Edit tour

Windows Analysis Report
http://telegram-naughty17.pages.dev/

Overview

General Information

Sample URL:	http://telegram-naughty17.pages.dev/
Analysis ID:	1522042
Tags:	openphish
Infos:

Detection

HTMLPhisher, Porn Scam

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected BlockedWebSite

Yara detected Porn Scam

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2188,i,3523521402586966564,12981031982345818078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://telegram-naughty17.pages.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author
dropped/chromecache_62	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
dropped/chromecache_65	JoeSecurity_PornScam	Yara detected Porn Scam	Joe Security
dropped/chromecache_60	JoeSecurity_PornScam	Yara detected Porn Scam	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://telegram-naughty17.pages.dev/

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_62, type: DROPPED

Source: https://telegram-naughty17.pages.dev/	HTTP Parser: No favicon
Source: https://telegram-naughty17.pages.dev/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: telegram-naughty17.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: telegram-naughty17.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://telegram-naughty17.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: telegram-naughty17.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram-naughty17.pages.dev/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: telegram-naughty17.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram-naughty17.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: telegram-naughty17.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: telegram-naughty17.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: telegram-naughty17.pages.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_65.2.dr	String found in binary or memory: https://stracksecure.com/tracking202/redirect/rtr.php?t202id=81491&c1=AA_NUR&t202kw=AA_NUR
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/css/bootstrap.min.css?3
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/css/telegram.css?227
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/img/apple-touch-icon.png
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/img/favicon-16x16.png
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/img/favicon-32x32.png
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/img/favicon.ico
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/img/website_icon.svg?4
Source: chromecache_60.2.dr, chromecache_65.2.dr	String found in binary or memory: https://telegram.org/js/tgwallpaper.min.js?3
Source: chromecache_62.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_62.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Yara detected Porn Scam

Source: Yara match	File source: dropped/chromecache_65, type: DROPPED
Source: Yara match	File source: dropped/chromecache_60, type: DROPPED

Source: classification engine

Classification label: mal64.phis.win@17/16@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2188,i,3523521402586966564,12981031982345818078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://telegram-naughty17.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2188,i,3523521402586966564,12981031982345818078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://telegram-naughty17.pages.dev/	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	216.58.206.68	true	false	unknown
telegram-naughty17.pages.dev	172.66.44.59	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://telegram-naughty17.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637	false	unknown
https://telegram-naughty17.pages.dev/favicon.ico	false	unknown
https://telegram-naughty17.pages.dev/cdn-cgi/styles/cf.errors.css	false	unknown
https://telegram-naughty17.pages.dev/	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_62.2.dr	false	unknown
https://telegram.org/img/favicon.ico	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://telegram.org/img/apple-touch-icon.png	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://telegram.org/css/bootstrap.min.css?3	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://telegram.org/js/tgwallpaper.min.js?3	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://telegram.org/img/website_icon.svg?4	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://telegram.org/img/favicon-32x32.png	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://telegram.org/css/telegram.css?227	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://stracksecure.com/tracking202/redirect/rtr.php?t202id=81491&c1=AA_NUR&t202kw=AA_NUR	chromecache_65.2.dr	false	unknown
https://telegram.org/img/favicon-16x16.png	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://cdn.jsdelivr.net/npm/bootstrap-icons	chromecache_60.2.dr, chromecache_65.2.dr	false	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_62.2.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.66.47.197	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.44.59	telegram-naughty17.pages.dev	United States	13335	CLOUDFLARENETUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522042
Start date and time:	2024-09-29 07:44:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://telegram-naughty17.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@17/16@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.78, 74.125.133.84, 142.250.186.163, 34.104.35.123, 4.175.87.197, 88.221.110.91, 2.16.100.168, 192.229.221.95, 13.95.31.18, 20.242.39.171, 142.250.184.227
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://telegram-naughty17.pages.dev/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://telegram-naughty17.pages.dev/ Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Learn More", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://telegram-naughty17.pages.dev/ Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"This website has been reported for potential phishing. Phishing is when a site attempts to steal sensitive information by falsely presenting as a safe source.", "prominent_button_name":"Learn More", "text_input_field_labels":["Cloudflare Ray ID: 8ca9aabb92a394400", "Your IP: Click to reveal", "Performance & security by Cloudflare"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 04:45:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.975522994325399
Encrypted:	false
SSDEEP:	48:8HJOd6TG6WH/ZidAKZdA19ehwiZUklqehsJy+3:8HJzmrBJy
MD5:	37BAA53F765382F2BE4100E7D49860FC
SHA1:	F66CE0599F0B0A46BC0FD156CA6093A1C71785EB
SHA-256:	B799892C08B07BC8DE97674FCDFBED6991D08AA9C4A950AB38E5AAF680FA0950
SHA-512:	A954E401EC07CF4E498CEAC3FED4FB8FF8928C0EFC83904E5BC5D82D3D401A9F6354F37B6CDA51074C04048C19D963E1D9F055A0AE915793C61D43EE91A03657
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....o7.2...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.-....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.-....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.-....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.-..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.-...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 04:45:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9913100250048412
Encrypted:	false
SSDEEP:	48:8MOd6TG6WH/ZidAKZdA1weh/iZUkAQkqehxJy+2:8QzmZ9Q+Jy
MD5:	ECFD8AFB29628496FF4DC363EA3305B6
SHA1:	6EAA1560AA67246340D5849A4730942B26A9621A
SHA-256:	DF5214D42F2F60339512E4D0A1C3065BC619C3BB7B3CCF388D4D6A19DAE6A3F4
SHA-512:	B3FEDCA76CBF9825FF9A79C2D89E50C0C3BDC62794F475852685FDA4B111AE4CA6AC2766114B4A259361F158996B812A88D133EBF247213623F276C78930DF86
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....j..2...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.-....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.-....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.-....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.-..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.-...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.004519885260932
Encrypted:	false
SSDEEP:	48:8xQOd6TG6sH/ZidAKZdA14tseh7sFiZUkmgqeh7srJy+BX:8xEzwpndJy
MD5:	8B71218D9EF6CD8C94EF607B58194A51
SHA1:	AC82C2A5386E62D7366BD51E35F266F684F3FD72
SHA-256:	66E8EF0C0E3D320F4C669D785E7ABF53CF14C6770561248B1817255EEBB3393A
SHA-512:	830061CF3E52200B1B67356AF4482DA7F8EE41F0645D0471A409A96AC5E16E305F33AB15821BD228836C114C46261DF06B2E48329FC38A377FFA4803B76AA46E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.-....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.-....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.-....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.-..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 04:45:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989460716900754
Encrypted:	false
SSDEEP:	48:8COd6TG6WH/ZidAKZdA1vehDiZUkwqeh1Jy+R:8Ozm6jJy
MD5:	BEB36B12F41D1FC0FF566EED793B4B14
SHA1:	86B516658A88323CD3EC8E6E1B0DCAE6A928F1B5
SHA-256:	F4C38A7E9C21C91C451D1569AA7251BC1AB10470EDC2FA6A54E83A0C54509759
SHA-512:	3FEBF3EE3BA4272E1D5835648E79D799B7F0C86DF2E5B797DD01E94F7CD48AA6FBFC3CD89BA01676F3B118722170029984ACB0C02F97932EBA457526505F8756
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....S5&.2...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.-....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.-....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.-....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.-..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.-...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 04:45:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.979862051129514
Encrypted:	false
SSDEEP:	48:8HSQOd6TG6WH/ZidAKZdA1hehBiZUk1W1qehnJy+C:8HLzm69HJy
MD5:	679E181B6C1C036B7D7FE16715CF4CA8
SHA1:	23B9AF7F28572EC0166A93B5D6662A88562FBDFA
SHA-256:	5747FE97BDCA1B0E6C0C7E00DB03E2F57244BA63B1129761436F9561E6EAB51D
SHA-512:	F55339992C21A6FEDDD368700CFFBA418F2117EDFF3FBF11F7DD56EF38BBB8E5F88CFCF76385B5D1C1E78B8F81C33CAFEF0DF5C1B68660D8C6BCD447B3B0072C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...././.2...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.-....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.-....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.-....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.-..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.-...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 04:45:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9926868551714425
Encrypted:	false
SSDEEP:	48:8AOd6TG6WH/ZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdJy+yT+:80zmET/TbxWOvTbdJy7T
MD5:	3A800350801CCD88327F36E22CF97E19
SHA1:	FA0D037E5584C2979253BBFFF9BA5C15A4EE5842
SHA-256:	6F4200DFCE3FF50CD8F20CF3E36F6C5DB99B618F3B2E0D2219D54BBD0E106A03
SHA-512:	47D2CA00C6CCD0D163DC3ED786985527A0BC49EC713CCB73555652776CF87F0FD7BA91AA88968F6E6A933A6DC2E6A27C67390F37B93A6CD23E5B1C4749D8A4BC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....<..2...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.-....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.-....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.-....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.-..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.-...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............$.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2422), with CRLF line terminators
Category:	dropped
Size (bytes):	9320
Entropy (8bit):	5.147882661242632
Encrypted:	false
SSDEEP:	192:WWpTK6SqugxuHRnigni6U3qV0OKPGkLPfX4m1mhm9C:zZKaVYPOqVbeDLPfIm1mhmU
MD5:	58389630D2FE6D5F4306BA4BB8BBB8DE
SHA1:	ABC710B1544AFE4E7185E4CD04E9E8EA2AD42F42
SHA-256:	00E5D065256997A7225D770CF96C6E409EBECD3EF3D1E6B1AC7C8F520164E3D6
SHA-512:	A480C7FD11D3A186F41355FAC73F442B0B5200EB665BEA866750239876961DAD0A4130C0A49DD735213450E0D427F281B5BA67E1D021232B67C52AA7277D95BA
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>..<html>....<head>.. <meta charset="utf-8">.. <title>OFFICIAL TELEGRAM DATING</title>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.... <script>window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && document.documentElement && document.documentElement.classList && document.documentElement.classList.add('theme_dark');</script>.. <link rel="icon" type="image/svg+xml" href="https://telegram.org/img/website_icon.svg?4">.. <link rel="apple-touch-icon" sizes="180x180" href="https://telegram.org/img/apple-touch-icon.png">.. <link rel="icon" type="image/png" sizes="32x32" href="https://telegram.org/img/favicon-32x32.png">.. <link rel="icon" type="image/png" sizes="16x16" href="https://telegram.org/img/favicon-16x16.png">.. <link rel="alternate icon" href="https://telegram.org/img/favicon.ico" type="image/x-icon" />.. <link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesh

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.081840327964563
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisWHA2ZLimarR49PaQxJbGD:1j9jhjYjIK/Vo+tsGZOmarO9ieJGD
MD5:	7F35151ADB927A135022BF840E5C72CC
SHA1:	23F63FDE77492E2A3CC30C78332474B9A6045893
SHA-256:	91D10E1DBAAD89A331971894A265ADF339D688E0F252D83FA6DDE7FB659DB918
SHA-512:	EE06524CCC35480455910CB97167679390CE6C6A36C6FD14C17DD51C6528664CE54A1EE29A3D26DD2698C6BBAC1084DAEF31FE3CB8D1A545C7BBB9EACF21D98A
Malicious:	false
Reputation:	low
URL:	https://telegram-naughty17.pages.dev/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://telegram-naughty17.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://telegram-naughty17.pages.dev/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2422), with CRLF line terminators
Category:	downloaded
Size (bytes):	9320
Entropy (8bit):	5.147882661242632
Encrypted:	false
SSDEEP:	192:WWpTK6SqugxuHRnigni6U3qV0OKPGkLPfX4m1mhm9C:zZKaVYPOqVbeDLPfIm1mhmU
MD5:	58389630D2FE6D5F4306BA4BB8BBB8DE
SHA1:	ABC710B1544AFE4E7185E4CD04E9E8EA2AD42F42
SHA-256:	00E5D065256997A7225D770CF96C6E409EBECD3EF3D1E6B1AC7C8F520164E3D6
SHA-512:	A480C7FD11D3A186F41355FAC73F442B0B5200EB665BEA866750239876961DAD0A4130C0A49DD735213450E0D427F281B5BA67E1D021232B67C52AA7277D95BA
Malicious:	false
Reputation:	low
URL:	https://telegram-naughty17.pages.dev/favicon.ico
Preview:	<!DOCTYPE html>..<html>....<head>.. <meta charset="utf-8">.. <title>OFFICIAL TELEGRAM DATING</title>.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.... <script>window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches && document.documentElement && document.documentElement.classList && document.documentElement.classList.add('theme_dark');</script>.. <link rel="icon" type="image/svg+xml" href="https://telegram.org/img/website_icon.svg?4">.. <link rel="apple-touch-icon" sizes="180x180" href="https://telegram.org/img/apple-touch-icon.png">.. <link rel="icon" type="image/png" sizes="32x32" href="https://telegram.org/img/favicon-32x32.png">.. <link rel="icon" type="image/png" sizes="16x16" href="https://telegram.org/img/favicon-16x16.png">.. <link rel="alternate icon" href="https://telegram.org/img/favicon.ico" type="image/x-icon" />.. <link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesh

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 07:45:15.597354889 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:15.597361088 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:15.722327948 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:23.629748106 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:23.629817963 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:23.629894972 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:23.630187988 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:23.630203009 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.109123945 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.110421896 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.110452890 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.111356020 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.111419916 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.113853931 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.113890886 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.113918066 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.114058971 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.114109993 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.114240885 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.114259005 CEST	443	49709	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.114269018 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.114315033 CEST	49709	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.114790916 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.114813089 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.114877939 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.115796089 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.115812063 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.574799061 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.575401068 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.575438976 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.576297045 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.576370001 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.577264071 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.577325106 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.577528000 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.577537060 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.626045942 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.710587978 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.710645914 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.710671902 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.710705042 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.710711956 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.710735083 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.710753918 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.710756063 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.710803986 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.732254982 CEST	49710	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.732274055 CEST	443	49710	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.775641918 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.775763988 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:24.775861979 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.776307106 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:24.776345015 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.199218988 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:25.199234962 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:25.237019062 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.257873058 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.257906914 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.258784056 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.258848906 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.259557962 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.259615898 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.259620905 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.259757042 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.259778023 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.259792089 CEST	443	49713	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.259793043 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.259823084 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.259846926 CEST	49713	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.260410070 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.260442019 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.260493994 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.261126041 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.261148930 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.325869083 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:25.716656923 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.761265039 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.761306047 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.761712074 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.768091917 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.768173933 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.768666983 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.815411091 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.864789009 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.864818096 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.864844084 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.864871025 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.864892006 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.864933014 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.865178108 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.865214109 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.865298986 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.865323067 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.865343094 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.865350962 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.865370989 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.866017103 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.866127968 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.866136074 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.919641018 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.919662952 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.951601028 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.951627970 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.951647043 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.951648951 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.951663017 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.951698065 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.952354908 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.952373981 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.952402115 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.952410936 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.952424049 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:25.952467918 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.953164101 CEST	49714	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:25.953185081 CEST	443	49714	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.075725079 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.075766087 CEST	443	49715	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.075834036 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.077023029 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.077032089 CEST	443	49715	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.531326056 CEST	443	49715	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.531696081 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.531723022 CEST	443	49715	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.532748938 CEST	443	49715	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.532813072 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.533334017 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.533346891 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.533391953 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.533392906 CEST	443	49715	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.533463001 CEST	49715	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.533657074 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.533693075 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.533832073 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.534006119 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.534018993 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.574489117 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:26.574518919 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:26.574592113 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:26.575453997 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:26.575467110 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:26.960520029 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 07:45:26.960642099 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 07:45:26.994863033 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:26.998925924 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:26.998950958 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.000086069 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.000191927 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.001863003 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.001972914 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.002311945 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.002320051 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.030571938 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.030637026 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.030735970 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.033798933 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.033821106 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.044503927 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.117444038 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.117511988 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.117566109 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.119862080 CEST	49716	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.119874954 CEST	443	49716	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.137249947 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.137319088 CEST	443	49720	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.137392044 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.137931108 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.137945890 CEST	443	49720	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.229574919 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:27.230241060 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:27.230261087 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:27.231307030 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:27.231364012 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:27.233844042 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:27.233937979 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:27.276556969 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:27.276580095 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:27.326901913 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:27.594746113 CEST	443	49720	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.595016003 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.595052004 CEST	443	49720	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.595949888 CEST	443	49720	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.596038103 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.596518993 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.596537113 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.596581936 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.596613884 CEST	443	49720	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.596723080 CEST	49720	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.597007990 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.597064972 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.597170115 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.597385883 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:27.597404003 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:27.682317972 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.682399988 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.685779095 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.685806036 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.686145067 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.723114014 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.763411045 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.946667910 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.946855068 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.946930885 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.970679998 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.970726967 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:27.970746994 CEST	49719	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:27.970755100 CEST	443	49719	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:28.073051929 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.078867912 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.078903913 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.079205036 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.087979078 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.088056087 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.090984106 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.131403923 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.183948994 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:28.184056997 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:28.184153080 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:28.187917948 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:28.187943935 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:28.227304935 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:28.227370977 CEST	443	49723	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:28.227741003 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:28.228352070 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:28.228370905 CEST	443	49723	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:28.270678043 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270756006 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270778894 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270796061 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270812988 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270828009 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270832062 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.270843983 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270853996 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270879030 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.270895004 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.270909071 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270925045 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.270972967 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.297633886 CEST	49721	443	192.168.2.5	172.66.47.197
Sep 29, 2024 07:45:28.297667027 CEST	443	49721	172.66.47.197	192.168.2.5
Sep 29, 2024 07:45:28.822812080 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:28.822865009 CEST	443	49724	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:28.822918892 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:28.823468924 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:28.823482037 CEST	443	49724	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.488807917 CEST	443	49723	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.489089966 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.489124060 CEST	443	49723	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.490293026 CEST	443	49723	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.490351915 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.490693092 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.490715027 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.490768909 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.490803957 CEST	443	49723	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.490859032 CEST	49723	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.491087914 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.491121054 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.491182089 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.491374969 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:29.491390944 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.496128082 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.496226072 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:29.497487068 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:29.497498035 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.497833967 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.498836994 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:29.539406061 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.769680977 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.769849062 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.770034075 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:29.786376953 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:29.786442041 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.786478996 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 07:45:29.786498070 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 07:45:29.953537941 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.962189913 CEST	443	49724	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:29.996491909 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.012025118 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.029762983 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.029773951 CEST	443	49724	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.030345917 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.030364037 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.030811071 CEST	443	49724	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.031295061 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.031348944 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.031415939 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.032224894 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.032291889 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.032291889 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.032311916 CEST	443	49724	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.032486916 CEST	49724	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.032664061 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.032692909 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.033008099 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.033040047 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.033071041 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.033750057 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.033759117 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.033998013 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.034002066 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.074896097 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.133529902 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.133596897 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.133713007 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.135225058 CEST	49725	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.135238886 CEST	443	49725	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.491978884 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.492583036 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.492610931 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.493623018 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.493673086 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.494378090 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.494435072 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.494867086 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.494873047 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.543260098 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.681559086 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.681643963 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.681663990 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.681688070 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.681689024 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.681708097 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.681735039 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.682240009 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.682260036 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.682296991 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.682301044 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.682332039 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:30.682337999 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.682365894 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.682859898 CEST	49726	443	192.168.2.5	172.66.44.59
Sep 29, 2024 07:45:30.682871103 CEST	443	49726	172.66.44.59	192.168.2.5
Sep 29, 2024 07:45:37.127068996 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:37.127229929 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:45:37.127299070 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:38.724857092 CEST	49718	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:45:38.724885941 CEST	443	49718	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:26.624007940 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:26.624042034 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:26.624123096 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:26.624587059 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:26.624603033 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:27.315757036 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:27.316109896 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:27.316170931 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:27.316648006 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:27.317094088 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:27.317186117 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:27.371809006 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:37.165730953 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:37.165796041 CEST	443	49736	216.58.206.68	192.168.2.5
Sep 29, 2024 07:46:37.165957928 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:38.295253038 CEST	49736	443	192.168.2.5	216.58.206.68
Sep 29, 2024 07:46:38.295275927 CEST	443	49736	216.58.206.68	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 07:45:21.968353033 CEST	53	59183	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:22.120035887 CEST	53	53794	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:23.025130987 CEST	53	61770	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:23.598364115 CEST	58764	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:23.598545074 CEST	53119	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:23.609601021 CEST	53	58764	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:23.610282898 CEST	53	53119	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:23.612909079 CEST	61606	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:23.613045931 CEST	55723	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:23.623378038 CEST	53	61606	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:23.625349045 CEST	53	55723	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:26.563533068 CEST	58906	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:26.563669920 CEST	58708	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:26.570966005 CEST	53	58906	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:26.571178913 CEST	53	58708	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:28.195981979 CEST	53282	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:28.196204901 CEST	60887	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:45:28.205517054 CEST	53	60887	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:28.207165003 CEST	53	53282	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:40.162684917 CEST	53	61477	1.1.1.1	192.168.2.5
Sep 29, 2024 07:45:59.176609993 CEST	53	51997	1.1.1.1	192.168.2.5
Sep 29, 2024 07:46:21.709924936 CEST	53	53156	1.1.1.1	192.168.2.5
Sep 29, 2024 07:46:21.880044937 CEST	53	53888	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 07:45:23.598364115 CEST	192.168.2.5	1.1.1.1	0x64a3	Standard query (0)	telegram-naughty17.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:23.598545074 CEST	192.168.2.5	1.1.1.1	0xf086	Standard query (0)	telegram-naughty17.pages.dev	65	IN (0x0001)	false
Sep 29, 2024 07:45:23.612909079 CEST	192.168.2.5	1.1.1.1	0xefa5	Standard query (0)	telegram-naughty17.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:23.613045931 CEST	192.168.2.5	1.1.1.1	0x4aea	Standard query (0)	telegram-naughty17.pages.dev	65	IN (0x0001)	false
Sep 29, 2024 07:45:26.563533068 CEST	192.168.2.5	1.1.1.1	0xc376	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:26.563669920 CEST	192.168.2.5	1.1.1.1	0x7e75	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 07:45:28.195981979 CEST	192.168.2.5	1.1.1.1	0x58fe	Standard query (0)	telegram-naughty17.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:28.196204901 CEST	192.168.2.5	1.1.1.1	0x4486	Standard query (0)	telegram-naughty17.pages.dev	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 07:45:23.609601021 CEST	1.1.1.1	192.168.2.5	0x64a3	No error (0)	telegram-naughty17.pages.dev		172.66.44.59	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:23.609601021 CEST	1.1.1.1	192.168.2.5	0x64a3	No error (0)	telegram-naughty17.pages.dev		172.66.47.197	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:23.610282898 CEST	1.1.1.1	192.168.2.5	0xf086	No error (0)	telegram-naughty17.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 07:45:23.623378038 CEST	1.1.1.1	192.168.2.5	0xefa5	No error (0)	telegram-naughty17.pages.dev		172.66.47.197	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:23.623378038 CEST	1.1.1.1	192.168.2.5	0xefa5	No error (0)	telegram-naughty17.pages.dev		172.66.44.59	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:23.625349045 CEST	1.1.1.1	192.168.2.5	0x4aea	No error (0)	telegram-naughty17.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 07:45:26.570966005 CEST	1.1.1.1	192.168.2.5	0xc376	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:26.571178913 CEST	1.1.1.1	192.168.2.5	0x7e75	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 07:45:28.205517054 CEST	1.1.1.1	192.168.2.5	0x4486	No error (0)	telegram-naughty17.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 07:45:28.207165003 CEST	1.1.1.1	192.168.2.5	0x58fe	No error (0)	telegram-naughty17.pages.dev		172.66.44.59	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:28.207165003 CEST	1.1.1.1	192.168.2.5	0x58fe	No error (0)	telegram-naughty17.pages.dev		172.66.47.197	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:37.663149118 CEST	1.1.1.1	192.168.2.5	0x294a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 07:45:37.663149118 CEST	1.1.1.1	192.168.2.5	0x294a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:45:51.536040068 CEST	1.1.1.1	192.168.2.5	0x337d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 07:45:51.536040068 CEST	1.1.1.1	192.168.2.5	0x337d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:46:14.269855022 CEST	1.1.1.1	192.168.2.5	0xf2f9	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 07:46:14.269855022 CEST	1.1.1.1	192.168.2.5	0xf2f9	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 07:46:34.775842905 CEST	1.1.1.1	192.168.2.5	0xc2ef	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 07:46:34.775842905 CEST	1.1.1.1	192.168.2.5	0xc2ef	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

telegram-naughty17.pages.dev

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49710	172.66.47.197	443	3792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:24 UTC	671	OUT	GET / HTTP/1.1 Host: telegram-naughty17.pages.dev Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:45:24 UTC	614	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 05:45:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QWMNE5HkC9jQ%2FYCJPANVRxI4jP2azT4XJN5%2FD2UGgnZYAjJHIC%2FyTh9wr2e396uBNAlq%2BOYMqr%2Fl%2BxKk5S9yH2FH2anxYy5DxcN2OyAvFM3praFpf7mw0M%2BZbeeNOFQzlEYDIMvaCO23Gt%2FeNFPP"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9aab92a394400-EWR
2024-09-29 05:45:24 UTC	755	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-29 05:45:24 UTC	1369	IN	Data Raw: 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 Data Ascii: k rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', f
2024-09-29 05:45:24 UTC	1369	IN	Data Raw: 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 74 4e 37 77 4b 30 79 71 66 74 70 4c 44 61 32 62 34 32 6f 34 4d 6f 44 42 5f 5a 4e 48 72 6e 55 33 6a 70 50 48 47 79 78 5f 6c 43 63 2d 31 37 32 37 35 38 38 37 32 34 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 Data Ascii: "/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="tN7wK0yqftpLDa2b42o4MoDB_ZNHrnU3jpPHGyx_lCc-1727588724-0.0.1.1-/"> <a href="https://www.cloudflare.com/le
2024-09-29 05:45:24 UTC	909	IN	Data Raw: 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d Data Ascii: >8.46.123.33</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-
2024-09-29 05:45:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49714	172.66.47.197	443	3792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:25 UTC	583	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: telegram-naughty17.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://telegram-naughty17.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:45:25 UTC	411	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 05:45:25 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-5df3" Server: cloudflare CF-RAY: 8ca9aac05b710dc7-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 07:45:25 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 05:45:25 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-09-29 05:45:25 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	172.66.47.197	443	3792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:26 UTC	675	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: telegram-naughty17.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://telegram-naughty17.pages.dev/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:45:27 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 05:45:27 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca9aac828ff43d0-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 07:45:27 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 05:45:27 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49719	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 05:45:27 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=125975 Date: Sun, 29 Sep 2024 05:45:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49721	172.66.47.197	443	3792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:28 UTC	612	OUT	GET /favicon.ico HTTP/1.1 Host: telegram-naughty17.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://telegram-naughty17.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:45:28 UTC	751	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 05:45:28 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2QgySg62SuPgFoeGwVGUDLApFrFGZu3jWk%2FW5MNr1e1%2F7ovBlw0WJP1wtO32l3FwAQqt%2Bq%2BHg%2BlHi2%2FOzF2Pnj0g%2B2KPWJtRCZHnnqqKWtd6MpOHyUWWgkTVSXROtL4MxPb6rDLg2V1Jgi%2B0WASt"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9aacf0bf4c472-EWR
2024-09-29 05:45:28 UTC	1369	IN	Data Raw: 32 34 36 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 46 46 49 43 49 41 4c 20 54 45 4c 45 47 52 41 4d 20 44 41 54 49 4e 47 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 20 26 26 20 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 27 28 70 72 65 66 65 72 73 2d 63 6f Data Ascii: 2468<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>OFFICIAL TELEGRAM DATING</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>window.matchMedia && window.matchMedia('(prefers-co
2024-09-29 05:45:28 UTC	1369	IN	Data Raw: 65 67 72 61 6d 2e 63 73 73 3f 32 32 37 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 5f 74 72 61 6e 73 69 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 77 72 61 70 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 63 61 6e 76 61 73 20 69 64 3d 22 74 67 6d 65 5f 62 61 63 6b 67 72 6f 75 6e 64 22 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 62 61 63 6b 67 72 6f 75 6e 64 20 64 65 66 61 75 6c 74 22 20 77 69 64 74 68 3d 22 35 30 22 20 68 65 69 67 68 74 3d 22 35 30 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 63 6f 6c 6f 72 73 3d 22 64 62 64 64 62 62 2c Data Ascii: egram.css?227" rel="stylesheet" media="screen"></head><body class="no_transition"> <div class="tgme_background_wrap"> <canvas id="tgme_background" class="tgme_background default" width="50" height="50" data-colors="dbddbb,
2024-09-29 05:45:28 UTC	1369	IN	Data Raw: 37 2d 31 2e 32 32 39 30 36 38 35 20 31 2e 35 34 39 36 36 37 32 2d 31 2e 30 34 31 33 31 35 33 2e 30 38 38 36 32 39 38 2d 31 2e 38 32 38 34 32 35 37 2d 2e 34 38 35 37 39 31 32 2d 32 2e 38 33 36 39 39 30 35 2d 31 2e 30 39 37 32 38 36 33 2d 31 2e 35 37 38 32 30 34 38 2d 2e 39 35 36 38 36 39 31 2d 32 2e 35 33 32 37 30 38 33 2d 31 2e 33 39 38 34 33 31 37 2d 34 2e 30 36 34 36 32 39 33 2d 32 2e 33 33 32 31 35 39 32 2d 31 2e 37 37 30 33 39 39 38 2d 31 2e 30 37 39 30 38 33 37 2d 2e 32 31 32 35 35 39 2d 31 2e 35 38 33 36 35 35 2e 37 39 36 33 38 36 37 2d 32 2e 35 35 32 39 31 38 39 2e 32 36 34 30 34 35 39 2d 2e 32 35 33 36 36 30 39 20 34 2e 37 37 35 33 39 30 36 2d 34 2e 33 30 39 37 30 34 31 20 34 2e 37 35 35 39 37 36 2d 34 2e 34 33 31 37 30 36 2d 2e 30 30 37 30 34 39 Data Ascii: 7-1.2290685 1.5496672-1.0413153.0886298-1.8284257-.4857912-2.8369905-1.0972863-1.5782048-.9568691-2.5327083-1.3984317-4.0646293-2.3321592-1.7703998-1.0790837-.212559-1.583655.7963867-2.5529189.2640459-.2536609 4.7753906-4.3097041 4.755976-4.431706-.007049
2024-09-29 05:45:28 UTC	1369	IN	Data Raw: 35 2e 32 31 34 20 30 20 2e 35 30 36 2d 2e 30 34 34 2e 39 30 32 2d 2e 30 38 38 20 31 2e 31 34 34 7a 6d 2d 37 2e 31 37 32 2d 31 2e 38 39 32 68 34 2e 37 30 38 63 2e 30 32 32 2d 2e 39 39 2d 2e 34 31 38 2d 32 2e 36 31 38 2d 32 2e 32 32 32 2d 32 2e 36 31 38 2d 31 2e 36 37 32 20 30 2d 32 2e 33 37 36 20 31 2e 35 31 38 2d 32 2e 34 38 36 20 32 2e 36 31 38 7a 6d 31 39 2e 32 34 2d 31 2e 31 34 34 76 36 2e 30 37 32 63 30 20 32 2e 32 34 34 2d 2e 34 36 32 20 33 2e 38 35 2d 31 2e 35 38 34 20 34 2e 38 36 32 2d 31 2e 31 2e 39 39 2d 32 2e 36 36 32 20 31 2e 32 39 38 2d 34 2e 31 33 36 20 31 2e 32 39 38 2d 31 2e 33 36 34 20 30 2d 32 2e 38 31 36 2d 2e 33 30 38 2d 33 2e 37 34 2d 2e 38 35 38 6c 2e 35 39 34 2d 32 2e 30 34 36 63 2e 36 38 32 2e 33 39 36 20 31 2e 38 32 36 2e 38 31 34 Data Ascii: 5.214 0 .506-.044.902-.088 1.144zm-7.172-1.892h4.708c.022-.99-.418-2.618-2.222-2.618-1.672 0-2.376 1.518-2.486 2.618zm19.24-1.144v6.072c0 2.244-.462 3.85-1.584 4.862-1.1.99-2.662 1.298-4.136 1.298-1.364 0-2.816-.308-3.74-.858l.594-2.046c.682.396 1.826.814
2024-09-29 05:45:28 UTC	1369	IN	Data Raw: 2e 31 39 68 32 2e 33 31 6c 2e 31 33 32 20 31 2e 35 38 34 68 2e 30 36 36 63 2e 35 30 36 2d 2e 38 33 36 20 31 2e 34 37 34 2d 31 2e 38 32 36 20 33 2e 33 2d 31 2e 38 32 36 20 31 2e 34 30 38 20 30 20 32 2e 35 30 38 2e 37 39 32 20 32 2e 39 37 20 31 2e 39 38 68 2e 30 34 34 63 2e 33 37 34 2d 2e 35 39 34 2e 38 31 34 2d 31 2e 30 33 34 20 31 2e 32 39 38 2d 31 2e 33 34 32 2e 36 31 36 2d 2e 34 31 38 20 31 2e 32 39 38 2d 2e 36 33 38 20 32 2e 32 2d 2e 36 33 38 20 31 2e 37 36 20 30 20 33 2e 35 36 34 20 31 2e 32 31 20 33 2e 35 36 34 20 34 2e 36 34 32 76 36 2e 33 31 34 68 2d 32 2e 36 34 76 2d 35 2e 39 31 38 63 30 2d 31 2e 37 38 32 2d 2e 36 31 36 2d 32 2e 38 33 38 2d 31 2e 39 31 34 2d 32 2e 38 33 38 2d 2e 39 32 34 20 30 2d 31 2e 36 30 36 2e 36 36 2d 31 2e 38 39 32 20 31 2e Data Ascii: .19h2.31l.132 1.584h.066c.506-.836 1.474-1.826 3.3-1.826 1.408 0 2.508.792 2.97 1.98h.044c.374-.594.814-1.034 1.298-1.342.616-.418 1.298-.638 2.2-.638 1.76 0 3.564 1.21 3.564 4.642v6.314h-2.64v-5.918c0-1.782-.616-2.838-1.914-2.838-.924 0-1.606.66-1.892 1.
2024-09-29 05:45:28 UTC	1369	IN	Data Raw: 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 70 61 67 65 5f 65 78 74 72 61 22 3e 31 39 32 20 39 39 38 20 6d 65 6d 62 65 72 73 2c 20 31 31 20 37 38 34 20 6f 6e 6c 69 6e 65 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 70 61 67 65 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 20 64 69 72 3d 22 61 75 74 6f 22 3e 4d 6f 72 65 20 74 68 61 6e 20 31 30 20 74 68 6f 75 73 61 6e 64 20 73 69 6e 67 6c 65 20 77 6f 6d 65 6e 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 73 65 78 20 61 72 65 20 6f 6e 6c 69 6e 65 20 65 76 65 72 79 20 64 61 79 2e 2e 2e 63 6c 69 Data Ascii: "></i> </div> <div class="tgme_page_extra">192 998 members, 11 784 online </div> <div class="tgme_page_description" dir="auto">More than 10 thousand single women looking for sex are online every day...cli
2024-09-29 05:45:28 UTC	1114	IN	Data Raw: 20 20 20 3c 2f 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 64 73 2d 6d 69 6e 69 22 3e 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 74 67 6d 65 5f 66 72 61 6d 65 5f 63 6f 6e 74 22 3e 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 6a 73 2f 74 67 77 61 6c 6c 70 61 70 65 72 2e 6d 69 6e 2e 6a 73 3f 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a Data Ascii: </ul> </div> </div> </div> </div> <div class="ads-mini"></script> </div> <div id="tgme_frame_cont"></div> <script src="https://telegram.org/js/tgwallpaper.min.js?3"></script>
2024-09-29 05:45:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 05:45:29 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=126003 Date: Sun, 29 Sep 2024 05:45:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 05:45:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49725	172.66.44.59	443	3792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:30 UTC	398	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: telegram-naughty17.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:45:30 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 05:45:30 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca9aadb0f7cc354-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 07:45:30 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 05:45:30 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49726	172.66.44.59	443	3792	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:45:30 UTC	363	OUT	GET /favicon.ico HTTP/1.1 Host: telegram-naughty17.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:45:30 UTC	745	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 05:45:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=0, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iaobE7FNZkn%2B7Ae8NBA1x%2F5%2B8z%2FquoNlX7AQ8WxQ5dbrJilaXmvrDnq%2FCcyXVa4j3sfY0x9wGCl9UcLso44KwA8bW7yNYu6Kjil3O2ZH3GtPvjn4lryCN8rvNlOMgUtppUzABpfevK8hsJzzcVGr"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9aade2e0d420a-EWR
2024-09-29 05:45:30 UTC	1369	IN	Data Raw: 32 34 36 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 46 46 49 43 49 41 4c 20 54 45 4c 45 47 52 41 4d 20 44 41 54 49 4e 47 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 20 26 26 20 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 27 28 70 72 65 66 65 72 73 2d 63 6f Data Ascii: 2468<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>OFFICIAL TELEGRAM DATING</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>window.matchMedia && window.matchMedia('(prefers-co
2024-09-29 05:45:30 UTC	1369	IN	Data Raw: 65 67 72 61 6d 2e 63 73 73 3f 32 32 37 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 5f 74 72 61 6e 73 69 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 77 72 61 70 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 63 61 6e 76 61 73 20 69 64 3d 22 74 67 6d 65 5f 62 61 63 6b 67 72 6f 75 6e 64 22 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 62 61 63 6b 67 72 6f 75 6e 64 20 64 65 66 61 75 6c 74 22 20 77 69 64 74 68 3d 22 35 30 22 20 68 65 69 67 68 74 3d 22 35 30 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 61 74 61 2d 63 6f 6c 6f 72 73 3d 22 64 62 64 64 62 62 2c Data Ascii: egram.css?227" rel="stylesheet" media="screen"></head><body class="no_transition"> <div class="tgme_background_wrap"> <canvas id="tgme_background" class="tgme_background default" width="50" height="50" data-colors="dbddbb,
2024-09-29 05:45:30 UTC	1369	IN	Data Raw: 37 2d 31 2e 32 32 39 30 36 38 35 20 31 2e 35 34 39 36 36 37 32 2d 31 2e 30 34 31 33 31 35 33 2e 30 38 38 36 32 39 38 2d 31 2e 38 32 38 34 32 35 37 2d 2e 34 38 35 37 39 31 32 2d 32 2e 38 33 36 39 39 30 35 2d 31 2e 30 39 37 32 38 36 33 2d 31 2e 35 37 38 32 30 34 38 2d 2e 39 35 36 38 36 39 31 2d 32 2e 35 33 32 37 30 38 33 2d 31 2e 33 39 38 34 33 31 37 2d 34 2e 30 36 34 36 32 39 33 2d 32 2e 33 33 32 31 35 39 32 2d 31 2e 37 37 30 33 39 39 38 2d 31 2e 30 37 39 30 38 33 37 2d 2e 32 31 32 35 35 39 2d 31 2e 35 38 33 36 35 35 2e 37 39 36 33 38 36 37 2d 32 2e 35 35 32 39 31 38 39 2e 32 36 34 30 34 35 39 2d 2e 32 35 33 36 36 30 39 20 34 2e 37 37 35 33 39 30 36 2d 34 2e 33 30 39 37 30 34 31 20 34 2e 37 35 35 39 37 36 2d 34 2e 34 33 31 37 30 36 2d 2e 30 30 37 30 34 39 Data Ascii: 7-1.2290685 1.5496672-1.0413153.0886298-1.8284257-.4857912-2.8369905-1.0972863-1.5782048-.9568691-2.5327083-1.3984317-4.0646293-2.3321592-1.7703998-1.0790837-.212559-1.583655.7963867-2.5529189.2640459-.2536609 4.7753906-4.3097041 4.755976-4.431706-.007049
2024-09-29 05:45:30 UTC	1369	IN	Data Raw: 35 2e 32 31 34 20 30 20 2e 35 30 36 2d 2e 30 34 34 2e 39 30 32 2d 2e 30 38 38 20 31 2e 31 34 34 7a 6d 2d 37 2e 31 37 32 2d 31 2e 38 39 32 68 34 2e 37 30 38 63 2e 30 32 32 2d 2e 39 39 2d 2e 34 31 38 2d 32 2e 36 31 38 2d 32 2e 32 32 32 2d 32 2e 36 31 38 2d 31 2e 36 37 32 20 30 2d 32 2e 33 37 36 20 31 2e 35 31 38 2d 32 2e 34 38 36 20 32 2e 36 31 38 7a 6d 31 39 2e 32 34 2d 31 2e 31 34 34 76 36 2e 30 37 32 63 30 20 32 2e 32 34 34 2d 2e 34 36 32 20 33 2e 38 35 2d 31 2e 35 38 34 20 34 2e 38 36 32 2d 31 2e 31 2e 39 39 2d 32 2e 36 36 32 20 31 2e 32 39 38 2d 34 2e 31 33 36 20 31 2e 32 39 38 2d 31 2e 33 36 34 20 30 2d 32 2e 38 31 36 2d 2e 33 30 38 2d 33 2e 37 34 2d 2e 38 35 38 6c 2e 35 39 34 2d 32 2e 30 34 36 63 2e 36 38 32 2e 33 39 36 20 31 2e 38 32 36 2e 38 31 34 Data Ascii: 5.214 0 .506-.044.902-.088 1.144zm-7.172-1.892h4.708c.022-.99-.418-2.618-2.222-2.618-1.672 0-2.376 1.518-2.486 2.618zm19.24-1.144v6.072c0 2.244-.462 3.85-1.584 4.862-1.1.99-2.662 1.298-4.136 1.298-1.364 0-2.816-.308-3.74-.858l.594-2.046c.682.396 1.826.814
2024-09-29 05:45:30 UTC	1369	IN	Data Raw: 2e 31 39 68 32 2e 33 31 6c 2e 31 33 32 20 31 2e 35 38 34 68 2e 30 36 36 63 2e 35 30 36 2d 2e 38 33 36 20 31 2e 34 37 34 2d 31 2e 38 32 36 20 33 2e 33 2d 31 2e 38 32 36 20 31 2e 34 30 38 20 30 20 32 2e 35 30 38 2e 37 39 32 20 32 2e 39 37 20 31 2e 39 38 68 2e 30 34 34 63 2e 33 37 34 2d 2e 35 39 34 2e 38 31 34 2d 31 2e 30 33 34 20 31 2e 32 39 38 2d 31 2e 33 34 32 2e 36 31 36 2d 2e 34 31 38 20 31 2e 32 39 38 2d 2e 36 33 38 20 32 2e 32 2d 2e 36 33 38 20 31 2e 37 36 20 30 20 33 2e 35 36 34 20 31 2e 32 31 20 33 2e 35 36 34 20 34 2e 36 34 32 76 36 2e 33 31 34 68 2d 32 2e 36 34 76 2d 35 2e 39 31 38 63 30 2d 31 2e 37 38 32 2d 2e 36 31 36 2d 32 2e 38 33 38 2d 31 2e 39 31 34 2d 32 2e 38 33 38 2d 2e 39 32 34 20 30 2d 31 2e 36 30 36 2e 36 36 2d 31 2e 38 39 32 20 31 2e Data Ascii: .19h2.31l.132 1.584h.066c.506-.836 1.474-1.826 3.3-1.826 1.408 0 2.508.792 2.97 1.98h.044c.374-.594.814-1.034 1.298-1.342.616-.418 1.298-.638 2.2-.638 1.76 0 3.564 1.21 3.564 4.642v6.314h-2.64v-5.918c0-1.782-.616-2.838-1.914-2.838-.924 0-1.606.66-1.892 1.
2024-09-29 05:45:30 UTC	1369	IN	Data Raw: 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 70 61 67 65 5f 65 78 74 72 61 22 3e 31 39 32 20 39 39 38 20 6d 65 6d 62 65 72 73 2c 20 31 31 20 37 38 34 20 6f 6e 6c 69 6e 65 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 67 6d 65 5f 70 61 67 65 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 20 64 69 72 3d 22 61 75 74 6f 22 3e 4d 6f 72 65 20 74 68 61 6e 20 31 30 20 74 68 6f 75 73 61 6e 64 20 73 69 6e 67 6c 65 20 77 6f 6d 65 6e 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 73 65 78 20 61 72 65 20 6f 6e 6c 69 6e 65 20 65 76 65 72 79 20 64 61 79 2e 2e 2e 63 6c 69 Data Ascii: "></i> </div> <div class="tgme_page_extra">192 998 members, 11 784 online </div> <div class="tgme_page_description" dir="auto">More than 10 thousand single women looking for sex are online every day...cli
2024-09-29 05:45:30 UTC	1114	IN	Data Raw: 20 20 20 3c 2f 75 6c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 64 73 2d 6d 69 6e 69 22 3e 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 74 67 6d 65 5f 66 72 61 6d 65 5f 63 6f 6e 74 22 3e 3c 2f 64 69 76 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 6a 73 2f 74 67 77 61 6c 6c 70 61 70 65 72 2e 6d 69 6e 2e 6a 73 3f 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a Data Ascii: </ul> </div> </div> </div> </div> <div class="ads-mini"></script> </div> <div id="tgme_frame_cont"></div> <script src="https://telegram.org/js/tgwallpaper.min.js?3"></script>
2024-09-29 05:45:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2788, Parent PID: 5400

General

Target ID:	0
Start time:	01:45:17
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3792, Parent PID: 2788

General

Target ID:	2
Start time:	01:45:20
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2188,i,3523521402586966564,12981031982345818078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1968, Parent PID: 5400

General

Target ID:	3
Start time:	01:45:22
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://telegram-naughty17.pages.dev/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://telegram-naughty17.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Windows Analysis Report
http://telegram-naughty17.pages.dev/