Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://cdn2.mgazeti.co.ke

Overview

General Information

Sample URL:http://cdn2.mgazeti.co.ke
Analysis ID:1467936
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2056,i,14522296998796463495,2190874180158503347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn2.mgazeti.co.ke" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://cdn2.mgazeti.co.ke/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cdn2.mgazeti.co.keConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDAzJTIwRm9yYmlkZGVuJTIyJTJDJTIyeCUyMiUzQTAuNDUwNDIwMDg4NDA0Nzc4NjUlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTkwNyUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGY2RuMi5tZ2F6ZXRpLmNvLmtlJTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMjQwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA== HTTP/1.1Host: cdn2.mgazeti.co.keConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cdn2.mgazeti.co.ke/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /matomo.js HTTP/1.1Host: matomo.radioafrica.digitalConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cdn2.mgazeti.co.ke/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn2.mgazeti.co.keConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn2.mgazeti.co.ke/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cdn2.mgazeti.co.keConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: cdn2.mgazeti.co.ke
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: matomo.radioafrica.digital
Source: unknownHTTP traffic detected: POST /report/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 388Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 05 Jul 2024 03:28:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Ray: 89e44478ba5741df-EWRCF-Cache-Status: DYNAMICVary: Accept-EncodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflarealt-svc: h3=":443"; ma=86400
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 05 Jul 2024 03:28:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfM88fGtEw2%2BctypVMNEMY3hKpawdrVByl%2FvDww0nFXvkArq8RLC%2BYcB%2FO0Fqe8UtkvI7oGqSgFopaagoDy3ShzQd4agQ5g8ZzfxydO%2Fa%2BW7sslzmjJygmklb2pc9f3OnHjw0uM%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 89e4448aaee7427c-EWRalt-svc: h3=":443"; ma=86400
Source: chromecache_49.2.drString found in binary or memory: http://matomo.org
Source: chromecache_49.2.drString found in binary or memory: http://matomo.org/free-software/bsd/
Source: chromecache_49.2.drString found in binary or memory: http://piwik.org/free-software/bsd/
Source: chromecache_49.2.drString found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: chromecache_49.2.drString found in binary or memory: https://matomo.org
Source: chromecache_46.2.drString found in binary or memory: https://matomo.radioafrica.digital/
Source: chromecache_49.2.drString found in binary or memory: https://piwik.org
Source: chromecache_49.2.drString found in binary or memory: https://piwik.org/free-software/bsd/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: classification engineClassification label: clean0.win@17/8@10/6
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2056,i,14522296998796463495,2190874180158503347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn2.mgazeti.co.ke"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2056,i,14522296998796463495,2190874180158503347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://cdn2.mgazeti.co.ke0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn2.mgazeti.co.ke/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDAzJTIwRm9yYmlkZGVuJTIyJTJDJTIyeCUyMiUzQTAuNDUwNDIwMDg4NDA0Nzc4NjUlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTkwNyUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGY2RuMi5tZ2F6ZXRpLmNvLmtlJTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMjQwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==0%Avira URL Cloudsafe
https://matomo.radioafrica.digital/matomo.js0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=bfM88fGtEw2%2BctypVMNEMY3hKpawdrVByl%2FvDww0nFXvkArq8RLC%2BYcB%2FO0Fqe8UtkvI7oGqSgFopaagoDy3ShzQd4agQ5g8ZzfxydO%2Fa%2BW7sslzmjJygmklb2pc9f3OnHjw0uM%3D0%Avira URL Cloudsafe
http://matomo.org0%Avira URL Cloudsafe
https://github.com/matomo-org/matomo/blob/master/js/piwik.js0%Avira URL Cloudsafe
http://cdn2.mgazeti.co.ke/0%Avira URL Cloudsafe
https://matomo.radioafrica.digital/matomo.php?action_name=403%20Forbidden&idsite=3&rec=1&r=457422&h=23&m=28&s=54&url=https%3A%2F%2Fcdn2.mgazeti.co.ke%2F&_id=&_idn=1&cs=windows-1252&send_image=0&_refts=0&pv_id=qa6oFE&devicePixelRatio=1&webgl=1&pf_net=646&pf_srv=633&pf_tfr=20&pf_dm1=46&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x10240%Avira URL Cloudsafe
https://piwik.org/free-software/bsd/0%Avira URL Cloudsafe
https://github.com/matomo-org/matomo/blob/master/js/piwik.js0%VirustotalBrowse
https://matomo.org0%Avira URL Cloudsafe
http://matomo.org0%VirustotalBrowse
https://cdn2.mgazeti.co.ke/favicon.ico0%Avira URL Cloudsafe
https://piwik.org/free-software/bsd/0%VirustotalBrowse
http://matomo.org/free-software/bsd/0%Avira URL Cloudsafe
https://piwik.org0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3D0%Avira URL Cloudsafe
https://matomo.org0%VirustotalBrowse
https://matomo.radioafrica.digital/0%Avira URL Cloudsafe
http://piwik.org/free-software/bsd/0%Avira URL Cloudsafe
http://matomo.org/free-software/bsd/0%VirustotalBrowse
http://piwik.org/free-software/bsd/0%VirustotalBrowse
https://matomo.radioafrica.digital/0%VirustotalBrowse
https://piwik.org0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
cdn2.mgazeti.co.ke
188.114.96.3
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      matomo.radioafrica.digital
      		104.21.85.100
      		truefalse
        		unknown
        www.google.com
        		172.217.18.4
        		truefalse
          		unknown
          fp2e7a.wpc.phicdn.net
          		192.229.221.95
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://matomo.radioafrica.digital/matomo.jsfalse
            • Avira URL Cloud: safe
            		unknown
            https://a.nel.cloudflare.com/report/v4?s=bfM88fGtEw2%2BctypVMNEMY3hKpawdrVByl%2FvDww0nFXvkArq8RLC%2BYcB%2FO0Fqe8UtkvI7oGqSgFopaagoDy3ShzQd4agQ5g8ZzfxydO%2Fa%2BW7sslzmjJygmklb2pc9f3OnHjw0uM%3Dfalse
            • Avira URL Cloud: safe
            		unknown
            https://cdn2.mgazeti.co.ke/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDAzJTIwRm9yYmlkZGVuJTIyJTJDJTIyeCUyMiUzQTAuNDUwNDIwMDg4NDA0Nzc4NjUlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTkwNyUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGY2RuMi5tZ2F6ZXRpLmNvLmtlJTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMjQwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==false
            • Avira URL Cloud: safe
            		unknown
            https://matomo.radioafrica.digital/matomo.php?action_name=403%20Forbidden&idsite=3&rec=1&r=457422&h=23&m=28&s=54&url=https%3A%2F%2Fcdn2.mgazeti.co.ke%2F&_id=&_idn=1&cs=windows-1252&send_image=0&_refts=0&pv_id=qa6oFE&devicePixelRatio=1&webgl=1&pf_net=646&pf_srv=633&pf_tfr=20&pf_dm1=46&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024false
            • Avira URL Cloud: safe
            		unknown
            http://cdn2.mgazeti.co.ke/false
            • Avira URL Cloud: safe
            		unknown
            https://cdn2.mgazeti.co.ke/favicon.icofalse
            • Avira URL Cloud: safe
            		unknown
            https://a.nel.cloudflare.com/report/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3Dfalse
            • Avira URL Cloud: safe
            		unknown
            https://cdn2.mgazeti.co.ke/false
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://matomo.orgchromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/matomo-org/matomo/blob/master/js/piwik.jschromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://piwik.org/free-software/bsd/chromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://matomo.orgchromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://matomo.org/free-software/bsd/chromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://piwik.orgchromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://matomo.radioafrica.digital/chromecache_46.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://piwik.org/free-software/bsd/chromecache_49.2.drfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              188.114.96.3
              		cdn2.mgazeti.co.keEuropean Union
              		13335CLOUDFLARENETUSfalse
              172.217.18.4
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              104.21.85.100
              		matomo.radioafrica.digitalUnited States
              		13335CLOUDFLARENETUSfalse
              35.190.80.1
              		a.nel.cloudflare.comUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.4

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1467936
              Start date and time:2024-07-05 05:27:59 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 2s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:browseurl.jbs
              Sample URL:http://cdn2.mgazeti.co.ke
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean0.win@17/8@10/6
              EGA Information:Failed
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 0
              • Number of non-executed functions: 0

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.142, 64.233.184.84, 34.104.35.123, 20.12.23.50, 93.184.221.240, 192.229.221.95, 20.166.126.56, 172.217.18.99
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtSetInformationFile calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              No simulations

              LLM Input / Output

              InputOutput
              URL: https://cdn2.mgazeti.co.ke/ Model: Perplexity: mixtral-8x7b-instruct
              {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title and text of the webpage are both '403 Forbidden', which does not contain any login forms, create a sense of urgency, or contain a CAPTCHA.","There is no explicit request for sensitive information, no language creating urgency, and no CAPTCHA or anti-robot detection mechanism present."]}
              Title: 403 Forbidden OCR: 403 Forbidden

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              Chrome Cache Entry: 46

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (3641)
              Category:downloaded
              Size (bytes):5754
              Entropy (8bit):5.4035354692412225
              Encrypted:false
              SSDEEP:96:sYAhBftGOUjkYGrKXkaqcGX75H9Q5p20SPMd8UTZWtgGFYnWdLfxFE3y6ZnSeXL3:sYAhBfykYJlq9Lw7EMWSZagGCYfxiyuB
              MD5:2F98838ADE05ACA866146A8996748E0F
              SHA1:CAB7448B3BA27F689C571E94D64914D4260EFDC0
              SHA-256:D96402829FEE52CFEFADA55622D89EBD4E796A31ED21523A7469145A7E5E32B1
              SHA-512:5F2094DE4C4A28FC626FF9F7E4A342A08336EA4FAE8BE7D192CE8A69DA1A14A3E7B7653AB11AC1BB3F0AF0B7E7BBBCFC0057A3A651A416E68C5869CF6E4DD890
              Malicious:false
              Reputation:low
              URL:https://cdn2.mgazeti.co.ke/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDAzJTIwRm9yYmlkZGVuJTIyJTJDJTIyeCUyMiUzQTAuNDUwNDIwMDg4NDA0Nzc4NjUlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTkwNyUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGY2RuMi5tZ2F6ZXRpLmNvLmtlJTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMjQwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==
              Preview:try{(function(w,d){zaraz.debug=(eI="")=>{document.cookie=`zarazDebug=${eI}; path=/`;location.reload()};window.zaraz._al=function(cC,cD,cE){w.zaraz.listeners.push({item:cC,type:cD,callback:cE});cC.addEventListener(cD,cE)};zaraz.preview=(cF="")=>{document.cookie=`zarazPreview=${cF}; path=/`;location.reload()};zaraz.i=function(eC){const eD=d.createElement("div");eD.innerHTML=unescape(eC);const eE=eD.querySelectorAll("script");for(let eF=0;eF<eE.length;eF++){const eG=d.createElement("script");eE[eF].innerHTML&&(eG.innerHTML=eE[eF].innerHTML);for(const eH of eE[eF].attributes)eG.setAttribute(eH.name,eH.value);d.head.appendChild(eG);eE[eF].remove()}d.body.appendChild(eD)};zaraz.f=async function(cN,cO){const cP={credentials:"include",keepalive:!0,mode:"no-cors"};if(cO){cP.method="POST";cP.body=new URLSearchParams(cO);cP.headers={"Content-Type":"application/x-www-form-urlencoded"}}return await fetch(cN,cP)};window.zaraz._p=async bk=>new Promise((bl=>{if(bk){bk.e&&bk.e.forEach((bm=>{try{new Fun

              Chrome Cache Entry: 47

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with CRLF line terminators
              Category:downloaded
              Size (bytes):548
              Entropy (8bit):4.660801881684815
              Encrypted:false
              SSDEEP:12:TvgsoCVIogs01lI5r8INGlTF5TF5TF5TF5TF5TFK:cEQtnDTPTPTPTPTPTc
              MD5:4B074B0B59693FA9F94FB71B175FB187
              SHA1:0004D4F82B546013424B2E0DE084395071EEF98B
              SHA-256:25FB23868EBF48348F9E438E00CB9B9D9B3A054F32482A781C762CC4F9CC6393
              SHA-512:F928E9FAA0BC776FC5D8A0326981853709D437B7B1C2E238894BFB2ACBB627442C425CBB00D369C52D15876B6C795E67F7580341686696D569A908A6ADD4B444
              Malicious:false
              Reputation:low
              URL:https://cdn2.mgazeti.co.ke/favicon.ico
              Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

              Chrome Cache Entry: 48

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (1658), with CRLF line terminators
              Category:downloaded
              Size (bytes):2165
              Entropy (8bit):5.386775399971378
              Encrypted:false
              SSDEEP:48:I11yFxdatwywOwCtWxez3IpgU4VEOElVm1m5lx6DzzzzzY:ayF6qVp6WEjig4Hr5z7
              MD5:0E8BA2BDEE021B8ECEDE25429FBC280D
              SHA1:8F047C61A6CFE2C0556CC36F4372E5B27D34409C
              SHA-256:670462B8B5F521E9B0FBFCEBB8569143B3A2501A8C5501A27CB2EEC21B0A8768
              SHA-512:7359BDDF0DA5B2345DE57F1C9EA00A14715408997D04EDCC7487ECDF9F04A84F0606A4E90355573770332D518B14EA740D16E345B5CAA0D2FFA0CA341C8659C3
              Malicious:false
              Reputation:low
              URL:https://cdn2.mgazeti.co.ke/
              Preview:<html>..<head><title>403 Forbidden</title><script nonce="7d440106-7a6c-43e5-b22a-39499b3c2ee8">try{(function(w,d){!function(c,d,e,f){if(c.zaraz)console.error("zaraz is loaded twice");else{c[e]=c[e]||{};c[e].executed=[];c.zaraz={deferred:[],listeners:[]};c.zaraz._v="5714";c.zaraz.q=[];c.zaraz._f=function(g){return async function(){var h=Array.prototype.slice.call(arguments);c.zaraz.q.push({m:g,a:h})}};for(const i of["track","set","debug"])c.zaraz[i]=c.zaraz._f(i);c.zaraz.init=()=>{var j=d.getElementsByTagName(f)[0],k=d.createElement(f),l=d.getElementsByTagName("title")[0];l&&(c[e].t=d.getElementsByTagName("title")[0].text);c[e].x=Math.random();c[e].w=c.screen.width;c[e].h=c.screen.height;c[e].j=c.innerHeight;c[e].e=c.innerWidth;c[e].l=c.location.href;c[e].r=d.referrer;c[e].k=c.screen.colorDepth;c[e].n=d.characterSet;c[e].o=(new Date).getTimezoneOffset();if(c.dataLayer)for(const p of Object.entries(Object.entries(dataLayer).reduce(((q,r)=>({...q[1],...r[1]})),{})))zaraz.set(p[0],p[1],{sc

              Chrome Cache Entry: 49

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (65136)
              Category:downloaded
              Size (bytes):70190
              Entropy (8bit):5.517664552176581
              Encrypted:false
              SSDEEP:1536:IpgnplATrFVqe7EKxFXHuveM2V1Oy6fu1K0MNdda8iNDAGoT4ITzxfYQKFoo:Ip+jmhuWZ1Oy6fvNdda8iNDAGQXxfN+
              MD5:EA98DD135BCA0B207D5922295009077F
              SHA1:F06D8461D5A52D599E7F71F84851C356A3729BD3
              SHA-256:BA0A97DED3A5901EC9CABBC1F835DA8F35716296924F7017FB073D5F5A9422A6
              SHA-512:181C9F2688884296491281548A8E850D8798FF4FB8EDD2EB30F00A4F6A5CC824B84523EAE5FD5DE63F467E547CDBC8854EAB6E515DEA1282585844B10A9823B8
              Malicious:false
              Reputation:low
              URL:https://matomo.radioafrica.digital/matomo.js
              Preview:/*!!.* Matomo - free/libre analytics platform.*.* JavaScript tracking client.*.* @link https://piwik.org.* @source https://github.com/matomo-org/matomo/blob/master/js/piwik.js.* @license https://piwik.org/free-software/bsd/ BSD-3 Clause (also in js/LICENSE.txt).* @license magnet:?xt=urn:btih:c80d50af7d3db9be66a4d0a86db0286e4fd33292&dn=bsd-3-clause.txt BSD-3-Clause.*/;if(typeof _paq!=="object"){_paq=[]}if(typeof window.Matomo!=="object"){window.Matomo=window.Piwik=(function(){var s,b={},A={},K=document,g=navigator,ac=screen,X=window,h=X.performance||X.mozPerformance||X.msPerformance||X.webkitPerformance,u=X.encodeURIComponent,W=X.decodeURIComponent,k=unescape,M=[],I,v,am=[],z=0,ag=0,Y=0,m=false,q="";function p(au){try{return W(au)}catch(av){return unescape(au)}}function N(av){var au=typeof av;return au!=="undefined"}function D(au){return typeof au==="function"}function aa(au){return typeof au==="object"}function y(au){return typeof au==="string"||au instanceof String}function al(au){ret

              Static File Info

              No static file info

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jul 5, 2024 05:28:40.995872021 CEST49678443192.168.2.4104.46.162.224
              Jul 5, 2024 05:28:42.051887035 CEST49675443192.168.2.4173.222.162.32
              Jul 5, 2024 05:28:51.397346020 CEST4973580192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:51.397594929 CEST4973680192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:51.402192116 CEST8049735188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:51.402290106 CEST4973580192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:51.402319908 CEST8049736188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:51.402369022 CEST4973680192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:51.402508974 CEST4973580192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:51.407253027 CEST8049735188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:51.883681059 CEST8049735188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:51.923320055 CEST4973580192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.017083883 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.017117023 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.017205954 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.017415047 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.017431974 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.497342110 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.525397062 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.525445938 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.526329041 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.526406050 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.530466080 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.530530930 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.530680895 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:52.530690908 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:52.574783087 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.135914087 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.135972023 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.136018991 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.136044979 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.136056900 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.136102915 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.176577091 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.176609039 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.176668882 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.177746058 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.177758932 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.183990955 CEST49738443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.184009075 CEST44349738188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.276071072 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.276098967 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.276201963 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.276402950 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.276415110 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.647519112 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:53.647543907 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:53.647602081 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:53.648343086 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:53.648356915 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:53.650122881 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.650950909 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.650970936 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.651853085 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.651911974 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.653722048 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.653784990 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.654365063 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.654371023 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.697932005 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.749407053 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.749922037 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.749933004 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.750205994 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.751172066 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.751221895 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.751344919 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.781548977 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.781779051 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.781822920 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.781856060 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.781869888 CEST4434974035.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.781878948 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.781909943 CEST49740443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.782669067 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.782680988 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.782736063 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.783541918 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:53.783550978 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:53.796499014 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882349014 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882390022 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882420063 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882430077 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.882440090 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882467985 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882477045 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.882483006 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882518053 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.882523060 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.882564068 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.890814066 CEST49741443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:53.890821934 CEST44349741188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:53.939414024 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:53.939441919 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:53.939495087 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:53.940392017 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:53.940407991 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.282021999 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.282352924 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.282373905 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.282655954 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.283107042 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.283107042 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.283121109 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.283158064 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.289869070 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:54.289905071 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:54.290028095 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:54.291637897 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:54.291652918 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:54.298049927 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:54.298301935 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:54.298316956 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:54.299304962 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:54.299391031 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:54.335465908 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.418447018 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.418668032 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.418684006 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.419315100 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.419476986 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.419531107 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.419600964 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.419600964 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.419621944 CEST4434974335.190.80.1192.168.2.4
              Jul 5, 2024 05:28:54.419651031 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.419759989 CEST49743443192.168.2.435.190.80.1
              Jul 5, 2024 05:28:54.468535900 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:54.468668938 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:54.469248056 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.469378948 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.469906092 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.511099100 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.511106968 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.511109114 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:54.511130095 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:28:54.557791948 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.557795048 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:28:54.582453012 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.582509995 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.582545042 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.582577944 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.582604885 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.582614899 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.582638025 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.582648993 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.582772017 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.582779884 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.583010912 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.583044052 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.583122969 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.583133936 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.583230019 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.587249994 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.587326050 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.588315964 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.588324070 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.634582043 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.672821045 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673058987 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673103094 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.673108101 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673119068 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673182011 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673213005 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673239946 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.673239946 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673249960 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.673297882 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.674021006 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674077988 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674109936 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674134016 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.674134016 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674144030 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674841881 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674896955 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674921989 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.674932957 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674968004 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.674994946 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.675002098 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.675147057 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.675776958 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.675833941 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.675859928 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.675987005 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.675995111 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.676105976 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.716403008 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.762334108 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.762351990 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763351917 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763385057 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763410091 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.763417006 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763451099 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763608932 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763616085 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763667107 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763674021 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763700008 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.763709068 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763719082 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763736010 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.763746023 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.763748884 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.763776064 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.764491081 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.764576912 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.764605999 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.764704943 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.806200027 CEST49744443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.806229115 CEST44349744104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.892714024 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.892749071 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.892837048 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.896712065 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:54.896723032 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:54.902844906 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:54.902873039 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:54.903302908 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:54.903539896 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:54.903548956 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:54.952784061 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:54.953043938 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:54.957643986 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:54.957653046 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:54.957916021 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.016709089 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.024713039 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.072491884 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.220335007 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.220552921 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.220592022 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.222917080 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.222929001 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.222959042 CEST49745443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.222965002 CEST443497452.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.367424965 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:55.368005037 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:55.368016958 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:55.368309021 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:55.368732929 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:55.368786097 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:55.374330044 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:55.380539894 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.380868912 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:55.380882025 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.381196022 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.381897926 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:55.381946087 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.382185936 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:55.395203114 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.395216942 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.395298004 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.395736933 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:55.395747900 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:55.420500040 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:55.424503088 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.979617119 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.979686022 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:55.979731083 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:55.980670929 CEST49747443192.168.2.4188.114.96.3
              Jul 5, 2024 05:28:55.980680943 CEST44349747188.114.96.3192.168.2.4
              Jul 5, 2024 05:28:56.035676956 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.035962105 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:56.036947966 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:56.036956072 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.037257910 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.038268089 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:56.044874907 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:56.044919014 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:56.045641899 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:56.045656919 CEST44349746104.21.85.100192.168.2.4
              Jul 5, 2024 05:28:56.045686960 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:56.045890093 CEST49746443192.168.2.4104.21.85.100
              Jul 5, 2024 05:28:56.080528021 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.306941032 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.307065010 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.307163954 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:56.309479952 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:56.309479952 CEST49748443192.168.2.42.19.104.72
              Jul 5, 2024 05:28:56.309492111 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:28:56.309500933 CEST443497482.19.104.72192.168.2.4
              Jul 5, 2024 05:29:04.197154999 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:04.197223902 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:04.197320938 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:04.375248909 CEST49742443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:04.375274897 CEST44349742172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:06.772861958 CEST8049736188.114.96.3192.168.2.4
              Jul 5, 2024 05:29:06.772927999 CEST4973680192.168.2.4188.114.96.3
              Jul 5, 2024 05:29:07.871217012 CEST4973680192.168.2.4188.114.96.3
              Jul 5, 2024 05:29:07.877357006 CEST8049736188.114.96.3192.168.2.4
              Jul 5, 2024 05:29:36.885714054 CEST4973580192.168.2.4188.114.96.3
              Jul 5, 2024 05:29:36.890603065 CEST8049735188.114.96.3192.168.2.4
              Jul 5, 2024 05:29:53.183859110 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.183888912 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.183974981 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.184281111 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.184293032 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.540009022 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:53.540052891 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:53.540230036 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:53.540504932 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:53.540515900 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:53.653942108 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.654155016 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.654171944 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.654472113 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.655071974 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.655123949 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.655333996 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.700493097 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.785260916 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.785309076 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.785352945 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.785680056 CEST49757443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.785691023 CEST4434975735.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.786425114 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.786465883 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:53.786566973 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.786808968 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:53.786824942 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.189397097 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:54.189645052 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:54.189663887 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:54.190135956 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:54.190454960 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:54.190541029 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:29:54.244903088 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:29:54.255872965 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.256051064 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:54.256071091 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.256369114 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.256764889 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:54.256820917 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.256866932 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:54.304498911 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.307403088 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:54.385339975 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.385678053 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:29:54.385711908 CEST4434975935.190.80.1192.168.2.4
              Jul 5, 2024 05:29:54.385795116 CEST49759443192.168.2.435.190.80.1
              Jul 5, 2024 05:30:04.088983059 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:30:04.089047909 CEST44349758172.217.18.4192.168.2.4
              Jul 5, 2024 05:30:04.089245081 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:30:06.237371922 CEST49758443192.168.2.4172.217.18.4
              Jul 5, 2024 05:30:06.237406015 CEST44349758172.217.18.4192.168.2.4

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jul 5, 2024 05:28:49.577754021 CEST53509851.1.1.1192.168.2.4
              Jul 5, 2024 05:28:49.622665882 CEST53527121.1.1.1192.168.2.4
              Jul 5, 2024 05:28:50.747936010 CEST53540731.1.1.1192.168.2.4
              Jul 5, 2024 05:28:51.377252102 CEST5247353192.168.2.41.1.1.1
              Jul 5, 2024 05:28:51.377413034 CEST4964853192.168.2.41.1.1.1
              Jul 5, 2024 05:28:51.390775919 CEST53524731.1.1.1192.168.2.4
              Jul 5, 2024 05:28:51.515414000 CEST53496481.1.1.1192.168.2.4
              Jul 5, 2024 05:28:51.886164904 CEST5631753192.168.2.41.1.1.1
              Jul 5, 2024 05:28:51.886311054 CEST6368953192.168.2.41.1.1.1
              Jul 5, 2024 05:28:51.984273911 CEST53563171.1.1.1192.168.2.4
              Jul 5, 2024 05:28:52.062369108 CEST53636891.1.1.1192.168.2.4
              Jul 5, 2024 05:28:53.167910099 CEST6367653192.168.2.41.1.1.1
              Jul 5, 2024 05:28:53.168226957 CEST5609153192.168.2.41.1.1.1
              Jul 5, 2024 05:28:53.174576044 CEST53636761.1.1.1192.168.2.4
              Jul 5, 2024 05:28:53.174952984 CEST53560911.1.1.1192.168.2.4
              Jul 5, 2024 05:28:53.623497009 CEST5729653192.168.2.41.1.1.1
              Jul 5, 2024 05:28:53.623939991 CEST6476953192.168.2.41.1.1.1
              Jul 5, 2024 05:28:53.630589008 CEST53572961.1.1.1192.168.2.4
              Jul 5, 2024 05:28:53.630604982 CEST53647691.1.1.1192.168.2.4
              Jul 5, 2024 05:28:53.928503990 CEST6210953192.168.2.41.1.1.1
              Jul 5, 2024 05:28:53.929044962 CEST6335853192.168.2.41.1.1.1
              Jul 5, 2024 05:28:53.938241005 CEST53621091.1.1.1192.168.2.4
              Jul 5, 2024 05:28:53.938591957 CEST53633581.1.1.1192.168.2.4
              Jul 5, 2024 05:29:07.884924889 CEST53525011.1.1.1192.168.2.4
              Jul 5, 2024 05:29:11.531213999 CEST138138192.168.2.4192.168.2.255
              Jul 5, 2024 05:29:26.578265905 CEST53565201.1.1.1192.168.2.4
              Jul 5, 2024 05:29:48.928155899 CEST53617111.1.1.1192.168.2.4
              Jul 5, 2024 05:29:49.175899982 CEST53519821.1.1.1192.168.2.4

              ICMP Packets

              TimestampSource IPDest IPChecksumCodeType
              Jul 5, 2024 05:28:51.515480995 CEST192.168.2.41.1.1.1c231(Port unreachable)Destination Unreachable

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jul 5, 2024 05:28:51.377252102 CEST192.168.2.41.1.1.10xf096Standard query (0)cdn2.mgazeti.co.keA (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:51.377413034 CEST192.168.2.41.1.1.10x9fd3Standard query (0)cdn2.mgazeti.co.ke65IN (0x0001)false
              Jul 5, 2024 05:28:51.886164904 CEST192.168.2.41.1.1.10x9ce5Standard query (0)cdn2.mgazeti.co.keA (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:51.886311054 CEST192.168.2.41.1.1.10xff0Standard query (0)cdn2.mgazeti.co.ke65IN (0x0001)false
              Jul 5, 2024 05:28:53.167910099 CEST192.168.2.41.1.1.10xccdeStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.168226957 CEST192.168.2.41.1.1.10x3a99Standard query (0)a.nel.cloudflare.com65IN (0x0001)false
              Jul 5, 2024 05:28:53.623497009 CEST192.168.2.41.1.1.10x2e9fStandard query (0)www.google.comA (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.623939991 CEST192.168.2.41.1.1.10x1aa1Standard query (0)www.google.com65IN (0x0001)false
              Jul 5, 2024 05:28:53.928503990 CEST192.168.2.41.1.1.10xdfbdStandard query (0)matomo.radioafrica.digitalA (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.929044962 CEST192.168.2.41.1.1.10xaf25Standard query (0)matomo.radioafrica.digital65IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jul 5, 2024 05:28:51.390775919 CEST1.1.1.1192.168.2.40xf096No error (0)cdn2.mgazeti.co.ke188.114.96.3A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:51.390775919 CEST1.1.1.1192.168.2.40xf096No error (0)cdn2.mgazeti.co.ke188.114.97.3A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:51.515414000 CEST1.1.1.1192.168.2.40x9fd3No error (0)cdn2.mgazeti.co.ke65IN (0x0001)false
              Jul 5, 2024 05:28:51.984273911 CEST1.1.1.1192.168.2.40x9ce5No error (0)cdn2.mgazeti.co.ke188.114.96.3A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:51.984273911 CEST1.1.1.1192.168.2.40x9ce5No error (0)cdn2.mgazeti.co.ke188.114.97.3A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:52.062369108 CEST1.1.1.1192.168.2.40xff0No error (0)cdn2.mgazeti.co.ke65IN (0x0001)false
              Jul 5, 2024 05:28:53.174576044 CEST1.1.1.1192.168.2.40xccdeNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.630589008 CEST1.1.1.1192.168.2.40x2e9fNo error (0)www.google.com172.217.18.4A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.630604982 CEST1.1.1.1192.168.2.40x1aa1No error (0)www.google.com65IN (0x0001)false
              Jul 5, 2024 05:28:53.938241005 CEST1.1.1.1192.168.2.40xdfbdNo error (0)matomo.radioafrica.digital104.21.85.100A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.938241005 CEST1.1.1.1192.168.2.40xdfbdNo error (0)matomo.radioafrica.digital172.67.204.113A (IP address)IN (0x0001)false
              Jul 5, 2024 05:28:53.938591957 CEST1.1.1.1192.168.2.40xaf25No error (0)matomo.radioafrica.digital65IN (0x0001)false
              Jul 5, 2024 05:29:05.617223978 CEST1.1.1.1192.168.2.40xc6f5No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 5, 2024 05:29:05.617223978 CEST1.1.1.1192.168.2.40xc6f5No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jul 5, 2024 05:29:18.787816048 CEST1.1.1.1192.168.2.40xaa5dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 5, 2024 05:29:18.787816048 CEST1.1.1.1192.168.2.40xaa5dNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jul 5, 2024 05:29:41.663831949 CEST1.1.1.1192.168.2.40xe7e8No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 5, 2024 05:29:41.663831949 CEST1.1.1.1192.168.2.40xe7e8No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
              Jul 5, 2024 05:30:02.393465042 CEST1.1.1.1192.168.2.40xc022No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
              Jul 5, 2024 05:30:02.393465042 CEST1.1.1.1192.168.2.40xc022No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • cdn2.mgazeti.co.ke
              • https:
                • matomo.radioafrica.digital
              • a.nel.cloudflare.com
              • fs.microsoft.com

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.449735188.114.96.3802188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              Jul 5, 2024 05:28:51.402508974 CEST433OUTGET / HTTP/1.1
              Host: cdn2.mgazeti.co.ke
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Encoding: gzip, deflate
              Accept-Language: en-US,en;q=0.9
              Jul 5, 2024 05:28:51.883681059 CEST850INHTTP/1.1 301 Moved Permanently
              Date: Fri, 05 Jul 2024 03:28:51 GMT
              Content-Type: text/html
              Content-Length: 167
              Connection: keep-alive
              Cache-Control: max-age=3600
              Expires: Fri, 05 Jul 2024 04:28:51 GMT
              Location: https://cdn2.mgazeti.co.ke/
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6hRz9ISwM29RcFOGZvwmPY%2FuwuTrcWOl7iX5%2BHmPAEt4I4hjiN9c%2BIIkp8tiVAX2gKrv6fhapgvI5bwbbrUCYybyK8IxHgFXCCtFwTl%2FtY1Q4Arxpi4jOrLgw71YhKfJDnS5sb4%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Vary: Accept-Encoding
              Server: cloudflare
              CF-RAY: 89e44473ea1b42e3-EWR
              alt-svc: h3=":443"; ma=86400
              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
              Jul 5, 2024 05:29:36.885714054 CEST6OUTData Raw: 00
              Data Ascii:


              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.449738188.114.96.34432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:52 UTC661OUTGET / HTTP/1.1
              Host: cdn2.mgazeti.co.ke
              Connection: keep-alive
              Upgrade-Insecure-Requests: 1
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Sec-Fetch-Site: none
              Sec-Fetch-Mode: navigate
              Sec-Fetch-User: ?1
              Sec-Fetch-Dest: document
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              sec-ch-ua-platform: "Windows"
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:53 UTC599INHTTP/1.1 403 Forbidden
              Date: Fri, 05 Jul 2024 03:28:53 GMT
              Content-Type: text/html
              Transfer-Encoding: chunked
              Connection: close
              CF-Ray: 89e44478ba5741df-EWR
              CF-Cache-Status: DYNAMIC
              Vary: Accept-Encoding
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              alt-svc: h3=":443"; ma=86400
              2024-07-05 03:28:53 UTC1369INData Raw: 38 37 35 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 37 64 34 34 30 31 30 36 2d 37 61 36 63 2d 34 33 65 35 2d 62 32 32 61 2d 33 39 34 39 39 62 33 63 32 65 65 38 22 3e 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 29 7b 21 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 65 2c 66 29 7b 69 66 28 63 2e 7a 61 72 61 7a 29 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 22 7a 61 72 61 7a 20 69 73 20 6c 6f 61 64 65 64 20 74 77 69 63 65 22 29 3b 65 6c 73 65 7b 63 5b 65 5d 3d 63 5b 65 5d 7c 7c 7b 7d 3b 63 5b 65 5d 2e 65 78 65 63 75 74 65 64 3d 5b 5d 3b 63 2e 7a 61 72 61 7a 3d 7b 64 65 66 65 72 72 65 64 3a 5b 5d 2c 6c 69 73 74 65 6e 65 72 73 3a
              Data Ascii: 875<html><head><title>403 Forbidden</title><script nonce="7d440106-7a6c-43e5-b22a-39499b3c2ee8">try{(function(w,d){!function(c,d,e,f){if(c.zaraz)console.error("zaraz is loaded twice");else{c[e]=c[e]||{};c[e].executed=[];c.zaraz={deferred:[],listeners:
              2024-07-05 03:28:53 UTC803INData Raw: 2b 62 74 6f 61 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 63 5b 65 5d 29 29 29 3b 6a 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 6b 2c 6a 29 7d 3b 5b 22 63 6f 6d 70 6c 65 74 65 22 2c 22 69 6e 74 65 72 61 63 74 69 76 65 22 5d 2e 69 6e 63 6c 75 64 65 73 28 64 2e 72 65 61 64 79 53 74 61 74 65 29 3f 7a 61 72 61 7a 2e 69 6e 69 74 28 29 3a 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 7a 61 72 61 7a 2e 69 6e 69 74 29 7d 7d 28 77 2c 64 2c 22 7a 61 72 61 7a 44 61 74 61 22 2c 22 73 63 72 69 70 74 22 29 3b 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 7d 63 61 74 63 68 28 65 29 7b 74 68 72 6f 77
              Data Ascii: +btoa(encodeURIComponent(JSON.stringify(c[e])));j.parentNode.insertBefore(k,j)};["complete","interactive"].includes(d.readyState)?zaraz.init():c.addEventListener("DOMContentLoaded",zaraz.init)}}(w,d,"zarazData","script");})(window,document)}catch(e){throw
              2024-07-05 03:28:53 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.44974035.190.80.14432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:53 UTC549OUTOPTIONS /report/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3D HTTP/1.1
              Host: a.nel.cloudflare.com
              Connection: keep-alive
              Origin: https://cdn2.mgazeti.co.ke
              Access-Control-Request-Method: POST
              Access-Control-Request-Headers: content-type
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:53 UTC336INHTTP/1.1 200 OK
              Content-Length: 0
              access-control-max-age: 86400
              access-control-allow-methods: POST, OPTIONS
              access-control-allow-origin: *
              access-control-allow-headers: content-length, content-type
              date: Fri, 05 Jul 2024 03:28:53 GMT
              Via: 1.1 google
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.449741188.114.96.34432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:53 UTC966OUTGET /cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyNDAzJTIwRm9yYmlkZGVuJTIyJTJDJTIyeCUyMiUzQTAuNDUwNDIwMDg4NDA0Nzc4NjUlMkMlMjJ3JTIyJTNBMTI4MCUyQyUyMmglMjIlM0ExMDI0JTJDJTIyaiUyMiUzQTkwNyUyQyUyMmUlMjIlM0ExMjgwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGY2RuMi5tZ2F6ZXRpLmNvLmtlJTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJ3aW5kb3dzLTEyNTIlMjIlMkMlMjJvJTIyJTNBMjQwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA== HTTP/1.1
              Host: cdn2.mgazeti.co.ke
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: */*
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: script
              Referer: https://cdn2.mgazeti.co.ke/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:53 UTC847INHTTP/1.1 200 OK
              Date: Fri, 05 Jul 2024 03:28:53 GMT
              Content-Type: text/javascript; charset=utf-8
              Content-Length: 5754
              Connection: close
              Access-Control-Allow-Origin: https://cdn2.mgazeti.co.ke
              Vary: Origin
              Access-Control-Allow-Credentials: true
              Access-Control-Allow-Headers: Content-Type, Set-Cookie, Cache-Control
              Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
              Access-Control-Max-Age: 600
              X-Robots-Tag: none
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8irGCUtfi%2FMYI%2BLpft%2Fz%2BvQ6nD6o97Ib900H%2Fb9f7LvdQY5NI%2FGMpuknCQpszK6XDYanRuhLWUeUocxTPFJZ2qyx%2FgBJSRlsmXwjtWlmSJX14vOAYeeN3N1Q5v7sOqq9oFRgRM%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 89e444806c6e423b-EWR
              alt-svc: h3=":443"; ma=86400
              2024-07-05 03:28:53 UTC522INData Raw: 74 72 79 7b 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 29 7b 7a 61 72 61 7a 2e 64 65 62 75 67 3d 28 65 49 3d 22 22 29 3d 3e 7b 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 60 7a 61 72 61 7a 44 65 62 75 67 3d 24 7b 65 49 7d 3b 20 70 61 74 68 3d 2f 60 3b 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 7d 3b 77 69 6e 64 6f 77 2e 7a 61 72 61 7a 2e 5f 61 6c 3d 66 75 6e 63 74 69 6f 6e 28 63 43 2c 63 44 2c 63 45 29 7b 77 2e 7a 61 72 61 7a 2e 6c 69 73 74 65 6e 65 72 73 2e 70 75 73 68 28 7b 69 74 65 6d 3a 63 43 2c 74 79 70 65 3a 63 44 2c 63 61 6c 6c 62 61 63 6b 3a 63 45 7d 29 3b 63 43 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 44 2c 63 45 29 7d 3b 7a 61 72 61 7a 2e 70 72 65 76 69 65 77 3d 28 63 46 3d 22 22 29 3d 3e 7b 64 6f 63 75 6d 65 6e 74 2e 63
              Data Ascii: try{(function(w,d){zaraz.debug=(eI="")=>{document.cookie=`zarazDebug=${eI}; path=/`;location.reload()};window.zaraz._al=function(cC,cD,cE){w.zaraz.listeners.push({item:cC,type:cD,callback:cE});cC.addEventListener(cD,cE)};zaraz.preview=(cF="")=>{document.c
              2024-07-05 03:28:53 UTC1369INData Raw: 54 4d 4c 3d 65 45 5b 65 46 5d 2e 69 6e 6e 65 72 48 54 4d 4c 29 3b 66 6f 72 28 63 6f 6e 73 74 20 65 48 20 6f 66 20 65 45 5b 65 46 5d 2e 61 74 74 72 69 62 75 74 65 73 29 65 47 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 65 48 2e 6e 61 6d 65 2c 65 48 2e 76 61 6c 75 65 29 3b 64 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 47 29 3b 65 45 5b 65 46 5d 2e 72 65 6d 6f 76 65 28 29 7d 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 44 29 7d 3b 7a 61 72 61 7a 2e 66 3d 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 28 63 4e 2c 63 4f 29 7b 63 6f 6e 73 74 20 63 50 3d 7b 63 72 65 64 65 6e 74 69 61 6c 73 3a 22 69 6e 63 6c 75 64 65 22 2c 6b 65 65 70 61 6c 69 76 65 3a 21 30 2c 6d 6f 64 65 3a 22 6e 6f 2d 63 6f 72 73 22 7d 3b 69 66 28 63 4f 29 7b 63 50 2e 6d
              Data Ascii: TML=eE[eF].innerHTML);for(const eH of eE[eF].attributes)eG.setAttribute(eH.name,eH.value);d.head.appendChild(eG);eE[eF].remove()}d.body.appendChild(eD)};zaraz.f=async function(cN,cO){const cP={credentials:"include",keepalive:!0,mode:"no-cors"};if(cO){cP.m
              2024-07-05 03:28:53 UTC1369INData Raw: 74 65 6e 65 72 73 3b 0a 2f 2f 0a 63 56 2e 64 61 74 61 3d 7b 2e 2e 2e 63 56 2e 64 61 74 61 2c 2e 2e 2e 63 52 7d 3b 63 56 2e 7a 61 72 61 7a 44 61 74 61 3d 7a 61 72 61 7a 44 61 74 61 3b 66 65 74 63 68 28 22 2f 63 64 6e 2d 63 67 69 2f 7a 61 72 61 7a 2f 74 22 2c 7b 63 72 65 64 65 6e 74 69 61 6c 73 3a 22 69 6e 63 6c 75 64 65 22 2c 6b 65 65 70 61 6c 69 76 65 3a 21 30 2c 6d 65 74 68 6f 64 3a 22 50 4f 53 54 22 2c 68 65 61 64 65 72 73 3a 7b 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 7d 2c 62 6f 64 79 3a 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 63 56 29 7d 29 2e 63 61 74 63 68 28 28 28 29 3d 3e 7b 0a 2f 2f 0a 72 65 74 75 72 6e 20 66 65 74 63 68 28 22 2f 63 64 6e 2d 63 67 69 2f 7a 61 72 61 7a 2f 74 22 2c 7b
              Data Ascii: teners;//cV.data={...cV.data,...cR};cV.zarazData=zarazData;fetch("/cdn-cgi/zaraz/t",{credentials:"include",keepalive:!0,method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(cV)}).catch((()=>{//return fetch("/cdn-cgi/zaraz/t",{
              2024-07-05 03:28:53 UTC1369INData Raw: 72 69 67 67 65 72 3d 66 75 6e 63 74 69 6f 6e 28 63 4a 2c 63 4b 2c 63 4c 2c 63 4d 29 7b 7a 61 72 61 7a 2e 5f 5f 7a 61 72 61 7a 54 72 69 67 67 65 72 4d 61 70 7c 7c 28 7a 61 72 61 7a 2e 5f 5f 7a 61 72 61 7a 54 72 69 67 67 65 72 4d 61 70 3d 7b 7d 29 3b 7a 61 72 61 7a 2e 5f 5f 7a 61 72 61 7a 54 72 69 67 67 65 72 4d 61 70 5b 63 4a 5d 7c 7c 28 7a 61 72 61 7a 2e 5f 5f 7a 61 72 61 7a 54 72 69 67 67 65 72 4d 61 70 5b 63 4a 5d 3d 22 22 29 3b 7a 61 72 61 7a 2e 5f 5f 7a 61 72 61 7a 54 72 69 67 67 65 72 4d 61 70 5b 63 4a 5d 2b 3d 22 2a 22 2b 63 4b 2b 22 2a 22 3b 7a 61 72 61 7a 2e 74 72 61 63 6b 28 22 5f 5f 7a 61 72 61 7a 45 6d 70 74 79 22 2c 7b 2e 2e 2e 63 4c 2c 5f 5f 7a 61 72 61 7a 43 6c 69 65 6e 74 54 72 69 67 67 65 72 73 3a 7a 61 72 61 7a 2e 5f 5f 7a 61 72 61 7a 54
              Data Ascii: rigger=function(cJ,cK,cL,cM){zaraz.__zarazTriggerMap||(zaraz.__zarazTriggerMap={});zaraz.__zarazTriggerMap[cJ]||(zaraz.__zarazTriggerMap[cJ]="");zaraz.__zarazTriggerMap[cJ]+="*"+cK+"*";zaraz.track("__zarazEmpty",{...cL,__zarazClientTriggers:zaraz.__zarazT
              2024-07-05 03:28:53 UTC1125INData Raw: 73 28 29 7d 66 69 6e 61 6c 6c 79 7b 48 69 73 74 6f 72 79 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6c 61 63 65 53 74 61 74 65 2e 61 70 70 6c 79 28 68 69 73 74 6f 72 79 2c 61 72 67 75 6d 65 6e 74 73 29 3b 73 65 74 54 69 6d 65 6f 75 74 28 7a 61 72 61 7a 2e 73 70 61 50 61 67 65 76 69 65 77 2c 31 30 30 29 7d 7d 3b 7a 61 72 61 7a 2e 5f 63 3d 65 7a 3d 3e 7b 63 6f 6e 73 74 7b 65 76 65 6e 74 3a 65 41 2c 2e 2e 2e 65 42 7d 3d 65 7a 3b 7a 61 72 61 7a 2e 74 72 61 63 6b 28 65 41 2c 7b 2e 2e 2e 65 42 2c 5f 5f 7a 61 72 61 7a 43 6c 69 65 6e 74 45 76 65 6e 74 3a 21 30 7d 29 7d 3b 7a 61 72 61 7a 2e 5f 73 79 6e 63 65 64 41 74 74 72 69 62 75 74 65 73 3d 5b 22 61 6c 74 4b 65 79 22 2c 22 63 6c 69 65 6e 74 58 22 2c 22 63 6c 69 65 6e 74 59 22 2c 22 70 61 67 65 58 22 2c 22 70 61
              Data Ascii: s()}finally{History.prototype.replaceState.apply(history,arguments);setTimeout(zaraz.spaPageview,100)}};zaraz._c=ez=>{const{event:eA,...eB}=ez;zaraz.track(eA,{...eB,__zarazClientEvent:!0})};zaraz._syncedAttributes=["altKey","clientX","clientY","pageX","pa


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.44974335.190.80.14432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:54 UTC488OUTPOST /report/v4?s=uK31F3UP3m0Kssb%2ByS7O%2FXBMNBTKG3di0arefnuZXZrAqysmswaUC5plKJcSek9%2F5g2t%2Ft%2Bn2M4h1t8Y0O8HsEqZoADfdXjN%2FA54W0HE2mCLzvQbWfkV5iXMsCJ8e4OO7mG7kcU%3D HTTP/1.1
              Host: a.nel.cloudflare.com
              Connection: keep-alive
              Content-Length: 388
              Content-Type: application/reports+json
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:54 UTC388OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 32 38 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 32 2e 6d 67 61 7a 65 74 69 2e 63 6f 2e
              Data Ascii: [{"age":0,"body":{"elapsed_time":1280,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":403,"type":"http.error"},"type":"network-error","url":"https://cdn2.mgazeti.co.
              2024-07-05 03:28:54 UTC168INHTTP/1.1 200 OK
              Content-Length: 0
              date: Fri, 05 Jul 2024 03:28:54 GMT
              Via: 1.1 google
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.449744104.21.85.1004432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:54 UTC537OUTGET /matomo.js HTTP/1.1
              Host: matomo.radioafrica.digital
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: */*
              Sec-Fetch-Site: cross-site
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: script
              Referer: https://cdn2.mgazeti.co.ke/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:54 UTC873INHTTP/1.1 200 OK
              Date: Fri, 05 Jul 2024 03:28:54 GMT
              Content-Type: application/javascript
              Transfer-Encoding: chunked
              Connection: close
              Cf-Bgj: minify
              Cf-Polished: origSize=71043
              ETag: W/"667f164a-11583"
              Last-Modified: Fri, 28 Jun 2024 20:00:10 GMT
              Vary: Accept-Encoding
              Cache-Control: max-age=14400
              CF-Cache-Status: HIT
              Age: 18
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CwZtYHwYkzfsdRXgrUjqlQ4WHeso2tKJbCZjvXVaTN%2F%2FmPSh3yeUIgJ0UdU9iTOowuKFp1f1tRQhbZV33TUT7v14RninGIHKEP%2FUu0idmlANeAM95E1Mn0I2J3h8%2BNDZk7Fy9rGK76MLbbUbw%3D%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
              X-Content-Type-Options: nosniff
              Server: cloudflare
              CF-RAY: 89e44484b8184382-EWR
              alt-svc: h3=":443"; ma=86400
              2024-07-05 03:28:54 UTC496INData Raw: 33 61 31 30 0d 0a 2f 2a 21 21 0a 2a 20 4d 61 74 6f 6d 6f 20 2d 20 66 72 65 65 2f 6c 69 62 72 65 20 61 6e 61 6c 79 74 69 63 73 20 70 6c 61 74 66 6f 72 6d 0a 2a 0a 2a 20 4a 61 76 61 53 63 72 69 70 74 20 74 72 61 63 6b 69 6e 67 20 63 6c 69 65 6e 74 0a 2a 0a 2a 20 40 6c 69 6e 6b 20 68 74 74 70 73 3a 2f 2f 70 69 77 69 6b 2e 6f 72 67 0a 2a 20 40 73 6f 75 72 63 65 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 61 74 6f 6d 6f 2d 6f 72 67 2f 6d 61 74 6f 6d 6f 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 6a 73 2f 70 69 77 69 6b 2e 6a 73 0a 2a 20 40 6c 69 63 65 6e 73 65 20 68 74 74 70 73 3a 2f 2f 70 69 77 69 6b 2e 6f 72 67 2f 66 72 65 65 2d 73 6f 66 74 77 61 72 65 2f 62 73 64 2f 20 42 53 44 2d 33 20 43 6c 61 75 73 65 20 28 61 6c 73 6f 20 69 6e 20 6a 73 2f
              Data Ascii: 3a10/*!!* Matomo - free/libre analytics platform** JavaScript tracking client** @link https://piwik.org* @source https://github.com/matomo-org/matomo/blob/master/js/piwik.js* @license https://piwik.org/free-software/bsd/ BSD-3 Clause (also in js/
              2024-07-05 03:28:54 UTC1369INData Raw: 2c 41 3d 7b 7d 2c 4b 3d 64 6f 63 75 6d 65 6e 74 2c 67 3d 6e 61 76 69 67 61 74 6f 72 2c 61 63 3d 73 63 72 65 65 6e 2c 58 3d 77 69 6e 64 6f 77 2c 68 3d 58 2e 70 65 72 66 6f 72 6d 61 6e 63 65 7c 7c 58 2e 6d 6f 7a 50 65 72 66 6f 72 6d 61 6e 63 65 7c 7c 58 2e 6d 73 50 65 72 66 6f 72 6d 61 6e 63 65 7c 7c 58 2e 77 65 62 6b 69 74 50 65 72 66 6f 72 6d 61 6e 63 65 2c 75 3d 58 2e 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 57 3d 58 2e 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 2c 6b 3d 75 6e 65 73 63 61 70 65 2c 4d 3d 5b 5d 2c 49 2c 76 2c 61 6d 3d 5b 5d 2c 7a 3d 30 2c 61 67 3d 30 2c 59 3d 30 2c 6d 3d 66 61 6c 73 65 2c 71 3d 22 22 3b 66 75 6e 63 74 69 6f 6e 20 70 28 61 75 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 57 28 61 75 29 7d 63 61 74 63 68
              Data Ascii: ,A={},K=document,g=navigator,ac=screen,X=window,h=X.performance||X.mozPerformance||X.msPerformance||X.webkitPerformance,u=X.encodeURIComponent,W=X.decodeURIComponent,k=unescape,M=[],I,v,am=[],z=0,ag=0,Y=0,m=false,q="";function p(au){try{return W(au)}catch
              2024-07-05 03:28:54 UTC1369INData Raw: 61 41 5b 31 5d 7d 65 6c 73 65 7b 69 66 28 61 75 29 7b 61 6d 2e 70 75 73 68 28 61 75 29 3b 62 72 65 61 6b 7d 7d 7d 69 66 28 61 77 5b 61 42 5d 29 7b 61 77 5b 61 42 5d 2e 61 70 70 6c 79 28 61 77 2c 61 76 29 7d 65 6c 73 65 7b 76 61 72 20 61 44 3d 22 54 68 65 20 6d 65 74 68 6f 64 20 27 22 2b 61 42 2b 27 5c 27 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 69 6e 20 22 5f 70 61 71 22 20 76 61 72 69 61 62 6c 65 2e 20 20 50 6c 65 61 73 65 20 68 61 76 65 20 61 20 6c 6f 6f 6b 20 61 74 20 74 68 65 20 4d 61 74 6f 6d 6f 20 74 72 61 63 6b 65 72 20 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 2e 6d 61 74 6f 6d 6f 2e 6f 72 67 2f 61 70 69 2d 72 65 66 65 72 65 6e 63 65 2f 74 72 61 63 6b 69 6e 67 2d 6a 61 76 61 73 63 72 69 70
              Data Ascii: aA[1]}else{if(au){am.push(au);break}}}if(aw[aB]){aw[aB].apply(aw,av)}else{var aD="The method '"+aB+'\' was not found in "_paq" variable. Please have a look at the Matomo tracker documentation: https://developer.matomo.org/api-reference/tracking-javascrip
              2024-07-05 03:28:54 UTC1369INData Raw: 2c 66 61 6c 73 65 29 7d 66 75 6e 63 74 69 6f 6e 20 61 68 28 61 76 2c 61 41 2c 61 42 29 7b 69 66 28 21 61 76 29 7b 72 65 74 75 72 6e 22 22 7d 76 61 72 20 61 75 3d 22 22 2c 61 78 2c 61 77 2c 61 79 2c 61 7a 3b 66 6f 72 28 61 78 20 69 6e 20 62 29 7b 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 62 2c 61 78 29 29 7b 61 7a 3d 62 5b 61 78 5d 26 26 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 62 5b 61 78 5d 5b 61 76 5d 3b 69 66 28 61 7a 29 7b 61 77 3d 62 5b 61 78 5d 5b 61 76 5d 3b 61 79 3d 61 77 28 61 41 7c 7c 7b 7d 2c 61 42 29 3b 69 66 28 61 79 29 7b 61 75 2b 3d 61 79 7d 7d 7d 7d 72 65 74 75 72 6e 20 61 75 7d 66 75 6e 63 74 69 6f 6e 20 61 6e 28 61 76 29 7b 76 61 72 20 61 75
              Data Ascii: ,false)}function ah(av,aA,aB){if(!av){return""}var au="",ax,aw,ay,az;for(ax in b){if(Object.prototype.hasOwnProperty.call(b,ax)){az=b[ax]&&"function"===typeof b[ax][av];if(az){aw=b[ax][av];ay=aw(aA||{},aB);if(ay){au+=ay}}}}return au}function an(av){var au
              2024-07-05 03:28:54 UTC1369INData Raw: 6f 76 69 64 65 64 20 76 61 6c 75 65 20 22 27 2b 61 77 5b 61 76 5d 2b 27 22 20 69 73 20 6e 6f 74 20 76 61 6c 69 64 2e 20 50 6c 65 61 73 65 20 70 72 6f 76 69 64 65 20 61 20 6e 75 6d 65 72 69 63 20 76 61 6c 75 65 2e 27 29 7d 7d 7d 72 65 74 75 72 6e 20 61 75 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 61 76 29 7b 76 61 72 20 61 77 3d 22 22 2c 61 75 3b 66 6f 72 28 61 75 20 69 6e 20 61 76 29 7b 69 66 28 61 76 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 61 75 29 29 7b 61 77 2b 3d 22 26 22 2b 75 28 61 75 29 2b 22 3d 22 2b 75 28 61 76 5b 61 75 5d 29 7d 7d 72 65 74 75 72 6e 20 61 77 7d 66 75 6e 63 74 69 6f 6e 20 61 6f 28 61 76 2c 61 75 29 7b 61 76 3d 53 74 72 69 6e 67 28 61 76 29 3b 72 65 74 75 72 6e 20 61 76 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 61 75 2c 30 29 3d 3d
              Data Ascii: ovided value "'+aw[av]+'" is not valid. Please provide a numeric value.')}}}return au}function l(av){var aw="",au;for(au in av){if(av.hasOwnProperty(au)){aw+="&"+u(au)+"="+u(av[au])}}return aw}function ao(av,au){av=String(av);return av.lastIndexOf(au,0)==
              2024-07-05 03:28:54 UTC1369INData Raw: 22 23 22 2b 61 42 7d 7d 72 65 74 75 72 6e 20 61 41 7d 66 75 6e 63 74 69 6f 6e 20 65 28 61 77 2c 61 76 29 7b 76 61 72 20 61 75 3d 22 5b 5c 5c 3f 26 23 5d 22 2b 61 76 2b 22 3d 28 5b 5e 26 23 5d 2a 29 22 3b 76 61 72 20 61 79 3d 6e 65 77 20 52 65 67 45 78 70 28 61 75 29 3b 76 61 72 20 61 78 3d 61 79 2e 65 78 65 63 28 61 77 29 3b 72 65 74 75 72 6e 20 61 78 3f 70 28 61 78 5b 31 5d 29 3a 22 22 7d 66 75 6e 63 74 69 6f 6e 20 61 28 61 75 29 7b 69 66 28 61 75 26 26 53 74 72 69 6e 67 28 61 75 29 3d 3d 3d 61 75 29 7b 72 65 74 75 72 6e 20 61 75 2e 72 65 70 6c 61 63 65 28 2f 5e 5c 73 2b 7c 5c 73 2b 24 2f 67 2c 22 22 29 7d 72 65 74 75 72 6e 20 61 75 7d 66 75 6e 63 74 69 6f 6e 20 47 28 61 75 29 7b 72 65 74 75 72 6e 20 75 6e 65 73 63 61 70 65 28 75 28 61 75 29 29 7d 66 75
              Data Ascii: "#"+aB}}return aA}function e(aw,av){var au="[\\?&#]"+av+"=([^&#]*)";var ay=new RegExp(au);var ax=ay.exec(aw);return ax?p(ax[1]):""}function a(au){if(au&&String(au)===au){return au.replace(/^\s+|\s+$/g,"")}return au}function G(au){return unescape(u(au))}fu
              2024-07-05 03:28:54 UTC1369INData Raw: 47 5e 61 46 29 2b 61 45 2b 61 76 5b 61 4d 5d 2b 31 38 35 39 37 37 35 33 39 33 29 26 34 32 39 34 39 36 37 32 39 35 3b 61 45 3d 61 46 3b 61 46 3d 61 47 3b 61 47 3d 61 77 28 61 48 2c 33 30 29 3b 61 48 3d 61 49 3b 61 49 3d 61 4e 7d 66 6f 72 28 61 4d 3d 34 30 3b 61 4d 3c 3d 35 39 3b 61 4d 2b 2b 29 7b 61 4e 3d 28 61 77 28 61 49 2c 35 29 2b 28 28 61 48 26 61 47 29 7c 28 61 48 26 61 46 29 7c 28 61 47 26 61 46 29 29 2b 61 45 2b 61 76 5b 61 4d 5d 2b 32 34 30 30 39 35 39 37 30 38 29 26 34 32 39 34 39 36 37 32 39 35 3b 61 45 3d 61 46 3b 61 46 3d 61 47 3b 61 47 3d 61 77 28 61 48 2c 33 30 29 3b 61 48 3d 61 49 3b 61 49 3d 61 4e 7d 66 6f 72 28 61 4d 3d 36 30 3b 61 4d 3c 3d 37 39 3b 61 4d 2b 2b 29 7b 61 4e 3d 28 61 77 28 61 49 2c 35 29 2b 28 61 48 5e 61 47 5e 61 46 29 2b
              Data Ascii: G^aF)+aE+av[aM]+1859775393)&4294967295;aE=aF;aF=aG;aG=aw(aH,30);aH=aI;aI=aN}for(aM=40;aM<=59;aM++){aN=(aw(aI,5)+((aH&aG)|(aH&aF)|(aG&aF))+aE+av[aM]+2400959708)&4294967295;aE=aF;aF=aG;aG=aw(aH,30);aH=aI;aI=aN}for(aM=60;aM<=79;aM++){aN=(aw(aI,5)+(aH^aG^aF)+
              2024-07-05 03:28:54 UTC1369INData Raw: 61 76 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 61 75 29 26 31 36 29 7d 72 65 74 75 72 6e 20 66 61 6c 73 65 7d 66 75 6e 63 74 69 6f 6e 20 51 28 61 77 2c 61 78 29 7b 69 66 28 61 77 26 26 61 77 2e 69 6e 64 65 78 4f 66 29 7b 72 65 74 75 72 6e 20 61 77 2e 69 6e 64 65 78 4f 66 28 61 78 29 7d 69 66 28 21 4e 28 61 77 29 7c 7c 61 77 3d 3d 3d 6e 75 6c 6c 29 7b 72 65 74 75 72 6e 2d 31 7d 69 66 28 21 61 77 2e 6c 65 6e 67 74 68 29 7b 72 65 74 75 72 6e 2d 31 7d 76 61 72 20 61 75 3d 61 77 2e 6c 65 6e 67 74 68 3b 69 66 28 61 75 3d 3d 3d 30 29 7b 72 65 74 75 72 6e 2d 31 7d 76 61 72 20 61 76 3d 30 3b 77 68 69 6c 65 28 61 76 3c 61 75 29 7b 69 66 28 61 77 5b 61 76 5d 3d 3d 3d 61 78 29 7b 72 65 74 75 72 6e 20 61 76 7d 61 76 2b 2b 7d 72 65 74
              Data Ascii: av.compareDocumentPosition(au)&16)}return false}function Q(aw,ax){if(aw&&aw.indexOf){return aw.indexOf(ax)}if(!N(aw)||aw===null){return-1}if(!aw.length){return-1}var au=aw.length;if(au===0){return-1}var av=0;while(av<au){if(aw[av]===ax){return av}av++}ret
              2024-07-05 03:28:54 UTC1369INData Raw: 69 66 28 21 61 77 7c 7c 21 61 77 2e 6c 65 6e 67 74 68 29 7b 72 65 74 75 72 6e 20 61 75 7d 66 6f 72 28 61 76 3d 30 3b 61 76 3c 61 77 2e 6c 65 6e 67 74 68 3b 61 76 2b 2b 29 7b 61 75 2e 70 75 73 68 28 61 77 5b 61 76 5d 29 7d 72 65 74 75 72 6e 20 61 75 7d 2c 66 69 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 61 75 29 7b 69 66 28 21 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 7c 7c 21 61 75 29 7b 72 65 74 75 72 6e 5b 5d 7d 76 61 72 20 61 76 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 75 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 68 74 6d 6c 43 6f 6c 6c 65 63 74 69 6f 6e 54 6f 41 72 72 61 79 28 61 76 29 7d 2c 66 69 6e 64 4d 75 6c 74 69 70 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 61 77 29 7b 69 66 28 21 61
              Data Ascii: if(!aw||!aw.length){return au}for(av=0;av<aw.length;av++){au.push(aw[av])}return au},find:function(au){if(!document.querySelectorAll||!au){return[]}var av=document.querySelectorAll(au);return this.htmlCollectionToArray(av)},findMultiple:function(aw){if(!a
              2024-07-05 03:28:54 UTC1369INData Raw: 6f 64 65 56 61 6c 75 65 7d 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 2c 68 61 73 4e 6f 64 65 41 74 74 72 69 62 75 74 65 57 69 74 68 56 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 61 76 2c 61 75 29 7b 76 61 72 20 61 77 3d 74 68 69 73 2e 67 65 74 41 74 74 72 69 62 75 74 65 56 61 6c 75 65 46 72 6f 6d 4e 6f 64 65 28 61 76 2c 61 75 29 3b 72 65 74 75 72 6e 21 21 61 77 7d 2c 68 61 73 4e 6f 64 65 41 74 74 72 69 62 75 74 65 3a 66 75 6e 63 74 69 6f 6e 28 61 77 2c 61 75 29 7b 69 66 28 61 77 26 26 61 77 2e 68 61 73 41 74 74 72 69 62 75 74 65 29 7b 72 65 74 75 72 6e 20 61 77 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 61 75 29 7d 69 66 28 61 77 26 26 61 77 2e 61 74 74 72 69 62 75 74 65 73 29 7b 76 61 72 20 61 76 3d 28 74 79 70 65 6f 66 20 61 77 2e 61 74 74 72 69 62 75 74 65
              Data Ascii: odeValue}}return null},hasNodeAttributeWithValue:function(av,au){var aw=this.getAttributeValueFromNode(av,au);return!!aw},hasNodeAttribute:function(aw,au){if(aw&&aw.hasAttribute){return aw.hasAttribute(au)}if(aw&&aw.attributes){var av=(typeof aw.attribute


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              5192.168.2.4497452.19.104.72443
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:55 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-07-05 03:28:55 UTC467INHTTP/1.1 200 OK
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              Content-Type: application/octet-stream
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              Server: ECAcc (lpl/EF06)
              X-CID: 11
              X-Ms-ApiVersion: Distribute 1.2
              X-Ms-Region: prod-weu-z1
              Cache-Control: public, max-age=218445
              Date: Fri, 05 Jul 2024 03:28:55 GMT
              Connection: close
              X-CID: 2


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              6192.168.2.449746104.21.85.1004432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:55 UTC1356OUTPOST /matomo.php?action_name=403%20Forbidden&idsite=3&rec=1&r=457422&h=23&m=28&s=54&url=https%3A%2F%2Fcdn2.mgazeti.co.ke%2F&_id=&_idn=1&cs=windows-1252&send_image=0&_refts=0&pv_id=qa6oFE&devicePixelRatio=1&webgl=1&pf_net=646&pf_srv=633&pf_tfr=20&pf_dm1=46&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024 HTTP/1.1
              Host: matomo.radioafrica.digital
              Connection: keep-alive
              Content-Length: 0
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-platform: "Windows"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Content-Type: application/x-www-form-urlencoded; charset=utf-8
              Accept: */*
              Origin: https://cdn2.mgazeti.co.ke
              Sec-Fetch-Site: cross-site
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              Referer: https://cdn2.mgazeti.co.ke/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:56 UTC806INHTTP/1.1 204 No Response
              Date: Fri, 05 Jul 2024 03:28:55 GMT
              Content-Type: text/html; charset=UTF-8
              Connection: close
              Content-Encoding: none
              Access-Control-Allow-Origin: https://cdn2.mgazeti.co.ke
              Access-Control-Allow-Credentials: true
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jq%2FMa4EUa8l8B7Gk574reG%2BobUte2Pi2NLCXTNtuQcduRRg61Pz4rw1jCA9l27UOofaSjSCMxdQocG7%2Bu85YMFS9QM4MSGwEbBt%2Bc1M30o1r7tV1ciWogd52qQhpytT%2FBVXQzBLy6u%2BwBlBX0A%3D%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
              X-Content-Type-Options: nosniff
              Server: cloudflare
              CF-RAY: 89e4448a8af90ca6-EWR
              alt-svc: h3=":443"; ma=86400


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              7192.168.2.449747188.114.96.34432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:55 UTC592OUTGET /favicon.ico HTTP/1.1
              Host: cdn2.mgazeti.co.ke
              Connection: keep-alive
              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
              sec-ch-ua-mobile: ?0
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              sec-ch-ua-platform: "Windows"
              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: image
              Referer: https://cdn2.mgazeti.co.ke/
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:28:55 UTC598INHTTP/1.1 403 Forbidden
              Date: Fri, 05 Jul 2024 03:28:55 GMT
              Content-Type: text/html
              Transfer-Encoding: chunked
              Connection: close
              Vary: Accept-Encoding
              CF-Cache-Status: BYPASS
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfM88fGtEw2%2BctypVMNEMY3hKpawdrVByl%2FvDww0nFXvkArq8RLC%2BYcB%2FO0Fqe8UtkvI7oGqSgFopaagoDy3ShzQd4agQ5g8ZzfxydO%2Fa%2BW7sslzmjJygmklb2pc9f3OnHjw0uM%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 89e4448aaee7427c-EWR
              alt-svc: h3=":443"; ma=86400
              2024-07-05 03:28:55 UTC555INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
              Data Ascii: 224<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
              2024-07-05 03:28:55 UTC5INData Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              8192.168.2.4497482.19.104.72443
              TimestampBytes transferredDirectionData
              2024-07-05 03:28:56 UTC239OUTGET /fs/windows/config.json HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: identity
              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
              Range: bytes=0-2147483646
              User-Agent: Microsoft BITS/7.8
              Host: fs.microsoft.com
              2024-07-05 03:28:56 UTC535INHTTP/1.1 200 OK
              Content-Type: application/octet-stream
              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
              ApiVersion: Distribute 1.1
              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
              X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
              Cache-Control: public, max-age=218368
              Date: Fri, 05 Jul 2024 03:28:56 GMT
              Content-Length: 55
              Connection: close
              X-CID: 2
              2024-07-05 03:28:56 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              9192.168.2.44975735.190.80.14432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:29:53 UTC549OUTOPTIONS /report/v4?s=bfM88fGtEw2%2BctypVMNEMY3hKpawdrVByl%2FvDww0nFXvkArq8RLC%2BYcB%2FO0Fqe8UtkvI7oGqSgFopaagoDy3ShzQd4agQ5g8ZzfxydO%2Fa%2BW7sslzmjJygmklb2pc9f3OnHjw0uM%3D HTTP/1.1
              Host: a.nel.cloudflare.com
              Connection: keep-alive
              Origin: https://cdn2.mgazeti.co.ke
              Access-Control-Request-Method: POST
              Access-Control-Request-Headers: content-type
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:29:53 UTC336INHTTP/1.1 200 OK
              Content-Length: 0
              access-control-max-age: 86400
              access-control-allow-methods: POST, OPTIONS
              access-control-allow-origin: *
              access-control-allow-headers: content-length, content-type
              date: Fri, 05 Jul 2024 03:29:53 GMT
              Via: 1.1 google
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              10192.168.2.44975935.190.80.14432188C:\Program Files\Google\Chrome\Application\chrome.exe
              TimestampBytes transferredDirectionData
              2024-07-05 03:29:54 UTC488OUTPOST /report/v4?s=bfM88fGtEw2%2BctypVMNEMY3hKpawdrVByl%2FvDww0nFXvkArq8RLC%2BYcB%2FO0Fqe8UtkvI7oGqSgFopaagoDy3ShzQd4agQ5g8ZzfxydO%2Fa%2BW7sslzmjJygmklb2pc9f3OnHjw0uM%3D HTTP/1.1
              Host: a.nel.cloudflare.com
              Connection: keep-alive
              Content-Length: 430
              Content-Type: application/reports+json
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
              Accept-Encoding: gzip, deflate, br
              Accept-Language: en-US,en;q=0.9
              2024-07-05 03:29:54 UTC430OUTData Raw: 5b 7b 22 61 67 65 22 3a 35 37 32 30 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 30 37 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 32 2e 6d 67 61 7a 65 74 69 2e 63 6f 2e 6b 65 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 38 38 2e 31 31 34 2e 39 36 2e 33 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c
              Data Ascii: [{"age":57202,"body":{"elapsed_time":1077,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://cdn2.mgazeti.co.ke/","sampling_fraction":1.0,"server_ip":"188.114.96.3","status_code":403,"type":"http.error"},"type":"network-error",
              2024-07-05 03:29:54 UTC168INHTTP/1.1 200 OK
              Content-Length: 0
              date: Fri, 05 Jul 2024 03:29:54 GMT
              Via: 1.1 google
              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
              Connection: close


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:23:28:44
              Start date:04/07/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:2
              Start time:23:28:48
              Start date:04/07/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2056,i,14522296998796463495,2190874180158503347,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:false

              General

              Target ID:3
              Start time:23:28:50
              Start date:04/07/2024
              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cdn2.mgazeti.co.ke"
              Imagebase:0x7ff76e190000
              File size:3'242'272 bytes
              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              No disassembly