Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://porn-app.com/download2

Overview

General Information

Sample URL:	https://porn-app.com/download2
Analysis ID:	1524545
Infos:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected BlockedWebSite

Detected non-DNS traffic on DNS port

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 4092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1984 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,9948943693458586903,5159143116401405838,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6348 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://porn-app.com/download2" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_45	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_45, type: DROPPED

Source: https://porn-app.com/download2

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:64479 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /download2 HTTP/1.1Host: porn-app.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: porn-app.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://porn-app.com/download2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: porn-app.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://porn-app.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: porn-app.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://porn-app.com/download2Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: porn-app.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: porn-app.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: porn-app.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: chromecache_45.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_45.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64485
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@17/7@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,9948943693458586903,5159143116401405838,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://porn-app.com/download2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,9948943693458586903,5159143116401405838,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
www.google.com	172.217.23.100	true	false		unknown
porn-app.com	188.114.96.3	true	false		unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		unknown
206.23.85.13.in-addr.arpa	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://porn-app.com/favicon.ico	false		unknown
https://porn-app.com/cdn-cgi/styles/cf.errors.css	false		unknown
https://porn-app.com/cdn-cgi/images/icon-exclamation.png?1376755637	false		unknown
https://porn-app.com/download2	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_45.2.dr	false		unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_45.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.96.3	porn-app.com	European Union		13335	CLOUDFLARENETUS	false
172.217.23.100	www.google.com	United States		15169	GOOGLEUS	false
142.250.184.228	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5
192.168.2.22

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524545
Start date and time:	2024-10-02 23:57:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://porn-app.com/download2
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.win@17/7@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 216.58.206.46, 64.233.167.84, 34.104.35.123, 20.109.210.53, 199.232.214.172, 192.229.221.95, 13.95.31.18, 40.69.42.241, 13.85.23.206, 20.114.59.183, 4.175.87.197, 172.217.18.3, 142.250.181.238
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://porn-app.com/download2

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 44

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 45

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4403
Entropy (8bit):	5.084720014906574
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisMA2ZLim1rR49PaQxJbGD:1j9jhjYjIK/Vo+tsgZOm1rO9ieJGD
MD5:	DEF29B2D4DF9F1CC4038C35B8297C84F
SHA1:	93AB39F5C3B2EE08391106A9E63C3A10AF8E3721
SHA-256:	C338F8BF1C64F07CA086BE375CDCFA1B2B91BF668151F85AE204C3670181983A
SHA-512:	74B0AA961831311917C120F132C8E76442F4B24F99F4775D4505620E4776802BED0C6CFEDC8DEAEB31AAEF0526C32C6696385568CC7360596F620EF272A00E36
Malicious:	false
Reputation:	low
URL:	https://porn-app.com/download2
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 46

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://porn-app.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 47

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://porn-app.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 23:58:19.717000008 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 2, 2024 23:58:20.653748035 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:20.653831005 CEST	443	49735	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:20.653891087 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:20.654110909 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:20.654138088 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:20.654205084 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:20.654378891 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:20.654393911 CEST	443	49735	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:20.654808998 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:20.654848099 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.133810043 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.134095907 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.134114027 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.135178089 CEST	443	49735	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.135348082 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.135379076 CEST	443	49735	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.135786057 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.135869026 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.136729002 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.136756897 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.136823893 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.136828899 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.136889935 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.136995077 CEST	443	49735	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.137058020 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.137206078 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.137243986 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.137300968 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.137753010 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.137769938 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.138030052 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138048887 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138087988 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138118029 CEST	443	49735	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.138168097 CEST	49735	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138381004 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138390064 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.138442993 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138592958 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.138607025 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.616847038 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.617106915 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.617115974 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.618721962 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.618793011 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.619626045 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.619709969 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.619772911 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.619779110 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.628752947 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.629127026 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.629134893 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.630539894 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.630609035 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.630887032 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.630964994 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.670341015 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.670341015 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.670355082 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.716204882 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.751760960 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.751864910 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.751925945 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.751940966 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.752005100 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.752055883 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.752063036 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.752196074 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.752249956 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.752803087 CEST	49738	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.752816916 CEST	443	49738	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.762928009 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.807404041 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.864836931 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.864933968 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.864985943 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.864996910 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865078926 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865130901 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.865138054 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865187883 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865231991 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.865237951 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865295887 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865345955 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.865355015 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865653992 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.865726948 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.865734100 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.869646072 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.869718075 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.869725943 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.922959089 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.955323935 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.955547094 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.955617905 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.955638885 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.955670118 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.955724001 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.955760002 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.956007957 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:21.956065893 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.956438065 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:21.956470013 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.019556046 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.019613028 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.019671917 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.020679951 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.020699024 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.486742020 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.488825083 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.488850117 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.490267038 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.490334988 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.496910095 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.496926069 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.496994972 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.497205019 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.497256041 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.499372005 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.499392986 CEST	443	49742	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.499403000 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.499444008 CEST	49742	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.513062000 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.513099909 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.513267040 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.527102947 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:22.527118921 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:22.685000896 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:22.685077906 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:22.685167074 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:22.685466051 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:22.685487986 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:23.147289038 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.147883892 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.147895098 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.148425102 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.149525881 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.149626970 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.150197983 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.191416979 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.289609909 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.289665937 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.289716005 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.293072939 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.293087959 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.345784903 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:23.346031904 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:23.346071005 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:23.347722054 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:23.347805977 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:23.409182072 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:23.409219980 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:23.409320116 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:23.411181927 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:23.411200047 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:23.666755915 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:23.667274952 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:23.670825958 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.670855999 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.670950890 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.671262026 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.671271086 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.714153051 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:23.714184999 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:23.750544071 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.750567913 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.750629902 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.751091957 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:23.751102924 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:23.764805079 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:24.051968098 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.052050114 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.066138029 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.066160917 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.066355944 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.107407093 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.126578093 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.127634048 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.127655029 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.128541946 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.128622055 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.157228947 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.157442093 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.158051968 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.158061028 CEST	443	49746	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.158179998 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.158193111 CEST	49746	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.159249067 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.159275055 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.159331083 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.159713030 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.159725904 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.205991030 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.230710030 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.233596087 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.233604908 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.234925985 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.234982967 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.235518932 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.235573053 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.235618114 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.235682011 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.235697031 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.235707045 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.235733986 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.236083031 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.236116886 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.236202002 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.236520052 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.236536026 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.275403023 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.417308092 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.417459965 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.417530060 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.424961090 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.424983978 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.425019026 CEST	49745	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.425026894 CEST	443	49745	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.485802889 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.485832930 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.485919952 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.488008022 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:24.488024950 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:24.715178013 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.715672016 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.715688944 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.719183922 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.719295025 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.720312119 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.757594109 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.757608891 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.758133888 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.758208990 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.758481026 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.758548975 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.759076118 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.759131908 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.759186029 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.759212971 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.759560108 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.759567976 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.811049938 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.811060905 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.864120960 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.864182949 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.864285946 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.875833988 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.875993967 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.876171112 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.929363966 CEST	49748	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.929394007 CEST	443	49748	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:24.941111088 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:24.941133976 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:25.386698961 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.386781931 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:25.412919998 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:25.412941933 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.413881063 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.416412115 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:25.463398933 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.661159039 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.661329985 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.661385059 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:25.663780928 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:25.663800001 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.663830042 CEST	49750	443	192.168.2.4	184.28.90.27
Oct 2, 2024 23:58:25.663836956 CEST	443	49750	184.28.90.27	192.168.2.4
Oct 2, 2024 23:58:25.703865051 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:25.703908920 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:25.703969002 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:25.704739094 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:25.704752922 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.163011074 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.163438082 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.163475990 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.167092085 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.167175055 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.168617010 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.168718100 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.168872118 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.168886900 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.168957949 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.168987036 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.170031071 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.170073986 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.170136929 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.170855999 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.170871973 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.632052898 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.632365942 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.632386923 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.633517981 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.633892059 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.634054899 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.634066105 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.679400921 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.686081886 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.767889977 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.768065929 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:26.774957895 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.783416986 CEST	49752	443	192.168.2.4	188.114.96.3
Oct 2, 2024 23:58:26.783437967 CEST	443	49752	188.114.96.3	192.168.2.4
Oct 2, 2024 23:58:33.257646084 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:33.257734060 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:33.258698940 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:35.158724070 CEST	49744	443	192.168.2.4	172.217.23.100
Oct 2, 2024 23:58:35.158741951 CEST	443	49744	172.217.23.100	192.168.2.4
Oct 2, 2024 23:58:47.428731918 CEST	64479	53	192.168.2.4	162.159.36.2
Oct 2, 2024 23:58:47.433568001 CEST	53	64479	162.159.36.2	192.168.2.4
Oct 2, 2024 23:58:47.433654070 CEST	64479	53	192.168.2.4	162.159.36.2
Oct 2, 2024 23:58:47.433825970 CEST	64479	53	192.168.2.4	162.159.36.2
Oct 2, 2024 23:58:47.438842058 CEST	53	64479	162.159.36.2	192.168.2.4
Oct 2, 2024 23:58:47.878165007 CEST	53	64479	162.159.36.2	192.168.2.4
Oct 2, 2024 23:58:47.879106045 CEST	64479	53	192.168.2.4	162.159.36.2
Oct 2, 2024 23:58:47.884238005 CEST	53	64479	162.159.36.2	192.168.2.4
Oct 2, 2024 23:58:47.884293079 CEST	64479	53	192.168.2.4	162.159.36.2
Oct 2, 2024 23:59:22.743316889 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:22.743350983 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:22.743451118 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:22.745152950 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:22.745167971 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:23.379117012 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:23.379476070 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:23.379499912 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:23.379985094 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:23.380350113 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:23.380439043 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:23.420900106 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:33.290368080 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:33.290558100 CEST	443	64485	142.250.184.228	192.168.2.4
Oct 2, 2024 23:59:33.291413069 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:35.153099060 CEST	64485	443	192.168.2.4	142.250.184.228
Oct 2, 2024 23:59:35.153121948 CEST	443	64485	142.250.184.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 23:58:18.873256922 CEST	53	63620	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:18.881117105 CEST	53	60962	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:19.887358904 CEST	53	64766	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:20.643328905 CEST	51310	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:20.643562078 CEST	50941	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:20.652170897 CEST	53	50941	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:20.653304100 CEST	53	51310	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:22.675836086 CEST	62891	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:22.675935984 CEST	62650	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:22.682607889 CEST	53	62650	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:22.683463097 CEST	53	62891	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:23.738392115 CEST	60284	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:23.738672972 CEST	56382	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:23.747376919 CEST	53	56382	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:23.750051975 CEST	53	60284	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:36.881944895 CEST	53	49439	1.1.1.1	192.168.2.4
Oct 2, 2024 23:58:38.835239887 CEST	138	138	192.168.2.4	192.168.2.255
Oct 2, 2024 23:58:47.428165913 CEST	53	63405	162.159.36.2	192.168.2.4
Oct 2, 2024 23:58:47.885905981 CEST	64287	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:58:47.893013000 CEST	53	64287	1.1.1.1	192.168.2.4
Oct 2, 2024 23:59:22.734913111 CEST	63904	53	192.168.2.4	1.1.1.1
Oct 2, 2024 23:59:22.742140055 CEST	53	63904	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 23:58:20.643328905 CEST	192.168.2.4	1.1.1.1	0xe3d8	Standard query (0)	porn-app.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:20.643562078 CEST	192.168.2.4	1.1.1.1	0xfc21	Standard query (0)	porn-app.com	65	IN (0x0001)	false
Oct 2, 2024 23:58:22.675836086 CEST	192.168.2.4	1.1.1.1	0x12e8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:22.675935984 CEST	192.168.2.4	1.1.1.1	0xf395	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 23:58:23.738392115 CEST	192.168.2.4	1.1.1.1	0x2d21	Standard query (0)	porn-app.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:23.738672972 CEST	192.168.2.4	1.1.1.1	0xc177	Standard query (0)	porn-app.com	65	IN (0x0001)	false
Oct 2, 2024 23:58:47.885905981 CEST	192.168.2.4	1.1.1.1	0xc7fc	Standard query (0)	206.23.85.13.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Oct 2, 2024 23:59:22.734913111 CEST	192.168.2.4	1.1.1.1	0x6d25	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 23:58:20.652170897 CEST	1.1.1.1	192.168.2.4	0xfc21	No error (0)	porn-app.com			65	IN (0x0001)	false
Oct 2, 2024 23:58:20.653304100 CEST	1.1.1.1	192.168.2.4	0xe3d8	No error (0)	porn-app.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:20.653304100 CEST	1.1.1.1	192.168.2.4	0xe3d8	No error (0)	porn-app.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:22.682607889 CEST	1.1.1.1	192.168.2.4	0xf395	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 23:58:22.683463097 CEST	1.1.1.1	192.168.2.4	0x12e8	No error (0)	www.google.com		172.217.23.100	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:23.747376919 CEST	1.1.1.1	192.168.2.4	0xc177	No error (0)	porn-app.com			65	IN (0x0001)	false
Oct 2, 2024 23:58:23.750051975 CEST	1.1.1.1	192.168.2.4	0x2d21	No error (0)	porn-app.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:23.750051975 CEST	1.1.1.1	192.168.2.4	0x2d21	No error (0)	porn-app.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:32.912795067 CEST	1.1.1.1	192.168.2.4	0xe02d	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:32.912795067 CEST	1.1.1.1	192.168.2.4	0xe02d	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:33.432786942 CEST	1.1.1.1	192.168.2.4	0x3502	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:58:33.432786942 CEST	1.1.1.1	192.168.2.4	0x3502	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:46.429121971 CEST	1.1.1.1	192.168.2.4	0x915a	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 23:58:46.429121971 CEST	1.1.1.1	192.168.2.4	0x915a	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 2, 2024 23:58:47.893013000 CEST	1.1.1.1	192.168.2.4	0xc7fc	Name error (3)	206.23.85.13.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Oct 2, 2024 23:59:22.742140055 CEST	1.1.1.1	192.168.2.4	0x6d25	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

porn-app.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	188.114.96.3	443	1984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:21 UTC	664	OUT	GET /download2 HTTP/1.1 Host: porn-app.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:58:21 UTC	590	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwvzH7dfbGZVSoMTsOjQurvdDxC%2B5ApOCrUesaQNKvHd6znN2xgAhu%2BuX7Pxoqot5oVOKyi1Rg051j%2B9Tkrrw6zo7%2FK5scyeqYdyFMLz46dID4W09b7dJOdwKxlk%2FFo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Speculation-Rules: "/cdn-cgi/speculation" Server: cloudflare CF-RAY: 8cc7f411987343cb-EWR
2024-10-02 21:58:21 UTC	779	IN	Data Raw: 31 31 33 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1133<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 Data Ascii: f_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var c
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 61 74 6f 6b 22 20 76 61 6c 75 65 3d 22 71 7a 36 5f 68 66 4e 6f 65 77 51 32 43 5a 32 67 47 62 7a 7a 62 5f 52 78 5f 6f 46 32 48 78 6f 4b 69 7a 2e 2e 73 2e 47 61 2e 33 63 2d 31 37 32 37 39 30 36 33 30 31 2d 30 2e 30 2e 31 2e 31 2d 2f 64 6f 77 6e 6c 6f 61 64 32 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d Data Ascii: method="GET" enctype="text/plain"> <input type="hidden" name="atok" value="qz6_hfNoewQ2CZ2gGbzzb_Rx_oF2HxoKiz..s.Ga.3c-1727906301-0.0.1.1-/download2"> <a href="https://www.cloudflare.com/learning/access-m
2024-10-02 21:58:21 UTC	894	IN	Data Raw: 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 Data Ascii: pan> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing"
2024-10-02 21:58:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	188.114.96.3	443	1984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:21 UTC	560	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: porn-app.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://porn-app.com/download2 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:58:21 UTC	411	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:58:21 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-5df3" Server: cloudflare CF-RAY: 8cc7f4125d880f9c-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 02 Oct 2024 23:58:21 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-02 21:58:21 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-10-02 21:58:21 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49743	188.114.96.3	443	1984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:23 UTC	643	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: porn-app.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://porn-app.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:58:23 UTC	409	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:58:23 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8cc7f41b3fc47c84-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 02 Oct 2024 23:58:23 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-02 21:58:23 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:24 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 21:58:24 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=67646 Date: Wed, 02 Oct 2024 21:58:24 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49748	188.114.96.3	443	1984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:24 UTC	589	OUT	GET /favicon.ico HTTP/1.1 Host: porn-app.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://porn-app.com/download2 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:58:24 UTC	648	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:58:24 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Last-Modified: Wed, 13 Mar 2024 00:42:56 GMT Vary: User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1537 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9yUIJHGBfj%2BtQJqbwGEarkgEZO%2BXs6tHE0BjolZ%2BaprTM%2F%2FXEYmmGb0VhKmntXcH3ztXcraCLb6yeB%2B9hqimHU1WanXOddSQwGWNqzqy7UWZfEWmK4A8vkJDHMgFTPs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc7f4250e414258-EWR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	188.114.96.3	443	1984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:24 UTC	382	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: porn-app.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:58:24 UTC	409	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:58:24 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Thu, 26 Sep 2024 09:13:11 GMT ETag: "66f525a7-1c4" Server: cloudflare CF-RAY: 8cc7f4250ffe0f5b-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 02 Oct 2024 23:58:24 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-10-02 21:58:24 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49750	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 21:58:25 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=67589 Date: Wed, 02 Oct 2024 21:58:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-02 21:58:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49752	188.114.96.3	443	1984	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 21:58:26 UTC	347	OUT	GET /favicon.ico HTTP/1.1 Host: porn-app.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-02 21:58:26 UTC	642	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:58:26 GMT Content-Type: image/x-icon Content-Length: 0 Connection: close Last-Modified: Wed, 13 Mar 2024 00:42:56 GMT Vary: User-Agent Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 1539 Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7I5agrjSiQNGyfZgxVGKQPskXuscDBuPA%2BpArkCHFdHFYMKt0Ck5wzUKoMWdcYXC%2F9FtgaUrqv6ERHE9WltASruC78sUYpqWCG1zm%2FB6mVeOy2IizIZTktWYEkhjhDI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc7f430edbb7d00-EWR

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4092, Parent PID: 1868

General

Target ID:	0
Start time:	17:58:14
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1984, Parent PID: 4092

General

Target ID:	2
Start time:	17:58:17
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2208,i,9948943693458586903,5159143116401405838,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6348, Parent PID: 1868

General

Target ID:	3
Start time:	17:58:20
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://porn-app.com/download2"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly