Edit tour

Windows Analysis Report
https://nothingtosay.pages.dev/

Overview

General Information

Sample URL:	https://nothingtosay.pages.dev/
Analysis ID:	1522073
Tags:	openphish
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected BlockedWebSite

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6384 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1884,i,12433132562771254161,12303635239315947655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nothingtosay.pages.dev/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_61	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=f5jwUrbBwTscKdhZl2JSNUCdi%2Bldi0jDEAmOu8XvR5He3%2Brwyr9u%2BsQcqc9tDURkpkH2HJeKwn4h17YejQYVoFaobpsqoSWrlPIJQz7YzsIVtrx%2FZId%2Fm6bV7KDev6Avf%2FZ53%2BOMJHJR HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 434Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 29 Sep 2024 06:12:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Ray: 8ca9d2d62d854310-EWRCF-Cache-Status: EXPIREDVary: Accept-EncodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5jwUrbBwTscKdhZl2JSNUCdi%2Bldi0jDEAmOu8XvR5He3%2Brwyr9u%2BsQcqc9tDURkpkH2HJeKwn4h17YejQYVoFaobpsqoSWrlPIJQz7YzsIVtrx%2FZId%2Fm6bV7KDev6Avf%2FZ53%2BOMJHJR"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Speculation-Rules: "/cdn-cgi/speculation"Server: cloudflare

Source: chromecache_61.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_61.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49724 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@16/15@8/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1884,i,12433132562771254161,12303635239315947655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nothingtosay.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1884,i,12433132562771254161,12303635239315947655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
www.google.com	172.217.16.132	true	false	unknown
nothingtosay.pages.dev	172.66.44.97	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://nothingtosay.pages.dev/cdn-cgi/styles/cf.errors.css	false	unknown
https://a.nel.cloudflare.com/report/v4?s=f5jwUrbBwTscKdhZl2JSNUCdi%2Bldi0jDEAmOu8XvR5He3%2Brwyr9u%2BsQcqc9tDURkpkH2HJeKwn4h17YejQYVoFaobpsqoSWrlPIJQz7YzsIVtrx%2FZId%2Fm6bV7KDev6Avf%2FZ53%2BOMJHJR	false	unknown
https://nothingtosay.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637	false	unknown
https://nothingtosay.pages.dev/	false	unknown
https://nothingtosay.pages.dev/favicon.ico	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_61.2.dr	false		unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_61.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.66.44.97	nothingtosay.pages.dev	United States	13335	CLOUDFLARENETUS	false
172.217.16.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522073
Start date and time:	2024-09-29 08:11:50 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://nothingtosay.pages.dev/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@16/15@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 66.102.1.84, 142.250.185.206, 34.104.35.123, 52.165.165.26, 93.184.221.240, 192.229.221.95, 13.95.31.18, 20.242.39.171, 142.250.184.227, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://nothingtosay.pages.dev/

Input	Output
URL: https://nothingtosay.pages.dev/ Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":false, "trigger_text":"unknown", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://nothingtosay.pages.dev/ Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"This website has been reported for potential phishing.", "prominent_button_name":"Learn More", "text_input_field_labels":["Cloudflare Ray ID: 8ca9d2c4c8d47cf9", "Your IP: Click to reveal", "Performance & security by Cloudflare"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:12:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.976085212733637
Encrypted:	false
SSDEEP:	48:8ndLTTLMHIidAKZdA19ehwiZUklqehAy+3:8VLr/y
MD5:	EEC183FFD71FE56CB008C0FA65364199
SHA1:	FCB078356F5464EE81F6F6A6B8CCEE5F4ADF7448
SHA-256:	35302D602FCBFB6D7E5B571856EE1D82011126B5985910DBA46ADD34AAD24C3E
SHA-512:	42605B456EE6432676F09D4C5560D085486A450F5288101D8FD9CBB6FA72DBF24AC00A82F39E4DB30CD6101B39CE8DCE3114A7DD9AC119F2A7ABC823D3876809
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Rh/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:12:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9924921763425205
Encrypted:	false
SSDEEP:	48:8odLTTLMHIidAKZdA1weh/iZUkAQkqehvy+2:8YLZ9Qay
MD5:	F6836A78BC5D110A99F5C9A14BCB74D4
SHA1:	F4456A0B3D847E87539C69462A68D68B0DA6C177
SHA-256:	46E876636E6E4B61CD906A9B9DA4BFDC54FAACE08FF8366491E48C1E18B9DEAB
SHA-512:	4536641E820F907D3DA637938E464076F7FA8161304F952F98D4268E137BC9BBF98DCC46BE3ADD177473BE4C21C70316039FFB6C5D6A98AAEE1D9AC7FB20A89E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....M..6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Rh/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.003558719932805
Encrypted:	false
SSDEEP:	48:8x8dLTTLsHIidAKZdA14tseh7sFiZUkmgqeh7sZy+BX:8xcLJnby
MD5:	A5BA99A25FF28E88D4D521E51DA0208F
SHA1:	2F0F27EFF29AE244A79F5D47C90C0A2478423D80
SHA-256:	9EEBF360A468A555D7C3B9A153555F873FB51E60A8E4FA12830C8F42AB4C49B8
SHA-512:	E7746B71BF03F99DD06EEDEA1585B754260657CA78D37CC7EA4195D17B21997202E0FCAA7E74A4FDD0A58E5BBAAAAC68BB1A8ECE71DF020065C84BC37B1A4BED
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Rh/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:12:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9909270192189434
Encrypted:	false
SSDEEP:	48:8ydLTTLMHIidAKZdA1vehDiZUkwqehTy+R:8qL6Ry
MD5:	AF50FCB305A848EDC8D637FCF7AB1BC9
SHA1:	C079D3AD3B09581DDC8E66FDC9C261EFD02BEB07
SHA-256:	F71B32F67C1CEB4F962962D8BE8FC9EA70A5AE012BCD943578C0D956000DC77E
SHA-512:	0294374E67CEF302FBC26805F21FE01EB3144CF173ECB910EF3E45BFBB55FEFCFAC4FD8048666F516B4F0FC2C85F687004877DAC83E40031D2A65CB4ED9C5653
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Rh/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:12:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.976949764873415
Encrypted:	false
SSDEEP:	48:8QdLTTLMHIidAKZdA1hehBiZUk1W1qehFy+C:8wL69ly
MD5:	165305EBB786469B1F418CB11C7E911D
SHA1:	7ACE7AA2921ED4A633BD7D8CE94B3A07D98F022B
SHA-256:	2135067AAA211D465498B9E1EE9264E6CF20F998B3013FDAE2EE671F29BE41C4
SHA-512:	CCB2CDD5D504B86358CB6478D642F94BF73EB2F31A9FA46A0E158BA066A05DBB64698B64E00EBF6243035AA2F4039C393A8FD284B80ED25FA35FDCE65D112337
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....Ax..6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Rh/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 05:12:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9899015694940005
Encrypted:	false
SSDEEP:	48:81dLTTLMHIidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbby+yT+:8jLET/TbxWOvTbby7T
MD5:	76957FFA5FEE5E0CF80EB2802724A005
SHA1:	80C6E61BEF71CE1F4EC213DF89AF343399F35BCE
SHA-256:	830868E887DA124879C5F3250B189F4A20BF2F6A5FEF023EB1401D38381B9E4C
SHA-512:	1DE6A014C8310DAE8CC70171026FDBDD686969542049C8B01F7B9027245E30E51569C1ED67CA524C32F77A16F9ED448B57FC26CA6F00A0C68D4F0FD21C5BA3F2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Q..6...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Y.1....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Y.1....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Y.1....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Y.1..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Y.1...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Rh/.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://nothingtosay.pages.dev/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4394
Entropy (8bit):	5.084338661834006
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOiskslA2ZLimnrR49PaQxJbGD:1j9jhjYjIK/Vo+ts3nZOmnrO9ieJGD
MD5:	CE40861E0867610D35C63D62E46FCCAF
SHA1:	37AD1F3DA153149C7E8F96AE7C08D78D82B077EA
SHA-256:	CB837D54E2145D7FC68C92FE42B90BB268A7A7073DDA9FC172D526E2AE7A26A5
SHA-512:	E8BE46CA5079673D4397234948E344BB688035EAFD442EF95362F46080664E8FAD7B1FE9EFB1948233C1E3E028655C3423DD118C54D76791C3E1CCCC8B7EB73F
Malicious:	false
Reputation:	low
URL:	https://nothingtosay.pages.dev/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://nothingtosay.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	555
Entropy (8bit):	4.73524642638354
Encrypted:	false
SSDEEP:	12:TjeRHVIdtklI5rtINGlTF5TF5TF5TF5TF5TFK:neRH68mTPTPTPTPTPTc
MD5:	26017130ABCA7D511D22EEA19CE6D7A1
SHA1:	D909A258B0E0F5856F85181A619AF75868C808D1
SHA-256:	6D83B77C3D8C5C0CCC7078540A1FB0BD9FA43EEB82B89F83264D469AA100C088
SHA-512:	A79737F6C24A1B5BFC8454AEA1769D9E0A8BC330696EDFA277ACF8DC4E1355090FF8B3A395059A810425CE4F93043206E48DA0A23603627C5935123930032402
Malicious:	false
Reputation:	low
URL:	https://nothingtosay.pages.dev/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 08:12:36.153987885 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:36.153994083 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:36.263489962 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:43.895515919 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:43.895558119 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:43.895643950 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:43.895673990 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:43.895683050 CEST	443	49710	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:43.895729065 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:43.895984888 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:43.895997047 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:43.896250010 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:43.896260977 CEST	443	49710	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.367638111 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.367971897 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.367999077 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.369066000 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.369178057 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.370340109 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.370378017 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.370433092 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.370521069 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.370537996 CEST	443	49709	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.370553017 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.370987892 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.371011972 CEST	49709	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.371041059 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.371098042 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.371347904 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.371361017 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.373500109 CEST	443	49710	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.373775959 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.373788118 CEST	443	49710	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.374769926 CEST	443	49710	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.374845028 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.375262976 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.375296116 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.375313997 CEST	443	49710	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.375344038 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.375375032 CEST	49710	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.375746012 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.375787973 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.375848055 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.376095057 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.376104116 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.841043949 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.841398001 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.841429949 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.842550993 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.842849970 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.843059063 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.843282938 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.843296051 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.843672037 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.843734980 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.843841076 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.843849897 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.844299078 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.844361067 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.845129013 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.845181942 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.891161919 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.891171932 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.891237020 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.938745022 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.976062059 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.976104021 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.976133108 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.976150990 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.976167917 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.976344109 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:44.976378918 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:44.976394892 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.010274887 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.010581970 CEST	49711	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.010593891 CEST	443	49711	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.055412054 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109071970 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109189034 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109261990 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.109297037 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109411001 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109468937 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.109483004 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109616041 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109672070 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.109683037 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109798908 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.109847069 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.109857082 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.110008001 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.110070944 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.110080957 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.155349970 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.155414104 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.197642088 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.197737932 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.197777987 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.197910070 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.197973013 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.197984934 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.198101997 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.198157072 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.198167086 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.198370934 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.198431969 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.200128078 CEST	49712	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.200156927 CEST	443	49712	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.267851114 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.267911911 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.268032074 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.268244028 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.268274069 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.730315924 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.730659962 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.730684996 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.732146025 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.732213974 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.734957933 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.734992981 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.735030890 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.735255003 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.735264063 CEST	443	49715	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.735274076 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.735311985 CEST	49715	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.736006975 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.736099958 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.736188889 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.736735106 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:45.736769915 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:45.763492107 CEST	49674	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:45.763596058 CEST	49675	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:45.872773886 CEST	49673	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:46.192173958 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.198993921 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.199043989 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.199441910 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.200618029 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.200691938 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.201217890 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.247410059 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.330476999 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.330538034 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.330595016 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.331845045 CEST	49716	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.331876993 CEST	443	49716	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.713854074 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.713900089 CEST	443	49717	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.713985920 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.715198994 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.715215921 CEST	443	49717	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.745785952 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.745816946 CEST	443	49718	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.745872021 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.746124983 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:46.746145010 CEST	443	49718	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:46.934431076 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:46.934555054 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:46.934637070 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:46.935105085 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:46.935139894 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:47.177396059 CEST	443	49717	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.177659035 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.177673101 CEST	443	49717	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.178776979 CEST	443	49717	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.178848028 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.179408073 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.179426908 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.179471970 CEST	443	49717	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.179476023 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.179532051 CEST	49717	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.179986000 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.180028915 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.180152893 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.180356979 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.180376053 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.229015112 CEST	443	49718	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.240004063 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.240020037 CEST	443	49718	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.243576050 CEST	443	49718	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.243668079 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.244324923 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.244376898 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.244431019 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.244513988 CEST	443	49718	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.244575977 CEST	49718	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.244793892 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.244853020 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.244952917 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.245378971 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.245397091 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.315082073 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:47.315133095 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:47.315207005 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:47.334106922 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:47.334151983 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:47.527868032 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 08:12:47.527960062 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:47.583973885 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:47.605242968 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:47.605326891 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:47.606478930 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:47.606571913 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:47.632858038 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:47.633060932 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:47.641678095 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.641944885 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.641973019 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.642992973 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.643055916 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.643351078 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.643429995 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.643513918 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.643523932 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.685745001 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.685751915 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:47.685777903 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:47.722738981 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.725545883 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.725577116 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.727061033 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.727135897 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.727547884 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.727627993 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.727938890 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.727947950 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.732615948 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:47.779468060 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.864511013 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.864634037 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.864691973 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.877501965 CEST	49721	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:47.877527952 CEST	443	49721	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:47.982579947 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:47.982652903 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:47.985924959 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:47.985939980 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:47.986340046 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.022692919 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.063405037 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.255616903 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.255740881 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.256493092 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.658296108 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.658350945 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.658376932 CEST	49722	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.658386946 CEST	443	49722	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.681943893 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:48.682115078 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:48.682169914 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:48.694335938 CEST	49720	443	192.168.2.5	172.66.44.97
Sep 29, 2024 08:12:48.694351912 CEST	443	49720	172.66.44.97	192.168.2.5
Sep 29, 2024 08:12:48.705223083 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:48.705271006 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:48.705337048 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:48.709849119 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:48.709867954 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:48.783653975 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.783766985 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:48.783866882 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.787648916 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:48.787688017 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.168920994 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.169176102 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.169203043 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.170243979 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.170329094 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.176796913 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.176871061 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.177175045 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.177186012 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.217592001 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.410139084 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.410228014 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.410486937 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.410525084 CEST	443	49723	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.410550117 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.410567045 CEST	49723	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.411083937 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.411119938 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.411185980 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.411401987 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.411416054 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.431705952 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.431794882 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:49.432893991 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:49.432926893 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.433962107 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.435323000 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:49.479413986 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.704381943 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.704550982 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.704730988 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:49.706054926 CEST	49724	443	192.168.2.5	184.28.90.27
Sep 29, 2024 08:12:49.706090927 CEST	443	49724	184.28.90.27	192.168.2.5
Sep 29, 2024 08:12:49.886825085 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.887228966 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.887248039 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.887732983 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.888036013 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.888098001 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:49.888293028 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:49.931416988 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:50.020493031 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:50.020673990 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:50.020749092 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:50.020977974 CEST	49727	443	192.168.2.5	35.190.80.1
Sep 29, 2024 08:12:50.020999908 CEST	443	49727	35.190.80.1	192.168.2.5
Sep 29, 2024 08:12:57.488482952 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:57.488598108 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:57.488749981 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:58.380064964 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:58.384155989 CEST	49703	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:58.384782076 CEST	49734	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:58.384829044 CEST	443	49734	23.1.237.91	192.168.2.5
Sep 29, 2024 08:12:58.384855032 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 08:12:58.384941101 CEST	49734	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:58.385358095 CEST	49734	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:12:58.385369062 CEST	443	49734	23.1.237.91	192.168.2.5
Sep 29, 2024 08:12:58.388933897 CEST	443	49703	23.1.237.91	192.168.2.5
Sep 29, 2024 08:12:58.732688904 CEST	49719	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:12:58.732728958 CEST	443	49719	172.217.16.132	192.168.2.5
Sep 29, 2024 08:12:58.983452082 CEST	443	49734	23.1.237.91	192.168.2.5
Sep 29, 2024 08:12:58.983520985 CEST	49734	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:13:18.137753010 CEST	443	49734	23.1.237.91	192.168.2.5
Sep 29, 2024 08:13:18.137841940 CEST	49734	443	192.168.2.5	23.1.237.91
Sep 29, 2024 08:13:47.149904966 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:47.149959087 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:47.150023937 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:47.150311947 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:47.150326967 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:47.793399096 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:47.793950081 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:47.793984890 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:47.795075893 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:47.796344995 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:47.796408892 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:47.845325947 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:57.689313889 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:57.689376116 CEST	443	49738	172.217.16.132	192.168.2.5
Sep 29, 2024 08:13:57.689486027 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:58.734428883 CEST	49738	443	192.168.2.5	172.217.16.132
Sep 29, 2024 08:13:58.734452009 CEST	443	49738	172.217.16.132	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 08:12:42.538261890 CEST	53	51633	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:42.759227037 CEST	53	60411	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:43.795890093 CEST	53	56956	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:43.884079933 CEST	58267	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:43.884193897 CEST	59794	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:43.894674063 CEST	53	59794	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:43.894880056 CEST	53	58267	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:46.733047962 CEST	60147	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:46.733241081 CEST	62475	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:46.740071058 CEST	53	62475	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:46.745081902 CEST	53	60147	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:46.921993971 CEST	57664	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:46.922548056 CEST	53118	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:46.928684950 CEST	53	57664	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:46.929373980 CEST	53	53118	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:48.685708046 CEST	64518	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:48.692317963 CEST	50514	53	192.168.2.5	1.1.1.1
Sep 29, 2024 08:12:48.692569971 CEST	53	64518	1.1.1.1	192.168.2.5
Sep 29, 2024 08:12:48.698601961 CEST	53	50514	1.1.1.1	192.168.2.5
Sep 29, 2024 08:13:00.820528030 CEST	53	61944	1.1.1.1	192.168.2.5
Sep 29, 2024 08:13:19.737931013 CEST	53	62176	1.1.1.1	192.168.2.5
Sep 29, 2024 08:13:42.117862940 CEST	53	51075	1.1.1.1	192.168.2.5
Sep 29, 2024 08:13:42.818469048 CEST	53	60281	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 08:12:43.884079933 CEST	192.168.2.5	1.1.1.1	0x4216	Standard query (0)	nothingtosay.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:43.884193897 CEST	192.168.2.5	1.1.1.1	0xf2e0	Standard query (0)	nothingtosay.pages.dev	65	IN (0x0001)	false
Sep 29, 2024 08:12:46.733047962 CEST	192.168.2.5	1.1.1.1	0x9988	Standard query (0)	nothingtosay.pages.dev	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:46.733241081 CEST	192.168.2.5	1.1.1.1	0xfb86	Standard query (0)	nothingtosay.pages.dev	65	IN (0x0001)	false
Sep 29, 2024 08:12:46.921993971 CEST	192.168.2.5	1.1.1.1	0x6ff2	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:46.922548056 CEST	192.168.2.5	1.1.1.1	0x54f7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 29, 2024 08:12:48.685708046 CEST	192.168.2.5	1.1.1.1	0xa147	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:48.692317963 CEST	192.168.2.5	1.1.1.1	0xb16f	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 08:12:43.894674063 CEST	1.1.1.1	192.168.2.5	0xf2e0	No error (0)	nothingtosay.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 08:12:43.894880056 CEST	1.1.1.1	192.168.2.5	0x4216	No error (0)	nothingtosay.pages.dev		172.66.44.97	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:43.894880056 CEST	1.1.1.1	192.168.2.5	0x4216	No error (0)	nothingtosay.pages.dev		172.66.47.159	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:46.740071058 CEST	1.1.1.1	192.168.2.5	0xfb86	No error (0)	nothingtosay.pages.dev			65	IN (0x0001)	false
Sep 29, 2024 08:12:46.745081902 CEST	1.1.1.1	192.168.2.5	0x9988	No error (0)	nothingtosay.pages.dev		172.66.44.97	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:46.745081902 CEST	1.1.1.1	192.168.2.5	0x9988	No error (0)	nothingtosay.pages.dev		172.66.47.159	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:46.928684950 CEST	1.1.1.1	192.168.2.5	0x6ff2	No error (0)	www.google.com		172.217.16.132	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:46.929373980 CEST	1.1.1.1	192.168.2.5	0x54f7	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 29, 2024 08:12:48.692569971 CEST	1.1.1.1	192.168.2.5	0xa147	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:12:57.653407097 CEST	1.1.1.1	192.168.2.5	0x9a5d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:12:57.653407097 CEST	1.1.1.1	192.168.2.5	0x9a5d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:13:11.572122097 CEST	1.1.1.1	192.168.2.5	0x25b0	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:13:11.572122097 CEST	1.1.1.1	192.168.2.5	0x25b0	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 29, 2024 08:13:34.853465080 CEST	1.1.1.1	192.168.2.5	0xd987	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 08:13:34.853465080 CEST	1.1.1.1	192.168.2.5	0xd987	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

nothingtosay.pages.dev

https:

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	172.66.44.97	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:44 UTC	665	OUT	GET / HTTP/1.1 Host: nothingtosay.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:44 UTC	594	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:12:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WVKzTQFoqvJbL6DAvre0i8WDy6Xy1vMSHCHRGqSY52bLt66u5esHlu%2BMU5IsaN3yCu5qdYFjJJv4xa3gLdkGL0jp4pqa18V21AW0h42ob0IrS51kh0e%2FkSKtKWnKMQYh8CqWdnjNNgzC"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8ca9d2c4c8d47cf9-EWR
2024-09-29 06:12:44 UTC	775	IN	Data Raw: 31 31 32 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 112a<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-09-29 06:12:44 UTC	1369	IN	Data Raw: 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 Data Ascii: d='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { v
2024-09-29 06:12:44 UTC	1369	IN	Data Raw: 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 65 55 46 62 63 45 56 43 62 31 36 56 7a 76 4c 39 49 43 52 7a 66 33 70 42 75 30 71 48 48 6a 66 4d 30 67 45 69 54 66 32 7a 67 71 41 2d 31 37 32 37 35 39 30 33 36 34 2d 30 2e 30 2e 31 2e 31 2d 2f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 Data Ascii: ss" method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="eUFbcEVCb16VzvL9ICRzf3pBu0qHHjfM0gEiTf2zgqA-1727590364-0.0.1.1-/"> <a href="https://www.cloudflare.com/learning/access-manage
2024-09-29 06:12:44 UTC	889	IN	Data Raw: 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 Data Ascii: <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="b
2024-09-29 06:12:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49712	172.66.44.97	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:45 UTC	571	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: nothingtosay.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://nothingtosay.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:45 UTC	411	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:12:45 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-5df3" Server: cloudflare CF-RAY: 8ca9d2c5abab42b1-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 08:12:45 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 06:12:45 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-09-29 06:12:45 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	172.66.44.97	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:46 UTC	663	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: nothingtosay.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://nothingtosay.pages.dev/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:46 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:12:46 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca9d2cd4b98434b-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 08:12:46 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 06:12:46 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49720	172.66.44.97	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:47 UTC	600	OUT	GET /favicon.ico HTTP/1.1 Host: nothingtosay.pages.dev Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://nothingtosay.pages.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:48 UTC	616	IN	HTTP/1.1 404 Not Found Date: Sun, 29 Sep 2024 06:12:48 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Ray: 8ca9d2d62d854310-EWR CF-Cache-Status: EXPIRED Vary: Accept-Encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f5jwUrbBwTscKdhZl2JSNUCdi%2Bldi0jDEAmOu8XvR5He3%2Brwyr9u%2BsQcqc9tDURkpkH2HJeKwn4h17YejQYVoFaobpsqoSWrlPIJQz7YzsIVtrx%2FZId%2Fm6bV7KDev6Avf%2FZ53%2BOMJHJR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare
2024-09-29 06:12:48 UTC	562	IN	Data Raw: 32 32 62 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 Data Ascii: 22b<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE
2024-09-29 06:12:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49721	172.66.44.97	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:47 UTC	392	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: nothingtosay.pages.dev Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:47 UTC	409	IN	HTTP/1.1 200 OK Date: Sun, 29 Sep 2024 06:12:47 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8ca9d2d6dcae5e76-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Sun, 29 Sep 2024 08:12:47 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-09-29 06:12:47 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49722	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:48 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 06:12:48 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=124334 Date: Sun, 29 Sep 2024 06:12:48 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49723	35.190.80.1	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:49 UTC	557	OUT	OPTIONS /report/v4?s=f5jwUrbBwTscKdhZl2JSNUCdi%2Bldi0jDEAmOu8XvR5He3%2Brwyr9u%2BsQcqc9tDURkpkH2HJeKwn4h17YejQYVoFaobpsqoSWrlPIJQz7YzsIVtrx%2FZId%2Fm6bV7KDev6Avf%2FZ53%2BOMJHJR HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://nothingtosay.pages.dev Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:49 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Sun, 29 Sep 2024 06:12:48 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:49 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 06:12:49 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=124363 Date: Sun, 29 Sep 2024 06:12:49 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 06:12:49 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49727	35.190.80.1	443	6384	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-29 06:12:49 UTC	492	OUT	POST /report/v4?s=f5jwUrbBwTscKdhZl2JSNUCdi%2Bldi0jDEAmOu8XvR5He3%2Brwyr9u%2BsQcqc9tDURkpkH2HJeKwn4h17YejQYVoFaobpsqoSWrlPIJQz7YzsIVtrx%2FZId%2Fm6bV7KDev6Avf%2FZ53%2BOMJHJR HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 434 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 06:12:49 UTC	434	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 39 37 32 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 6f 74 68 69 6e 67 74 6f 73 61 79 2e 70 61 67 65 73 2e 64 65 76 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 37 32 2e 36 36 2e 34 34 2e 39 37 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c Data Ascii: [{"age":0,"body":{"elapsed_time":1972,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://nothingtosay.pages.dev/","sampling_fraction":1.0,"server_ip":"172.66.44.97","status_code":404,"type":"http.error"},"type":"network-error",
2024-09-29 06:12:50 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Sun, 29 Sep 2024 06:12:49 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	02:12:38
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	02:12:40
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1884,i,12433132562771254161,12303635239315947655,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	02:12:42
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nothingtosay.pages.dev/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_61, type: DROPPED

Source: https://nothingtosay.pages.dev/	HTTP Parser: No favicon
Source: https://nothingtosay.pages.dev/	HTTP Parser: No favicon

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nothingtosay.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: nothingtosay.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nothingtosay.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: nothingtosay.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nothingtosay.pages.dev/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: nothingtosay.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nothingtosay.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: nothingtosay.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: nothingtosay.pages.dev
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://nothingtosay.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Windows Analysis Report
https://nothingtosay.pages.dev/