Edit tour

Windows Analysis Report
https://fast.b-cdn.net

Overview

General Information

Sample URL:	https://fast.b-cdn.net
Analysis ID:	1524647
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1840,i,11791121761724155368,16919539677854534214,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fast.b-cdn.net" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://fast.b-cdn.net/

HTTP Parser: Base64 decoded: <?xml version="1.0" encoding="UTF-8"?><svg width="2880px" height="1424px" viewBox="0 0 2880 1424" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <defs> <radialGradient cx="48.4540422%" cy="27.0119...

Source: https://fast.b-cdn.net/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fast.b-cdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /css?family=Rubik:300,400,500 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://fast.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fast.b-cdn.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://fast.b-cdn.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-500-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://fast.b-cdn.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rubik/files/rubik-latin-300-normal.woff2 HTTP/1.1Host: fonts.bunny.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://fast.b-cdn.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.bunny.net/css?family=Rubik:300,400,500Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: fast.b-cdn.net
Source: global traffic	DNS traffic detected: DNS query: fonts.bunny.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 03 Oct 2024 01:03:19 GMTContent-Type: text/htmlContent-Length: 2334Connection: closeVary: Accept-EncodingServer: BunnyCDN-DE1-1082CDN-PullZone: 44702CDN-Uid: 7b3318fd-7b74-4ed0-bcec-abed109512eaCDN-RequestCountryCode: USCDN-RequestId: 6a0ba7335f7b411696a6a4a31c259897
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 03 Oct 2024 01:03:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: BunnyCDN-DE1-1082CDN-PullZone: 44702CDN-Uid: 7b3318fd-7b74-4ed0-bcec-abed109512eaCDN-RequestCountryCode: USCache-Control: public, max-age=5CDN-StorageServer: DE-639CDN-ProxyVer: 1.04CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 10/03/2024 01:03:21CDN-EdgeStorageId: 1080CDN-Status: 404CDN-RequestTime: 0CDN-RequestId: 48bfa852277da7243d9b03316d86e4ffCDN-Cache: EXPIRED

Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff2)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff)
Source: chromecache_44.2.dr	String found in binary or memory: https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@16/10@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1840,i,11791121761724155368,16919539677854534214,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fast.b-cdn.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1840,i,11791121761724155368,16919539677854534214,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://fast.b-cdn.net	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse
fast.b-cdn.net	0%	Virustotal	Browse
fonts.bunny.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
bunnyfonts.b-cdn.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Link
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2	0%	Virustotal	Browse
https://fonts.bunny.net/css?family=Rubik:300,400,500	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)	0%	Virustotal	Browse
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)	0%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
fast.b-cdn.net	169.150.247.39	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.185.228	true	false	0%, Virustotal, Browse	unknown
bunnyfonts.b-cdn.net	169.150.247.37	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
fonts.bunny.net	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/css?family=Rubik:300,400,500	false	0%, Virustotal, Browse	unknown
https://fast.b-cdn.net/	false		unknown
https://fast.b-cdn.net/favicon.ico	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-latin-400-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-hebrew-500-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-arabic-500-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-500-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-latin-ext-400-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-hebrew-300-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-500-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-400-normal.woff)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-400-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-latin-ext-300-normal.woff2)	chromecache_44.2.dr	false	0%, Virustotal, Browse	unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-ext-300-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-hebrew-400-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-cyrillic-300-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-arabic-400-normal.woff2)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-ext-500-normal.woff)	chromecache_44.2.dr	false		unknown
https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff)	chromecache_44.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
169.150.247.39	fast.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false
169.150.247.37	bunnyfonts.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524647
Start date and time:	2024-10-03 03:02:23 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://fast.b-cdn.net
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/10@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.67, 142.250.185.238, 173.194.76.84, 34.104.35.123, 20.114.59.183, 199.232.214.172, 192.229.221.95, 20.242.39.171, 13.95.31.18, 142.250.185.67
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19140, version 1.0
Category:	downloaded
Size (bytes):	19140
Entropy (8bit):	7.98695599617926
Encrypted:	false
SSDEEP:	384:oeibUjjYNnNrgPt2WA8klRZjFePRuJmd6Poy5MudXGA4heWhWYMnM9:o/gjMNrgPt2WAjlr8JaAy5MKXOeuW/o
MD5:	9D91C6D154DED95055BA9D8D8CD653C3
SHA1:	9170307012D60109548247CE761FB5D71A45BEB2
SHA-256:	7F9EA3A91849752F729CF003B4839B162DB15E3BCB57A4DD8FB2533FAB377AAD
SHA-512:	3411FE27CCC1E3F0F64307BEB9643A942530482ACFACB1F9ECC4EF27C23CB735024EAC0D5F87650CD8F18076C85362FF6FE2F8BE71B17516CF68B664BD55CC19
Malicious:	false
Reputation:	low
URL:	https://fonts.bunny.net/rubik/files/rubik-latin-500-normal.woff2
Preview:	wOF2......J...........J_..........................>.....b.`?STATD..v.....h.....N..6.$.... .....U......6m..t..jGum.d..SnG...\|...q. .f..g$.1.....Z.....dYR.Bo.6.v.i$.T...!..d.-...)...(W"....w.S..OR.L.S...{.T.......2..0!.&............aZy.%.>.Y./.../.......&^..lj&h.]h....P....E`...W.N..g...s.....f0...jR!C._.Lh,..D..C4g.nl%Fd."N..(!..Q$x...PJ..v._i.'V;.z......'Fh..j'.RQkPY=..)..H.#II .....jMw./..D..D.;.u.Te.......O.m....R..E....<.......X.u..\|..8..RqJjB%.KUg.+.:o..\|.nc...7.3.V...\|.S.<........^...Rs!.X..q.r..f.s......X.V...2.#..m&...H.......o.x~."....u...2...m......,M5k._..B.``..qd...].....p...F$[5..d.....7...IE.n.A./n....I.d.:l.2.L..\.......O...J.I...l&...,0...w. x.A<q. ..\|C.+bI.K..;.[.g.s...;Yg#.&V.)T...*N..R,.._...!.K.Q.......NCVS_Q..$.#K..!Y....O...j...c>..}..F.ux...Rf..:.q......m..t.BD...s...p#...8..f...GB..._..@3.."+%.P...U.w.........Rr!gr..W....e..\|.9...E..!"....g5!.3fY...or...Tb.x.QP...L%..Y.{.p.`'.......H.!....>J.#...[Q...).. .....X

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (585)
Category:	downloaded
Size (bytes):	8838
Entropy (8bit):	5.371741301113426
Encrypted:	false
SSDEEP:	192:cSWaqXXbptPAqjxTP8OQo0WrOXXbptPAqjsLmV0tfmWIeXXbptPAqjP/xutYTi2:w3XldBpKXld2t1XldjoYx
MD5:	C7109943C72B6F70993065D42E20444C
SHA1:	6096326AFBD8649010CF33CAAECEC0FD75C2BE7E
SHA-256:	7AE06D682FF9B1802E85122331BD3FBA98A660347AED0755D8EF48F0930E70A0
SHA-512:	13ED032A314A24CD8ECA477C5A96FD0CA02FFCBEF43FD1244D431584FADDC81D6B96509AF231DE1C86BD4DF7627FDAD788643A6AD22DAFA77AB781DC833DBA6B
Malicious:	false
Reputation:	low
URL:	"https://fonts.bunny.net/css?family=Rubik:300,400,500"
Preview:	/* latin /.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff) format('woff'); . unicode-range: U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD;.}../ arabic */.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-arabic-300-normal.woff) format('woff'); . unicode-range: U+0600-06FF,U+0750-077F,U+0870-088E,U+0890-0891,U+0898-08E1,U+08E3-08FF,U+200C-200E,U+2010-2011,U+204F,U+2E41,U+FB50-FDFF,U+FE70-FE74,U+FE76-FEFC,U+102E0-102FB,U+10E60-10E7E,U+10EFD-10EFF,U+1EE00-1EE03,U+1EE05-1EE

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (677)
Category:	downloaded
Size (bytes):	678
Entropy (8bit):	5.1435496014689335
Encrypted:	false
SSDEEP:	12:kxRVrFjJRrZciWsGXmLFSHDSsz1X8lFamZ6k3hA1ZSZcsLvZ0mzegCoRwFjJUzk:kTlROi+WLojSw1MXlZ6M8QcslLCUzk
MD5:	0E3BDE19A08632F2E893BC2A835598BC
SHA1:	0BB50CBDED2D95B600B7437AD58AE8189C2A489B
SHA-256:	F62504ABBB867B0D53B4D90D746313621819F2C5D39CEAB4695AC2B0EF8CF223
SHA-512:	64048720AA563B780C491DA2C7C484D418DB508FB56B5D54A6AE9FD999308A96B75FD0149CE2E6459E7DF973F2535FE7D0CEAFDA79E5B48D96595999D575406D
Malicious:	false
Reputation:	low
URL:	https://fast.b-cdn.net/favicon.ico
Preview:	<html><head><title>404 - File Not Found</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-repeat: no-repeat; background-position: bottom center; background-size: cover; color: white; height: 100%; background-color: #313335; } h1 {margin-bottom: 0px;font-weight: bold;font-size: 140px;font-weight: 500;padding-top: 130px;margin-bottom: -35px;}h2 {font-size: 45px;color: white; font-weight: 200;}</style></head><body><div id='content'><h1 style='margin-bottom: -35px;'>404</h1><h2>File Not Found</h2></div></body></html>.

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 17556, version 1.0
Category:	downloaded
Size (bytes):	17556
Entropy (8bit):	7.985973640781479
Encrypted:	false
SSDEEP:	384:IAWAX7otodyzgA8e1fZBmtpUaXovcAgVdXEIlO75sQHTkYmjxYPH+aVS:S64idB3Eu9EoK5lTkYoito
MD5:	C26CC4BC55F4CC38E588B28BC6E8559D
SHA1:	662E36ABFDFA041420061CE216CE895E097655C1
SHA-256:	D447E3DDA790BF9638B928B14C0783BE54E5C8BB796E0F1D91DD6EE2E00351C0
SHA-512:	7F7A5D84AC7740543A016D14ADFCBF2FDED8555B16C50782F47F7A9DF2E456EF73830101006C5330E235DF539A71758C11AEE34F8DAD398CDE69CB8CA55F2CFD
Malicious:	false
Reputation:	low
URL:	https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2
Preview:	wOF2......D...........D1..........................>..R..0.`?STATD..v.....4..g..J..6.$.... ..x..&.......6..Yw...&.\|4.q;(JP\|...H.....&.1Fs.!...p.G.0.TU.UM...u..c..QjM...k.o..e.l.9.r.V&.t..{v..G.../..g......N........v...[.o..G..j.l-=z...../...[.3.......s...@.....J..>#Uj...t5....&.7.&.5i.i.x.Z.QJE..-R...N.-....R...Z.;....sDO.S...s...p....H@@SQ)k0....G..o......T.?5.....]......TS.ts..... 1.....Q..e...7...@e'..K..?..~..........$E..\b...+.........r..d...N.<......k.T..t)@...6.3.......(.#....2H............I`.4.@..B..4...(.......`m....B...`. (.......]}..u.LP..q.(./..Y.5.spt....ES.\!s<."...._..}.:[.n..]F.p.6*F....7.......:.j....nT..V!E.\....f.....q$.....Cm...................tG0X.x.aP@ ...QP...':e...K1V...].....M.u...s.(.D.%...>.c.....t7.......k."ED$......R....7g..6._1m..A2>...../t...^.3@JE.%..}..4.T.Z.L.<~D./......#.......F..b..Q.#%)"..0.IP.=.!....@.A.A. O.0dP.@.8"/..N....B.....H.1$j..." @..o.4(.2..u..^...z..L.T.^..m_.T..pl"@.i...;.4.....2......xq.m...`..

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2334), with no line terminators
Category:	downloaded
Size (bytes):	2334
Entropy (8bit):	5.810445084750524
Encrypted:	false
SSDEEP:	48:Q+1jSG5d4XREec7rxE49iFLBiQZFrxytYhcB0ZrZv4CO+8K:Q+1WsyqeurxudCyh/nOi
MD5:	4F8AFC2689243991DCEDE77EBC8B25C8
SHA1:	4504BFB7458298826D7A09DCA4EDD4E8C520497D
SHA-256:	8609FBF6D25103698C09480062DD212A9F8E8ACBC3D320F599BD871CEF1A7048
SHA-512:	4E2CDEC8A27A6BEC4704C8351FD1E8B05BDAB66798B67590D271CA48A0A8F36B394AC744E08E2E4B36F11BDA171F00B0ADDF71188E601AAD312CFEC8BFED5EC3
Malicious:	false
Reputation:	low
URL:	https://fast.b-cdn.net/
Preview:	<html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB3aWR0aD0iMjg4MHB4IiBoZWlnaHQ9IjE0MjRweCIgdmlld0JveD0iMCAwIDI4ODAgMTQyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KICAgIDxkZWZzPgogICAgICAgIDxyYWRpYWxHcmFkaWVudCBjeD0iNDguNDU0MDQyMiUiIGN5PSIyNy4wMTE5NjQ1JSIgZng9IjQ4LjQ1NDA0MjIlIiBmeT0iMjcuMDExOTY0NSUiIHI9IjcwLjg3MDg1MTQlIiBncmFkaWVudFRyYW5zZm9ybT0idHJhbnNsYXRlKDAuNDg0NTQwLDAuMjcwMTIwKSxzY2FsZSgwLjQ5NDQ0NCwxKSxyb3RhdGUoOTApLHRyYW5zbGF0ZSgtMC40ODQ1NDAsLTAuMjcwMTIwKSIgaWQ9InJhZGlhbEdyYWRpZW50LTEiPgogICAgICAgICAgICA8c3RvcCBzdG9wLWNvbG9yPSIjMDAyNjQ5IiBvZmZzZXQ9IjAlIj48L3N0b3A+CiAgICAgICAgICAgIDxzdG9wIHN0b3AtY29sb3I9IiMwNTFGMzci

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 03:03:07.931525946 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 3, 2024 03:03:17.539721966 CEST	49675	443	192.168.2.4	173.222.162.32
Oct 3, 2024 03:03:18.777304888 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:18.777381897 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:18.777442932 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:18.777456045 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:18.777494907 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:18.777549028 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:18.777806044 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:18.777838945 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:18.778228998 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:18.778249025 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.503479004 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.503853083 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.503880024 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.504740953 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.504829884 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.506136894 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.506191969 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.506494999 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.506501913 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.514533997 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.514844894 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.514905930 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.518543005 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.518640041 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.519093990 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.519260883 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.557837009 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.573942900 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.573956966 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.620399952 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.776386976 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.776411057 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.776479959 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.776493073 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.776658058 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.777653933 CEST	49736	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:19.777678013 CEST	443	49736	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:19.872757912 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:19.872826099 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:19.872914076 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:19.873119116 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:19.873155117 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:20.622735977 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:20.664252043 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:20.810009003 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:20.810051918 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:20.813913107 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:20.813997984 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:20.818178892 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:20.818371058 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:20.819484949 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:20.819504023 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:20.859436035 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:20.885107040 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:20.885145903 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:20.885215044 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:20.889844894 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:20.889863968 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:21.009759903 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021186113 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021208048 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021255970 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021275043 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021281004 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.021367073 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021409035 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.021425009 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.021430969 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.021485090 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.027175903 CEST	49739	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.027211905 CEST	443	49739	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.305692911 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:21.314471006 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.314524889 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.314594030 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.315392971 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.315411091 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.318128109 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.318139076 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.318202972 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.319624901 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:21.319639921 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:21.351397991 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:21.533842087 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:21.534130096 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:21.534181118 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:21.561089993 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:21.602024078 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:21.642252922 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:21.642258883 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:21.646203995 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:21.646277905 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:21.649861097 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:21.650063038 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:21.656919956 CEST	49735	443	192.168.2.4	169.150.247.39
Oct 3, 2024 03:03:21.656933069 CEST	443	49735	169.150.247.39	192.168.2.4
Oct 3, 2024 03:03:21.695743084 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:21.695751905 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:21.742619991 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:22.041155100 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.078833103 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.086373091 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.097966909 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.097980976 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.098124981 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.098134041 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.101876020 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.101905107 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.101973057 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.102047920 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.104707956 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.104893923 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.105590105 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.105766058 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.105885029 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.105896950 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.105967045 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.105976105 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.144104004 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:22.144133091 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:22.144357920 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:22.147399902 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:22.147414923 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:22.149049044 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.149049044 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.317822933 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343689919 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343702078 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343738079 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343755007 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343766928 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343790054 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.343852997 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343889952 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.343889952 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.343893051 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.343929052 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.360095024 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385799885 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385823011 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385859966 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385869980 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.385878086 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385891914 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.385899067 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385915041 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.385927916 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.385940075 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.385962963 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.385991096 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.398859024 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.400914907 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.400974035 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.400983095 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.401061058 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.401117086 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.401413918 CEST	49742	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.401429892 CEST	443	49742	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.404434919 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.404509068 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.404516935 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.404617071 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.404674053 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.405008078 CEST	49741	443	192.168.2.4	169.150.247.37
Oct 3, 2024 03:03:22.405013084 CEST	443	49741	169.150.247.37	192.168.2.4
Oct 3, 2024 03:03:22.801759958 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:22.801893950 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.205233097 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.205271959 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.206226110 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.258244991 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.458250046 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.503411055 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.645718098 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.645875931 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.646030903 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.655554056 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.655554056 CEST	49743	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.655575991 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.655587912 CEST	443	49743	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.773701906 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.773802996 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:23.773883104 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.774225950 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:23.774256945 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.394634008 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.394731998 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:25.395880938 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:25.395910025 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.396250010 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.397201061 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:25.443408966 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.675012112 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.675115108 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:25.675438881 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:25.676104069 CEST	49744	443	192.168.2.4	184.28.90.27
Oct 3, 2024 03:03:25.676150084 CEST	443	49744	184.28.90.27	192.168.2.4
Oct 3, 2024 03:03:31.506141901 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:31.506289959 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:31.506365061 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:33.189214945 CEST	49740	443	192.168.2.4	142.250.185.228
Oct 3, 2024 03:03:33.189234018 CEST	443	49740	142.250.185.228	192.168.2.4
Oct 3, 2024 03:03:36.125895023 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 3, 2024 03:03:36.132726908 CEST	80	49723	93.184.221.240	192.168.2.4
Oct 3, 2024 03:03:36.132787943 CEST	49723	80	192.168.2.4	93.184.221.240
Oct 3, 2024 03:04:21.005970955 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:21.006015062 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:21.006127119 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:21.006602049 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:21.006623983 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:21.661489010 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:21.662247896 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:21.662270069 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:21.663446903 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:21.663899899 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:21.664073944 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:21.711380005 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:25.230659962 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 3, 2024 03:04:25.236188889 CEST	80	49724	93.184.221.240	192.168.2.4
Oct 3, 2024 03:04:25.236258030 CEST	49724	80	192.168.2.4	93.184.221.240
Oct 3, 2024 03:04:31.574350119 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:31.574501038 CEST	443	49753	142.250.184.196	192.168.2.4
Oct 3, 2024 03:04:31.574621916 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:33.409841061 CEST	49753	443	192.168.2.4	142.250.184.196
Oct 3, 2024 03:04:33.409871101 CEST	443	49753	142.250.184.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 03:03:17.006906033 CEST	53	59189	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:17.011226892 CEST	53	56796	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:18.135905981 CEST	53	57954	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:18.765495062 CEST	61863	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:03:18.765623093 CEST	52672	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:03:18.776045084 CEST	53	52672	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:18.776540041 CEST	53	61863	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:19.862190008 CEST	64704	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:03:19.862394094 CEST	51665	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:03:19.871326923 CEST	53	51665	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:19.871495008 CEST	53	64704	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:20.874114990 CEST	63059	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:03:20.874882936 CEST	54351	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:03:20.881948948 CEST	53	63059	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:20.881964922 CEST	53	54351	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:35.610692024 CEST	53	63647	1.1.1.1	192.168.2.4
Oct 3, 2024 03:03:36.779756069 CEST	138	138	192.168.2.4	192.168.2.255
Oct 3, 2024 03:03:54.626017094 CEST	53	54444	1.1.1.1	192.168.2.4
Oct 3, 2024 03:04:16.159560919 CEST	53	59077	1.1.1.1	192.168.2.4
Oct 3, 2024 03:04:17.753338099 CEST	53	50827	1.1.1.1	192.168.2.4
Oct 3, 2024 03:04:20.888922930 CEST	56919	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:04:20.889354944 CEST	63450	53	192.168.2.4	1.1.1.1
Oct 3, 2024 03:04:21.004338026 CEST	53	56919	1.1.1.1	192.168.2.4
Oct 3, 2024 03:04:21.004354954 CEST	53	63450	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 03:03:18.765495062 CEST	192.168.2.4	1.1.1.1	0xef8	Standard query (0)	fast.b-cdn.net	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:18.765623093 CEST	192.168.2.4	1.1.1.1	0xd25	Standard query (0)	fast.b-cdn.net	65	IN (0x0001)	false
Oct 3, 2024 03:03:19.862190008 CEST	192.168.2.4	1.1.1.1	0xd2f8	Standard query (0)	fonts.bunny.net	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:19.862394094 CEST	192.168.2.4	1.1.1.1	0x3350	Standard query (0)	fonts.bunny.net	65	IN (0x0001)	false
Oct 3, 2024 03:03:20.874114990 CEST	192.168.2.4	1.1.1.1	0x2b9c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:20.874882936 CEST	192.168.2.4	1.1.1.1	0x6e55	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 3, 2024 03:04:20.888922930 CEST	192.168.2.4	1.1.1.1	0xf08b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:04:20.889354944 CEST	192.168.2.4	1.1.1.1	0x6c15	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 03:03:18.776540041 CEST	1.1.1.1	192.168.2.4	0xef8	No error (0)	fast.b-cdn.net		169.150.247.39	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:19.871326923 CEST	1.1.1.1	192.168.2.4	0x3350	No error (0)	fonts.bunny.net	bunnyfonts.b-cdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 03:03:19.871495008 CEST	1.1.1.1	192.168.2.4	0xd2f8	No error (0)	fonts.bunny.net	bunnyfonts.b-cdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 03:03:19.871495008 CEST	1.1.1.1	192.168.2.4	0xd2f8	No error (0)	bunnyfonts.b-cdn.net		169.150.247.37	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:20.881948948 CEST	1.1.1.1	192.168.2.4	0x2b9c	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:20.881964922 CEST	1.1.1.1	192.168.2.4	0x6e55	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 3, 2024 03:03:33.104669094 CEST	1.1.1.1	192.168.2.4	0x25ec	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:33.104669094 CEST	1.1.1.1	192.168.2.4	0x25ec	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:33.625948906 CEST	1.1.1.1	192.168.2.4	0x2479	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 03:03:33.625948906 CEST	1.1.1.1	192.168.2.4	0x2479	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:03:47.675474882 CEST	1.1.1.1	192.168.2.4	0x5b41	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 03:03:47.675474882 CEST	1.1.1.1	192.168.2.4	0x5b41	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:04:09.736052036 CEST	1.1.1.1	192.168.2.4	0x9492	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 03:04:09.736052036 CEST	1.1.1.1	192.168.2.4	0x9492	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:04:21.004338026 CEST	1.1.1.1	192.168.2.4	0xf08b	No error (0)	www.google.com		142.250.184.196	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:04:21.004354954 CEST	1.1.1.1	192.168.2.4	0x6c15	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 3, 2024 03:04:29.251218081 CEST	1.1.1.1	192.168.2.4	0x5e5e	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 3, 2024 03:04:29.251218081 CEST	1.1.1.1	192.168.2.4	0x5e5e	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fast.b-cdn.net

https:

fonts.bunny.net

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	169.150.247.39	443	3548	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:19 UTC	657	OUT	GET / HTTP/1.1 Host: fast.b-cdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 01:03:19 UTC	324	IN	HTTP/1.1 403 Forbidden Date: Thu, 03 Oct 2024 01:03:19 GMT Content-Type: text/html Content-Length: 2334 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1082 CDN-PullZone: 44702 CDN-Uid: 7b3318fd-7b74-4ed0-bcec-abed109512ea CDN-RequestCountryCode: US CDN-RequestId: 6a0ba7335f7b411696a6a4a31c259897
2024-10-03 01:03:19 UTC	2334	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 75 62 69 6b 3a 33 30 30 2c 34 30 30 2c 35 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 Data Ascii: <html><head><title>403 Forbidden</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-image: url('d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	169.150.247.37	443	3548	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:20 UTC	555	OUT	GET /css?family=Rubik:300,400,500 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://fast.b-cdn.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 01:03:21 UTC	956	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:03:20 GMT Content-Type: text/css; charset=utf-8 Content-Length: 8838 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1080 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 Last-Modified: Sat, 14 Sep 2024 20:54:00 GMT CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 09/14/2024 20:54:00 CDN-EdgeStorageId: 1081 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: f425c37a9724e5845d6806b088ff6eea CDN-Cache: HIT Accept-Ranges: bytes
2024-10-03 01:03:21 UTC	8838	IN	Data Raw: 2f 2a 20 6c 61 74 69 6e 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 66 6f 6e 74 2d 73 74 72 65 74 63 68 3a 20 31 30 30 25 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 72 75 62 69 6b 2f 66 69 6c 65 73 2f 72 75 62 69 6b 2d 6c 61 74 69 6e 2d 33 30 30 2d 6e 6f 72 6d 61 6c 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 2c 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 72 75 62 69 6b 2f 66 69 6c 65 73 2f 72 75 62 69 6b 2d 6c 61 Data Ascii: /* latin */@font-face { font-family: 'Rubik'; font-style: normal; font-weight: 300; font-stretch: 100%; src: url(https://fonts.bunny.net/rubik/files/rubik-latin-300-normal.woff2) format('woff2'), url(https://fonts.bunny.net/rubik/files/rubik-la

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	169.150.247.39	443	3548	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:21 UTC	584	OUT	GET /favicon.ico HTTP/1.1 Host: fast.b-cdn.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://fast.b-cdn.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 01:03:21 UTC	584	IN	HTTP/1.1 404 Not Found Date: Thu, 03 Oct 2024 01:03:21 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1082 CDN-PullZone: 44702 CDN-Uid: 7b3318fd-7b74-4ed0-bcec-abed109512ea CDN-RequestCountryCode: US Cache-Control: public, max-age=5 CDN-StorageServer: DE-639 CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 404 CDN-CachedAt: 10/03/2024 01:03:21 CDN-EdgeStorageId: 1080 CDN-Status: 404 CDN-RequestTime: 0 CDN-RequestId: 48bfa852277da7243d9b03316d86e4ff CDN-Cache: EXPIRED
2024-10-03 01:03:21 UTC	685	IN	Data Raw: 32 61 36 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 62 75 6e 6e 79 2e 6e 65 74 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 75 62 69 6b 3a 33 30 30 2c 34 30 30 2c 35 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 52 75 62 69 6b 27 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 72 Data Ascii: 2a6<html><head><title>404 - File Not Found</title><link href='//fonts.bunny.net/css?family=Rubik:300,400,500' rel='stylesheet' type='text/css'><style>html, body { width: 100%; margin: 0; padding: 0; text-align: center; font-family: 'Rubik'; background-r
2024-10-03 01:03:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	169.150.247.37	443	3548	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:22 UTC	609	OUT	GET /rubik/files/rubik-latin-500-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://fast.b-cdn.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 01:03:22 UTC	992	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:03:22 GMT Content-Type: font/woff2 Content-Length: 19140 Connection: close Server: BunnyCDN-DE1-1080 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "66f08eca-4ac4" Last-Modified: Sun, 22 Sep 2024 21:40:26 GMT CDN-StorageServer: DE-662 CDN-FileServer: 637 CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 09/23/2024 02:19:27 CDN-EdgeStorageId: 1079 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: b3313033b9fc3e7890416604d60a0c77 CDN-Cache: HIT Accept-Ranges: bytes
2024-10-03 01:03:22 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 4a c4 00 10 00 00 00 00 bc 90 00 00 4a 5f 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f8 04 1c 89 62 06 60 3f 53 54 41 54 44 00 84 76 11 08 0a 81 cd 68 81 a3 17 0b 84 4e 00 01 36 02 24 03 89 18 04 20 05 85 0c 07 8b 55 0c 07 1b d6 a3 07 d8 36 6d 9a 19 74 07 e0 6a 47 75 6d dc 64 ba cd 53 6e 47 a1 dd f6 7c c8 cc 80 b0 71 00 20 d4 ab 66 ff ff 67 24 1d 31 d6 d8 d9 06 1c 5a be f5 10 13 c4 64 59 52 2a a1 42 6f 14 36 aa 76 85 69 24 a6 54 85 13 d5 21 db c8 64 03 2d a7 2e c5 29 b3 b4 e0 28 57 22 a1 98 c2 c4 77 d3 53 18 85 4f 52 e1 a6 9d 4c 10 53 9a f9 8f 7b e3 54 b4 1d 2e a1 ab 07 db a8 32 91 e5 30 21 f3 26 99 1b d5 98 86 d9 1b e7 16 ae d0 eb e7 61 5a 79 f0 25 cf 3e 85 59 da 2f f4 db cb 85 2f 13 Data Ascii: wOF2JJ_>b`?STATDvhN6$ U6mtjGumdSnG\|q fg$1ZdYR*Bo6vi$T!d-.)(W"wSORLS{T.20!&aZy%>Y//
2024-10-03 01:03:22 UTC	2756	IN	Data Raw: 0f dc 57 23 07 b5 2c e4 0c 56 e6 33 75 f2 a7 e3 3f 8e 9d 9a 62 96 e3 bf 08 e5 84 ad ea c6 77 17 58 42 d6 27 5f 8f ed ad 27 c1 73 2c f2 49 6b b5 99 f6 09 33 9b 09 d5 21 72 c5 34 b4 dc 5c 0c 1d 6b 09 cc 94 33 e0 af fb b6 d7 b7 6b 3b 9e 86 13 4b 73 fb b6 8b 48 55 d1 6d db 5a 25 db 76 45 27 1f 3a c6 aa 66 c4 a0 ee 0a b6 81 ee c9 9a e4 c8 54 79 e9 5b 32 89 73 a7 6d 80 8c 2f b7 0a b3 32 b0 5c 29 ce e5 f2 d7 4d 58 3b c0 81 ad f8 04 bb 2a bf a2 7c e3 13 3f ae 11 81 68 94 c5 40 9e 68 ef 1c be 86 ba b0 4f f7 cd e8 7c 0c 61 b0 72 90 9f 3a 03 0e bd 9d 5a 18 01 cd 1f e0 69 3c 8d a5 d9 74 5f f2 52 3a 6a b1 44 5a fc 9b 4e b3 c7 39 5a 67 07 b7 2e 18 ea f8 8a 8d 39 f7 4e 72 91 d3 3a 44 21 94 40 da 89 a5 89 28 68 8f 4c 04 2b 88 b5 5e da 0e 05 08 90 d4 5a ca cd 43 91 72 3a Data Ascii: W#,V3u?bwXB'_'s,Ik3!r4\k3k;KsHUmZ%vE':fTy[2sm/2\)MX;*\|?h@hO\|ar:Zi<t_R:jDZN9Zg.9Nr:D!@(hL+^ZCr:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49742	169.150.247.37	443	3548	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:22 UTC	609	OUT	GET /rubik/files/rubik-latin-300-normal.woff2 HTTP/1.1 Host: fonts.bunny.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://fast.b-cdn.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://fonts.bunny.net/css?family=Rubik:300,400,500 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-03 01:03:22 UTC	992	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:03:22 GMT Content-Type: font/woff2 Content-Length: 17556 Connection: close Server: BunnyCDN-DE1-1080 CDN-PullZone: 781720 CDN-Uid: 3a60ca70-b89d-4cd5-a4b5-34a3468d7e0f CDN-RequestCountryCode: US Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Access-Control-Expose-Headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match Cache-Control: public, max-age=2592000 ETag: "66f08ec6-4494" Last-Modified: Sun, 22 Sep 2024 21:40:22 GMT CDN-StorageServer: DE-633 CDN-FileServer: 635 CDN-ProxyVer: 1.04 CDN-RequestPullSuccess: True CDN-RequestPullCode: 200 CDN-CachedAt: 09/26/2024 00:21:17 CDN-EdgeStorageId: 1081 CDN-Status: 200 CDN-RequestTime: 0 CDN-RequestId: 20af375679c0dcdc2707baa84be8e640 CDN-Cache: HIT Accept-Ranges: bytes
2024-10-03 01:03:22 UTC	16384	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 44 94 00 10 00 00 00 00 ba a8 00 00 44 31 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 81 3e 1b f7 52 1c 89 30 06 60 3f 53 54 41 54 44 00 84 76 11 08 0a 81 cb 34 81 a2 67 0b 84 4a 00 01 36 02 24 03 89 10 04 20 05 84 78 07 8b 26 0c 07 1b f7 a2 07 d8 36 8d f8 59 77 02 a9 b5 26 d9 9d 7c 34 a2 71 3b 28 4a 50 7c f3 11 a9 48 d7 ca fe ff bf 26 c8 31 46 73 d4 21 a8 f5 9f 70 08 47 92 30 ab 54 55 ea 55 4d 1b 92 de 75 d4 ea 9c 63 8a f1 51 6a 4d 18 d3 f7 6b 99 6f 9b f2 65 09 6c df b7 39 d8 bd 72 84 56 26 e6 b7 74 18 97 7b 76 13 06 47 a4 1d d3 2f b5 18 67 b8 09 83 05 8b ca 4e 9d a3 0c 95 ef cb 88 fc f4 8f 76 fc e1 2e 5b a9 6f cc 04 47 e8 10 6a 2e 6c 2d 3d 7a a7 e5 0b bf f1 2f be 08 8c 5b ec a8 33 f3 f2 fc ff Data Ascii: wOF2DD1>R0`?STATDv4gJ6$ x&6Yw&\|4q;(JP\|H&1Fs!pG0TUUMucQjMkoel9rV&t{vG/gNv.[oGj.l-=z/[3
2024-10-03 01:03:22 UTC	1172	IN	Data Raw: 93 14 83 17 6a 7d 7b 51 25 c1 af 8a a6 22 62 c9 76 ec b9 fe 7a b0 9d dd c6 3e 79 ab a5 49 e6 ea 30 0c 80 6b 81 ef e8 7c 12 ef be ba 2f ea 1e 97 5f c5 22 80 e8 ec a2 be 17 71 49 a0 27 54 3d 94 5c 8c af 79 6a 3a ce bd 63 ec 9d 25 e6 bc 44 b2 ef 43 58 e7 cb 0d b1 25 0c 3e 78 36 ff 57 01 ed 05 e5 f2 52 9b 54 82 a6 56 5c 9a a2 5a c9 12 3e d2 77 0d 36 d0 0c 7a 4f e2 ae 56 ae ab 4b 76 2e be 5a 66 48 91 66 66 bb ae ca 65 fb 5c 3e 2e 79 db 26 ed 0e c5 52 98 8e 9f b3 3d e9 a6 b1 d5 cf e1 8a e2 d5 ec 72 4f c1 33 bf c8 ca 19 77 9e 79 af b0 2f 46 3d da b7 f1 7a a5 6d 85 82 49 05 e6 10 9d 5b 41 df 89 f4 3d dd 8c 42 4b 57 b8 90 82 b6 89 2e c6 27 f6 33 07 60 2f c1 01 a1 8c ee c7 24 bb 08 d9 64 81 66 23 65 c2 46 30 c2 5c 58 f8 f3 e5 e5 d7 7a 9f 09 90 d9 26 23 69 46 dc 55 Data Ascii: j}{Q%"bvz>yI0k\|/_"qI'T=\yj:c%DCX%>x6WRTV\Z>w6zOVKv.ZfHffe\>.y&R=rO3wy/F=zmI[A=BKW.'3`/$df#eF0\Xz&#iFU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:23 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-03 01:03:23 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=56547 Date: Thu, 03 Oct 2024 01:03:23 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:03:25 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-03 01:03:25 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=56489 Date: Thu, 03 Oct 2024 01:03:25 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-03 01:03:25 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2008, Parent PID: 4488

General

Target ID:	0
Start time:	21:03:12
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3548, Parent PID: 2008

General

Target ID:	2
Start time:	21:03:15
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1840,i,11791121761724155368,16919539677854534214,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6404, Parent PID: 4488

General

Target ID:	3
Start time:	21:03:17
Start date:	02/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://fast.b-cdn.net"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://fast.b-cdn.net

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2008, Parent PID: 4488

General

Chronological Activities

Analysis Process: chrome.exePID: 3548, Parent PID: 2008

General

Chronological Activities

Analysis Process: chrome.exePID: 6404, Parent PID: 4488

General

Chronological Activities

Disassembly

Windows Analysis Report
https://fast.b-cdn.net