Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.2020insight.net/wh4/q.asp?r72962

Overview

General Information

Sample URL:	https://www.2020insight.net/wh4/q.asp?r72962
Analysis ID:	1541183
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

Classification

×

Process Tree

System is w10x64native

chrome.exe (PID: 1588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: BB7C48CDDDE076E7EB44022520F40F77)

chrome.exe (PID: 4996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11672242447743911351,4653400138562691382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2188 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)

chrome.exe (PID: 7628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.2020insight.net/wh4/q.asp?r72962" MD5: BB7C48CDDDE076E7EB44022520F40F77)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.2020insight.net/wh4/r/login.asp?project=72962

HTTP Parser: Number of links: 0

Source: https://www.2020insight.net/wh4/r/login.asp?project=72962

HTTP Parser: <input type="password" .../> found

Source: https://www.2020insight.net/wh4/r/login.asp?project=72962

HTTP Parser: No favicon

Source: https://www.2020insight.net/wh4/r/login.asp?project=72962

HTTP Parser: No <meta name="author".. found

Source: https://www.2020insight.net/wh4/r/login.asp?project=72962

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir1588_1298759935			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1588_1367109009			Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.48
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /wh4/q.asp?r72962 HTTP/1.1Host: www.2020insight.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wh4/r/login.asp?project=72962 HTTP/1.1Host: www.2020insight.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=HENBAACBPOMJNDEMKHLIFNAN
Source: global traffic	HTTP traffic detected: GET /wh4/r/default.css HTTP/1.1Host: www.2020insight.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.2020insight.net/wh4/r/login.asp?project=72962Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
Source: global traffic	HTTP traffic detected: GET /wh4/l/1518.jpg HTTP/1.1Host: www.2020insight.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.2020insight.net/wh4/r/login.asp?project=72962Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
Source: global traffic	HTTP traffic detected: GET /wh4/i/respondent16x16.gif HTTP/1.1Host: www.2020insight.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.2020insight.net/wh4/r/login.asp?project=72962Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.2020insight.netConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.2020insight.net/wh4/r/login.asp?project=72962Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
Source: global traffic	HTTP traffic detected: GET /wh4/i/respondent16x16.gif HTTP/1.1Host: www.2020insight.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
Source: global traffic	HTTP traffic detected: GET /wh4/l/1518.jpg HTTP/1.1Host: www.2020insight.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
Source: global traffic	HTTP traffic detected: GET /index.php HTTP/1.1Host: growstrongleaders.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.2020insight.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: growstrongleaders.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.2020insight.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.2020insight.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: growstrongleaders.com

Source: global traffic	TCP traffic: 192.168.11.20:55600 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55600 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55600 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55600 -> 239.255.255.250:1900

Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: classification engine

Classification label: clean0.win@16/12@8/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\scoped_dir1588_1298759935

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11672242447743911351,4653400138562691382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2188 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.2020insight.net/wh4/q.asp?r72962"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11672242447743911351,4653400138562691382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2188 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir1588_1298759935			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_1588_1367109009			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	1 Network Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
growstrongleaders.com	207.21.198.148	true	false		unknown
www.google.com	142.250.80.100	true	false		unknown
www.2020insight.net	207.21.199.174	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.2020insight.net/wh4/r/default.css	false		unknown
https://www.2020insight.net/wh4/l/1518.jpg	false		unknown
https://www.2020insight.net/wh4/r/login.asp?project=72962	false		unknown
https://www.2020insight.net/favicon.ico	false		unknown
https://www.2020insight.net/wh4/i/respondent16x16.gif	false		unknown
https://growstrongleaders.com/	false		unknown
https://www.2020insight.net/wh4/q.asp?r72962	false		unknown
https://growstrongleaders.com/index.php	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.80.100	www.google.com	United States		15169	GOOGLEUS	false
207.21.199.174	www.2020insight.net	Canada		13768	COGECO-PEER1CA	false
207.21.198.148	growstrongleaders.com	Canada		13768	COGECO-PEER1CA	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.11.20

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541183
Start date and time:	2024-10-24 14:59:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.2020insight.net/wh4/q.asp?r72962
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/12@8/5

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.195, 142.250.65.238, 172.253.115.84, 34.104.35.123, 172.217.165.138, 142.250.80.74, 142.250.80.106, 142.250.176.202, 142.251.40.202, 142.251.40.234, 142.251.41.10, 142.251.40.106, 142.251.40.138, 142.250.65.234, 142.250.65.170, 142.250.81.234, 142.251.32.106, 142.251.35.170, 142.250.65.202, 142.250.80.42, 142.250.72.106, 142.251.40.170, 142.250.80.10, 72.21.81.240, 142.251.35.163
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.googleapis.com, dns.msftncsi.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.2020insight.net/wh4/q.asp?r72962

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://www.2020insight.net/wh4/r/login.asp?project=72962 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Respondent login:", "prominent_button_name": "Login", "text_input_field_labels": [ "Username:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://www.2020insight.net/wh4/r/login.asp?project=72962 Model: claude-3-haiku-20240307	```json { "brands": [ "Ellis Locke" ] }
	```json { "brands": [ "Ellis Locke" ] }
URL: https://www.2020insight.net/wh4/r/login.asp?project=72962 Model: gpt-4o	```json{ "legit_domain": "unknown", "classification": "unknown", "reasons": [ "The brand 'Ellis Locke' is not widely recognized and does not have an obvious association with a well-known domain.", "The URL 'www.2020insight.net' does not directly relate to the brand 'Ellis Locke' and does not match any known legitimate domain for this brand.", "The domain '2020insight.net' does not appear to be a well-known or established domain associated with a major brand.", "The presence of input fields for 'Username' and 'Password' without a clear brand association raises suspicion.", "The URL does not contain any obvious misspellings or unusual characters, but the lack of brand association is concerning." ], "riskscore": 7}
URL: www.2020insight.net Brands: Ellis Locke Input Fields: Username:, Password:

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 36

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	806
Entropy (8bit):	5.373007909346691
Encrypted:	false
SSDEEP:	24:8m1+IOvi0vR/3M53MXX3M6MY3Mt4sVmAcc:z+W0vsAHMgtsoc
MD5:	BA8C622B2745EFCEB25803DA029A6236
SHA1:	F3EE8896E4895F06B0D0240BF53BE47650954139
SHA-256:	C26ED8C05906EDC9225167FCDF9E5BAD50216840FA545634D296492370230EEE
SHA-512:	0C30BEDE8DFBCB0E3B15D3DE260E650B05E07C959C54843965171D42672EFEF84CA5A3C9A69650EEA05B0775DC136B74C409918CA627BD97D079CCFA8860AD2A
Malicious:	false
Reputation:	low
URL:	https://www.2020insight.net/wh4/r/default.css
Preview:	/* CSS Document */..BODY { font-size: 9pt; background: #FFFFFF; color: #0F0F0F;....FONT-FAMILY: Arial, Helvetica, Verdana, Swiss, Futura, sans-serif; }..P { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; }..FORM { MARGIN: 0px; }.....TxtInput { width: 90%; FONT-FAMILY: "Courier New", Courier, monospace; font-size: 10pt; color: black; }...TxtInputM { width: 400px; FONT-FAMILY: "Courier New", Courier, monospace; font-size: 10pt; color: black; }...TxtInputW { width: 90%; FONT-FAMILY: "Courier New", Courier, monospace; font-size: 10pt; color: black; }..TEXTAREA { width: 100%; FONT-FAMILY: "Courier New", Courier, monospace; font-size: 10pt; color: black; }...Debug { background: #FFFF00; }...Offset { background: #FFF8E0; }..div.ErrorMsg { color: red; font-weight: bold; font-size: 12pt; background: #FFFFFF; } ..

Chrome Cache Entry: 37

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	downloaded
Size (bytes):	74
Entropy (8bit):	5.046211679319879
Encrypted:	false
SSDEEP:	3:CseLNqalNMuWuQLktefoS2W:NypXMqQLktemW
MD5:	B7A8B151A58EDEFA32C36829C214CDC9
SHA1:	69D344FA6BEDD2806C3D561FD43F2E22235E3078
SHA-256:	302AEE36F06833DB1BB71FC5DB848233045D840FE2E0E713DF8695DCA9402888
SHA-512:	36C3800A87903FD81F317C9E506272B80AD64E8C7850E8716DF6AB135F983416234B9F8C3ED5CEF21D61FBDAFB606848FE3266F36F2C5B0D004FE57F5C6174C2
Malicious:	false
Reputation:	low
URL:	https://www.2020insight.net/wh4/i/respondent16x16.gif
Preview:	GIF89a..............@@...,..........#........B....ax.".$Q.U..tn...M...T..;

Chrome Cache Entry: 38

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.208966082694624
Encrypted:	false
SSDEEP:	3:hwS:hwS
MD5:	8411D2BE1BE616638BEED307094F281F
SHA1:	CF4638ECD2E9A0814874064AA92189E31F02A6C3
SHA-256:	7299B800FA1A26ED28E8E90070D9E14E1F98A6F4183E72D96F32111A04EA468D
SHA-512:	B94EEFFCB41F505C54337A14FC11E2984622AB764167E5FF1D613695C49941C8D54F91AF1C2F6203A00673D6376FFB912E718AEC028230C4FD1473366B321BFA
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTI4LjAuNjYxMy4xMjASIAmaOx_WwbRq6BIFDVDBrlcSBQ2JeCHDISJVhWC3Pelg?alt=proto
Preview:	ChIKBw1Qwa5XGgAKBw2JeCHDGgA=

Chrome Cache Entry: 39

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	dropped
Size (bytes):	74
Entropy (8bit):	5.046211679319879
Encrypted:	false
SSDEEP:	3:CseLNqalNMuWuQLktefoS2W:NypXMqQLktemW
MD5:	B7A8B151A58EDEFA32C36829C214CDC9
SHA1:	69D344FA6BEDD2806C3D561FD43F2E22235E3078
SHA-256:	302AEE36F06833DB1BB71FC5DB848233045D840FE2E0E713DF8695DCA9402888
SHA-512:	36C3800A87903FD81F317C9E506272B80AD64E8C7850E8716DF6AB135F983416234B9F8C3ED5CEF21D61FBDAFB606848FE3266F36F2C5B0D004FE57F5C6174C2
Malicious:	false
Reputation:	low
Preview:	GIF89a..............@@...,..........#........B....ax.".$Q.U..tn...M...T..;

Chrome Cache Entry: 40

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3511
Entropy (8bit):	5.0920241927899905
Encrypted:	false
SSDEEP:	48:xiVqH6eJWLdkCgwqkLP+a4QYFPhsLY5WZ1sXZjmW2ZJez6hvtq+YasOLGk:zH/J4eELWK6QRIjZ9ILP
MD5:	7677A7FECEB63DF8CB1E7D3292D981E4
SHA1:	81B5D3BA499A153557B496E0C00B2739F71F6C6B
SHA-256:	232DC55F21122B96D5A38A0BC9243B7DB1B5042F1F02DFDD1B545272355AF8A6
SHA-512:	B4302F6122DAB75F58B9DD9F83C62D9F75C9082CDF74AC5163B6639A818B60D107E20AEF76583C3177648765F549D48E66A94F431423E17C254F5D505699352B
Malicious:	false
Reputation:	low
URL:	https://www.2020insight.net/wh4/r/login.asp?project=72962
Preview:	..<html>..<head>..<title>WebResponse 4.0 for 20/20 Insight GOLD</title>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">..<SCRIPT LANGUAGE="Javascript">.. ...function jav_SetFocus()...{....document.forms[0].txtUserName.focus()...}.....function checkEnter(event)...{ .....if (event.keyCode==13)....{.....event.keyCode = 0.....document.frmLogin.hidLogin.value = 'login';.....document.frmLogin.submit();....}...}..//-->..</SCRIPT>..</head>..<LINK href="default.css" type=text/css rel=stylesheet>..<body link="#0000FF" vlink="#0000FF" onLoad="document.forms[0].txtUserName.focus();">.. Top banner (logo): -->.....<table width="100%" border="0" cellspacing="0" cellpadding="0">... <tr>....<td><img src="../l/1518.jpg" width="189" height="100"></td>... </tr>...</table>.......... <form name="frmLogin" method="post" action="login.asp?project=72962">..<table width="100%" border="0" cellspacing="3" cellpadding="0">.. <tr>.. <td width="100"> </td>.. <td w

Chrome Cache Entry: 41

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 189x100, components 3
Category:	downloaded
Size (bytes):	4019
Entropy (8bit):	7.790969914801027
Encrypted:	false
SSDEEP:	48:PuERAR5F045wtsOTLwGOtX/TGJCPu/dWGJGocPocr3vnA6APVmVomNg30GAn:mEaZ5weOHAZ/cWuk346APVmV3NGAn
MD5:	F2F7F390523C58ECAA49050D2F2FCE48
SHA1:	68F02DC91F3E0B14AFEFFF0524E96EE8581E4C52
SHA-256:	0C6EE6126D474D13BA20136463122A14D63813119C61E0DFF322246783B1033C
SHA-512:	8AB018AFF3CD50EBE48EEE8CB0DC228D1C3F0AE85BA6A5E1F6EE43483E9B192CA9802F8720A542A5E396ABEA3176D8A2DAA2A068654A89C4EA4E3D1560B03C49
Malicious:	false
Reputation:	low
URL:	https://www.2020insight.net/wh4/l/1518.jpg
Preview:	......JFIF.............C....................................................................C.......................................................................d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S..(...(...(...(..3c<S.9:....\|s........G.'G.\|../..Z.q..V...>u...s.........E...i..:?..........O.T{..u..G.'G.\|../..Z..N............zSX:=..u....j...o+........o..[..7.....EFm#.'q..(..6.(...(...(...(...(...+....Y.%cR..p+.x....9.....%?.\.U!....9:~u.......f......?..H'l..?.Q.....o..P.E\|...Q...._......_.x....../....9_d.x..._s>U.7..z.....5.o.{x....C...Q.....7..=.E...

Chrome Cache Entry: 42

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 189x100, components 3
Category:	dropped
Size (bytes):	4019
Entropy (8bit):	7.790969914801027
Encrypted:	false
SSDEEP:	48:PuERAR5F045wtsOTLwGOtX/TGJCPu/dWGJGocPocr3vnA6APVmVomNg30GAn:mEaZ5weOHAZ/cWuk346APVmV3NGAn
MD5:	F2F7F390523C58ECAA49050D2F2FCE48
SHA1:	68F02DC91F3E0B14AFEFFF0524E96EE8581E4C52
SHA-256:	0C6EE6126D474D13BA20136463122A14D63813119C61E0DFF322246783B1033C
SHA-512:	8AB018AFF3CD50EBE48EEE8CB0DC228D1C3F0AE85BA6A5E1F6EE43483E9B192CA9802F8720A542A5E396ABEA3176D8A2DAA2A068654A89C4EA4E3D1560B03C49
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C.......................................................................d...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..S..(...(...(...(..3c<S.9:....\|s........G.'G.\|../..Z.q..V...>u...s.........E...i..:?..........O.T{..u..G.'G.\|../..Z..N............zSX:=..u....j...o+........o..[..7.....EFm#.'q..(..6.(...(...(...(...(...+....Y.%cR..p+.x....9.....%?.\.U!....9:~u.......f......?..H'l..?.Q.....o..P.E\|...Q...._......_.x....../....9_d.x..._s>U.7..z.....5.o.{x....C...Q.....7..=.E...

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:02:04.089458942 CEST	49681	80	192.168.11.20	192.229.211.108
Oct 24, 2024 15:02:09.408118963 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:09.408174992 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:09.408288002 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:09.408560991 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:09.408617973 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:09.408816099 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:09.408818007 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:09.408862114 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:09.409121037 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:09.409162998 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.014691114 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.014909029 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.015408993 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.015444994 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.015865088 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.015897036 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.018171072 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.018421888 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.018651009 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.018863916 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.019305944 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.019378901 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.019525051 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.019556999 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.019785881 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.063709974 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.063747883 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.063874960 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.063922882 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.113224983 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.113244057 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.161092997 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.161144972 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.161330938 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.161734104 CEST	49790	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.161755085 CEST	443	49790	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.163105965 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.163238049 CEST	443	49789	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.163378000 CEST	49789	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.166836977 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.166893005 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.167217016 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.169055939 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.169095993 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.629528046 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.629987001 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.630023956 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.631078005 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.632004976 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.632059097 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.632266045 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.681521893 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.954616070 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.954664946 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.954813004 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.954833984 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.955068111 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.955632925 CEST	49792	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.955672026 CEST	443	49792	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.986715078 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.986768007 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.987011909 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.987426996 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.987464905 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.988066912 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.988122940 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.988301039 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.988565922 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.988586903 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.997224092 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.997268915 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:10.997467041 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.997775078 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:10.997798920 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.444952965 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.445338011 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.445355892 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.445898056 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.446371078 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.446470976 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.446513891 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.448204994 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.448671103 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.448685884 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.450098991 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.450432062 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.451302052 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.451347113 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.451435089 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.456399918 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.456902981 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.456914902 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.458492994 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.458822012 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.459005117 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.459103107 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.459188938 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.497926950 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.498176098 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.498188019 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.503959894 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.513818026 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.513827085 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.548115015 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.563493967 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.773365021 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.773488045 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.773704052 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.773925066 CEST	49795	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.773941040 CEST	443	49795	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.812345982 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.812417030 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.812563896 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.813055992 CEST	49793	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.813076019 CEST	443	49793	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.814191103 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.814218998 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.814352036 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.814563990 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.814563990 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.814758062 CEST	49794	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.814774036 CEST	443	49794	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.828777075 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.828823090 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.828986883 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.829308987 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.829339981 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.967192888 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.967247009 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.967261076 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.967314005 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.967425108 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.967587948 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.967727900 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.967761993 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:11.967915058 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:11.967952967 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.229805946 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.229866028 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.230042934 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.230367899 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.230403900 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.290831089 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.291209936 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.291260004 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.292781115 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.293251038 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.293297052 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.293627977 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.338494062 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.427577972 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.427941084 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.428006887 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.431279898 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.431580067 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.431631088 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.432616949 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.432864904 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.433161974 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.433238983 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.433535099 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.435837984 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.436211109 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.436321020 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.436373949 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.436707020 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.479738951 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.479753971 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.479789019 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.479809046 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.526575089 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.526576042 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.602322102 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.602500916 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.602736950 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.602937937 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.602938890 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.602996111 CEST	443	49798	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.603182077 CEST	49798	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.657233953 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.657572985 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.657625914 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.661823988 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.662072897 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.662765980 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.663108110 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.714056015 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:12.714062929 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:12.740340948 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:12.740358114 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:12.740565062 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:12.740909100 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:12.740919113 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:12.743052006 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.743104935 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.743268967 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.743460894 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.743474007 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.743513107 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.743612051 CEST	49799	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.743624926 CEST	443	49799	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.743645906 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.743711948 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.744224072 CEST	49800	443	192.168.11.20	207.21.199.174
Oct 24, 2024 15:02:12.744235992 CEST	443	49800	207.21.199.174	192.168.11.20
Oct 24, 2024 15:02:12.760921001 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:13.348613977 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:13.349062920 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:13.349107981 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:13.352374077 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:13.352694988 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:13.353522062 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:13.353626013 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:13.353836060 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:13.403871059 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:13.403913975 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:13.452850103 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.484113932 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.484271049 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.484436989 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.484694958 CEST	49802	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.484744072 CEST	443	49802	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.485805035 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.485873938 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.486011028 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.486417055 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.486447096 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.944899082 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.945383072 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.945422888 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.946456909 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.946927071 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.946969986 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:14.947208881 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:14.988599062 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.921664000 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.921689987 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.921694994 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.921806097 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.921838045 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.921860933 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.921864986 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.921886921 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.922136068 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.922461033 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.922518969 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.922646999 CEST	443	49805	207.21.198.148	192.168.11.20
Oct 24, 2024 15:02:15.922694921 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.922694921 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.922813892 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:15.923074007 CEST	49805	443	192.168.11.20	207.21.198.148
Oct 24, 2024 15:02:22.661739111 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:22.661798954 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:22.662014008 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:23.920866966 CEST	49801	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:02:23.920949936 CEST	443	49801	142.250.80.100	192.168.11.20
Oct 24, 2024 15:02:47.544569969 CEST	49784	443	192.168.11.20	23.219.82.48
Oct 24, 2024 15:02:47.714545012 CEST	49785	80	192.168.11.20	142.251.40.195
Oct 24, 2024 15:02:47.811551094 CEST	80	49785	142.251.40.195	192.168.11.20
Oct 24, 2024 15:02:47.811721087 CEST	49785	80	192.168.11.20	142.251.40.195
Oct 24, 2024 15:03:12.199529886 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:12.199573994 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:12.199871063 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:12.200308084 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:12.200341940 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:12.599092007 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:12.599592924 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:12.599608898 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:12.599984884 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:12.600466013 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:12.600627899 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:12.655503035 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:22.591902971 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:22.592086077 CEST	443	49812	142.250.80.100	192.168.11.20
Oct 24, 2024 15:03:22.592291117 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:23.908756971 CEST	49812	443	192.168.11.20	142.250.80.100
Oct 24, 2024 15:03:23.908844948 CEST	443	49812	142.250.80.100	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:01:59.478818893 CEST	137	137	192.168.11.20	192.168.11.255
Oct 24, 2024 15:02:00.215398073 CEST	137	137	192.168.11.20	192.168.11.255
Oct 24, 2024 15:02:00.980315924 CEST	137	137	192.168.11.20	192.168.11.255
Oct 24, 2024 15:02:07.643698931 CEST	55600	1900	192.168.11.20	239.255.255.250
Oct 24, 2024 15:02:07.700155020 CEST	53	61390	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:07.728806973 CEST	53	55599	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:08.488519907 CEST	53	59959	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:08.650573015 CEST	55600	1900	192.168.11.20	239.255.255.250
Oct 24, 2024 15:02:09.171303988 CEST	58472	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:09.171399117 CEST	61492	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:09.371541023 CEST	53	61492	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:09.407582045 CEST	53	58472	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:09.662890911 CEST	55600	1900	192.168.11.20	239.255.255.250
Oct 24, 2024 15:02:10.260195017 CEST	53	49332	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:10.663460016 CEST	55600	1900	192.168.11.20	239.255.255.250
Oct 24, 2024 15:02:11.234558105 CEST	53	55775	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:11.775882006 CEST	52044	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:11.776021957 CEST	63984	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:11.965878963 CEST	53	63984	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:11.966664076 CEST	53	52044	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:12.133327007 CEST	57041	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:12.133378029 CEST	57776	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:12.228890896 CEST	53	57776	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:12.228938103 CEST	53	57041	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:12.604137897 CEST	51626	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:12.604212999 CEST	57942	53	192.168.11.20	1.1.1.1
Oct 24, 2024 15:02:12.738326073 CEST	53	57942	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:12.739881039 CEST	53	51626	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:22.734283924 CEST	138	138	192.168.11.20	192.168.11.255
Oct 24, 2024 15:02:30.311058044 CEST	53	62141	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:37.195112944 CEST	53	61856	1.1.1.1	192.168.11.20
Oct 24, 2024 15:02:52.395113945 CEST	53	50438	1.1.1.1	192.168.11.20
Oct 24, 2024 15:03:07.715682983 CEST	53	54442	1.1.1.1	192.168.11.20
Oct 24, 2024 15:03:17.759255886 CEST	53	61532	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 15:02:09.171303988 CEST	192.168.11.20	1.1.1.1	0x4204	Standard query (0)	www.2020insight.net	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:09.171399117 CEST	192.168.11.20	1.1.1.1	0x619c	Standard query (0)	www.2020insight.net	65	IN (0x0001)	false
Oct 24, 2024 15:02:11.775882006 CEST	192.168.11.20	1.1.1.1	0x52c2	Standard query (0)	www.2020insight.net	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:11.776021957 CEST	192.168.11.20	1.1.1.1	0x783f	Standard query (0)	www.2020insight.net	65	IN (0x0001)	false
Oct 24, 2024 15:02:12.133327007 CEST	192.168.11.20	1.1.1.1	0x721c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:12.133378029 CEST	192.168.11.20	1.1.1.1	0x423	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 24, 2024 15:02:12.604137897 CEST	192.168.11.20	1.1.1.1	0xe39c	Standard query (0)	growstrongleaders.com	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:12.604212999 CEST	192.168.11.20	1.1.1.1	0xf9f0	Standard query (0)	growstrongleaders.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 15:02:09.407582045 CEST	1.1.1.1	192.168.11.20	0x4204	No error (0)	www.2020insight.net		207.21.199.174	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:11.966664076 CEST	1.1.1.1	192.168.11.20	0x52c2	No error (0)	www.2020insight.net		207.21.199.174	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:12.228890896 CEST	1.1.1.1	192.168.11.20	0x423	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 24, 2024 15:02:12.228938103 CEST	1.1.1.1	192.168.11.20	0x721c	No error (0)	www.google.com		142.250.80.100	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:02:12.739881039 CEST	1.1.1.1	192.168.11.20	0xe39c	No error (0)	growstrongleaders.com		207.21.198.148	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.2020insight.net

https:

growstrongleaders.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49790	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:10 UTC	685	OUT	GET /wh4/q.asp?r72962 HTTP/1.1 Host: www.2020insight.net Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-10-24 13:02:10 UTC	318	IN	HTTP/1.1 302 Object moved Cache-Control: private Content-Type: text/html Location: r/login.asp?project=72962 Server: Microsoft-IIS/10.0 Set-Cookie: ASPSESSIONIDQEQSQRSC=HENBAACBPOMJNDEMKHLIFNAN; secure; path=/ X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:10 GMT Connection: close Content-Length: 146
2024-10-24 13:02:10 UTC	146	IN	Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 6f 62 6a 65 63 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 72 2f 6c 6f 67 69 6e 2e 61 73 70 3f 70 72 6f 6a 65 63 74 3d 37 32 39 36 32 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 0a Data Ascii: <head><title>Object moved</title></head><body><h1>Object Moved</h1>This object may be found <a HREF="r/login.asp?project=72962">here</a>.</body>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49792	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:10 UTC	753	OUT	GET /wh4/r/login.asp?project=72962 HTTP/1.1 Host: www.2020insight.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=HENBAACBPOMJNDEMKHLIFNAN
2024-10-24 13:02:10 UTC	428	IN	HTTP/1.1 200 OK Cache-Control: no-cache, must-revalidate,private Pragma: no-cache Content-Type: text/html Expires: Mon, 26 Jul 1997 05:00:00 GMT,Thu, 24 Oct 2024 13:01:10 GMT Last-Modified: 10/24/2024 9:02:10 AM GMT Server: Microsoft-IIS/10.0 Set-Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA; secure; path=/ X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:10 GMT Connection: close Content-Length: 3511
2024-10-24 13:02:10 UTC	3511	IN	Data Raw: 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 57 65 62 52 65 73 70 6f 6e 73 65 20 34 2e 30 20 66 6f 72 20 32 30 2f 32 30 20 49 6e 73 69 67 68 74 20 47 4f 4c 44 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 3e 0d 0a 3c 53 43 52 49 50 54 20 4c 41 4e 47 55 41 47 45 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 3c 21 2d 2d 0d 0a 09 66 75 6e 63 74 69 6f 6e 20 6a 61 76 5f 53 65 74 46 6f 63 75 73 28 29 0d 0a 09 7b 0d 0a 09 09 64 6f 63 75 6d 65 6e 74 2e 66 6f 72 6d 73 5b 30 5d 2e 74 78 74 55 73 65 72 4e 61 6d 65 2e 66 6f 63 75 73 28 29 0d Data Ascii: <html><head><title>WebResponse 4.0 for 20/20 Insight GOLD</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><SCRIPT LANGUAGE="Javascript">...function jav_SetFocus(){document.forms[0].txtUserName.focus()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49793	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:11 UTC	645	OUT	GET /wh4/r/default.css HTTP/1.1 Host: www.2020insight.net Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.2020insight.net/wh4/r/login.asp?project=72962 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
2024-10-24 13:02:11 UTC	265	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Thu, 29 Jun 2006 19:49:00 GMT Accept-Ranges: bytes ETag: "09ece10b59bc61:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:11 GMT Connection: close Content-Length: 806
2024-10-24 13:02:11 UTC	806	IN	Data Raw: 2f 2a 20 43 53 53 20 44 6f 63 75 6d 65 6e 74 20 2a 2f 0d 0a 42 4f 44 59 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 70 74 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 46 46 46 46 46 3b 20 20 63 6f 6c 6f 72 3a 20 23 30 46 30 46 30 46 3b 0d 0a 09 09 46 4f 4e 54 2d 46 41 4d 49 4c 59 3a 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 56 65 72 64 61 6e 61 2c 20 53 77 69 73 73 2c 20 46 75 74 75 72 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 7d 0d 0a 50 20 7b 20 4d 41 52 47 49 4e 2d 54 4f 50 3a 20 30 70 78 3b 20 4d 41 52 47 49 4e 2d 42 4f 54 54 4f 4d 3a 20 30 70 78 3b 20 7d 0d 0a 46 4f 52 4d 20 7b 20 4d 41 52 47 49 4e 3a 20 30 70 78 3b 20 7d 0d 0a 0d 0a 2e 54 78 74 49 6e 70 75 74 20 7b 20 77 69 64 74 68 3a 20 39 30 25 3b 20 46 4f 4e 54 2d 46 41 4d Data Ascii: /* CSS Document */BODY { font-size: 9pt; background: #FFFFFF; color: #0F0F0F;FONT-FAMILY: Arial, Helvetica, Verdana, Swiss, Futura, sans-serif; }P { MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; }FORM { MARGIN: 0px; }.TxtInput { width: 90%; FONT-FAM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49794	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:11 UTC	688	OUT	GET /wh4/l/1518.jpg HTTP/1.1 Host: www.2020insight.net Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.2020insight.net/wh4/r/login.asp?project=72962 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
2024-10-24 13:02:11 UTC	269	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Last-Modified: Mon, 24 Nov 2008 14:46:01 GMT Accept-Ranges: bytes ETag: "62d6af5e434ec91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:11 GMT Connection: close Content-Length: 4019
2024-10-24 13:02:11 UTC	4019	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 96 00 96 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 00 64 00 bd 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCd"}!1AQa"q2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49795	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:11 UTC	699	OUT	GET /wh4/i/respondent16x16.gif HTTP/1.1 Host: www.2020insight.net Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.2020insight.net/wh4/r/login.asp?project=72962 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
2024-10-24 13:02:11 UTC	264	IN	HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Tue, 15 Nov 2005 19:56:00 GMT Accept-Ranges: bytes ETag: "08ca991eeac51:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:11 GMT Connection: close Content-Length: 74
2024-10-24 13:02:11 UTC	74	IN	Data Raw: 47 49 46 38 39 61 10 00 10 00 91 00 00 ff ff ff ff 91 91 ff 40 40 d7 18 18 2c 00 00 00 00 10 00 10 00 00 02 23 84 8f a9 cb 16 1f da 09 42 0c e9 ea c5 61 78 0c 22 10 24 51 95 55 9e a8 74 6e e9 fa ba 4d f7 85 b6 54 00 00 3b Data Ascii: GIF89a@@,#Bax"$QUtnMT;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49798	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:12 UTC	685	OUT	GET /favicon.ico HTTP/1.1 Host: www.2020insight.net Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.2020insight.net/wh4/r/login.asp?project=72962 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
2024-10-24 13:02:12 UTC	253	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://growstrongleaders.com/index.php Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:11 GMT Connection: close Content-Length: 162
2024-10-24 13:02:12 UTC	162	IN	Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 67 72 6f 77 73 74 72 6f 6e 67 6c 65 61 64 65 72 73 2e 63 6f 6d 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://growstrongleaders.com/index.php">here</a></body>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49799	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:12 UTC	429	OUT	GET /wh4/i/respondent16x16.gif HTTP/1.1 Host: www.2020insight.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
2024-10-24 13:02:12 UTC	264	IN	HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Tue, 15 Nov 2005 19:56:00 GMT Accept-Ranges: bytes ETag: "08ca991eeac51:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:12 GMT Connection: close Content-Length: 74
2024-10-24 13:02:12 UTC	74	IN	Data Raw: 47 49 46 38 39 61 10 00 10 00 91 00 00 ff ff ff ff 91 91 ff 40 40 d7 18 18 2c 00 00 00 00 10 00 10 00 00 02 23 84 8f a9 cb 16 1f da 09 42 0c e9 ea c5 61 78 0c 22 10 24 51 95 55 9e a8 74 6e e9 fa ba 4d f7 85 b6 54 00 00 3b Data Ascii: GIF89a@@,#Bax"$QUtnMT;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49800	207.21.199.174	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:12 UTC	418	OUT	GET /wh4/l/1518.jpg HTTP/1.1 Host: www.2020insight.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: ASPSESSIONIDQEQSQRSC=IENBAACBGFCCFFMEMHKJGIMA
2024-10-24 13:02:12 UTC	269	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Last-Modified: Mon, 24 Nov 2008 14:46:01 GMT Accept-Ranges: bytes ETag: "62d6af5e434ec91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:12 GMT Connection: close Content-Length: 4019
2024-10-24 13:02:12 UTC	4019	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 96 00 96 00 00 ff db 00 43 00 03 02 02 03 02 02 03 03 03 03 04 03 03 04 05 08 05 05 04 04 05 0a 07 07 06 08 0c 0a 0c 0c 0b 0a 0b 0b 0d 0e 12 10 0d 0e 11 0e 0b 0b 10 16 10 11 13 14 15 15 15 0c 0f 17 18 16 14 18 12 14 15 14 ff db 00 43 01 03 04 04 05 04 05 09 05 05 09 14 0d 0b 0d 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 14 ff c0 00 11 08 00 64 00 bd 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCCd"}!1AQa"q2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49802	207.21.198.148	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:13 UTC	600	OUT	GET /index.php HTTP/1.1 Host: growstrongleaders.com Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.2020insight.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-10-24 13:02:14 UTC	293	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://growstrongleaders.com/ Server: Microsoft-IIS/10.0 X-Powered-By: PHP/8.2.3 X-Redirect-By: WordPress X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:14 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49805	207.21.198.148	443	4996	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:02:14 UTC	591	OUT	GET / HTTP/1.1 Host: growstrongleaders.com Connection: keep-alive sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.2020insight.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2024-10-24 13:02:15 UTC	261	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Last-Modified: Tue, 22 Oct 2024 20:11:23 GMT Server: Microsoft-IIS/10.0 X-Powered-By: PHP/8.2.3 X-Powered-By: ASP.NET Date: Thu, 24 Oct 2024 13:02:15 GMT Connection: close Content-Length: 215379
2024-10-24 13:02:15 UTC	16123	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 72 6f 77 73 74 72 6f 6e 67 6c 65 61 64 65 72 73 2e 63 6f 6d 2f 78 6d 6c Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="description" content="" /><meta name="keywords" content="" /><meta http-equiv="X-UA-Compatible" content="IE=edge"><link rel="pingback" href="https://growstrongleaders.com/xml
2024-10-24 13:02:15 UTC	16384	IN	Data Raw: 2f 73 2f 73 6f 75 72 63 65 73 61 6e 73 70 72 6f 2f 76 32 32 2f 36 78 4b 77 64 53 42 59 4b 63 53 56 2d 4c 43 6f 65 51 71 66 58 31 52 59 4f 6f 33 71 50 5a 5a 63 6c 52 64 75 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 53 6f 75 72 63 65 20 53 61 6e 73 20 50 72 6f 27 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 39 30 30 3b 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 73 6f 75 72 63 65 73 61 6e 73 70 72 6f 2f 76 32 32 2f 36 78 4b 77 64 53 42 59 4b 63 53 56 2d 4c 43 6f 65 51 71 66 Data Ascii: /s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdu.woff2) format('woff2');}@font-face {font-family: 'Source Sans Pro';font-style: italic;font-weight: 900;font-display: swap;src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqf

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1588, Parent PID: 2308

General

Target ID:	0
Start time:	09:02:04
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff74e300000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4996, Parent PID: 1588

General

Target ID:	1
Start time:	09:02:05
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2192,i,11672242447743911351,4653400138562691382,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2188 /prefetch:3
Imagebase:	0x7ff74e300000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7628, Parent PID: 2308

General

Target ID:	3
Start time:	09:02:08
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.2020insight.net/wh4/q.asp?r72962"
Imagebase:	0x7ff74e300000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly