Edit tour

Windows Analysis Report
http://cloudflare-ipfs.com

Overview

General Information

Sample URL:	http://cloudflare-ipfs.com
Analysis ID:	1388494
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on shot match)

Yara detected BlockedWebSite

Creates files inside the system directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5920 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1956,i,8789596328055083740,16221983054417927590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6708 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cloudflare-ipfs.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_41	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://cloudflare-ipfs.com

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://cloudflare-ipfs.com/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: malware
Source: https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: malware
Source: https://cloudflare-ipfs.com/favicon.ico	Avira URL Cloud: Label: malware

Phishing

Phishing site detected (based on shot match)

Source: https://cloudflare-ipfs.com/

Matcher: Template: genphish matched

Yara detected BlockedWebSite

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_41, type: DROPPED

Source: https://cloudflare-ipfs.com/

HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49737 version: TLS 1.2

Source: unknown

HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cloudflare-ipfs.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: cloudflare-ipfs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 07 Feb 2024 15:27:18 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 14Connection: closeSet-Cookie: __cf_bm=bAU9MsX9iILHyoUUu3ZXblrghk5b6xTEXs6052Ajneo-1707319638-1-AeyLycw0pupbTR17h5jz58hy7hMhzxyuL1ChaEIK2RKzqrCwKiSp88befTjN0tGOrafSSV9De/5VNndVO60/OlQ=; path=/; expires=Wed, 07-Feb-24 15:57:18 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 851ca7fe8f80674f-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_41.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_41.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49737 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5920_1332250246

Jump to behavior

Source: classification engine

Classification label: mal72.phis.win@17/9@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1956,i,8789596328055083740,16221983054417927590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cloudflare-ipfs.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1956,i,8789596328055083740,16221983054417927590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://cloudflare-ipfs.com	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label
https://cloudflare-ipfs.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	malware
https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	malware
https://cloudflare-ipfs.com/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.253.124.84	true	false	high
cloudflare-ipfs.com	104.17.64.14	true	false	unknown
www.google.com	172.217.215.104	true	false	high
clients.l.google.com	172.253.124.138	true	false	high
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
windowsupdatebg.s.llnwi.net	69.164.42.0	true	false	unknown
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cloudflare-ipfs.com/	true		unknown
https://cloudflare-ipfs.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://cloudflare-ipfs.com/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: malware	unknown
https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: malware	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_41.2.dr	false		high
https://www.cloudflare.com/5xx-error-landing	chromecache_41.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.96.13	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.215.104	www.google.com	United States	15169	GOOGLEUS	false
172.253.124.138	clients.l.google.com	United States	15169	GOOGLEUS	false
104.17.64.14	cloudflare-ipfs.com	United States	13335	CLOUDFLARENETUS	false
172.253.124.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1388494
Start date and time:	2024-02-07 16:26:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://cloudflare-ipfs.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@17/9@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.215.94, 34.104.35.123, 13.85.23.86, 192.229.211.108, 69.164.42.0, 13.95.31.18, 23.40.205.49, 23.40.205.26, 23.40.205.34, 20.166.126.56, 72.21.81.240, 64.233.176.94, 23.40.205.81
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, glb.sls.prod.dcat.dsp.trafficmanager.net
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://cloudflare-ipfs.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4389
Entropy (8bit):	5.082881459025583
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOisLeA2ZLimZrRu9PaQxJbGD:1j9jhjYjIK/Vo+ts2ZOmZrU9ieJGD
MD5:	1E8D592292F3A4DAE28D57298959E730
SHA1:	FFE0651D7A03DDB8A6D307BB4B19B8CDA4412FC2
SHA-256:	65FF13223397940DC3848B7A31B5E67D436FAFD465583981E41C0E3942CA932E
SHA-512:	AB9B83221A1ABE7F4D27C5782264D449749BEF0C5C35975423D74F7B80F59240D0E1CC3A56FF9ACD8C13A34366EF5CB9BB41C1F1A9039E0AEE40C0A19C2C4531
Malicious:	false
Reputation:	low
URL:	https://cloudflare-ipfs.com/
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 42

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 43

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24131)
Category:	downloaded
Size (bytes):	24132
Entropy (8bit):	4.94218020721052
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UusV7MSE6XZ2dKI:JwV+oUcoQJpdf1dxKSI7/Uue7ZX2qk
MD5:	A1CEDC21F16B5A97114857154FAB35E9
SHA1:	95E9890A15A4F7F94F7F19D2C297E4B07503C526
SHA-256:	1103290E25EBDA2712ABE344A87FACBAC00DDABA712729BE9FE5FEEF807BF91B
SHA-512:	00E857331DCE66901120B042A254E5AF5135364F718DA56110A4744F3E64F9B61BA0B877013AF8398A0F865C7BDE6AD2F87B3C9D2D828651806409CBA57AA34E
Malicious:	false
Reputation:	low
URL:	https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://cloudflare-ipfs.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	14
Entropy (8bit):	3.378783493486176
Encrypted:	false
SSDEEP:	3:MKRUeB:MKCeB
MD5:	D0FBDA9855D118740F1105334305C126
SHA1:	BC3023B36063A7681DB24681472B54FA11F0D4EC
SHA-256:	A469AB4CA4E55BF547566E9EBFA1B809C933207E9D558156BC0C4252B17533FE
SHA-512:	41171C08CA31B832C6E64C553702D38ADF805CE4FEC552B71659558A419C02589CF9332F40288FB450E6C52297EFA7903999F39DD48EFA20EDB92C7D8E3BD42B
Malicious:	false
Reputation:	low
URL:	https://cloudflare-ipfs.com/favicon.ico
Preview:	Page not found

Total Packets: 193
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2024 16:27:06.277384043 CET	49673	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:06.277841091 CET	49674	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:06.574304104 CET	49672	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:14.337625027 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.337666988 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.337743998 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.338402033 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.338453054 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.338511944 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.338869095 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.338886976 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.339098930 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.339113951 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.572781086 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.573152065 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.573184967 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.574515104 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.574577093 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.576307058 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.576373100 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.576419115 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.576741934 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.576754093 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.576896906 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.576927900 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.577465057 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.577527046 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.578607082 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.578735113 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.579799891 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.579879045 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.579916000 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.625910997 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.668035984 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.670016050 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.670057058 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.786113977 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.786207914 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.786228895 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.786258936 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.786545992 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.786798000 CET	49712	443	192.168.2.6	172.253.124.138
Feb 7, 2024 16:27:14.786813021 CET	443	49712	172.253.124.138	192.168.2.6
Feb 7, 2024 16:27:14.797657013 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.798073053 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:14.798166990 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.798929930 CET	49711	443	192.168.2.6	172.253.124.84
Feb 7, 2024 16:27:14.798942089 CET	443	49711	172.253.124.84	192.168.2.6
Feb 7, 2024 16:27:15.481863976 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.481914997 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.481995106 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.482697010 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.482707977 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.851804018 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.851882935 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.858628988 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.858638048 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.858880043 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.860873938 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.860941887 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.860948086 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.861073971 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.885147095 CET	49673	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:15.885165930 CET	49674	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:15.905916929 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.980381966 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.981558084 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:15.981641054 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.994859934 CET	49716	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:15.994884968 CET	443	49716	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:16.182204008 CET	49672	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:16.626018047 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.626070976 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.626205921 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.626709938 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.626727104 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.877321005 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.878227949 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.878254890 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.879697084 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.879760027 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.889417887 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.889559984 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.890016079 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:16.890024900 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:16.932410002 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.158885002 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.159025908 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.159110069 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.159167051 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.159181118 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.159208059 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.159218073 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.159403086 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.159600019 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.163532972 CET	49717	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.163551092 CET	443	49717	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.223268032 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.223332882 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.223409891 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.236623049 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.236650944 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.481874943 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.483906031 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.483927011 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.484347105 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.485349894 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.485445976 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.485542059 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.526338100 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.526395082 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.573144913 CET	443	49706	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:17.573302984 CET	49706	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:17.757529974 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.757563114 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.757582903 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.757597923 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.757647038 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.757663965 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.757683992 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.757720947 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.757884026 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.757898092 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758080959 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758102894 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758115053 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.758120060 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758300066 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.758697033 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758730888 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758763075 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758771896 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.758778095 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.758809090 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.759378910 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759460926 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759483099 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759506941 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759519100 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.759522915 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759557962 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.759561062 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759591103 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.759660006 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.761913061 CET	49718	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.761925936 CET	443	49718	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.785737991 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.785780907 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:17.785862923 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.786761045 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:17.786786079 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.029789925 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.030205011 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.030236006 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.030747890 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.031321049 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.031402111 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.031480074 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.071943045 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.071976900 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.307317972 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.307585955 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.307895899 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.308243990 CET	49720	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.308270931 CET	443	49720	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.350841999 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.350884914 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.350951910 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.351953030 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.351963997 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.484030008 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.484057903 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.484256029 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.485301971 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.485316038 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.595341921 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.595787048 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.595810890 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.596146107 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.596988916 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.597038984 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.597583055 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.603001118 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.603039980 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.603195906 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.604295015 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.604305029 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.641895056 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.728121042 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.729331970 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.729350090 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.730441093 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.730495930 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.731158972 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.731235027 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.731801987 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.731810093 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:18.775341988 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:18.826441050 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.826771975 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.826807976 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.827931881 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.828006983 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.830578089 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.830689907 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.878361940 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:18.878397942 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:18.889435053 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.889516115 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.889569998 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.891700983 CET	49721	443	192.168.2.6	104.17.96.13
Feb 7, 2024 16:27:18.891717911 CET	443	49721	104.17.96.13	192.168.2.6
Feb 7, 2024 16:27:18.932058096 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:19.016973019 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:19.017043114 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:19.017201900 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:19.108463049 CET	49722	443	192.168.2.6	104.17.64.14
Feb 7, 2024 16:27:19.108541965 CET	443	49722	104.17.64.14	192.168.2.6
Feb 7, 2024 16:27:19.737590075 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:19.737704039 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:19.737790108 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:19.740360975 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:19.740416050 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:19.957882881 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:19.957983971 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:19.969749928 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:19.969772100 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:19.970143080 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.010003090 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.125869036 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.165924072 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.228746891 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.228832960 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.228919029 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.257548094 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.257611990 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.257646084 CET	49724	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.257663012 CET	443	49724	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.303596973 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.303693056 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.303787947 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.305255890 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.305300951 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.522737026 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.522836924 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.525155067 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.525166035 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.525580883 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.527172089 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.569915056 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.722769022 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.722846031 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:20.723120928 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.725198984 CET	49725	443	192.168.2.6	23.63.206.91
Feb 7, 2024 16:27:20.725218058 CET	443	49725	23.63.206.91	192.168.2.6
Feb 7, 2024 16:27:22.712402105 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:22.712502956 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:22.712589025 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:22.718048096 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:22.718086958 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:23.092540026 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:23.092694998 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.657160044 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.657196999 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:24.657550097 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:24.697807074 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.699050903 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.699357986 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.699368954 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:24.699645996 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.741919041 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:24.818017960 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:24.818116903 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:24.818176031 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.818624973 CET	49726	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:24.818643093 CET	443	49726	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:28.501532078 CET	49706	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:28.501813889 CET	49706	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:28.502094030 CET	49731	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:28.502142906 CET	443	49731	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:28.502484083 CET	49731	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:28.503588915 CET	49731	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:28.503603935 CET	443	49731	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:28.651781082 CET	443	49706	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:28.651793957 CET	443	49706	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:28.813668966 CET	443	49731	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:28.813774109 CET	49731	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:28.823802948 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:28.823869944 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:28.824230909 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:28.923599958 CET	49723	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:27:28.923633099 CET	443	49723	172.217.215.104	192.168.2.6
Feb 7, 2024 16:27:36.207261086 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.207309008 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.207386017 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.208517075 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.208529949 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.590698004 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.590898991 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.597374916 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.597393036 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.597750902 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.599679947 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.599736929 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.599742889 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.599883080 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.641902924 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.718792915 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.718902111 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:36.718956947 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.719142914 CET	49732	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:36.719165087 CET	443	49732	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:47.957007885 CET	443	49731	173.222.162.64	192.168.2.6
Feb 7, 2024 16:27:47.957067966 CET	49731	443	192.168.2.6	173.222.162.64
Feb 7, 2024 16:27:54.847172976 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:54.847214937 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:54.847310066 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:54.848248959 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:54.848259926 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.216784954 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.216984987 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.218681097 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.218687057 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.218878031 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.220705032 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.220824003 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.220827103 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.221102953 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.265892982 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.343947887 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.344150066 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:27:55.344203949 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.344289064 CET	49733	443	192.168.2.6	20.25.241.18
Feb 7, 2024 16:27:55.344300032 CET	443	49733	20.25.241.18	192.168.2.6
Feb 7, 2024 16:28:18.556438923 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.556469917 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:18.556577921 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.557614088 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.557626963 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:18.777447939 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:18.823913097 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.829919100 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.829926014 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:18.830486059 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:18.831063986 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.831147909 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:18.890351057 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:18.988210917 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:18.988256931 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:18.988322973 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:18.989593029 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:18.989607096 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.368307114 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.368422985 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.370600939 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.370623112 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.370878935 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.372623920 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.372699022 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.372708082 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.372885942 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.413924932 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.491518974 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.491754055 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:19.491875887 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.491970062 CET	49737	443	192.168.2.6	52.159.126.152
Feb 7, 2024 16:28:19.492012024 CET	443	49737	52.159.126.152	192.168.2.6
Feb 7, 2024 16:28:28.768358946 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:28.768433094 CET	443	49736	172.217.215.104	192.168.2.6
Feb 7, 2024 16:28:28.768538952 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:30.544866085 CET	49736	443	192.168.2.6	172.217.215.104
Feb 7, 2024 16:28:30.544893026 CET	443	49736	172.217.215.104	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 7, 2024 16:27:14.208844900 CET	49393	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:14.209275007 CET	51957	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:14.209934950 CET	50767	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:14.210151911 CET	57827	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:14.236888885 CET	53	53047	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:14.326657057 CET	53	49393	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:14.326915979 CET	53	51957	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:14.328085899 CET	53	50767	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:14.328936100 CET	53	57827	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:14.954651117 CET	53	57092	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:16.381275892 CET	49250	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:16.381553888 CET	54815	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:16.499370098 CET	53	54815	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:16.502998114 CET	53	49250	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:16.504862070 CET	62361	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:16.505038023 CET	58181	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:16.622832060 CET	53	62361	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:16.624361992 CET	53	58181	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:18.360193014 CET	53454	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:18.361135006 CET	58524	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:18.478533030 CET	53	53454	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:18.480102062 CET	53	58524	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:18.481950998 CET	59536	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:18.482780933 CET	56381	53	192.168.2.6	1.1.1.1
Feb 7, 2024 16:27:18.599087954 CET	53	59536	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:18.600167036 CET	53	56381	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:32.707572937 CET	53	62681	1.1.1.1	192.168.2.6
Feb 7, 2024 16:27:51.488282919 CET	53	50246	1.1.1.1	192.168.2.6
Feb 7, 2024 16:28:14.192514896 CET	53	57184	1.1.1.1	192.168.2.6
Feb 7, 2024 16:28:14.447216988 CET	53	61500	1.1.1.1	192.168.2.6
Feb 7, 2024 16:28:42.800566912 CET	53	58043	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Feb 7, 2024 16:27:16.503094912 CET	192.168.2.6	1.1.1.1	c20b	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 7, 2024 16:27:14.208844900 CET	192.168.2.6	1.1.1.1	0xc9d3	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.209275007 CET	192.168.2.6	1.1.1.1	0xe77f	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Feb 7, 2024 16:27:14.209934950 CET	192.168.2.6	1.1.1.1	0x8847	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.210151911 CET	192.168.2.6	1.1.1.1	0x70d5	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Feb 7, 2024 16:27:16.381275892 CET	192.168.2.6	1.1.1.1	0x9427	Standard query (0)	cloudflare-ipfs.com	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.381553888 CET	192.168.2.6	1.1.1.1	0xdfd1	Standard query (0)	cloudflare-ipfs.com	65	IN (0x0001)	false
Feb 7, 2024 16:27:16.504862070 CET	192.168.2.6	1.1.1.1	0x5280	Standard query (0)	cloudflare-ipfs.com	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.505038023 CET	192.168.2.6	1.1.1.1	0xeade	Standard query (0)	cloudflare-ipfs.com	65	IN (0x0001)	false
Feb 7, 2024 16:27:18.360193014 CET	192.168.2.6	1.1.1.1	0x7a4b	Standard query (0)	cloudflare-ipfs.com	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.361135006 CET	192.168.2.6	1.1.1.1	0x966	Standard query (0)	cloudflare-ipfs.com	65	IN (0x0001)	false
Feb 7, 2024 16:27:18.481950998 CET	192.168.2.6	1.1.1.1	0x9621	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.482780933 CET	192.168.2.6	1.1.1.1	0xc798	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients.l.google.com		172.253.124.138	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients.l.google.com		172.253.124.102	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients.l.google.com		172.253.124.113	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients.l.google.com		172.253.124.101	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients.l.google.com		172.253.124.100	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326657057 CET	1.1.1.1	192.168.2.6	0xc9d3	No error (0)	clients.l.google.com		172.253.124.139	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:14.326915979 CET	1.1.1.1	192.168.2.6	0xe77f	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 7, 2024 16:27:14.328085899 CET	1.1.1.1	192.168.2.6	0x8847	No error (0)	accounts.google.com		172.253.124.84	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.499370098 CET	1.1.1.1	192.168.2.6	0xdfd1	No error (0)	cloudflare-ipfs.com			65	IN (0x0001)	false
Feb 7, 2024 16:27:16.502998114 CET	1.1.1.1	192.168.2.6	0x9427	No error (0)	cloudflare-ipfs.com		104.17.64.14	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.502998114 CET	1.1.1.1	192.168.2.6	0x9427	No error (0)	cloudflare-ipfs.com		104.17.96.13	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.622832060 CET	1.1.1.1	192.168.2.6	0x5280	No error (0)	cloudflare-ipfs.com		104.17.96.13	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.622832060 CET	1.1.1.1	192.168.2.6	0x5280	No error (0)	cloudflare-ipfs.com		104.17.64.14	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:16.624361992 CET	1.1.1.1	192.168.2.6	0xeade	No error (0)	cloudflare-ipfs.com			65	IN (0x0001)	false
Feb 7, 2024 16:27:18.478533030 CET	1.1.1.1	192.168.2.6	0x7a4b	No error (0)	cloudflare-ipfs.com		104.17.64.14	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.478533030 CET	1.1.1.1	192.168.2.6	0x7a4b	No error (0)	cloudflare-ipfs.com		104.17.96.13	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.480102062 CET	1.1.1.1	192.168.2.6	0x966	No error (0)	cloudflare-ipfs.com			65	IN (0x0001)	false
Feb 7, 2024 16:27:18.599087954 CET	1.1.1.1	192.168.2.6	0x9621	No error (0)	www.google.com		172.217.215.104	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.599087954 CET	1.1.1.1	192.168.2.6	0x9621	No error (0)	www.google.com		172.217.215.99	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.599087954 CET	1.1.1.1	192.168.2.6	0x9621	No error (0)	www.google.com		172.217.215.103	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.599087954 CET	1.1.1.1	192.168.2.6	0x9621	No error (0)	www.google.com		172.217.215.147	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.599087954 CET	1.1.1.1	192.168.2.6	0x9621	No error (0)	www.google.com		172.217.215.105	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.599087954 CET	1.1.1.1	192.168.2.6	0x9621	No error (0)	www.google.com		172.217.215.106	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:18.600167036 CET	1.1.1.1	192.168.2.6	0xc798	No error (0)	www.google.com			65	IN (0x0001)	false
Feb 7, 2024 16:27:27.081451893 CET	1.1.1.1	192.168.2.6	0x7247	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Feb 7, 2024 16:27:27.081451893 CET	1.1.1.1	192.168.2.6	0x7247	No error (0)	fp2e7a.wpc.phicdn.net		192.229.211.108	A (IP address)	IN (0x0001)	false
Feb 7, 2024 16:27:28.345417023 CET	1.1.1.1	192.168.2.6	0x27a8	No error (0)	windowsupdatebg.s.llnwi.net		69.164.42.0	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

cloudflare-ipfs.com

https:

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	172.253.124.84	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:14 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2024-02-07 15:27:14 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-02-07 15:27:14 UTC	1799	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 07 Feb 2024 15:27:14 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-ot7E5A-ASOQi_QseewnSEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmJw05BiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQFiIR6OS4f61rEJdNxuf8gEALU3F4E" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-07 15:27:14 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-02-07 15:27:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49712	172.253.124.138	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:14 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-07 15:27:14 UTC	732	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-SyDsPvEq15iTBYVq2udZcA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 07 Feb 2024 15:27:14 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6246 X-Daystart: 26834 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-02-07 15:27:14 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 34 36 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 36 38 33 34 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6246" elapsed_seconds="26834"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2024-02-07 15:27:14 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2024-02-07 15:27:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49716	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:15 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 7a 51 37 39 38 65 56 72 42 55 2b 4d 31 73 74 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 66 31 65 65 36 34 39 64 35 65 31 37 66 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: zQ798eVrBU+M1stI.1Context: eaf1ee649d5e17fe
2024-02-07 15:27:15 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-02-07 15:27:15 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 7a 51 37 39 38 65 56 72 42 55 2b 4d 31 73 74 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 66 31 65 65 36 34 39 64 35 65 31 37 66 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 38 73 50 4e 63 72 36 73 56 77 65 53 57 58 46 43 42 2f 6c 79 37 41 2f 6a 53 65 59 54 34 2b 4c 63 5a 35 50 37 42 33 55 78 54 30 4e 31 62 43 5a 71 77 58 72 72 6b 59 63 58 56 72 4d 46 57 67 4c 72 2f 61 65 54 66 6a 46 6c 62 5a 64 36 79 6d 68 6a 45 30 43 37 6d 6a 76 7a 46 6b 46 66 4e 2f 39 5a 33 2f 53 6a 76 38 39 5a 4a 35 2f Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: zQ798eVrBU+M1stI.2Context: eaf1ee649d5e17fe<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl8sPNcr6sVweSWXFCB/ly7A/jSeYT4+LcZ5P7B3UxT0N1bCZqwXrrkYcXVrMFWgLr/aeTfjFlbZd6ymhjE0C7mjvzFkFfN/9Z3/Sjv89ZJ5/
2024-02-07 15:27:15 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 7a 51 37 39 38 65 56 72 42 55 2b 4d 31 73 74 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 61 66 31 65 65 36 34 39 64 35 65 31 37 66 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: zQ798eVrBU+M1stI.3Context: eaf1ee649d5e17fe<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-02-07 15:27:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-02-07 15:27:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 71 54 74 2b 61 57 38 48 52 30 79 70 42 51 6e 45 72 4c 61 62 31 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: qTt+aW8HR0ypBQnErLab1A.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49717	104.17.96.13	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:16 UTC	662	OUT	GET / HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-07 15:27:17 UTC	252	IN	HTTP/1.1 200 OK Date: Wed, 07 Feb 2024 15:27:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Server: cloudflare CF-RAY: 851ca7f3ca53b060-ATL alt-svc: h3=":443"; ma=86400
2024-02-07 15:27:17 UTC	1117	IN	Data Raw: 31 31 32 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1125<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 62 6c 6f 63 6b 27 3b 0a 20 20 20 20 7d 29 0a 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 Data Ascii: block'; }) }</script>...<![endif]--></head><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" c
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 Data Ascii: 0;">Learn More</a> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p>
2024-02-07 15:27:17 UTC	542	IN	Data Raw: 64 28 29 7b 76 61 72 20 62 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 29 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 Data Ascii: d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("
2024-02-07 15:27:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49718	104.17.96.13	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:17 UTC	565	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-07 15:27:17 UTC	411	IN	HTTP/1.1 200 OK Date: Wed, 07 Feb 2024 15:27:17 GMT Content-Type: text/css Content-Length: 24132 Connection: close Last-Modified: Fri, 02 Feb 2024 15:36:02 GMT ETag: "65bd0be2-5e44" Server: cloudflare CF-RAY: 851ca7f79a0317f3-ATL X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 07 Feb 2024 17:27:17 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-02-07 15:27:17 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2024-02-07 15:27:17 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49720	104.17.96.13	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:18 UTC	657	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-07 15:27:18 UTC	409	IN	HTTP/1.1 200 OK Date: Wed, 07 Feb 2024 15:27:18 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 02 Feb 2024 15:36:02 GMT ETag: "65bd0be2-1c4" Server: cloudflare CF-RAY: 851ca7faf8f3b0bd-ATL X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 07 Feb 2024 17:27:18 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-02-07 15:27:18 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49721	104.17.96.13	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:18 UTC	594	OUT	GET /favicon.ico HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cloudflare-ipfs.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-07 15:27:18 UTC	496	IN	HTTP/1.1 404 Not Found Date: Wed, 07 Feb 2024 15:27:18 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 14 Connection: close Set-Cookie: __cf_bm=bAU9MsX9iILHyoUUu3ZXblrghk5b6xTEXs6052Ajneo-1707319638-1-AeyLycw0pupbTR17h5jz58hy7hMhzxyuL1ChaEIK2RKzqrCwKiSp88befTjN0tGOrafSSV9De/5VNndVO60/OlQ=; path=/; expires=Wed, 07-Feb-24 15:57:18 GMT; domain=.cloudflare-ipfs.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 851ca7fe8f80674f-ATL alt-svc: h3=":443"; ma=86400
2024-02-07 15:27:18 UTC	14	IN	Data Raw: 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: Page not found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49722	104.17.64.14	443	2136	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:18 UTC	389	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: cloudflare-ipfs.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-02-07 15:27:19 UTC	409	IN	HTTP/1.1 200 OK Date: Wed, 07 Feb 2024 15:27:18 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Fri, 02 Feb 2024 15:36:02 GMT ETag: "65bd0be2-1c4" Server: cloudflare CF-RAY: 851ca7ff6b6e070b-ATL X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Wed, 07 Feb 2024 17:27:18 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2024-02-07 15:27:19 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49724	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:20 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-07 15:27:20 UTC	533	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: DBB3C8D083C94C75B95956C4186F17A2 Ref B: ASHEDGE1512 Ref C: 2024-02-06T10:22:19Z Cache-Control: public, max-age=154500 Date: Wed, 07 Feb 2024 15:27:20 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49725	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:20 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-02-07 15:27:20 UTC	662	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 77D3A374A575439792C03F9D3B3E5A6A Ref B: CH1AA2040903034 Ref C: 2023-07-19T16:59:25Z X-MSEdge-Ref: Ref A: 268FB40D90624D4B909B4269BE9DB868 Ref B: CHI30EDGE0106 Ref C: 2023-07-19T17:02:00Z Cache-Control: public, max-age=154514 Date: Wed, 07 Feb 2024 15:27:20 GMT Content-Length: 55 Connection: close X-CID: 2
2024-02-07 15:27:20 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49726	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 42 4c 56 30 73 75 37 6a 6d 6b 65 48 39 51 66 2b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 30 62 65 65 37 39 66 36 39 35 31 34 61 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: BLV0su7jmkeH9Qf+.1Context: 6b0bee79f69514ad
2024-02-07 15:27:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-02-07 15:27:24 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 42 4c 56 30 73 75 37 6a 6d 6b 65 48 39 51 66 2b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 30 62 65 65 37 39 66 36 39 35 31 34 61 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 38 73 50 4e 63 72 36 73 56 77 65 53 57 58 46 43 42 2f 6c 79 37 41 2f 6a 53 65 59 54 34 2b 4c 63 5a 35 50 37 42 33 55 78 54 30 4e 31 62 43 5a 71 77 58 72 72 6b 59 63 58 56 72 4d 46 57 67 4c 72 2f 61 65 54 66 6a 46 6c 62 5a 64 36 79 6d 68 6a 45 30 43 37 6d 6a 76 7a 46 6b 46 66 4e 2f 39 5a 33 2f 53 6a 76 38 39 5a 4a 35 2f Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: BLV0su7jmkeH9Qf+.2Context: 6b0bee79f69514ad<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl8sPNcr6sVweSWXFCB/ly7A/jSeYT4+LcZ5P7B3UxT0N1bCZqwXrrkYcXVrMFWgLr/aeTfjFlbZd6ymhjE0C7mjvzFkFfN/9Z3/Sjv89ZJ5/
2024-02-07 15:27:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 42 4c 56 30 73 75 37 6a 6d 6b 65 48 39 51 66 2b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 62 30 62 65 65 37 39 66 36 39 35 31 34 61 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: BLV0su7jmkeH9Qf+.3Context: 6b0bee79f69514ad<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-02-07 15:27:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-02-07 15:27:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 6a 67 51 74 46 4f 77 69 45 69 35 71 6b 6b 54 70 79 62 72 56 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9jgQtFOwiEi5qkkTpybrVw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49732	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:36 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 7a 2b 70 30 4c 57 6f 62 45 65 5a 31 65 6c 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 30 32 35 64 61 32 35 35 37 63 30 63 64 38 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Yz+p0LWobEeZ1elw.1Context: 4025da2557c0cd89
2024-02-07 15:27:36 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-02-07 15:27:36 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 59 7a 2b 70 30 4c 57 6f 62 45 65 5a 31 65 6c 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 30 32 35 64 61 32 35 35 37 63 30 63 64 38 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 38 73 50 4e 63 72 36 73 56 77 65 53 57 58 46 43 42 2f 6c 79 37 41 2f 6a 53 65 59 54 34 2b 4c 63 5a 35 50 37 42 33 55 78 54 30 4e 31 62 43 5a 71 77 58 72 72 6b 59 63 58 56 72 4d 46 57 67 4c 72 2f 61 65 54 66 6a 46 6c 62 5a 64 36 79 6d 68 6a 45 30 43 37 6d 6a 76 7a 46 6b 46 66 4e 2f 39 5a 33 2f 53 6a 76 38 39 5a 4a 35 2f Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: Yz+p0LWobEeZ1elw.2Context: 4025da2557c0cd89<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl8sPNcr6sVweSWXFCB/ly7A/jSeYT4+LcZ5P7B3UxT0N1bCZqwXrrkYcXVrMFWgLr/aeTfjFlbZd6ymhjE0C7mjvzFkFfN/9Z3/Sjv89ZJ5/
2024-02-07 15:27:36 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 59 7a 2b 70 30 4c 57 6f 62 45 65 5a 31 65 6c 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 30 32 35 64 61 32 35 35 37 63 30 63 64 38 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Yz+p0LWobEeZ1elw.3Context: 4025da2557c0cd89<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-02-07 15:27:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-02-07 15:27:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 76 67 65 74 68 68 6f 30 30 53 48 54 35 49 72 64 76 35 63 31 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Uvgethho00SHT5Irdv5c1w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49733	20.25.241.18	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:27:55 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 47 65 4b 71 32 41 2b 70 6b 2b 6f 79 66 6c 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 38 31 32 33 65 34 35 39 38 32 61 66 35 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: IGeKq2A+pk+oyflc.1Context: cd8123e45982af50
2024-02-07 15:27:55 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-02-07 15:27:55 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 49 47 65 4b 71 32 41 2b 70 6b 2b 6f 79 66 6c 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 38 31 32 33 65 34 35 39 38 32 61 66 35 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 38 73 50 4e 63 72 36 73 56 77 65 53 57 58 46 43 42 2f 6c 79 37 41 2f 6a 53 65 59 54 34 2b 4c 63 5a 35 50 37 42 33 55 78 54 30 4e 31 62 43 5a 71 77 58 72 72 6b 59 63 58 56 72 4d 46 57 67 4c 72 2f 61 65 54 66 6a 46 6c 62 5a 64 36 79 6d 68 6a 45 30 43 37 6d 6a 76 7a 46 6b 46 66 4e 2f 39 5a 33 2f 53 6a 76 38 39 5a 4a 35 2f Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: IGeKq2A+pk+oyflc.2Context: cd8123e45982af50<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl8sPNcr6sVweSWXFCB/ly7A/jSeYT4+LcZ5P7B3UxT0N1bCZqwXrrkYcXVrMFWgLr/aeTfjFlbZd6ymhjE0C7mjvzFkFfN/9Z3/Sjv89ZJ5/
2024-02-07 15:27:55 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 47 65 4b 71 32 41 2b 70 6b 2b 6f 79 66 6c 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 64 38 31 32 33 65 34 35 39 38 32 61 66 35 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: IGeKq2A+pk+oyflc.3Context: cd8123e45982af50<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-02-07 15:27:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-02-07 15:27:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 6a 78 38 62 38 5a 67 2b 6b 69 70 62 7a 4c 48 75 6e 45 53 31 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Zjx8b8Zg+kipbzLHunES1Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49737	52.159.126.152	443

Timestamp	Bytes transferred	Direction	Data
2024-02-07 15:28:19 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 6c 72 45 31 34 32 71 41 55 4f 36 5a 4e 4a 32 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 34 65 35 35 30 35 37 65 35 37 37 36 36 32 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: QlrE142qAUO6ZNJ2.1Context: d4e55057e5776625
2024-02-07 15:28:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-02-07 15:28:19 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 51 6c 72 45 31 34 32 71 41 55 4f 36 5a 4e 4a 32 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 34 65 35 35 30 35 37 65 35 37 37 36 36 32 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 6c 38 73 50 4e 63 72 36 73 56 77 65 53 57 58 46 43 42 2f 6c 79 37 41 2f 6a 53 65 59 54 34 2b 4c 63 5a 35 50 37 42 33 55 78 54 30 4e 31 62 43 5a 71 77 58 72 72 6b 59 63 58 56 72 4d 46 57 67 4c 72 2f 61 65 54 66 6a 46 6c 62 5a 64 36 79 6d 68 6a 45 30 43 37 6d 6a 76 7a 46 6b 46 66 4e 2f 39 5a 33 2f 53 6a 76 38 39 5a 4a 35 2f Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: QlrE142qAUO6ZNJ2.2Context: d4e55057e5776625<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWl8sPNcr6sVweSWXFCB/ly7A/jSeYT4+LcZ5P7B3UxT0N1bCZqwXrrkYcXVrMFWgLr/aeTfjFlbZd6ymhjE0C7mjvzFkFfN/9Z3/Sjv89ZJ5/
2024-02-07 15:28:19 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 6c 72 45 31 34 32 71 41 55 4f 36 5a 4e 4a 32 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 34 65 35 35 30 35 37 65 35 37 37 36 36 32 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: QlrE142qAUO6ZNJ2.3Context: d4e55057e5776625<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-02-07 15:28:19 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-02-07 15:28:19 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 59 6e 42 63 31 36 38 53 72 6b 61 36 48 50 62 32 6f 34 4a 4c 4f 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: YnBc168Srka6HPb2o4JLOg.0Payload parsing failed.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	16:27:08
Start date:	07/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:27:12
Start date:	07/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1956,i,8789596328055083740,16221983054417927590,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:27:15
Start date:	07/02/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cloudflare-ipfs.com
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://cloudflare-ipfs.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 41

Chrome Cache Entry: 42

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5920, Parent PID: 5760

General

File Activities

File Opened

File Created

File Deleted

Windows Analysis Report
http://cloudflare-ipfs.com