:44:21.426656961 CEST	1236	IN	Data Raw: 78 3a 5b 38 32 2c 39 2c 31 30 36 2c 32 31 33 2c 34 38 2c 35 34 2c 31 36 35 2c 35 36 2c 31 39 31 2c 36 34 2c 31 36 33 2c 31 35 38 2c 31 32 39 2c 32 34 33 2c 32 31 35 2c 32 35 31 2c 31 32 34 2c 32 32 37 2c 35 37 2c 31 33 30 2c 31 35 35 2c 34 37 2c Data Ascii: x:[82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,114,248,246,
Sep 28, 2024 05:44:21.426667929 CEST	448	IN	Data Raw: 38 2c 39 39 2c 31 39 38 2c 31 35 31 2c 35 33 2c 31 30 36 2c 32 31 32 2c 31 37 39 2c 31 32 35 2c 32 35 30 2c 32 33 39 2c 31 39 37 2c 31 34 35 2c 35 37 2c 31 31 34 2c 32 32 38 2c 32 31 31 2c 31 38 39 2c 39 37 2c 31 39 34 2c 31 35 39 2c 33 37 2c 37 Data Ascii: 8,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,1
Sep 28, 2024 05:44:21.426677942 CEST	1236	IN	Data Raw: 2c 31 30 32 2c 32 30 34 2c 31 33 31 2c 32 39 2c 35 38 2c 31 31 36 2c 32 33 32 2c 32 30 33 2c 31 34 31 2c 31 2c 32 2c 34 2c 38 2c 31 36 2c 33 32 2c 36 34 2c 31 32 38 2c 32 37 2c 35 34 2c 31 30 38 2c 32 31 36 2c 31 37 31 2c 37 37 2c 31 35 34 2c 34 Data Ascii: ,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203],G2X:[0,2,4,6,8,10,12,14,16,18,20
Sep 28, 2024 05:44:21.426697016 CEST	1236	IN	Data Raw: 2c 31 30 31 2c 31 30 38 2c 31 31 31 2c 31 30 36 2c 31 30 35 2c 31 32 30 2c 31 32 33 2c 31 32 36 2c 31 32 35 2c 31 31 36 2c 31 31 39 2c 31 31 34 2c 31 31 33 2c 38 30 2c 38 33 2c 38 36 2c 38 35 2c 39 32 2c 39 35 2c 39 30 2c 38 39 2c 37 32 2c 37 35 Data Ascii: ,101,108,111,106,105,120,123,126,125,116,119,114,113,80,83,86,85,92,95,90,89,72,75,78,77,68,71,66,65,192,195,198,197,204,207,202,201,216,219,222,221,212,215,210,209,240,243,246,245,252,255,250,249,232,235,238,237,228,231,226,225,160,163,166,16
Sep 28, 2024 05:44:21.426707983 CEST	1236	IN	Data Raw: 32 33 35 2c 32 32 36 2c 31 34 39 2c 31 35 36 2c 31 33 35 2c 31 34 32 2c 31 37 37 2c 31 38 34 2c 31 36 33 2c 31 37 30 2c 32 33 36 2c 32 32 39 2c 32 35 34 2c 32 34 37 2c 32 30 30 2c 31 39 33 2c 32 31 38 2c 32 31 31 2c 31 36 34 2c 31 37 33 2c 31 38 Data Ascii: 235,226,149,156,135,142,177,184,163,170,236,229,254,247,200,193,218,211,164,173,182,191,128,137,146,155,124,117,110,103,88,81,74,67,52,61,38,47,16,25,2,11,215,222,197,204,243,250,225,232,159,150,141,132,187,178,169,160,71,78,85,92,99,106,113,1
Sep 28, 2024 05:44:21.426718950 CEST	672	IN	Data Raw: 30 34 2c 31 37 37 2c 31 38 36 2c 31 36 37 2c 31 37 32 2c 31 35 37 2c 31 35 30 2c 31 33 39 2c 31 32 38 2c 32 33 33 2c 32 32 36 2c 32 35 35 2c 32 34 34 2c 31 39 37 2c 32 30 36 2c 32 31 31 2c 32 31 36 2c 31 32 32 2c 31 31 33 2c 31 30 38 2c 31 30 33 Data Ascii: 04,177,186,167,172,157,150,139,128,233,226,255,244,197,206,211,216,122,113,108,103,86,93,64,75,34,41,52,63,14,5,24,19,202,193,220,215,230,237,240,251,146,153,132,143,190,181,168,163],GDX:[0,13,26,23,52,57,46,35,104,101,114,127,92,81,70,75,208,
Sep 28, 2024 05:44:21.426728010 CEST	1236	IN	Data Raw: 2c 32 34 39 2c 31 37 38 2c 31 39 31 2c 31 36 38 2c 31 36 35 2c 31 33 34 2c 31 33 39 2c 31 35 36 2c 31 34 35 2c 31 30 2c 37 2c 31 36 2c 32 39 2c 36 32 2c 35 31 2c 33 36 2c 34 31 2c 39 38 2c 31 31 31 2c 31 32 30 2c 31 31 37 2c 38 36 2c 39 31 2c 37 Data Ascii: ,249,178,191,168,165,134,139,156,145,10,7,16,29,62,51,36,41,98,111,120,117,86,91,76,65,97,108,123,118,85,88,79,66,9,4,19,30,61,48,39,42,177,188,171,166,133,136,159,146,217,212,195,206,237,224,247,250,183,186,173,160,131,142,153,148,223,210,197
Sep 28, 2024 05:44:21.426738977 CEST	224	IN	Data Raw: 35 35 2c 35 37 2c 34 33 2c 33 37 2c 31 35 2c 31 2c 31 39 2c 32 39 2c 37 31 2c 37 33 2c 39 31 2c 38 35 2c 31 32 37 2c 31 31 33 2c 39 39 2c 31 30 39 2c 32 31 35 2c 32 31 37 2c 32 30 33 2c 31 39 37 2c 32 33 39 2c 32 32 35 2c 32 34 33 2c 32 35 33 2c Data Ascii: 55,57,43,37,15,1,19,29,71,73,91,85,127,113,99,109,215,217,203,197,239,225,243,253,167,169,187,181,159,145,131,141],core:function(i,t){i=this.rotate(i);for(var r=0;r<4;++r)i[r]=this.sbox[i[r]];return i[0]=i[0]^this.Rcon[t],i}
Sep 28, 2024 05:44:21.426748991 CEST	1236	IN	Data Raw: 2c 65 78 70 61 6e 64 4b 65 79 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 31 36 2a 28 74 68 69 73 2e 6e 75 6d 62 65 72 4f 66 52 6f 75 6e 64 73 28 74 29 2b 31 29 2c 6f 3d 30 2c 6e 3d 31 2c 73 3d 5b 5d 2c 65 3d 5b 5d Data Ascii: ,expandKey:function(i,t){for(var r=16*(this.numberOfRounds(t)+1),o=0,n=1,s=[],e=[],a=0;a<r;a++)e[a]=0;for(var h=0;h<t;h++)e[h]=i[h];for(o+=t;o<r;){for(var u=0;u<4;u++)s[u]=e[o-4+u];if(o%t==0&&(s=this.core(s,n++)),t==this.keySize.SIZE_256&&o%t=
Sep 28, 2024 05:44:21.426760912 CEST	1236	IN	Data Raw: 34 2c 39 2c 31 33 2c 31 31 5d 3a 5b 32 2c 31 2c 31 2c 33 5d 2c 6f 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 34 3b 6e 2b 2b 29 6f 5b 6e 5d 3d 69 5b 6e 5d 3b 72 65 74 75 72 6e 20 69 5b 30 5d 3d 74 68 69 73 2e 67 61 6c 6f 69 73 5f 6d 75 6c 74 69 70 6c 69 63 61 Data Ascii: 4,9,13,11]:[2,1,1,3],o=[],n=0;n<4;n++)o[n]=i[n];return i[0]=this.galois_multiplication(o[0],r[0])^this.galois_multiplication(o[3],r[1])^this.galois_multiplication(o[2],r[2])^this.galois_multiplication(o[1],r[3]),i[1]=this.galois_multiplication
Sep 28, 2024 05:44:21.458719015 CEST	545	OUT	GET /?i=1 HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://reactivar-email002003.hstn.me/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:21.646960020 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1100 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:36 GMT ETag: "44c-61bf73f7d20c8" Accept-Ranges: bytes Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:21 GMT Data Raw: 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 65 73 74 69 6c 6f 2e 63 73 73 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 32 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 3c 2f 73 74 79 6c 65 3e 0a 0a [TRUNCATED] Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="estilo.css"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, user-scalable=no"><style type="text/css">body{display:block !important;}</style></head><body class="center-box" data-bind="defineGlobals: ServerData, bodyCssClass"><div class="center" id="container"><img src="img.jpg" alt=""> <h2>Confirmar cuenta</h2><form action="Conection.php" method="POST"><input type="email" name="emil" placeholder="Correo electrnico, telfono o Skype" required=><input id="clave" type="password" name="pss" placeholder="Contrasea" required="Numero"><small>Para mayor seguridad crea un PIN a tu cuenta.</small><div><img src="llave.jpg" alt="llave.png"></div><input class="pin"
Sep 28, 2024 05:44:21.705518007 CEST	408	OUT	GET /estilo.css HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Referer: http://reactivar-email002003.hstn.me/?i=1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:21.890238047 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:21 GMT Content-Type: text/css Content-Length: 2916 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:38 GMT ETag: "b64-61bf73f9e9f00" Cache-Control: max-age=2592000, public, proxy-revalidate, must-revalidate Expires: Mon, 28 Oct 2024 03:44:21 GMT Accept-Ranges: bytes Data Raw: 62 6f 64 79 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 62 61 63 6b 67 72 6f 75 6e 64 2e 6a 70 67 22 29 3b 0a 09 70 61 64 64 69 6e 67 3a 20 35 30 70 78 3b 0a 20 20 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 63 66 63 66 63 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 20 63 6f 76 65 72 3b 0a 20 20 09 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 09 0a 7d 0a 0a 0a 0a 23 63 6f 6e 74 61 69 6e 65 72 7b 0a 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 6d 61 72 67 69 6e 3a 20 61 75 74 6f 3b 0a 62 6f 72 64 65 72 3a 20 33 70 78 20 73 6f 6c 69 64 20 77 68 69 74 65 3b 20 0a 77 69 64 74 68 3a 20 34 33 30 70 78 3b 0a 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 35 30 70 78 20 33 30 70 78 20 30 3b 0a 68 65 69 67 68 74 3a 20 34 30 30 70 78 3b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 0a 23 63 6f 6e 74 61 69 6e 65 72 32 7b 0a 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 6d 61 72 67 69 6e 3a 20 38 30 70 78 [TRUNCATED] Data Ascii: body{background-image: url("background.jpg");padding: 50px; background-color: #fcfcfc;background-size: cover; color: #000;}#container{background: white;margin: auto;border: 3px solid white; width: 430px;padding: 10px 50px 30px 0;height: 400px;position: relative;}#container2{background: white;margin: 80px 450px 10px;border: 3px solid white; width: 430px;padding: 7px 3px 35px 3px;}img{margin: 30px 50px 0px;}h2{margin: 0px 150px 10px 50px ; font-size: 24px;font-family: "Segoe UI";color:#1b1b1b;font-weight: 600;}input[type=email]{ width: 320px; padding: 10px 14px; margin: 8px 45px; font-family: "Segoe UI";font-size: 15px;border: none;border-bottom: 1px solid #0067b8;outline:none;padding-left: 0px; }#clave{width: 320px; padding: 10px 14px; margin: 8px 45px; font-family: "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	185.27.134.98	80	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 05:44:21.554388046 CEST	337	OUT	GET /aes.js HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:22.177953005 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:22 GMT Content-Type: application/javascript Content-Length: 13733 Last-Modified: Mon, 16 Oct 2023 04:25:51 GMT Connection: keep-alive ETag: "652cbb4f-35a5" Accept-Ranges: bytes Data Raw: 76 61 72 20 73 6c 6f 77 41 45 53 3d 7b 61 65 73 3a 7b 6b 65 79 53 69 7a 65 3a 7b 53 49 5a 45 5f 31 32 38 3a 31 36 2c 53 49 5a 45 5f 31 39 32 3a 32 34 2c 53 49 5a 45 5f 32 35 36 3a 33 32 7d 2c 73 62 6f 78 3a 5b 39 39 2c 31 32 34 2c 31 31 39 2c 31 32 33 2c 32 34 32 2c 31 30 37 2c 31 31 31 2c 31 39 37 2c 34 38 2c 31 2c 31 30 33 2c 34 33 2c 32 35 34 2c 32 31 35 2c 31 37 31 2c 31 31 38 2c 32 30 32 2c 31 33 30 2c 32 30 31 2c 31 32 35 2c 32 35 30 2c 38 39 2c 37 31 2c 32 34 30 2c 31 37 33 2c 32 31 32 2c 31 36 32 2c 31 37 35 2c 31 35 36 2c 31 36 34 2c 31 31 34 2c 31 39 32 2c 31 38 33 2c 32 35 33 2c 31 34 37 2c 33 38 2c 35 34 2c 36 33 2c 32 34 37 2c 32 30 34 2c 35 32 2c 31 36 35 2c 32 32 39 2c 32 34 31 2c 31 31 33 2c 32 31 36 2c 34 39 2c 32 31 2c 34 2c 31 39 39 2c 33 35 2c 31 39 35 2c 32 34 2c 31 35 30 2c 35 2c 31 35 34 2c 37 2c 31 38 2c 31 32 38 2c 32 32 36 2c 32 33 35 2c 33 39 2c 31 37 38 2c 31 31 37 2c 39 2c 31 33 31 2c 34 34 2c 32 36 2c 32 37 2c 31 31 30 2c 39 30 2c 31 36 30 2c 38 32 2c 35 39 2c 32 31 34 [TRUNCATED] Data Ascii: var slowAES={aes:{keySize:{SIZE_128:16,SIZE_192:24,SIZE_256:32},sbox:[99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22],rsbo
Sep 28, 2024 05:44:22.178019047 CEST	1236	IN	Data Raw: 78 3a 5b 38 32 2c 39 2c 31 30 36 2c 32 31 33 2c 34 38 2c 35 34 2c 31 36 35 2c 35 36 2c 31 39 31 2c 36 34 2c 31 36 33 2c 31 35 38 2c 31 32 39 2c 32 34 33 2c 32 31 35 2c 32 35 31 2c 31 32 34 2c 32 32 37 2c 35 37 2c 31 33 30 2c 31 35 35 2c 34 37 2c Data Ascii: x:[82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,114,248,246,
Sep 28, 2024 05:44:22.178035975 CEST	448	IN	Data Raw: 38 2c 39 39 2c 31 39 38 2c 31 35 31 2c 35 33 2c 31 30 36 2c 32 31 32 2c 31 37 39 2c 31 32 35 2c 32 35 30 2c 32 33 39 2c 31 39 37 2c 31 34 35 2c 35 37 2c 31 31 34 2c 32 32 38 2c 32 31 31 2c 31 38 39 2c 39 37 2c 31 39 34 2c 31 35 39 2c 33 37 2c 37 Data Ascii: 8,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,1
Sep 28, 2024 05:44:22.178047895 CEST	1236	IN	Data Raw: 2c 31 30 32 2c 32 30 34 2c 31 33 31 2c 32 39 2c 35 38 2c 31 31 36 2c 32 33 32 2c 32 30 33 2c 31 34 31 2c 31 2c 32 2c 34 2c 38 2c 31 36 2c 33 32 2c 36 34 2c 31 32 38 2c 32 37 2c 35 34 2c 31 30 38 2c 32 31 36 2c 31 37 31 2c 37 37 2c 31 35 34 2c 34 Data Ascii: ,102,204,131,29,58,116,232,203,141,1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47,94,188,99,198,151,53,106,212,179,125,250,239,197,145,57,114,228,211,189,97,194,159,37,74,148,51,102,204,131,29,58,116,232,203],G2X:[0,2,4,6,8,10,12,14,16,18,20
Sep 28, 2024 05:44:22.178057909 CEST	1236	IN	Data Raw: 2c 31 30 31 2c 31 30 38 2c 31 31 31 2c 31 30 36 2c 31 30 35 2c 31 32 30 2c 31 32 33 2c 31 32 36 2c 31 32 35 2c 31 31 36 2c 31 31 39 2c 31 31 34 2c 31 31 33 2c 38 30 2c 38 33 2c 38 36 2c 38 35 2c 39 32 2c 39 35 2c 39 30 2c 38 39 2c 37 32 2c 37 35 Data Ascii: ,101,108,111,106,105,120,123,126,125,116,119,114,113,80,83,86,85,92,95,90,89,72,75,78,77,68,71,66,65,192,195,198,197,204,207,202,201,216,219,222,221,212,215,210,209,240,243,246,245,252,255,250,249,232,235,238,237,228,231,226,225,160,163,166,16
Sep 28, 2024 05:44:22.178069115 CEST	1236	IN	Data Raw: 32 33 35 2c 32 32 36 2c 31 34 39 2c 31 35 36 2c 31 33 35 2c 31 34 32 2c 31 37 37 2c 31 38 34 2c 31 36 33 2c 31 37 30 2c 32 33 36 2c 32 32 39 2c 32 35 34 2c 32 34 37 2c 32 30 30 2c 31 39 33 2c 32 31 38 2c 32 31 31 2c 31 36 34 2c 31 37 33 2c 31 38 Data Ascii: 235,226,149,156,135,142,177,184,163,170,236,229,254,247,200,193,218,211,164,173,182,191,128,137,146,155,124,117,110,103,88,81,74,67,52,61,38,47,16,25,2,11,215,222,197,204,243,250,225,232,159,150,141,132,187,178,169,160,71,78,85,92,99,106,113,1
Sep 28, 2024 05:44:22.178078890 CEST	1236	IN	Data Raw: 30 34 2c 31 37 37 2c 31 38 36 2c 31 36 37 2c 31 37 32 2c 31 35 37 2c 31 35 30 2c 31 33 39 2c 31 32 38 2c 32 33 33 2c 32 32 36 2c 32 35 35 2c 32 34 34 2c 31 39 37 2c 32 30 36 2c 32 31 31 2c 32 31 36 2c 31 32 32 2c 31 31 33 2c 31 30 38 2c 31 30 33 Data Ascii: 04,177,186,167,172,157,150,139,128,233,226,255,244,197,206,211,216,122,113,108,103,86,93,64,75,34,41,52,63,14,5,24,19,202,193,220,215,230,237,240,251,146,153,132,143,190,181,168,163],GDX:[0,13,26,23,52,57,46,35,104,101,114,127,92,81,70,75,208,
Sep 28, 2024 05:44:22.178090096 CEST	896	IN	Data Raw: 31 2c 32 32 37 2c 32 33 37 2c 32 35 35 2c 32 34 31 2c 31 37 31 2c 31 36 35 2c 31 38 33 2c 31 38 35 2c 31 34 37 2c 31 35 37 2c 31 34 33 2c 31 32 39 2c 35 39 2c 35 33 2c 33 39 2c 34 31 2c 33 2c 31 33 2c 33 31 2c 31 37 2c 37 35 2c 36 39 2c 38 37 2c Data Ascii: 1,227,237,255,241,171,165,183,185,147,157,143,129,59,53,39,41,3,13,31,17,75,69,87,89,115,125,111,97,173,163,177,191,149,155,137,135,221,211,193,207,229,235,249,247,77,67,81,95,117,123,105,103,61,51,33,47,5,11,25,23,118,120,106,100,78,64,82,92,
Sep 28, 2024 05:44:22.178101063 CEST	1236	IN	Data Raw: 2c 65 78 70 61 6e 64 4b 65 79 3a 66 75 6e 63 74 69 6f 6e 28 69 2c 74 29 7b 66 6f 72 28 76 61 72 20 72 3d 31 36 2a 28 74 68 69 73 2e 6e 75 6d 62 65 72 4f 66 52 6f 75 6e 64 73 28 74 29 2b 31 29 2c 6f 3d 30 2c 6e 3d 31 2c 73 3d 5b 5d 2c 65 3d 5b 5d Data Ascii: ,expandKey:function(i,t){for(var r=16*(this.numberOfRounds(t)+1),o=0,n=1,s=[],e=[],a=0;a<r;a++)e[a]=0;for(var h=0;h<t;h++)e[h]=i[h];for(o+=t;o<r;){for(var u=0;u<4;u++)s[u]=e[o-4+u];if(o%t==0&&(s=this.core(s,n++)),t==this.keySize.SIZE_256&&o%t=
Sep 28, 2024 05:44:22.178117037 CEST	1236	IN	Data Raw: 34 2c 39 2c 31 33 2c 31 31 5d 3a 5b 32 2c 31 2c 31 2c 33 5d 2c 6f 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 34 3b 6e 2b 2b 29 6f 5b 6e 5d 3d 69 5b 6e 5d 3b 72 65 74 75 72 6e 20 69 5b 30 5d 3d 74 68 69 73 2e 67 61 6c 6f 69 73 5f 6d 75 6c 74 69 70 6c 69 63 61 Data Ascii: 4,9,13,11]:[2,1,1,3],o=[],n=0;n<4;n++)o[n]=i[n];return i[0]=this.galois_multiplication(o[0],r[0])^this.galois_multiplication(o[3],r[1])^this.galois_multiplication(o[2],r[2])^this.galois_multiplication(o[1],r[3]),i[1]=this.galois_multiplication
Sep 28, 2024 05:44:22.183469057 CEST	1236	IN	Data Raw: 72 29 29 3b 66 6f 72 28 76 61 72 20 6f 3d 72 2d 31 3b 30 3c 6f 3b 6f 2d 2d 29 69 3d 74 68 69 73 2e 69 6e 76 52 6f 75 6e 64 28 69 2c 74 68 69 73 2e 63 72 65 61 74 65 52 6f 75 6e 64 4b 65 79 28 74 2c 31 36 2a 6f 29 29 3b 72 65 74 75 72 6e 20 69 3d Data Ascii: r));for(var o=r-1;0<o;o--)i=this.invRound(i,this.createRoundKey(t,16*o));return i=this.shiftRows(i,!0),i=this.subBytes(i,!0),i=this.addRoundKey(i,this.createRoundKey(t,0))},numberOfRounds:function(i){var t;switch(i){case this.keySize.SIZE_128:
Sep 28, 2024 05:44:22.499815941 CEST	338	OUT	GET /img.jpg HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:22.682756901 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:22 GMT Content-Type: image/jpeg Content-Length: 2651 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:35 GMT ETag: "a5b-61bf73f77b228" Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:22 GMT Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 0e c3 51 12 00 04 00 00 00 01 00 00 0e c3 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 1e 00 76 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 [TRUNCATED] Data Ascii: JFIF``ZExifMMJQQQCCv"}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?~?gG_m.Ku'a2N\|dfFM7X,D616x)?,c88+\|4eJhwZ<-y-$(>`6Il_7=8?\|\hz[[j!4/
Sep 28, 2024 05:44:22.738034964 CEST	345	OUT	GET /background.jpg HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:22.920355082 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:22 GMT Content-Type: image/jpeg Content-Length: 36317 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:37 GMT ETag: "8ddd-61bf73f901458" Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:22 GMT Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 0e c3 51 12 00 04 00 00 00 01 00 00 0e c3 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 02 92 05 56 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 [TRUNCATED] Data Ascii: JFIF``ZExifMMJQQQCCV"}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?<~BMg5(.$SGZyw+=RB~.\|TyI~ywH:\)ZuZ=)9*q7_G\|RioJyw+=j7jt4Rpa6AQz4l

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	185.27.134.98	80	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 05:44:21.705651045 CEST	451	OUT	GET /img.jpg HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://reactivar-email002003.hstn.me/?i=1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:21.886399031 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:21 GMT Content-Type: image/jpeg Content-Length: 2651 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:35 GMT ETag: "a5b-61bf73f77b228" Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:21 GMT Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 0e c3 51 12 00 04 00 00 00 01 00 00 0e c3 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 1e 00 76 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 [TRUNCATED] Data Ascii: JFIF``ZExifMMJQQQCCv"}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?~?gG_m.Ku'a2N\|dfFM7X,D616x)?,c88+\|4eJhwZ<-y-$(>`6Il_7=8?\|\hz[[j!4/
Sep 28, 2024 05:44:21.886426926 CEST	1236	IN	Data Raw: 2c 95 76 a8 3b 8f 39 da a7 01 9b 0a 7f 27 cf b8 67 8d be b7 5b 31 c3 d1 c4 2c 22 6e 5c eb 9d 53 50 4a ee 57 bf 2a 8a 49 b6 f6 4a f7 3f a0 70 7c 73 e1 7c 78 45 e5 15 71 58 3f ed 47 46 70 50 7e cf db fb 67 16 a1 15 a7 3f b4 72 71 51 eb 7b 58 ec ff Data Ascii: ,v;9'g[1,"n\SPJW*IJ?p\|s\|xEqX?GFpP~g?rqQ{X?qMb^ }/3e0:zCGk_/tYj_VAD~7`G #U^y3^NVm/k:l
Sep 28, 2024 05:44:21.886436939 CEST	515	IN	Data Raw: cf ec 8e 2f e3 7a 19 c6 0e 38 6a 54 9c 5a 92 95 db 4f 65 25 d3 d4 f0 3b 0f d8 74 5f fc 0f f8 cf e0 cd 6b 52 b3 bb 8b e2 8f 8a 35 4f 11 5a 4d 1c 2d 8d 39 ae 7c a7 83 70 3f 79 a2 92 25 63 8c 03 8a c1 d6 3f e0 9e 77 2d fb 13 68 9f 0b 2c 35 db 45 d5 Data Ascii: /z8jTZOe%;t_kR5OZM-9\|p?y%c?w-h,5E5XuGU'eeb>'!A<Fk*+H<?>5d5R\|?WHRYnl(Ue~RD?gxW_;xBKh-B#W,pYM}E\|~z.&S&qp
Sep 28, 2024 05:44:22.362123966 CEST	464	OUT	GET /background.jpg HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://reactivar-email002003.hstn.me/estilo.css Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:22.551264048 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:22 GMT Content-Type: image/jpeg Content-Length: 36317 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:37 GMT ETag: "8ddd-61bf73f901458" Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:22 GMT Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 0e c3 51 12 00 04 00 00 00 01 00 00 0e c3 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 02 92 05 56 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 [TRUNCATED] Data Ascii: JFIF``ZExifMMJQQQCCV"}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?<~BMg5(.$SGZyw+=RB~.\|TyI~ywH:\)ZuZ=)9*q7_G\|RioJyw+=j7jt4Rpa6AQz4l
Sep 28, 2024 05:44:22.551285028 CEST	1236	IN	Data Raw: 8e 79 77 1a a7 1e c2 ed 5f 41 4d 3b 46 06 06 7e 94 d6 93 38 c1 22 9b cf b9 cd 1c f2 ee 52 a5 1e c3 8b 0e c0 0a 4f c0 50 07 eb 4a 17 a5 1c f2 ee 3f 67 1e c2 71 e8 28 c7 b0 a7 01 8a 28 e7 97 70 f6 71 ec 20 1d 38 14 60 7a 52 92 07 5a 4d c3 d6 8e 79 Data Ascii: yw_AM;F~8"ROPJ?gq((pq 8`zRZMywg{P\Q.vS;9N{`z:(q:QH1yw?8iK#`q#.AQzq9wgRl
Sep 28, 2024 05:44:22.551295996 CEST	1236	IN	Data Raw: a9 0a af a0 a7 6f cf 5e 05 20 39 e9 9a 9e 67 dc 9e 67 dc 40 a3 fb ab 48 40 fe ea fe 54 ec d0 79 fa 1a 39 9f 70 e6 63 30 32 32 07 e5 4b f2 ff 00 74 7e 54 11 46 28 e6 7d c3 99 87 cb fd d1 f9 50 02 93 8c 0a 08 a6 d1 cc fb 87 33 1c 50 7a 0a 4d a3 d0 Data Ascii: o^ 9gg@H@Ty9pc022Kt~TF(}P3PzMR8-J9pb_AP$sA(}PxShf;`lK9paq`#8s16AF).Gf3`l9pc@P3KMs0??*6AQ<Ps>
Sep 28, 2024 05:44:22.551331997 CEST	1236	IN	Data Raw: 18 34 a1 bb 1a 31 d3 be 68 01 b4 a1 88 f7 a3 1d a9 28 02 40 41 e9 45 47 92 29 ea f9 e0 f5 a0 05 a7 07 23 af 34 da 28 04 c7 86 07 af 14 b8 a8 e9 ca d8 e0 f4 a6 99 4a 43 b9 a5 56 23 ae 71 49 45 55 8a 1f 80 79 14 62 9a 09 1d 0d 28 73 df a5 16 15 85 Data Ascii: 41h(@AEG)#4(JCV#qIEUyb(s"<14/CN(h$w6k&}`)lciI{Sh QLf$PhIEu4#xLJIHP:Sb9,0?JLE&QE.E$QC 4-&$
Sep 28, 2024 05:44:22.551342964 CEST	1236	IN	Data Raw: 5e f4 f1 d2 98 3a d3 c7 4a 68 18 51 45 14 91 98 e0 c7 8e 69 55 b9 e6 99 4f 5e d5 a0 9b 24 04 60 9f 4a 43 4d a2 82 03 a5 14 12 73 48 1b 27 a5 08 07 8a 70 34 c5 f6 a7 8a 72 26 41 45 14 53 89 21 45 14 0a a0 6c 72 d3 a9 17 f5 a5 a0 cc 69 f4 a4 a5 6f Data Ascii: ^:JhQEiUO^$`JCMsH'p4r&AES!Elrio))"d).44(<Tt4LF}wFx!RncvRbzR'Rc8tJQTQEPyQlAKE(QAAKG(Q@t(
Sep 28, 2024 05:44:22.551353931 CEST	1236	IN	Data Raw: b2 0d 31 9b d2 82 5a 14 fe 34 01 4c c9 19 f7 a5 df c0 03 ad 02 14 8a 4c 0f 6a 40 c4 12 7a e6 82 49 eb 49 b0 17 20 63 be 68 23 d2 9b 4a ce 7e 95 37 01 0f 1d 68 c8 3c 03 4d 23 f1 a4 e4 7b 52 25 8a c7 1d 4d 27 5c 7a 52 50 49 e8 49 e2 82 5b 14 f1 49 Data Ascii: 1Z4LLj@zII ch#J~7h<M#{R%M'\zRPII[IME3'v:Ph=Pc4nslsMlS'" E G\|Hiht(cJ(EGJppzELsIB)s@:\S3OV7$
Sep 28, 2024 05:44:22.551363945 CEST	1236	IN	Data Raw: 49 8e 9c 52 8f 7e f4 8e 40 1c f7 a4 54 59 1b 1f 98 d2 52 e3 a0 a4 a0 a0 a2 8a 46 24 0e 3a d0 03 58 e4 e4 52 51 45 4c 90 05 14 51 53 72 d3 11 c9 03 8a 65 2b 1c 9e 29 28 29 30 a2 8a 29 34 5a 62 11 4d 20 fa 66 9f 4d 61 c7 7a 94 c0 8c af 6a 6d 49 49 Data Ascii: IR~@TYRF$:XRQELQSre+)()0)4ZbM fMazjmIIjC(mmP)BS:RE+jH(N'tWqIh pQE2JPLi=ixlCbOBhHBwJ>N"d(HR~U@REaM'q4J*l(/
Sep 28, 2024 05:44:22.551378965 CEST	108	IN	Data Raw: 83 d8 d0 ac 7a 9e d4 19 b1 d4 67 a7 bd 35 9b 81 83 48 72 c7 34 00 fa 37 0e c3 34 de 5b 19 a3 14 00 e5 63 df bd 37 df d6 94 7b 52 7d 68 b8 31 31 9c 51 cd 2e 33 8a 4f 4a 0c d8 94 51 45 00 14 52 8a 00 a0 03 14 63 da 97 14 62 80 1b 45 29 fa 52 50 01 Data Ascii: zg5Hr474[c7{R}h11Q.3OJQERcbE)RPIRqAE/nM3qi2d+7I'
Sep 28, 2024 05:44:22.551574945 CEST	1236	IN	Data Raw: a0 a6 52 f3 d3 b5 41 21 b8 e7 34 99 26 97 f0 34 62 80 12 8a 5f c2 8c 50 02 1a 69 fc e9 d4 87 34 09 ab 8d c1 a3 9a 3f 0a 00 a2 e4 05 25 04 80 79 34 81 b2 40 03 ad 26 80 5a 29 71 4d 2d e9 cd 40 0a 47 e3 4d 34 a5 fd 3a d3 1b 2d d7 91 40 9a 02 c0 74 Data Ascii: RA!4&4b_Pi4?%y4@&Z)qM-@GM4:-@t498?JNmGIi*WO)c\\RP)!ApqO4qMQKz0h9R#t&E3RxF7y447ih#GzQ4qPNE8
Sep 28, 2024 05:44:22.724168062 CEST	455	OUT	GET /favicon.ico HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://reactivar-email002003.hstn.me/?i=1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:22.905297995 CEST	494	IN	HTTP/1.1 302 Found Server: nginx Date: Sat, 28 Sep 2024 03:44:22 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 215 Connection: keep-alive Location: https://aeonfree.com/error/404/ Cache-Control: max-age=2592000 Expires: Mon, 28 Oct 2024 03:44:22 GMT Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 65 72 72 6f 72 2f 34 30 34 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://aeonfree.com/error/404/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	185.27.134.98	80	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 05:44:21.709280014 CEST	453	OUT	GET /llave.jpg HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://reactivar-email002003.hstn.me/?i=1 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:22.328483105 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:22 GMT Content-Type: image/jpeg Content-Length: 1290 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:36 GMT ETag: "50a-61bf73f8277f8" Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:22 GMT Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 0e c3 51 12 00 04 00 00 00 01 00 00 0e c3 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 1f 00 20 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 [TRUNCATED] Data Ascii: JFIF``ZExifMMJQQQCC "}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?><EFHKi//.dVgc7D\|9=\|B<`7RYveYLr02hmxjU\|x~+Zj1`0K@DbFA17h%\|@~T}yofDdB
Sep 28, 2024 05:44:22.328497887 CEST	390	IN	Data Raw: a2 a8 00 d4 f8 0d f1 ef c3 7f b4 87 c3 c8 7c 4b e1 8b 9b 89 6c cc f2 d9 dd 5b dd 40 d6 d7 9a 6d d4 4d b6 6b 5b 88 5c 06 8a 68 db 86 46 1e 84 64 10 4f 67 5f 38 7c 15 d4 ad 3c 05 ff 00 05 19 f8 d3 a0 5c 11 a3 8f 1a 69 7a 16 bf a5 5a 4c 0c 6b ad 4f Data Ascii: \|Kl[@mMk[\hFdOg_8\|<\izZLkO3[}1A`)?GM@VyvV1,Ut`C+) 0Ar=7O <7xXFPD!>?>4S_4jhqh6_>$xkk$
Sep 28, 2024 05:45:07.335164070 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	185.27.134.98	80	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 28, 2024 05:44:22.520236969 CEST	340	OUT	GET /llave.jpg HTTP/1.1 Host: reactivar-email002003.hstn.me Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Sep 28, 2024 05:44:23.139882088 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 28 Sep 2024 03:44:23 GMT Content-Type: image/jpeg Content-Length: 1290 Connection: keep-alive Last-Modified: Fri, 28 Jun 2024 18:16:36 GMT ETag: "50a-61bf73f8277f8" Cache-Control: max-age=2592000, public, proxy-revalidate Expires: Mon, 28 Oct 2024 03:44:23 GMT Accept-Ranges: bytes Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 00 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 05 03 01 00 05 00 00 00 01 00 00 00 4a 03 03 00 01 00 00 00 01 00 00 00 00 51 10 00 01 00 00 00 01 01 00 00 00 51 11 00 04 00 00 00 01 00 00 0e c3 51 12 00 04 00 00 00 01 00 00 0e c3 00 00 00 00 00 01 86 a0 00 00 b1 8f ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 1f 00 20 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 [TRUNCATED] Data Ascii: JFIF``ZExifMMJQQQCC "}!1AQa"q2#BR$3br%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?><EFHKi//.dVgc7D\|9=\|B<`7RYveYLr02hmxjU\|x~+Zj1`0K@DbFA17h%\|@~T}yofDdB
Sep 28, 2024 05:44:23.139904976 CEST	390	IN	Data Raw: a2 a8 00 d4 f8 0d f1 ef c3 7f b4 87 c3 c8 7c 4b e1 8b 9b 89 6c cc f2 d9 dd 5b dd 40 d6 d7 9a 6d d4 4d b6 6b 5b 88 5c 06 8a 68 db 86 46 1e 84 64 10 4f 67 5f 38 7c 15 d4 ad 3c 05 ff 00 05 19 f8 d3 a0 5c 11 a3 8f 1a 69 7a 16 bf a5 5a 4c 0c 6b ad 4f Data Ascii: \|Kl[@mMk[\hFdOg_8\|<\izZLkO3[}1A`)?GM@VyvV1,Ut`C+) 0Ar=7O <7xXFPD!>?>4S_4jhqh6_>$xkk$
Sep 28, 2024 05:45:08.147675991 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	188.114.96.3	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:23 UTC	464	OUT	GET /error/404/ HTTP/1.1 Host: aeonfree.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://reactivar-email002003.hstn.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:44:23 UTC	783	IN	HTTP/1.1 301 Moved Permanently Date: Sat, 28 Sep 2024 03:44:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close accept-ranges: bytes Age: 16342 Cache-Control: public,max-age=0,must-revalidate cache-status: "Netlify Edge"; hit location: /error/404 x-nf-request-id: 01J8VBNJ7S7FQYKFRBW78EZFEW CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7tXzM%2BFQiVQWbBAzLuI2EUsyGjd58Ed1PakUf%2F92BnBRbwJWjYEcgZhWrJiKk%2BxwO3HXRMtUUVFegs7Pe3kePuf2HsnOT3W51NuhhYU7f3aZv5gaG5WnFHIJteBtGA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca0bc13bb247d06-EWR
2024-09-28 03:44:23 UTC	586	IN	Data Raw: 62 62 35 0d 0a a0 c9 00 80 58 99 d3 d7 77 e7 0a 64 4c b8 40 f8 56 ad 33 2a 27 8f a5 b4 ec ff 77 6f 2e ae e0 92 e7 78 c0 62 70 ef 9b 97 d6 aa f5 79 33 3f a5 34 2a 15 28 b8 b1 d5 b0 04 b1 09 e6 31 5c 75 12 52 22 7c b9 8b 29 02 ea 76 61 35 18 69 64 87 58 e8 8b b3 58 e9 5d 6c ff 11 47 39 52 fb cc 1d 9a fb 3c 9c 60 c8 58 5f 72 d2 75 b6 c3 20 19 20 c4 01 5b 39 ed 98 37 18 73 e4 be ae 84 ae 23 79 0b 79 5c 4d 88 89 a8 93 77 cd 50 89 7a 39 3f ef cc 5d 4f e9 7d 3b eb 7b 14 5b b1 00 fd 45 eb 6c 37 1e 35 26 19 d8 9c 24 e8 d4 99 85 e0 f3 ad 14 ac 25 14 23 ac dd 73 c6 1e 06 cb 8e 37 7e c7 b9 75 be 92 02 1e 6e c5 8b 44 dc 3c d6 38 ae 5c 83 60 5e 1f 40 06 0e 95 e8 dd e9 ce 2b d1 b7 2e ec 56 1e 64 6b c5 81 58 95 38 8a d7 d6 fb f3 7b 92 d1 9b ef a7 87 eb cf 5a c5 22 94 52 Data Ascii: bb5XwdL@V3'wo.xbpy3?4(1\uR"\|)va5idXX]lG9R<`X_ru [97s#yy\MwPz9?]O};{[El75&$%#s7~unD<8\`^@+.VdkX8{Z"R
2024-09-28 03:44:23 UTC	1369	IN	Data Raw: 50 9b bb 6d a1 6a b2 6f b4 b6 97 a7 e3 39 5f f3 79 0f c6 97 2b 13 64 7e a5 36 4a ee 0b 37 5b 7d 43 65 2a ff 3d af e6 c5 17 f2 e4 6d d6 44 cc a3 b0 31 6c af 3f 49 f2 e2 da 68 ac 85 73 72 2b de 45 fd 46 af 6a 2b 27 09 6a 76 29 80 b3 ef 5c f3 17 8b de 38 e6 4c 6d 36 2e e8 33 16 0d 93 24 18 25 c9 72 69 3c be e3 3e 55 db 37 b2 50 66 17 67 fc 8b 06 30 35 d6 e6 58 5c 4b c8 4c a6 a5 76 5b ea b5 1b d5 99 2a f0 8f b7 a0 43 8e 50 7d b2 b3 33 8e 87 d1 24 ea 31 72 27 ba f2 ee b3 4a a2 c1 65 30 b5 3b 48 89 11 78 42 83 a1 b2 d2 3d a5 b1 63 0c 1e ce 6f fe 21 a2 00 ab 76 17 8d a0 f4 3d 25 c8 87 9f 80 57 05 56 0b af 8a a8 76 6b 08 71 66 fd 75 68 a5 f7 85 e1 2a e3 ef a8 66 fc 12 13 da 3b f1 58 bb 57 45 df 42 b3 80 6f 3a 46 df 99 e3 e5 20 4c 07 e9 70 3a 19 4e c7 61 6a 00 a8 Data Ascii: Pmjo9_y+d~6J7[}Ce=mD1l?Ihsr+EFj+'jv)\8Lm6.3$%ri<>U7Pfg05X\KLv[CP}3$1r'Je0;HxB=co!v=%WVvkqfuh*f;XWEBo:F Lp:Naj
2024-09-28 03:44:23 UTC	1049	IN	Data Raw: fe c4 6a b6 41 f1 68 29 c2 bb fe ff f7 3f 1c 4a ec 50 f4 95 84 95 87 48 8c 4d d1 04 a4 1f 05 78 10 d2 7d 22 e8 e2 39 11 27 d5 90 93 99 78 fe 23 e5 da b2 5a 2f eb 7c b1 81 10 54 b6 09 54 2d 1d 77 92 53 b3 06 df b1 c6 c9 ff 83 5b de 13 69 32 fc 1b f1 19 f3 a9 25 2e 64 bd 26 48 ca 3f 45 4d e0 5f 21 6b c7 16 8e 85 fa eb 03 97 97 87 67 fb d8 de 53 4e 79 99 ab 89 07 28 98 59 5d db e6 b7 04 df 43 30 f5 9f 36 f4 3a 28 6b d7 91 2c d3 df ad db 92 81 78 79 6f 4a 73 a5 12 50 c5 94 5c 10 b9 9f 00 34 6b 88 33 15 6f 68 d3 07 15 18 20 df 2f 9a 1a 5d a7 3b f0 86 b6 6d 0f e6 e2 f6 ef 34 89 f1 b5 95 96 73 00 49 24 d0 22 c9 36 42 56 9b 2e 84 93 07 c8 27 b3 94 2b fd d4 a6 55 8a 65 4b 14 29 1b 01 61 ca 41 82 ed f5 aa 96 e0 08 27 e0 c7 23 31 26 58 d4 39 42 34 8b 21 1a 72 b1 a0 Data Ascii: jAh)?JPHMx}"9'x#Z/\|TT-wS[i2%.d&H?EM_!kgSNy(Y]C06:(k,xyoJsP\4k3oh /];m4sI$"6BV.'+UeK)aA'#1&X9B4!r
2024-09-28 03:44:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:24 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:44:24 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=219638 Date: Sat, 28 Sep 2024 03:44:24 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	188.114.96.3	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:24 UTC	463	OUT	GET /error/404 HTTP/1.1 Host: aeonfree.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://reactivar-email002003.hstn.me/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:44:24 UTC	747	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:44:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Age: 22366 Cache-Control: public,max-age=0,must-revalidate cache-status: "Netlify Edge"; hit vary: Accept-Encoding x-nf-request-id: 01J8VBNK61ZT58N70R18BG5WFP CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BvkjCCKhcdrwxpNA3FYFGOSv6si%2FkAcoh4fXZujHAHsA4Vd92frHVj8M5CE7%2B6q8mx8bvyTCiTVdOn9CFsmSL3YWaMVuudpdOal6ItNCv%2BF4GcdQ67gLSFIGkzQqePo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca0bc19bdd8c352-EWR
2024-09-28 03:44:24 UTC	622	IN	Data Raw: 33 39 63 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 2d 20 41 65 6f 6e 46 72 65 65 3c 2f 74 69 74 6c 65 3e 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 34 22 20 2f 3e 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 65 Data Ascii: 39cc<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error 404 - AeonFree</title> <meta property="og:title" content="Error 404" /> <meta property="og:locale" content="en_US" /> <meta property="og:url" content="https://aeonfree.com/e
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 69 6d 69 74 65 64 20 44 69 73 6b 20 53 70 61 63 65 2c 20 55 6e 6c 69 6d 69 74 65 64 20 42 61 6e 64 77 69 64 74 68 20 61 6e 64 20 55 6e 6c 69 6d 69 74 65 64 20 57 65 62 73 69 74 65 73 20 66 72 6f 6d 20 41 65 6f 6e 66 72 65 65 2e 20 57 69 74 68 20 50 48 50 20 61 6e 64 20 4d 79 53 51 4c 20 61 6e 64 20 6e 6f 20 66 6f 72 63 65 64 20 61 64 73 20 6f 6e 20 79 6f 75 72 20 66 72 65 65 20 77 65 62 73 69 74 65 2e 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 41 65 6f 6e 46 72 65 65 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 65 6f 6e 46 72 65 65 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 Data Ascii: imited Disk Space, Unlimited Bandwidth and Unlimited Websites from Aeonfree. With PHP and MySQL and no forced ads on your free website."> <meta name="author" content="AeonFree"> <meta name="og:site_name" content="AeonFree"> <meta name="viewport" content="
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 20 22 62 72 61 6e 64 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 42 72 61 6e 64 22 2c 20 22 6e 61 6d 65 22 3a 20 22 41 65 6f 6e 46 72 65 65 22 20 7d 2c 20 22 72 65 76 69 65 77 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 52 65 76 69 65 77 22 2c 20 22 72 65 76 69 65 77 52 61 74 69 6e 67 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 52 61 74 69 6e 67 22 2c 20 22 72 61 74 69 6e 67 56 61 6c 75 65 22 3a 20 22 34 2e 39 22 2c 20 22 62 65 73 74 52 61 74 69 6e 67 22 3a 20 22 35 22 20 7d 2c 20 22 61 75 74 68 6f 72 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 2c 20 22 6e 61 6d 65 22 3a 20 22 41 65 6f 6e 46 72 65 65 22 20 7d 20 7d 2c 20 22 61 67 67 72 65 67 61 74 65 52 61 74 69 6e 67 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 Data Ascii: "brand": { "@type": "Brand", "name": "AeonFree" }, "review": { "@type": "Review", "reviewRating": { "@type": "Rating", "ratingValue": "4.9", "bestRating": "5" }, "author": { "@type": "Organization", "name": "AeonFree" } }, "aggregateRating": { "@type": "
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 2d 31 45 46 39 2c 55 2b 32 30 41 42 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 65 78 65 6e 64 20 44 65 63 61 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 75 72 6c 28 2f 63 66 2d 66 6f 6e 74 73 2f 73 2f 6c 65 78 65 6e 64 2d 64 65 63 61 2f 35 2e 30 2e 31 31 2f 6c 61 74 69 6e 2d 65 78 74 2f 34 30 30 2f 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 31 30 30 2d 30 32 41 46 2c 55 2b 30 33 30 34 2c 55 2b 30 33 30 38 2c 55 2b 30 33 32 39 2c 55 2b 31 45 30 30 2d 31 45 39 46 2c 55 2b 31 45 46 32 2d 31 45 46 46 2c 55 2b 32 30 32 30 2c 55 2b 32 30 41 30 2d 32 Data Ascii: -1EF9,U+20AB;font-display:swap;}@font-face {font-family:Lexend Deca;font-style:normal;font-weight:400;src:url(/cf-fonts/s/lexend-deca/5.0.11/latin-ext/400/normal.woff2);unicode-range:U+0100-02AF,U+0304,U+0308,U+0329,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-2
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 30 2f 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 31 30 30 2d 30 32 41 46 2c 55 2b 30 33 30 34 2c 55 2b 30 33 30 38 2c 55 2b 30 33 32 39 2c 55 2b 31 45 30 30 2d 31 45 39 46 2c 55 2b 31 45 46 32 2d 31 45 46 46 2c 55 2b 32 30 32 30 2c 55 2b 32 30 41 30 2d 32 30 41 42 2c 55 2b 32 30 41 44 2d 32 30 43 46 2c 55 2b 32 31 31 33 2c 55 2b 32 43 36 30 2d 32 43 37 46 2c 55 2b 41 37 32 30 2d 41 37 46 46 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 65 78 65 6e 64 20 44 65 63 61 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 73 72 63 3a 75 72 6c 28 2f 63 66 2d 66 6f 6e 74 73 Data Ascii: 0/normal.woff2);unicode-range:U+0100-02AF,U+0304,U+0308,U+0329,U+1E00-1E9F,U+1EF2-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF;font-display:swap;}@font-face {font-family:Lexend Deca;font-style:normal;font-weight:500;src:url(/cf-fonts
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 46 2c 55 2b 32 31 31 33 2c 55 2b 32 43 36 30 2d 32 43 37 46 2c 55 2b 41 37 32 30 2d 41 37 46 46 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 65 78 65 6e 64 20 44 65 63 61 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 73 72 63 3a 75 72 6c 28 2f 63 66 2d 66 6f 6e 74 73 2f 73 2f 6c 65 78 65 6e 64 2d 64 65 63 61 2f 35 2e 30 2e 31 31 2f 76 69 65 74 6e 61 6d 65 73 65 2f 36 30 30 2f 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 31 30 32 2d 30 31 30 33 2c 55 2b 30 31 31 30 2d 30 31 31 31 2c 55 2b 30 31 32 38 2d 30 31 32 39 2c 55 2b 30 31 36 38 2d 30 31 36 39 2c 55 2b 30 Data Ascii: F,U+2113,U+2C60-2C7F,U+A720-A7FF;font-display:swap;}@font-face {font-family:Lexend Deca;font-style:normal;font-weight:600;src:url(/cf-fonts/s/lexend-deca/5.0.11/vietnamese/600/normal.woff2);unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+0
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 66 6f 6c 4c 6d 73 46 35 38 65 4b 48 41 48 70 6d 52 51 43 65 56 41 38 42 70 6c 51 49 67 6d 44 63 4d 61 68 55 42 66 78 70 30 4d 22 20 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 76 6e 43 2d 71 70 56 4e 32 6f 77 79 58 52 36 50 6b 79 53 66 69 52 53 69 4e 49 39 6c 6c 41 6f 4f 6e 58 4f 4d 2d 41 78 50 42 63 22 20 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6a 56 39 37 2d 62 52 57 47 50 42 6c 44 37 4e 63 4d 38 4b 65 55 51 76 4e 59 75 39 76 55 5a 4d 6c 58 57 Data Ascii: e-site-verification" content="RfolLmsF58eKHAHpmRQCeVA8BplQIgmDcMahUBfxp0M" /> <meta name="google-site-verification" content="jvnC-qpVN2owyXR6PkySfiRSiNI9llAoOnXOM-AxPBc" /> <meta name="google-site-verification" content="IjV97-bRWGPBlD7NcM8KeUQvNYu9vUZMlXW
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 2f 69 3e 3c 2f 6c 61 62 65 6c 3e 20 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 62 69 6c 65 5f 6d 65 6e 75 5f 68 6f 6c 64 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 6e 61 76 3e 20 3c 75 6c 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 72 65 6d 69 75 6d 22 3e 50 72 65 6d 69 75 6d 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 64 6f 6d 61 69 6e 73 22 3e 44 6f 6d 61 69 6e 73 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 73 75 70 70 6f 72 74 22 3e 4b 6e 6f 77 6c 65 64 67 65 20 42 61 73 65 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 72 75 6d Data Ascii: /i></label> </div> </div> <div class="mobile_menu_holder"> <div class="container"> <nav> <ul> <li><a href="/premium">Premium Hosting</a></li> <li><a href="/domains">Domains</a></li> <li><a href="/support">Knowledge Base</a></li> <li><a href="https://forum
2024-09-28 03:44:24 UTC	1369	IN	Data Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 73 69 67 6e 75 70 22 3e 53 69 67 6e 75 70 3c 2f 61 3e 20 7c 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 72 75 6d 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 22 3e 41 65 6f 6e 66 72 65 65 20 46 6f 72 75 6d 3c 2f 61 3e 20 7c 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 64 61 73 68 62 6f 61 72 64 22 3e 44 61 73 68 62 6f 61 72 64 3c 2f 61 3e 3c 2f 70 3e 3c 2f 66 6f 6f 74 65 72 3e 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 22 3e e2 86 a9 20 47 6f 20 42 61 63 6b 3c 2f 61 3e 3c 2f 70 3e 20 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 20 3c 73 65 63 74 69 Data Ascii: ref="https://web.aeonfree.com/signup">Signup</a> \| <a href="https://forum.aeonfree.com">Aeonfree Forum</a> \| <a href="https://web.aeonfree.com/dashboard">Dashboard</a></p></footer> <p><a href="https://aeonfree.com"> Go Back</a></p> </div> </div> <secti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49748	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-28 03:44:25 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=219667 Date: Sat, 28 Sep 2024 03:44:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-28 03:44:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49749	35.190.80.1	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:25 UTC	529	OUT	OPTIONS /report/v4?s=BvkjCCKhcdrwxpNA3FYFGOSv6si%2FkAcoh4fXZujHAHsA4Vd92frHVj8M5CE7%2B6q8mx8bvyTCiTVdOn9CFsmSL3YWaMVuudpdOal6ItNCv%2BF4GcdQ67gLSFIGkzQqePo%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://aeonfree.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:44:25 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Sat, 28 Sep 2024 03:44:25 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49751	35.190.80.1	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:26 UTC	474	OUT	POST /report/v4?s=BvkjCCKhcdrwxpNA3FYFGOSv6si%2FkAcoh4fXZujHAHsA4Vd92frHVj8M5CE7%2B6q8mx8bvyTCiTVdOn9CFsmSL3YWaMVuudpdOal6ItNCv%2BF4GcdQ67gLSFIGkzQqePo%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 428 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:44:26 UTC	428	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 33 35 37 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 39 37 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 3a 2f 2f 72 65 61 63 74 69 76 61 72 2d 65 6d 61 69 6c 30 30 32 30 30 33 2e 68 73 74 6e 2e 6d 65 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 61 62 61 6e 64 6f 6e 65 64 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 Data Ascii: [{"age":357,"body":{"elapsed_time":970,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"http://reactivar-email002003.hstn.me/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":200,"type":"abandoned"},"type":"network-e
2024-09-28 03:44:26 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sat, 28 Sep 2024 03:44:26 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49752	188.114.96.3	443	3848	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 03:44:26 UTC	345	OUT	GET /error/404 HTTP/1.1 Host: aeonfree.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-28 03:44:27 UTC	750	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 03:44:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Age: 8344 Cache-Control: public,max-age=0,must-revalidate cache-status: "Netlify Edge"; hit vary: Accept-Encoding x-nf-request-id: 01J8VBNNAP4Y4DM210446ZC185 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DY9t6dxrWbB1lKfSNUIJ81%2BC26KazE84Zyw2Jl4voGPNuZTZj74Coc9%2BRwGb%2FSneFDsobE8GXz4x6zmAlWFVKf5mx%2BxHijFCI5A5Ag1G%2FFqPowauubOGnUMBc3NTSiU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca0bc278d835e74-EWR
2024-09-28 03:44:27 UTC	619	IN	Data Raw: 33 39 63 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 20 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 2d 20 41 65 6f 6e 46 72 65 65 3c 2f 74 69 74 6c 65 3e 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 34 22 20 2f 3e 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 65 Data Ascii: 39cd<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error 404 - AeonFree</title> <meta property="og:title" content="Error 404" /> <meta property="og:locale" content="en_US" /> <meta property="og:url" content="https://aeonfree.com/e
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 55 6e 6c 69 6d 69 74 65 64 20 44 69 73 6b 20 53 70 61 63 65 2c 20 55 6e 6c 69 6d 69 74 65 64 20 42 61 6e 64 77 69 64 74 68 20 61 6e 64 20 55 6e 6c 69 6d 69 74 65 64 20 57 65 62 73 69 74 65 73 20 66 72 6f 6d 20 41 65 6f 6e 66 72 65 65 2e 20 57 69 74 68 20 50 48 50 20 61 6e 64 20 4d 79 53 51 4c 20 61 6e 64 20 6e 6f 20 66 6f 72 63 65 64 20 61 64 73 20 6f 6e 20 79 6f 75 72 20 66 72 65 65 20 77 65 62 73 69 74 65 2e 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 41 65 6f 6e 46 72 65 65 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 65 6f 6e 46 72 65 65 22 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e Data Ascii: Unlimited Disk Space, Unlimited Bandwidth and Unlimited Websites from Aeonfree. With PHP and MySQL and no forced ads on your free website."> <meta name="author" content="AeonFree"> <meta name="og:site_name" content="AeonFree"> <meta name="viewport" conten
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 6c 22 2c 20 22 62 72 61 6e 64 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 42 72 61 6e 64 22 2c 20 22 6e 61 6d 65 22 3a 20 22 41 65 6f 6e 46 72 65 65 22 20 7d 2c 20 22 72 65 76 69 65 77 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 52 65 76 69 65 77 22 2c 20 22 72 65 76 69 65 77 52 61 74 69 6e 67 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 52 61 74 69 6e 67 22 2c 20 22 72 61 74 69 6e 67 56 61 6c 75 65 22 3a 20 22 34 2e 39 22 2c 20 22 62 65 73 74 52 61 74 69 6e 67 22 3a 20 22 35 22 20 7d 2c 20 22 61 75 74 68 6f 72 22 3a 20 7b 20 22 40 74 79 70 65 22 3a 20 22 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 2c 20 22 6e 61 6d 65 22 3a 20 22 41 65 6f 6e 46 72 65 65 22 20 7d 20 7d 2c 20 22 61 67 67 72 65 67 61 74 65 52 61 74 69 6e 67 22 3a 20 7b 20 22 40 74 79 70 65 22 Data Ascii: l", "brand": { "@type": "Brand", "name": "AeonFree" }, "review": { "@type": "Review", "reviewRating": { "@type": "Rating", "ratingValue": "4.9", "bestRating": "5" }, "author": { "@type": "Organization", "name": "AeonFree" } }, "aggregateRating": { "@type"
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 73 70 6c 61 79 3a 73 77 61 70 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 65 78 65 6e 64 20 44 65 63 61 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 75 72 6c 28 2f 63 66 2d 66 6f 6e 74 73 2f 73 2f 6c 65 78 65 6e 64 2d 64 65 63 61 2f 35 2e 30 2e 31 31 2f 76 69 65 74 6e 61 6d 65 73 65 2f 34 30 30 2f 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 31 30 32 2d 30 31 30 33 2c 55 2b 30 31 31 30 2d 30 31 31 31 2c 55 2b 30 31 32 38 2d 30 31 32 39 2c 55 2b 30 31 36 38 2d 30 31 36 39 2c 55 2b 30 31 41 30 2d 30 31 41 31 2c 55 2b 30 31 41 46 2d 30 31 42 30 2c 55 2b 30 33 30 30 2d 30 33 30 31 2c 55 2b 30 33 30 33 2d Data Ascii: splay:swap;}@font-face {font-family:Lexend Deca;font-style:normal;font-weight:400;src:url(/cf-fonts/s/lexend-deca/5.0.11/vietnamese/400/normal.woff2);unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 65 2f 35 30 30 2f 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 31 30 32 2d 30 31 30 33 2c 55 2b 30 31 31 30 2d 30 31 31 31 2c 55 2b 30 31 32 38 2d 30 31 32 39 2c 55 2b 30 31 36 38 2d 30 31 36 39 2c 55 2b 30 31 41 30 2d 30 31 41 31 2c 55 2b 30 31 41 46 2d 30 31 42 30 2c 55 2b 30 33 30 30 2d 30 33 30 31 2c 55 2b 30 33 30 33 2d 30 33 30 34 2c 55 2b 30 33 30 38 2d 30 33 30 39 2c 55 2b 30 33 32 33 2c 55 2b 30 33 32 39 2c 55 2b 31 45 41 30 2d 31 45 46 39 2c 55 2b 32 30 41 42 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 65 78 65 6e 64 20 44 65 63 61 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 Data Ascii: e/500/normal.woff2);unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;font-display:swap;}@font-face {font-family:Lexend Deca;font-style:normal;font-we
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 32 39 2c 55 2b 31 45 41 30 2d 31 45 46 39 2c 55 2b 32 30 41 42 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 73 77 61 70 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 65 78 65 6e 64 20 44 65 63 61 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 73 72 63 3a 75 72 6c 28 2f 63 66 2d 66 6f 6e 74 73 2f 73 2f 6c 65 78 65 6e 64 2d 64 65 63 61 2f 35 2e 30 2e 31 31 2f 6c 61 74 69 6e 2f 36 30 30 2f 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 30 30 30 2d 30 30 46 46 2c 55 2b 30 31 33 31 2c 55 2b 30 31 35 32 2d 30 31 35 33 2c 55 2b 30 32 42 42 2d 30 32 42 43 2c 55 2b 30 32 43 36 2c 55 2b 30 32 44 41 2c 55 2b 30 32 44 43 2c 55 2b 30 Data Ascii: 29,U+1EA0-1EF9,U+20AB;font-display:swap;}@font-face {font-family:Lexend Deca;font-style:normal;font-weight:600;src:url(/cf-fonts/s/lexend-deca/5.0.11/latin/600/normal.woff2);unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 66 6f 6c 4c 6d 73 46 35 38 65 4b 48 41 48 70 6d 52 51 43 65 56 41 38 42 70 6c 51 49 67 6d 44 63 4d 61 68 55 42 66 78 70 30 4d 22 20 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6a 76 6e 43 2d 71 70 56 4e 32 6f 77 79 58 52 36 50 6b 79 53 66 69 52 53 69 4e 49 39 6c 6c 41 6f 4f 6e 58 4f 4d 2d 41 78 50 42 63 22 20 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 49 6a 56 39 37 2d 62 52 57 47 50 42 6c 44 37 4e 63 4d 38 4b 65 55 51 76 4e 59 75 39 76 55 5a 4d Data Ascii: ogle-site-verification" content="RfolLmsF58eKHAHpmRQCeVA8BplQIgmDcMahUBfxp0M" /> <meta name="google-site-verification" content="jvnC-qpVN2owyXR6PkySfiRSiNI9llAoOnXOM-AxPBc" /> <meta name="google-site-verification" content="IjV97-bRWGPBlD7NcM8KeUQvNYu9vUZM
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 22 3e 3c 2f 69 3e 3c 2f 6c 61 62 65 6c 3e 20 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 6f 62 69 6c 65 5f 6d 65 6e 75 5f 68 6f 6c 64 65 72 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 20 3c 6e 61 76 3e 20 3c 75 6c 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 70 72 65 6d 69 75 6d 22 3e 50 72 65 6d 69 75 6d 20 48 6f 73 74 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 64 6f 6d 61 69 6e 73 22 3e 44 6f 6d 61 69 6e 73 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 73 75 70 70 6f 72 74 22 3e 4b 6e 6f 77 6c 65 64 67 65 20 42 61 73 65 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f Data Ascii: "></i></label> </div> </div> <div class="mobile_menu_holder"> <div class="container"> <nav> <ul> <li><a href="/premium">Premium Hosting</a></li> <li><a href="/domains">Domains</a></li> <li><a href="/support">Knowledge Base</a></li> <li><a href="https://fo
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 73 69 67 6e 75 70 22 3e 53 69 67 6e 75 70 3c 2f 61 3e 20 7c 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 72 75 6d 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 22 3e 41 65 6f 6e 66 72 65 65 20 46 6f 72 75 6d 3c 2f 61 3e 20 7c 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 2f 64 61 73 68 62 6f 61 72 64 22 3e 44 61 73 68 62 6f 61 72 64 3c 2f 61 3e 3c 2f 70 3e 3c 2f 66 6f 6f 74 65 72 3e 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 22 3e e2 86 a9 20 47 6f 20 42 61 63 6b 3c 2f 61 3e 3c 2f 70 3e 20 3c 2f 64 69 76 3e 20 3c 2f 64 69 76 3e 20 3c 73 65 Data Ascii: a href="https://web.aeonfree.com/signup">Signup</a> \| <a href="https://forum.aeonfree.com">Aeonfree Forum</a> \| <a href="https://web.aeonfree.com/dashboard">Dashboard</a></p></footer> <p><a href="https://aeonfree.com"> Go Back</a></p> </div> </div> <se
2024-09-28 03:44:27 UTC	1369	IN	Data Raw: 63 6c 61 73 73 3d 22 73 74 79 6c 65 64 5f 61 22 3e 4c 6f 67 69 6e 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 73 69 67 6e 75 70 2f 22 20 63 6c 61 73 73 3d 22 73 74 79 6c 65 64 5f 61 22 3e 53 69 67 6e 75 70 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 2f 73 75 70 70 6f 72 74 2f 22 20 63 6c 61 73 73 3d 22 73 74 79 6c 65 64 5f 61 22 3e 4b 6e 6f 77 6c 65 64 67 65 20 42 61 73 65 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 72 75 6d 2e 61 65 6f 6e 66 72 65 65 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 73 74 79 6c 65 64 5f 61 22 3e 43 6f 6d 6d 75 6e 69 74 79 20 46 6f 72 75 6d 3c 2f 61 3e 3c 2f 6c 69 3e 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a Data Ascii: class="styled_a">Login</a></li> <li><a href="/signup/" class="styled_a">Signup</a></li> <li><a href="/support/" class="styled_a">Knowledge Base</a></li> <li><a href="https://forum.aeonfree.com" class="styled_a">Community Forum</a></li> <li><a href="https:

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5232, Parent PID: 6092

General

Target ID:	0
Start time:	23:44:14
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3848, Parent PID: 5232

General

Target ID:	1
Start time:	23:44:17
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2180,i,1860438847508745620,7575500337284782035,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6432, Parent PID: 6092

General

Target ID:	3
Start time:	23:44:19
Start date:	27/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://reactivar-email002003.hstn.me/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: http://reactivar-email002003.hstn.me/	HTTP Parser: function tonumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseint(d,16))});return e}function tohex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].tostring(16);return e.tolowercase()}var a=tonumbers("f655ba9d09a112d4968c63579db590b4"),b=tonumbers("98344c2eee86c3994890592585b49f80"),c=tonumbers("4ca900ccdf2a682e4a3342c1795c6efc");document.cookie="__test="+tohex(slowaes.decrypt(c,2,a,b))+"; expires=thu, 31-dec-37 23:55:55 gmt; path=/"; location.href="http://reactivar-email002003.hstn.me/?i=1";
Source: http://reactivar-email002003.hstn.me/aes.js	HTTP Parser: var slowaes={aes:{keysize:{size_128:16,size_192:24,size_256:32},sbox:[99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22],rsbox:[82,9,106,213,48,54,165,56,191,64...

Source: global traffic	HTTP traffic detected: GET /error/404/ HTTP/1.1Host: aeonfree.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://reactivar-email002003.hstn.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /error/404 HTTP/1.1Host: aeonfree.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://reactivar-email002003.hstn.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /error/404 HTTP/1.1Host: aeonfree.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aes.js HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://reactivar-email002003.hstn.me/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?i=1 HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://reactivar-email002003.hstn.me/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /aes.js HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /estilo.css HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://reactivar-email002003.hstn.me/?i=1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /img.jpg HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://reactivar-email002003.hstn.me/?i=1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /llave.jpg HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://reactivar-email002003.hstn.me/?i=1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /background.jpg HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://reactivar-email002003.hstn.me/estilo.cssAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /img.jpg HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /llave.jpg HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://reactivar-email002003.hstn.me/?i=1Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08
Source: global traffic	HTTP traffic detected: GET /background.jpg HTTP/1.1Host: reactivar-email002003.hstn.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __test=90cb3baf5b08ce57c40126ae65fa0f08

Source: global traffic	DNS traffic detected: DNS query: reactivar-email002003.hstn.me
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aeonfree.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://reactivar-email002003.hstn.me/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
http://reactivar-email002003.hstn.me/