Edit tour

Windows Analysis Report
https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY

Overview

General Information

Sample URL:	https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrB
Analysis ID:	1505805
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2436,i,9114331318443087887,3057030909401622998,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://aedfxxv.mypi.co/

Avira URL Cloud: Label: malware

Source: https://zenithvistaloe.ru/pp4o/

HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...

Source: https://zenithvistaloe.ru/pp4o/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50298 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:50295 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: marketing.edinburghairport.com to https://link.sbstck.com:443/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyj1ijoindltdxz6in0.cxolcwphpgrbgw3ra0jd5lscc71sjqlfioznspa48ey&dm_i=4qna,a60m,5iwct9,4i5zg,1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: link.mail.beehiiv.com to http://hjedlsales-a5dfd5a92d8544c.fwtrack.co/email/track/click?hash=eyj0exaioijkv1qilcjhbgcioijiuzi1nij9.eyjkyxrhijp7im11c3roijoiahr0chm6ly9hzwrmehh2lm15cgkuy28viiwibglvbii6ijezzgy3mcisimdvcmlsbgeioii3ndzhntc1ngi5iiwidglnzxiioijoamvkbhnhbgvzlwe1zgzknwe5mmq4ntq0yy5md3ryywnrlmnvin0simlhdci6mtcyntm3mziyoh0.d-uemt6g96xm0rva6bqtlkumx4peyc64cjeajmykywe%7eeyj0exaioijkv1qilcjhbgcioijiuzi1nij9.eyjkyxrhijp7imhvcnnlijoizmtpbmcxmdc3qgdtywlslmnvbsisimnhbwvsijoinzq2ytvkowrinyj9lcjpyxqioje3mjuznzmymjh9.lsvyvyddblzqbrx9vu_afhxj2tbgzebemnccdiddjce&utm_source=cindys-newsletter-28502e.beehiiv.com&utm_medium=newsletter&utm_campaign=widget
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: marketing.edinburghairport.com to https://aedfxxv.mypi.co/

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY HTTP/1.1Host: marketing.edinburghairport.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY&dm_i=4QNA,A60M,5IWCT9,4I5ZG,1 HTTP/1.1Host: link.sbstck.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFnMTpJEY2j5-d3xaYt5sbYCx4YM97ILCSnC_o70TigY91L1mFjgj2sE4x77oSVXeFE61tR47QVLXm6BXp97D3_Glk_iVfsStGdyuQ8yUIHjEeYT1E2asaBFXMmJPMLAAqDquNfaPDqbakGhEZeUoE9fKNYEqFAHiPMUS3228IZcrfvPgxU4kBfULzsTc3HfrwC0Oi1lpxG7BRew9mt8bNOdDN1k5SkSCAwC0xlUOozkVVOhysR_oyVDzzOHoPlmuPMnVds3ot6HnTrXJokxuHSAq2GjqYX__WLUItTe0j496-7ag54WvMZGgoqlwvjLPexyVPKfDwNfvJ5xzstRf6_ghBT46JdOYi5YbYrgnzryViL0QAqFLl4i0AojlkOBzBgV_4beJUQx43A8NJ9CIX-g0ROF6u83IyOinpnXbdmdf_RZ5kIL646uY2Q151ZJARaN_cpeCcrB2k1hzROf80ufNuLoKXvboKiVXbiSzp2Xf3e-XSnW6QT48xIk1p9EH1qRylK2rClMeWxYJAyE0oXu9jMea-rmDVQ9_Z5iVX_NeXT0M39gGYtjv28lrlH18jEvlNRdGEoTSrd_pitvJv2G_LN3WDjoIq7FDmADIY7QsyQQiuepvCsQw31x6ACdBYTribIJfhQjA9uNIUwhIBnZESvhHNxmwH_kMofQcHvP-LZQ--UeCcEv-e0cJ6E6JjJQwlmcZduK6r3X3SPaMkztUR4yHWqx99wKDVHAgHzFvmte54355sjlWnR63n3xtynb9qTYKoOKuVEkSatd00xRQXz9w/49g/DYefxgmoQGy94w_K-zdAJQ/h5/h001.cQ7f9WIqPGIFfG1dCQgv9o9QPjzd4N_-OTCX-_6kE64?dm_i=4QNA%2CA60M%2C5IWCT9%2C4I5ZG%2C1&utm_source=substack&utm_medium=email HTTP/1.1Host: link.mail.beehiiv.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://link.sbstck.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: aedfxxv.mypi.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /pp4o/ HTTP/1.1Host: zenithvistaloe.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zenithvistaloe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/a5b175b00260/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zenithvistaloe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://zenithvistaloe.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/a5b175b00260/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8bf0b6a56bfd7d0e&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zenithvistaloe.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zenithvistaloe.ru/pp4o/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=qrbhsh7lgblaic8j9104mkvc1c
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9hZWRmeHh2Lm15cGkuY28vIiwibGlvbiI6IjEzZGY3MCIsImdvcmlsbGEiOiI3NDZhNTc1NGI5IiwidGlnZXIiOiJoamVkbHNhbGVzLWE1ZGZkNWE5MmQ4NTQ0Yy5md3RyYWNrLmNvIn0sImlhdCI6MTcyNTM3MzIyOH0.D-uEmT6g96Xm0RVA6BQtLKUmx4peyc64CjEaJmYKYwE%7EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoiZmtpbmcxMDc3QGdtYWlsLmNvbSIsImNhbWVsIjoiNzQ2YTVkOWRiNyJ9LCJpYXQiOjE3MjUzNzMyMjh9.lSVYVyDDblzqBrx9vu_AFHxj2tBGZEbEMncCdiddJCE&utm_source=cindys-newsletter-28502e.beehiiv.com&utm_medium=newsletter&utm_campaign=widget HTTP/1.1Host: hjedlsales-a5dfd5a92d8544c.fwtrack.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: marketing.edinburghairport.com
Source: global traffic	DNS traffic detected: DNS query: link.sbstck.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: link.mail.beehiiv.com
Source: global traffic	DNS traffic detected: DNS query: hjedlsales-a5dfd5a92d8544c.fwtrack.co
Source: global traffic	DNS traffic detected: DNS query: aedfxxv.mypi.co
Source: global traffic	DNS traffic detected: DNS query: zenithvistaloe.ru
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 429Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 19:02:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bf0b6b26f3fc431-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_113.2.dr

String found in binary or memory: https://link.mail.beehiiv.com/ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFn

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 50311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50319
Source: unknown	Network traffic detected: HTTP traffic on port 50296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 50319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 50309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 50299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50301
Source: unknown	Network traffic detected: HTTP traffic on port 50300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:50298 version: TLS 1.2

Source: classification engine

Classification label: mal56.win@26/10@24/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2436,i,9114331318443087887,3057030909401622998,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2436,i,9114331318443087887,3057030909401622998,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY	0%	Avira URL Cloud	safe
https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://challenges.cloudflare.com/turnstile/v0/api.js	0%	Avira URL Cloud	safe
http://hjedlsales-a5dfd5a92d8544c.fwtrack.co/email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9hZWRmeHh2Lm15cGkuY28vIiwibGlvbiI6IjEzZGY3MCIsImdvcmlsbGEiOiI3NDZhNTc1NGI5IiwidGlnZXIiOiJoamVkbHNhbGVzLWE1ZGZkNWE5MmQ4NTQ0Yy5md3RyYWNrLmNvIn0sImlhdCI6MTcyNTM3MzIyOH0.D-uEmT6g96Xm0RVA6BQtLKUmx4peyc64CjEaJmYKYwE%7EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoiZmtpbmcxMDc3QGdtYWlsLmNvbSIsImNhbWVsIjoiNzQ2YTVkOWRiNyJ9LCJpYXQiOjE3MjUzNzMyMjh9.lSVYVyDDblzqBrx9vu_AFHxj2tBGZEbEMncCdiddJCE&utm_source=cindys-newsletter-28502e.beehiiv.com&utm_medium=newsletter&utm_campaign=widget	0%	Avira URL Cloud	safe
https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY&dm_i=4QNA,A60M,5IWCT9,4I5ZG,1	0%	Avira URL Cloud	safe
https://aedfxxv.mypi.co/	100%	Avira URL Cloud	malware
https://challenges.cloudflare.com/turnstile/v0/b/a5b175b00260/api.js	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/	0%	Avira URL Cloud	safe
https://link.mail.beehiiv.com/ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFn	0%	Avira URL Cloud	safe
https://a.nel.cloudflare.com/report/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	0%	Avira URL Cloud	safe
https://zenithvistaloe.ru/favicon.ico	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8bf0b6a56bfd7d0e&lang=auto	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
marketing.edinburghairport.com	162.159.140.128	true	false	unknown
login-mec.freshsales.io	3.28.223.3	true	false	unknown
link.mail.beehiiv.com	104.18.68.40	true	false	unknown
challenges.cloudflare.com	104.18.94.41	true	false	unknown
www.google.com	172.217.16.132	true	false	unknown
link.sbstck.com	188.114.97.3	true	false	unknown
zenithvistaloe.ru	104.21.5.41	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
aedfxxv.mypi.co	192.124.216.133	true	false	unknown
hjedlsales-a5dfd5a92d8544c.fwtrack.co	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/turnstile/v0/b/a5b175b00260/api.js	false	Avira URL Cloud: safe	unknown
https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY	true		unknown
https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY&dm_i=4QNA,A60M,5IWCT9,4I5ZG,1	false	Avira URL Cloud: safe	unknown
https://aedfxxv.mypi.co/	false	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D	false	Avira URL Cloud: safe	unknown
http://hjedlsales-a5dfd5a92d8544c.fwtrack.co/email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9hZWRmeHh2Lm15cGkuY28vIiwibGlvbiI6IjEzZGY3MCIsImdvcmlsbGEiOiI3NDZhNTc1NGI5IiwidGlnZXIiOiJoamVkbHNhbGVzLWE1ZGZkNWE5MmQ4NTQ0Yy5md3RyYWNrLmNvIn0sImlhdCI6MTcyNTM3MzIyOH0.D-uEmT6g96Xm0RVA6BQtLKUmx4peyc64CjEaJmYKYwE%7EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoiZmtpbmcxMDc3QGdtYWlsLmNvbSIsImNhbWVsIjoiNzQ2YTVkOWRiNyJ9LCJpYXQiOjE3MjUzNzMyMjh9.lSVYVyDDblzqBrx9vu_AFHxj2tBGZEbEMncCdiddJCE&utm_source=cindys-newsletter-28502e.beehiiv.com&utm_medium=newsletter&utm_campaign=widget	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://zenithvistaloe.ru/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8bf0b6a56bfd7d0e&lang=auto	false	Avira URL Cloud: safe	unknown
https://zenithvistaloe.ru/pp4o/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://link.mail.beehiiv.com/ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFn	chromecache_113.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.140.128	marketing.edinburghairport.com	United States	13335	CLOUDFLARENETUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.5.41	zenithvistaloe.ru	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	link.sbstck.com	European Union	13335	CLOUDFLARENETUS	false
3.28.223.3	login-mec.freshsales.io	United States	16509	AMAZON-02US	false
192.124.216.133	aedfxxv.mypi.co	Russian Federation	15455	EMBANK-ASRU	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.18.68.40	link.mail.beehiiv.com	United States	13335	CLOUDFLARENETUS	false
172.217.16.132	www.google.com	United States	15169	GOOGLEUS	false
142.250.74.196	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1505805
Start date and time:	2024-09-06 21:01:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@26/10@24/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.195, 142.250.186.142, 142.251.173.84, 34.104.35.123, 13.85.23.86, 93.184.221.240, 192.229.221.95, 52.165.164.15, 13.95.31.18, 20.114.59.183, 216.58.206.35
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45805)
Category:	downloaded
Size (bytes):	45806
Entropy (8bit):	5.401870820931706
Encrypted:	false
SSDEEP:	768:5CXgv9mMHadTakhQvzl4P7xd2d32t1ELkqu+6QStSplSrmqEmm1LiIPTgqqXyzc9:dXHkGkhQbmLt6Iqu+HIrmYvL
MD5:	57A4011B45A950C27C1C638C9ABF655B
SHA1:	CE3CA250A31B8A891D55B7EE51DD09FD201D1033
SHA-256:	F260796D39E01DF74E820ED2E7DE42F0A397D8C5B9751C58D68746066155A9C7
SHA-512:	639FBC5679555FE866B33CE869D757AD6C61E927646C618EEE9EEF0666F27645DAC804A328734284270F2C71F27081B7070B2244CAD2E2E16229FEFF643272BA
Malicious:	false
Reputation:	low
URL:	https://challenges.cloudflare.com/turnstile/v0/b/a5b175b00260/api.js
Preview:	"use strict";(function(){function Dt(e,r,a,o,c,u,g){try{var _=e[u](g),s=_.value}catch(f){a(f);return}_.done?r(s):Promise.resolve(s).then(o,c)}function Ut(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var u=e.apply(r,a);function g(s){Dt(u,o,c,g,_,"next",s)}function _(s){Dt(u,o,c,g,_,"throw",s)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Tr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:	3:yionv//thPltV/CI7syxl/k4E08up:6v/lhPgI17Tp
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45805)
Category:	dropped
Size (bytes):	45806
Entropy (8bit):	5.401870820931706
Encrypted:	false
SSDEEP:	768:5CXgv9mMHadTakhQvzl4P7xd2d32t1ELkqu+6QStSplSrmqEmm1LiIPTgqqXyzc9:dXHkGkhQbmLt6Iqu+HIrmYvL
MD5:	57A4011B45A950C27C1C638C9ABF655B
SHA1:	CE3CA250A31B8A891D55B7EE51DD09FD201D1033
SHA-256:	F260796D39E01DF74E820ED2E7DE42F0A397D8C5B9751C58D68746066155A9C7
SHA-512:	639FBC5679555FE866B33CE869D757AD6C61E927646C618EEE9EEF0666F27645DAC804A328734284270F2C71F27081B7070B2244CAD2E2E16229FEFF643272BA
Malicious:	false
Reputation:	low
Preview:	"use strict";(function(){function Dt(e,r,a,o,c,u,g){try{var _=e[u](g),s=_.value}catch(f){a(f);return}_.done?r(s):Promise.resolve(s).then(o,c)}function Ut(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var u=e.apply(r,a);function g(s){Dt(u,o,c,g,_,"next",s)}function _(s){Dt(u,o,c,g,_,"throw",s)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Tr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	1249
Entropy (8bit):	5.242453121762845
Encrypted:	false
SSDEEP:	24:hYYIzD6yJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rq6Kj2CZLY5Mc6NDLYzkYKLlOM
MD5:	F58515DFE987F7E027C8A71BBC884621
SHA1:	BEC6AEBF5940EA88FBBFF5748D539453D49FA284
SHA-256:	679E7E62B81267C93D0778083AE0FD0EFE24172FF0AC581835B54165B3D9ED43
SHA-512:	F085346A38318F7935D76909DB0367862924CC9B0D96256F7FF4E8999C041E610BBCDE8CA56C92673BDE0991C85E9C9D9B6726ABD91D0C3177462C80D4A99140
Malicious:	false
Reputation:	low
URL:	https://zenithvistaloe.ru/favicon.ico
Preview:	<!DOCTYPE html>.<html style="height:100%">.<head>.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<title> 404 Not Found..</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head>.<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">.<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">. <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>.<h2 style="margin-top:20px;font-size: 30px;">Not Found..</h2>.<p>The resource requested could not be found on this server!</p>.</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (3312), with no line terminators
Category:	downloaded
Size (bytes):	3312
Entropy (8bit):	6.095773380567607
Encrypted:	false
SSDEEP:	96:f5lfrl1tbkGTcHufrl1tbkGTcaKfrl1tbkGTY:fPzlbZIHuzlbZIaKzlbZk
MD5:	3EB26C100CE021A683C992250F42827A
SHA1:	A8C248905FF55F91139DD3E40105B5F7327BD6E4
SHA-256:	73C2D8EE3D969146928A17CE98821109963BC6D0B45404BDB1795CFE274699B0
SHA-512:	5866AF00101F33B480210A97EAF73FD227E8236CE2A0B1A9873C5ACB94C84939BC7AF6ED0B3C544E933E37F682DF94EBC88014520E48195EB8BFA0C2DDBECE7A
Malicious:	false
Reputation:	low
URL:	"https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY&dm_i=4QNA,A60M,5IWCT9,4I5ZG,1"
Preview:	<head><noscript><META http-equiv="refresh" content="0;URL=https://link.mail.beehiiv.com/ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFnMTpJEY2j5-d3xaYt5sbYCx4YM97ILCSnC_o70TigY91L1mFjgj2sE4x77oSVXeFE61tR47QVLXm6BXp97D3_Glk_iVfsStGdyuQ8yUIHjEeYT1E2asaBFXMmJPMLAAqDquNfaPDqbakGhEZeUoE9fKNYEqFAHiPMUS3228IZcrfvPgxU4kBfULzsTc3HfrwC0Oi1lpxG7BRew9mt8bNOdDN1k5SkSCAwC0xlUOozkVVOhysR_oyVDzzOHoPlmuPMnVds3ot6HnTrXJokxuHSAq2GjqYX__WLUItTe0j496-7ag54WvMZGgoqlwvjLPexyVPKfDwNfvJ5xzstRf6_ghBT46JdOYi5YbYrgnzryViL0QAqFLl4i0AojlkOBzBgV_4beJUQx43A8NJ9CIX-g0ROF6u83IyOinpnXbdmdf_RZ5kIL646uY2Q151ZJARaN_cpeCcrB2k1hzROf80ufNuLoKXvboKiVXbiSzp2Xf3e-XSnW6QT48xIk1p9EH1qRylK2rClMeWxYJAyE0oXu9jMea-rmDVQ9_Z5iVX_NeXT0M39gGYtjv28lrlH18jEvlNRdGEoTSrd_pitvJv2G_LN3WDjoIq7FDmADIY7QsyQQiuepvCsQw31x6ACdBYTribIJfhQjA9uNIUwhIBnZESvhHNxmwH_kMofQcHvP-LZQ--UeCcEv-e0cJ6E6JjJQwlmcZduK6r3X3SPaMkztUR4yHWqx99wKDVHAgHzFvmte54355sjlWnR63n3xtynb9qTYKoOKuVEkSatd00xRQXz9w/49g/DYefxgmoQGy94w_K-zdAJQ/h5/h001.cQ7f9WIqPGIF

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:	3:yionv//thPltV/CI7syxl/k4E08up:6v/lhPgI17Tp
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	low
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 6, 2024 21:02:08.887141943 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 6, 2024 21:02:17.962879896 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:17.962910891 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:17.962974072 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:17.963016987 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:17.963022947 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:17.963071108 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:17.963206053 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:17.963218927 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:17.963321924 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:17.963332891 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.426908970 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.427140951 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.427160025 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.428222895 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.428278923 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.429465055 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.429528952 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.429615021 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.429622889 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.434647083 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.434812069 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.434818983 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.435998917 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.436055899 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.436300993 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.436353922 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.482947111 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.482947111 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.482960939 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.498833895 CEST	49675	443	192.168.2.4	173.222.162.32
Sep 6, 2024 21:02:18.529824972 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.684914112 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.684974909 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.685030937 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.685549021 CEST	49735	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:18.685560942 CEST	443	49735	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:18.699286938 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:18.699323893 CEST	443	49737	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:18.699390888 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:18.699636936 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:18.699649096 CEST	443	49737	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.003746033 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.003763914 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.003822088 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.004065037 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.004086018 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.166318893 CEST	443	49737	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.166707039 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.166723967 CEST	443	49737	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.167639971 CEST	443	49737	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.167711973 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.168647051 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.168669939 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.168699026 CEST	443	49737	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.168723106 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.168756008 CEST	49737	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.168973923 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.169004917 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.169053078 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.169225931 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.169236898 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.665118933 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.665138960 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.665527105 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.665537119 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.665709019 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.665733099 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.666520119 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.666579962 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.666790962 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.666843891 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.667522907 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.667582035 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.667917967 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.667979956 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.668068886 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.668076038 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.718708038 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.718709946 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.718733072 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:19.764349937 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:19.951575994 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:19.994910955 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:19.994923115 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:20.043106079 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:20.128469944 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:20.128520012 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:20.128562927 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:20.128572941 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:20.128633022 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:20.128676891 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:20.131170034 CEST	49741	443	192.168.2.4	188.114.97.3
Sep 6, 2024 21:02:20.131184101 CEST	443	49741	188.114.97.3	192.168.2.4
Sep 6, 2024 21:02:20.191622019 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.191667080 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.191736937 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.192245960 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.192275047 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.192325115 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.201885939 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.201898098 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.202266932 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.202281952 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.662231922 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.662612915 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.662633896 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.663525105 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.663580894 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.679718971 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.693980932 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.694046021 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.695127010 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.695136070 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.696278095 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.696333885 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.696506023 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.696518898 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.699119091 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.699183941 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.740485907 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.740488052 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.740495920 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.780947924 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.834161043 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.834265947 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.834307909 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.835381985 CEST	49742	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:20.835402966 CEST	443	49742	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:20.904293060 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:02:20.909147024 CEST	80	49744	3.28.223.3	192.168.2.4
Sep 6, 2024 21:02:20.909202099 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:02:20.909504890 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:02:20.914477110 CEST	80	49744	3.28.223.3	192.168.2.4
Sep 6, 2024 21:02:21.246535063 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:21.246555090 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:21.246630907 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:21.248549938 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:21.248564005 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:21.873681068 CEST	80	49744	3.28.223.3	192.168.2.4
Sep 6, 2024 21:02:21.882821083 CEST	50295	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:21.887620926 CEST	53	50295	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:21.887835026 CEST	50295	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:21.891858101 CEST	50295	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:21.896719933 CEST	53	50295	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:21.907742023 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:21.907859087 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:21.911858082 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:21.911864996 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:21.912074089 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:21.916327953 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:02:21.964301109 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.003866911 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.048499107 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:22.444780111 CEST	53	50295	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:22.445424080 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:22.445461988 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:22.447860956 CEST	50295	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:22.448033094 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:22.448354006 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:22.448365927 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:22.452792883 CEST	53	50295	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:22.453028917 CEST	50295	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:22.633213997 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:22.633285999 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:22.633346081 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.633419037 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.633429050 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:22.633440971 CEST	49745	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.633445978 CEST	443	49745	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:22.676932096 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.676960945 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:22.677037001 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.677282095 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:22.677293062 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.244376898 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.245316029 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.245332003 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.246258020 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.246311903 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.253606081 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.253668070 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.254065990 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.254074097 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.307321072 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.310451984 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.310518026 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:23.314919949 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:23.314929008 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.315152884 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.318222046 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:23.360507965 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.586530924 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.586568117 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.586592913 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.586620092 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.586671114 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:23.586672068 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.603854895 CEST	50296	443	192.168.2.4	192.124.216.133
Sep 6, 2024 21:02:23.603872061 CEST	443	50296	192.124.216.133	192.168.2.4
Sep 6, 2024 21:02:23.605122089 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:23.605134964 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.605197906 CEST	50298	443	192.168.2.4	184.28.90.27
Sep 6, 2024 21:02:23.605204105 CEST	443	50298	184.28.90.27	192.168.2.4
Sep 6, 2024 21:02:23.662775993 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:23.662798882 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:23.662961006 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:23.663331985 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:23.663342953 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.125217915 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.125504971 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.125520945 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.126538992 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.126607895 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.440680027 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.440680027 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.440702915 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.440797091 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.481730938 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.481736898 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.528448105 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.701781988 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.701817989 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.701848030 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.701862097 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.701911926 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:24.701955080 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.806704044 CEST	50299	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:24.806727886 CEST	443	50299	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:25.430612087 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.430648088 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.430707932 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.431113005 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.431126118 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.896159887 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.896430969 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.896454096 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.897465944 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.897525072 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.898601055 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.898663998 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.898776054 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:25.898787975 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:25.939344883 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.045135975 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.045186996 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.045434952 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.045542955 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.045557022 CEST	443	50300	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.045577049 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.045597076 CEST	50300	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.047068119 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.047105074 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.047172070 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.047378063 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.047389984 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.527293921 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.527687073 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.527704000 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.528006077 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.528791904 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.528848886 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.528954029 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.572503090 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663285017 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663336039 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663364887 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663393974 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663420916 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663424015 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.663445950 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663471937 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.663477898 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663507938 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.663511992 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.663939953 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.663945913 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.668056011 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.668082952 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.668107033 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.668155909 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.668164015 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.668188095 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.716650009 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.749217987 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.749391079 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.749418974 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.749445915 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.749475002 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.749484062 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.749510050 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.750010014 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.750039101 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.750107050 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.750113964 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.750226974 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.750479937 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.750544071 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.750579119 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.750603914 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.750611067 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751157045 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751198053 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751220942 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.751226902 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751255989 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751277924 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.751282930 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751308918 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751332045 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.751344919 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.751364946 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.752125025 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.752155066 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.752219915 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.752243996 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.752577066 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.757878065 CEST	50301	443	192.168.2.4	104.18.94.41
Sep 6, 2024 21:02:26.757895947 CEST	443	50301	104.18.94.41	192.168.2.4
Sep 6, 2024 21:02:26.845211983 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:26.845240116 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:26.845407963 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:26.845603943 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:26.845648050 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:26.845752001 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:26.845948935 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:26.845963955 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:26.849962950 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:26.849973917 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.338381052 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.339812994 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.339833021 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.340869904 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.341028929 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.341264963 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.341327906 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.341551065 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.344199896 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.344403982 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.344422102 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.345423937 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.345534086 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.345870018 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.345933914 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.345999002 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.346004963 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.384926081 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.384936094 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.400271893 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.433275938 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.485141993 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485239029 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485265017 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485292912 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485312939 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.485323906 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485337973 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.485873938 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485903978 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485928059 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.485932112 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485943079 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.485974073 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.489869118 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.489922047 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.489933014 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497059107 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497765064 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497793913 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497832060 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497838020 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.497849941 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497883081 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497908115 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.497916937 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.497932911 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.497946978 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.498074055 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.498080015 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.498747110 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.498804092 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.498810053 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.517925978 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.517966032 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.518037081 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.518265009 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.518275023 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.538706064 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.538726091 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.538733006 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576067924 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576122999 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576152086 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576174021 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.576185942 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576227903 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.576675892 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576972008 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.576997995 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577023029 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.577029943 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577063084 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.577070951 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577790022 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577817917 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577836037 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.577842951 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577884912 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.577891111 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577920914 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577948093 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.577956915 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.577961922 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.578000069 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.578663111 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.578835964 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.578862906 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.578876019 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.578883886 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.578923941 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.578928947 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.579699993 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.579773903 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.579781055 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.586733103 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.588126898 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.588197947 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.588284016 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.588290930 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.588417053 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.588445902 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.588470936 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.588479042 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.588522911 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.588977098 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.589030981 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.589086056 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.589138985 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.589145899 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.589236975 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.589894056 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.589952946 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.589982986 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.590012074 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.590014935 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.590022087 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.590054035 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.590771914 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.590837955 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.590848923 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.590852976 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.590904951 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.590909958 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.591686010 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.591708899 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.591736078 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.591742039 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.591954947 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.591959953 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.591979027 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.592026949 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.592154980 CEST	50304	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.592174053 CEST	443	50304	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.620384932 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.620393038 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.660691023 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667076111 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667125940 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667165995 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667175055 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667224884 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667257071 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667264938 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667273998 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667287111 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667330980 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667339087 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667424917 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667460918 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667462111 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667470932 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667510033 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667709112 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667754889 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667932987 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667985916 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.667992115 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.667999983 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.668034077 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.668039083 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.668064117 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.668081045 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.668108940 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.668318033 CEST	50303	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.668334961 CEST	443	50303	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.676964045 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.676986933 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.677045107 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.677362919 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.677377939 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.976150036 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.976519108 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.976537943 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.977060080 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.977363110 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:27.977421045 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:27.977498055 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.020494938 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596545935 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596587896 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596617937 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596643925 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.596646070 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596657038 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596712112 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596740007 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596765041 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.596776962 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596810102 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596832991 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.596838951 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596874952 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.596880913 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.596885920 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.597014904 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.598512888 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.598788977 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.598795891 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.599117041 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.599716902 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.599716902 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.599729061 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.599771023 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.641040087 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.816804886 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.816871881 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.816920042 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.816953897 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.816979885 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.816986084 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.817003965 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817013979 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.817033052 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817059040 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817066908 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.817071915 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817101955 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.817604065 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817634106 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817657948 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817660093 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.817667961 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.817863941 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.817872047 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.818002939 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.818182945 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.818221092 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.818245888 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.818526030 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.818532944 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.818798065 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.818921089 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.821573973 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.821686029 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.821809053 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.821813107 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.821861982 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.821866989 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822230101 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822324038 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.822329998 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822716951 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822743893 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822787046 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822812080 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.822818995 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.822866917 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.823404074 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.823468924 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.824103117 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.824434996 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.824901104 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.824958086 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.824976921 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.824980974 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.825005054 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.825098038 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.826498985 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.826699018 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.826790094 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.826860905 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.826865911 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.826877117 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.826980114 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.829930067 CEST	50305	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:28.829942942 CEST	443	50305	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.894876957 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:28.894902945 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:28.895215988 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:28.896112919 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:28.896128893 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:28.915597916 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.915657043 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:28.915909052 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.069132090 CEST	50306	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.069156885 CEST	443	50306	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.082068920 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.082094908 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.085972071 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.086303949 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.086316109 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.408253908 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.408725023 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:29.408740044 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.409058094 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.409694910 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:29.409760952 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.409976959 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:29.456504107 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.533984900 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:29.534049988 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:29.534101009 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:29.561635017 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.565249920 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.565262079 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.565553904 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.571036100 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.571089983 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.571338892 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.616501093 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.707701921 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.707748890 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.707796097 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.708772898 CEST	50308	443	192.168.2.4	104.18.95.41
Sep 6, 2024 21:02:29.708786011 CEST	443	50308	104.18.95.41	192.168.2.4
Sep 6, 2024 21:02:29.741405964 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.741523027 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:29.741569996 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:29.742316008 CEST	50307	443	192.168.2.4	104.21.5.41
Sep 6, 2024 21:02:29.742326975 CEST	443	50307	104.21.5.41	192.168.2.4
Sep 6, 2024 21:02:30.080749989 CEST	49740	443	192.168.2.4	172.217.16.132
Sep 6, 2024 21:02:30.080770016 CEST	443	49740	172.217.16.132	192.168.2.4
Sep 6, 2024 21:02:30.298350096 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.298383951 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.298446894 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.298768044 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.298788071 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.770524025 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.771228075 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.771245956 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.772349119 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.772460938 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.774235010 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.774235010 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.774250031 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.774293900 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.823959112 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.823965073 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.870794058 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.898781061 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.898884058 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.899250984 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.899267912 CEST	443	50309	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.899293900 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.899293900 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.899317026 CEST	50309	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.900155067 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.900193930 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:30.900330067 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.900728941 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:30.900739908 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.647732973 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.648133993 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:31.648153067 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.648861885 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.649996042 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:31.650070906 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.650345087 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:31.692500114 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.781388044 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.781656027 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:31.781702995 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:31.784849882 CEST	50311	443	192.168.2.4	35.190.80.1
Sep 6, 2024 21:02:31.784867048 CEST	443	50311	35.190.80.1	192.168.2.4
Sep 6, 2024 21:02:33.343565941 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:33.343625069 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:33.343758106 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:34.841164112 CEST	49736	443	192.168.2.4	162.159.140.128
Sep 6, 2024 21:02:34.841182947 CEST	443	49736	162.159.140.128	192.168.2.4
Sep 6, 2024 21:02:35.583741903 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:35.583807945 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:02:35.586087942 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:36.841070890 CEST	49743	443	192.168.2.4	104.18.68.40
Sep 6, 2024 21:02:36.841104984 CEST	443	49743	104.18.68.40	192.168.2.4
Sep 6, 2024 21:03:06.886607885 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:03:06.891545057 CEST	80	49744	3.28.223.3	192.168.2.4
Sep 6, 2024 21:03:19.055876017 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:19.055907965 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:19.056049109 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:19.056608915 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:19.056624889 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:19.906191111 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:19.906863928 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:19.906877041 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:19.907169104 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:19.907756090 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:19.907814026 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:19.949203014 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:21.874138117 CEST	80	49744	3.28.223.3	192.168.2.4
Sep 6, 2024 21:03:21.874191046 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:03:22.841489077 CEST	49744	80	192.168.2.4	3.28.223.3
Sep 6, 2024 21:03:22.846470118 CEST	80	49744	3.28.223.3	192.168.2.4
Sep 6, 2024 21:03:26.386229992 CEST	49723	80	192.168.2.4	199.232.214.172
Sep 6, 2024 21:03:26.386423111 CEST	49724	80	192.168.2.4	199.232.214.172
Sep 6, 2024 21:03:26.391331911 CEST	80	49723	199.232.214.172	192.168.2.4
Sep 6, 2024 21:03:26.391381979 CEST	49723	80	192.168.2.4	199.232.214.172
Sep 6, 2024 21:03:26.391752005 CEST	80	49724	199.232.214.172	192.168.2.4
Sep 6, 2024 21:03:26.391796112 CEST	49724	80	192.168.2.4	199.232.214.172
Sep 6, 2024 21:03:29.595645905 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:29.595714092 CEST	443	50319	142.250.74.196	192.168.2.4
Sep 6, 2024 21:03:29.595793009 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:30.840717077 CEST	50319	443	192.168.2.4	142.250.74.196
Sep 6, 2024 21:03:30.840738058 CEST	443	50319	142.250.74.196	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 6, 2024 21:02:16.825046062 CEST	53	58070	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:16.825210094 CEST	53	59628	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:17.812966108 CEST	53	56536	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:17.950028896 CEST	56377	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:17.950213909 CEST	49432	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:17.958506107 CEST	53	56377	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:17.962276936 CEST	53	49432	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:18.687304020 CEST	51819	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:18.687434912 CEST	61952	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:18.697698116 CEST	53	61952	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:18.698657990 CEST	53	51819	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:18.995942116 CEST	63211	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:18.996102095 CEST	63273	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:19.002850056 CEST	53	63273	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:19.002954006 CEST	53	63211	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:20.177248001 CEST	60940	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:20.177588940 CEST	56107	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:20.185025930 CEST	53	60940	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:20.185873032 CEST	53	56107	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:20.842382908 CEST	65363	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:20.842967987 CEST	63155	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:20.902714968 CEST	53	63155	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:20.902832031 CEST	53	65363	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:21.877454996 CEST	49726	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:21.877454996 CEST	64084	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:21.880017996 CEST	53	52154	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:22.444700956 CEST	53	64084	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:22.444715977 CEST	53	49726	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:23.606823921 CEST	50125	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:23.607446909 CEST	65396	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:23.660135984 CEST	53	65396	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:23.660518885 CEST	53	50125	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:25.053559065 CEST	50040	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:25.053917885 CEST	49786	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:25.395629883 CEST	53	49786	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:25.395658970 CEST	53	50040	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:26.835269928 CEST	55823	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:26.835269928 CEST	60717	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:26.837919950 CEST	57190	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:26.838126898 CEST	63025	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:26.842869043 CEST	53	55823	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:26.843030930 CEST	53	60717	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:26.844722033 CEST	53	57190	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:26.845179081 CEST	53	63025	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:30.082808018 CEST	51168	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:30.083061934 CEST	49725	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:02:30.297302961 CEST	53	49725	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:30.297364950 CEST	53	51168	1.1.1.1	192.168.2.4
Sep 6, 2024 21:02:37.986232996 CEST	138	138	192.168.2.4	192.168.2.255
Sep 6, 2024 21:03:15.406863928 CEST	53	56670	1.1.1.1	192.168.2.4
Sep 6, 2024 21:03:19.046554089 CEST	49590	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:03:19.046554089 CEST	63444	53	192.168.2.4	1.1.1.1
Sep 6, 2024 21:03:19.054805040 CEST	53	49590	1.1.1.1	192.168.2.4
Sep 6, 2024 21:03:19.054817915 CEST	53	63444	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 6, 2024 21:02:17.950028896 CEST	192.168.2.4	1.1.1.1	0xd1ba	Standard query (0)	marketing.edinburghairport.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:17.950213909 CEST	192.168.2.4	1.1.1.1	0xf064	Standard query (0)	marketing.edinburghairport.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:18.687304020 CEST	192.168.2.4	1.1.1.1	0xa808	Standard query (0)	link.sbstck.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:18.687434912 CEST	192.168.2.4	1.1.1.1	0xbe23	Standard query (0)	link.sbstck.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:18.995942116 CEST	192.168.2.4	1.1.1.1	0x4171	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:18.996102095 CEST	192.168.2.4	1.1.1.1	0xdb69	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:20.177248001 CEST	192.168.2.4	1.1.1.1	0xda26	Standard query (0)	link.mail.beehiiv.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.177588940 CEST	192.168.2.4	1.1.1.1	0x427e	Standard query (0)	link.mail.beehiiv.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:20.842382908 CEST	192.168.2.4	1.1.1.1	0x2c2e	Standard query (0)	hjedlsales-a5dfd5a92d8544c.fwtrack.co	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.842967987 CEST	192.168.2.4	1.1.1.1	0x4aff	Standard query (0)	hjedlsales-a5dfd5a92d8544c.fwtrack.co	65	IN (0x0001)	false
Sep 6, 2024 21:02:21.877454996 CEST	192.168.2.4	1.1.1.1	0xd378	Standard query (0)	aedfxxv.mypi.co	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:21.877454996 CEST	192.168.2.4	1.1.1.1	0x2f5d	Standard query (0)	aedfxxv.mypi.co	65	IN (0x0001)	false
Sep 6, 2024 21:02:23.606823921 CEST	192.168.2.4	1.1.1.1	0x801d	Standard query (0)	zenithvistaloe.ru	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:23.607446909 CEST	192.168.2.4	1.1.1.1	0x53b0	Standard query (0)	zenithvistaloe.ru	65	IN (0x0001)	false
Sep 6, 2024 21:02:25.053559065 CEST	192.168.2.4	1.1.1.1	0x62e	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:25.053917885 CEST	192.168.2.4	1.1.1.1	0x1b4e	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:26.835269928 CEST	192.168.2.4	1.1.1.1	0xa29b	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.835269928 CEST	192.168.2.4	1.1.1.1	0x61e4	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:26.837919950 CEST	192.168.2.4	1.1.1.1	0xcea5	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.838126898 CEST	192.168.2.4	1.1.1.1	0x60e1	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Sep 6, 2024 21:02:30.082808018 CEST	192.168.2.4	1.1.1.1	0xda59	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:30.083061934 CEST	192.168.2.4	1.1.1.1	0xbc47	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Sep 6, 2024 21:03:19.046554089 CEST	192.168.2.4	1.1.1.1	0xcb4f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:03:19.046554089 CEST	192.168.2.4	1.1.1.1	0xb05d	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 6, 2024 21:02:17.958506107 CEST	1.1.1.1	192.168.2.4	0xd1ba	No error (0)	marketing.edinburghairport.com		162.159.140.128	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:17.958506107 CEST	1.1.1.1	192.168.2.4	0xd1ba	No error (0)	marketing.edinburghairport.com		172.66.0.126	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:18.697698116 CEST	1.1.1.1	192.168.2.4	0xbe23	No error (0)	link.sbstck.com			65	IN (0x0001)	false
Sep 6, 2024 21:02:18.698657990 CEST	1.1.1.1	192.168.2.4	0xa808	No error (0)	link.sbstck.com		188.114.97.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:18.698657990 CEST	1.1.1.1	192.168.2.4	0xa808	No error (0)	link.sbstck.com		188.114.96.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:19.002850056 CEST	1.1.1.1	192.168.2.4	0xdb69	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 6, 2024 21:02:19.002954006 CEST	1.1.1.1	192.168.2.4	0x4171	No error (0)	www.google.com		172.217.16.132	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.185025930 CEST	1.1.1.1	192.168.2.4	0xda26	No error (0)	link.mail.beehiiv.com		104.18.68.40	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.185025930 CEST	1.1.1.1	192.168.2.4	0xda26	No error (0)	link.mail.beehiiv.com		104.18.69.40	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.185873032 CEST	1.1.1.1	192.168.2.4	0x427e	No error (0)	link.mail.beehiiv.com			65	IN (0x0001)	false
Sep 6, 2024 21:02:20.902714968 CEST	1.1.1.1	192.168.2.4	0x4aff	No error (0)	hjedlsales-a5dfd5a92d8544c.fwtrack.co	login-mec.freshsales.io		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 21:02:20.902832031 CEST	1.1.1.1	192.168.2.4	0x2c2e	No error (0)	hjedlsales-a5dfd5a92d8544c.fwtrack.co	login-mec.freshsales.io		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 21:02:20.902832031 CEST	1.1.1.1	192.168.2.4	0x2c2e	No error (0)	login-mec.freshsales.io		3.28.223.3	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.902832031 CEST	1.1.1.1	192.168.2.4	0x2c2e	No error (0)	login-mec.freshsales.io		51.112.38.231	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:20.902832031 CEST	1.1.1.1	192.168.2.4	0x2c2e	No error (0)	login-mec.freshsales.io		3.29.83.181	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:22.444715977 CEST	1.1.1.1	192.168.2.4	0xd378	No error (0)	aedfxxv.mypi.co		192.124.216.133	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:23.660135984 CEST	1.1.1.1	192.168.2.4	0x53b0	No error (0)	zenithvistaloe.ru			65	IN (0x0001)	false
Sep 6, 2024 21:02:23.660518885 CEST	1.1.1.1	192.168.2.4	0x801d	No error (0)	zenithvistaloe.ru		104.21.5.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:23.660518885 CEST	1.1.1.1	192.168.2.4	0x801d	No error (0)	zenithvistaloe.ru		172.67.132.241	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:25.395629883 CEST	1.1.1.1	192.168.2.4	0x1b4e	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Sep 6, 2024 21:02:25.395658970 CEST	1.1.1.1	192.168.2.4	0x62e	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:25.395658970 CEST	1.1.1.1	192.168.2.4	0x62e	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.842869043 CEST	1.1.1.1	192.168.2.4	0xa29b	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.842869043 CEST	1.1.1.1	192.168.2.4	0xa29b	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.843030930 CEST	1.1.1.1	192.168.2.4	0x61e4	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Sep 6, 2024 21:02:26.844722033 CEST	1.1.1.1	192.168.2.4	0xcea5	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.844722033 CEST	1.1.1.1	192.168.2.4	0xcea5	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:26.845179081 CEST	1.1.1.1	192.168.2.4	0x60e1	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Sep 6, 2024 21:02:30.297364950 CEST	1.1.1.1	192.168.2.4	0xda59	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:32.709475994 CEST	1.1.1.1	192.168.2.4	0x5fd6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 21:02:32.709475994 CEST	1.1.1.1	192.168.2.4	0x5fd6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:02:45.973268032 CEST	1.1.1.1	192.168.2.4	0xb709	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 6, 2024 21:02:45.973268032 CEST	1.1.1.1	192.168.2.4	0xb709	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:03:19.054805040 CEST	1.1.1.1	192.168.2.4	0xcb4f	No error (0)	www.google.com		142.250.74.196	A (IP address)	IN (0x0001)	false
Sep 6, 2024 21:03:19.054817915 CEST	1.1.1.1	192.168.2.4	0xb05d	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

marketing.edinburghairport.com

link.sbstck.com

https:

link.mail.beehiiv.com

challenges.cloudflare.com

zenithvistaloe.ru

aedfxxv.mypi.co

fs.microsoft.com

a.nel.cloudflare.com

hjedlsales-a5dfd5a92d8544c.fwtrack.co

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	3.28.223.3	80	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Sep 6, 2024 21:02:20.909504890 CEST	1033	OUT	GET /email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9hZWRmeHh2Lm15cGkuY28vIiwibGlvbiI6IjEzZGY3MCIsImdvcmlsbGEiOiI3NDZhNTc1NGI5IiwidGlnZXIiOiJoamVkbHNhbGVzLWE1ZGZkNWE5MmQ4NTQ0Yy5md3RyYWNrLmNvIn0sImlhdCI6MTcyNTM3MzIyOH0.D-uEmT6g96Xm0RVA6BQtLKUmx4peyc64CjEaJmYKYwE%7EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoiZmtpbmcxMDc3QGdtYWlsLmNvbSIsImNhbWVsIjoiNzQ2YTVkOWRiNyJ9LCJpYXQiOjE3MjUzNzMyMjh9.lSVYVyDDblzqBrx9vu_AFHxj2tBGZEbEMncCdiddJCE&utm_source=cindys-newsletter-28502e.beehiiv.com&utm_medium=newsletter&utm_campaign=widget HTTP/1.1 Host: hjedlsales-a5dfd5a92d8544c.fwtrack.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Sep 6, 2024 21:02:21.873681068 CEST	550	IN	HTTP/1.1 302 Found Date: Fri, 06 Sep 2024 19:02:21 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive status: 302 Found cache-control: no-cache vary: Origin x-xss-protection: 1; mode=block x-request-id: 7af65409-ca5a-4272-8059-9ac882d71041 location: https://aedfxxv.mypi.co/ x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-envoy-upstream-service-time: 108 server: istio-envoy Data Raw: 35 61 0d 0a 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 65 64 66 78 78 76 2e 6d 79 70 69 2e 63 6f 2f 22 3e 72 65 64 69 72 65 63 74 65 64 3c 2f 61 3e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 5a<html><body>You are being <a href="https://aedfxxv.mypi.co/">redirected</a>.</body></html>0
Sep 6, 2024 21:03:06.886607885 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	162.159.140.128	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:18 UTC	865	OUT	GET /4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY HTTP/1.1 Host: marketing.edinburghairport.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:18 UTC	772	IN	HTTP/1.1 302 Found Date: Fri, 06 Sep 2024 19:02:18 GMT Content-Length: 0 Connection: close location: https://link.sbstck.com:443/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY&dm_i=4QNA,A60M,5IWCT9,4I5ZG,1 Cache-Control: private, max-age=0 strict-transport-security: max-age=15724800; includeSubDomains CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=4x2.NeK19nXZKreKyBx.xddntGnGwzSM2zNa4IPwK2k-1725649338-1.0.1.1-cEAkq8vXd9ZNvElARrIFuj0lNsKjNRvDT.ZiZ3UGmJZOCQUD9Y_jUmw_YWRaGia8vcCB0TbcIgAHnurKFONGfA; path=/; expires=Fri, 06-Sep-24 19:32:18 GMT; domain=.marketing.edinburghairport.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8bf0b66daa870ca6-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	188.114.97.3	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:19 UTC	799	OUT	GET /redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY&dm_i=4QNA,A60M,5IWCT9,4I5ZG,1 HTTP/1.1 Host: link.sbstck.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:19 UTC	1260	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close set-cookie: AWSALBTG=ihCbv7dypKBu9IQOkQiTaZC5YexyKjLuAxKF2tZdiPTqeyK4tZ+x7LCweqJ4ahEgsYCux+dWD/F4TIbYLqtRYMP7EGxKXH3EsLyJbrruF0428N6nt+EqjdApiiL4ZiNCx5v9XPVKJ9TwaE2GTOJIq9PEVJ5cv8lG/c5f/VawdgzL; Expires=Fri, 13 Sep 2024 19:02:19 GMT; Path=/ set-cookie: AWSALBTGCORS=ihCbv7dypKBu9IQOkQiTaZC5YexyKjLuAxKF2tZdiPTqeyK4tZ+x7LCweqJ4ahEgsYCux+dWD/F4TIbYLqtRYMP7EGxKXH3EsLyJbrruF0428N6nt+EqjdApiiL4ZiNCx5v9XPVKJ9TwaE2GTOJIq9PEVJ5cv8lG/c5f/VawdgzL; Expires=Fri, 13 Sep 2024 19:02:19 GMT; Path=/; SameSite=None; Secure set-cookie: cookie_storage_key=a160368a-36d6-4d3f-84ba-b231b0a48b08; Max-Age=7776000; Domain=link.sbstck.com; Path=/; Expires=Thu, 05 Dec 2024 19:02:19 GMT; Secure; SameSite=None set-cookie: ajs_anonymous_id=%222e48c6e0-5147-44ca-8332-1fc3b0dc465b%22; Max-Age=31536000; Domain=link.sbstck.com; Path=/; Expires=Sat, 06 Sep 2025 19:02:19 GMT; SameSite=Strict set-cookie: visit_id=%7B%22id%22%3A%22956e5d5c-fad3-477a-be55-3948edccfbca%22%2C%22timestamp%22%3A%222024-09-06T19%3A02%3A19.860Z%22%7D; Max-Age=1800; Domain=link.sbstck.com; Path=/; Expires=Fri, 06 Sep 2024 19:32:19 GMT; HttpOnly; SameSite=Strict
2024-09-06 19:02:19 UTC	906	IN	Data Raw: 73 65 74 2d 63 6f 6f 6b 69 65 3a 20 61 62 5f 74 65 73 74 69 6e 67 5f 69 64 3d 25 32 32 6f 72 2d 63 64 65 63 36 38 32 34 2d 36 64 30 36 2d 34 30 33 66 2d 38 39 63 66 2d 64 39 34 63 62 63 33 37 66 31 64 38 25 32 32 3b 20 4d 61 78 2d 41 67 65 3d 33 31 35 33 36 30 30 30 3b 20 44 6f 6d 61 69 6e 3d 6c 69 6e 6b 2e 73 62 73 74 63 6b 2e 63 6f 6d 3b 20 50 61 74 68 3d 2f 3b 20 45 78 70 69 72 65 73 3d 53 61 74 2c 20 30 36 20 53 65 70 20 32 30 32 35 20 31 39 3a 30 32 3a 31 39 20 47 4d 54 3b 20 48 74 74 70 4f 6e 6c 79 3b 20 53 65 63 75 72 65 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 0d 0a 78 2d 70 6f 77 65 72 65 64 2d 62 79 3a 20 45 78 70 72 65 73 73 0d 0a 78 2d 73 65 72 76 65 64 2d 62 79 3a 20 53 75 62 73 74 61 63 6b 0d 0a 78 2d 63 6c 75 73 74 65 72 3a 20 73 75 62 73 Data Ascii: set-cookie: ab_testing_id=%22or-cdec6824-6d06-403f-89cf-d94cbc37f1d8%22; Max-Age=31536000; Domain=link.sbstck.com; Path=/; Expires=Sat, 06 Sep 2025 19:02:19 GMT; HttpOnly; Secure; SameSite=Laxx-powered-by: Expressx-served-by: Substackx-cluster: subs
2024-09-06 19:02:20 UTC	1369	IN	Data Raw: 63 66 30 0d 0a 3c 68 65 61 64 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 68 74 74 70 73 3a 2f 2f 6c 69 6e 6b 2e 6d 61 69 6c 2e 62 65 65 68 69 69 76 2e 63 6f 6d 2f 73 73 2f 63 2f 75 30 30 31 2e 2d 57 55 4a 42 70 55 74 49 53 72 30 52 4a 49 71 4f 6f 32 53 4e 49 6c 5f 49 6a 6b 6e 77 76 70 69 76 4e 50 49 7a 51 6e 5f 6a 67 66 4a 37 75 69 50 6e 78 6a 4a 4e 47 58 51 76 68 46 6e 4d 54 70 4a 45 59 32 6a 35 2d 64 33 78 61 59 74 35 73 62 59 43 78 34 59 4d 39 37 49 4c 43 53 6e 43 5f 6f 37 30 54 69 67 59 39 31 4c 31 6d 46 6a 67 6a 32 73 45 34 78 37 37 6f 53 56 58 65 46 45 36 31 74 52 34 37 51 56 4c 58 6d 36 42 58 70 39 37 44 33 5f 47 6c 6b 5f 69 56 66 73 Data Ascii: cf0<head><noscript><META http-equiv="refresh" content="0;URL=https://link.mail.beehiiv.com/ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFnMTpJEY2j5-d3xaYt5sbYCx4YM97ILCSnC_o70TigY91L1mFjgj2sE4x77oSVXeFE61tR47QVLXm6BXp97D3_Glk_iVfs
2024-09-06 19:02:20 UTC	1369	IN	Data Raw: 4e 66 61 50 44 71 62 61 6b 47 68 45 5a 65 55 6f 45 39 66 4b 4e 59 45 71 46 41 48 69 50 4d 55 53 33 32 32 38 49 5a 63 72 66 76 50 67 78 55 34 6b 42 66 55 4c 7a 73 54 63 33 48 66 72 77 43 30 4f 69 31 6c 70 78 47 37 42 52 65 77 39 6d 74 38 62 4e 4f 64 44 4e 31 6b 35 53 6b 53 43 41 77 43 30 78 6c 55 4f 6f 7a 6b 56 56 4f 68 79 73 52 5f 6f 79 56 44 7a 7a 4f 48 6f 50 6c 6d 75 50 4d 6e 56 64 73 33 6f 74 36 48 6e 54 72 58 4a 6f 6b 78 75 48 53 41 71 32 47 6a 71 59 58 5f 5f 57 4c 55 49 74 54 65 30 6a 34 39 36 2d 37 61 67 35 34 57 76 4d 5a 47 67 6f 71 6c 77 76 6a 4c 50 65 78 79 56 50 4b 66 44 77 4e 66 76 4a 35 78 7a 73 74 52 66 36 5f 67 68 42 54 34 36 4a 64 4f 59 69 35 59 62 59 72 67 6e 7a 72 79 56 69 4c 30 51 41 71 46 4c 6c 34 69 30 41 6f 6a 6c 6b 4f 42 7a 42 67 56 Data Ascii: NfaPDqbakGhEZeUoE9fKNYEqFAHiPMUS3228IZcrfvPgxU4kBfULzsTc3HfrwC0Oi1lpxG7BRew9mt8bNOdDN1k5SkSCAwC0xlUOozkVVOhysR_oyVDzzOHoPlmuPMnVds3ot6HnTrXJokxuHSAq2GjqYX__WLUItTe0j496-7ag54WvMZGgoqlwvjLPexyVPKfDwNfvJ5xzstRf6_ghBT46JdOYi5YbYrgnzryViL0QAqFLl4i0AojlkOBzBgV
2024-09-06 19:02:20 UTC	581	IN	Data Raw: 42 7a 42 67 56 5f 34 62 65 4a 55 51 78 34 33 41 38 4e 4a 39 43 49 58 2d 67 30 52 4f 46 36 75 38 33 49 79 4f 69 6e 70 6e 58 62 64 6d 64 66 5f 52 5a 35 6b 49 4c 36 34 36 75 59 32 51 31 35 31 5a 4a 41 52 61 4e 5f 63 70 65 43 63 72 42 32 6b 31 68 7a 52 4f 66 38 30 75 66 4e 75 4c 6f 4b 58 76 62 6f 4b 69 56 58 62 69 53 7a 70 32 58 66 33 65 2d 58 53 6e 57 36 51 54 34 38 78 49 6b 31 70 39 45 48 31 71 52 79 6c 4b 32 72 43 6c 4d 65 57 78 59 4a 41 79 45 30 6f 58 75 39 6a 4d 65 61 2d 72 6d 44 56 51 39 5f 5a 35 69 56 58 5f 4e 65 58 54 30 4d 33 39 67 47 59 74 6a 76 32 38 6c 72 6c 48 31 38 6a 45 76 6c 4e 52 64 47 45 6f 54 53 72 64 5f 70 69 74 76 4a 76 32 47 5f 4c 4e 33 57 44 6a 6f 49 71 37 46 44 6d 41 44 49 59 37 51 73 79 51 51 69 75 65 70 76 43 73 51 77 33 31 78 36 41 Data Ascii: BzBgV_4beJUQx43A8NJ9CIX-g0ROF6u83IyOinpnXbdmdf_RZ5kIL646uY2Q151ZJARaN_cpeCcrB2k1hzROf80ufNuLoKXvboKiVXbiSzp2Xf3e-XSnW6QT48xIk1p9EH1qRylK2rClMeWxYJAyE0oXu9jMea-rmDVQ9_Z5iVX_NeXT0M39gGYtjv28lrlH18jEvlNRdGEoTSrd_pitvJv2G_LN3WDjoIq7FDmADIY7QsyQQiuepvCsQw31x6A
2024-09-06 19:02:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	104.18.68.40	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:20 UTC	1703	OUT	GET /ss/c/u001.-WUJBpUtISr0RJIqOo2SNIl_IjknwvpivNPIzQn_jgfJ7uiPnxjJNGXQvhFnMTpJEY2j5-d3xaYt5sbYCx4YM97ILCSnC_o70TigY91L1mFjgj2sE4x77oSVXeFE61tR47QVLXm6BXp97D3_Glk_iVfsStGdyuQ8yUIHjEeYT1E2asaBFXMmJPMLAAqDquNfaPDqbakGhEZeUoE9fKNYEqFAHiPMUS3228IZcrfvPgxU4kBfULzsTc3HfrwC0Oi1lpxG7BRew9mt8bNOdDN1k5SkSCAwC0xlUOozkVVOhysR_oyVDzzOHoPlmuPMnVds3ot6HnTrXJokxuHSAq2GjqYX__WLUItTe0j496-7ag54WvMZGgoqlwvjLPexyVPKfDwNfvJ5xzstRf6_ghBT46JdOYi5YbYrgnzryViL0QAqFLl4i0AojlkOBzBgV_4beJUQx43A8NJ9CIX-g0ROF6u83IyOinpnXbdmdf_RZ5kIL646uY2Q151ZJARaN_cpeCcrB2k1hzROf80ufNuLoKXvboKiVXbiSzp2Xf3e-XSnW6QT48xIk1p9EH1qRylK2rClMeWxYJAyE0oXu9jMea-rmDVQ9_Z5iVX_NeXT0M39gGYtjv28lrlH18jEvlNRdGEoTSrd_pitvJv2G_LN3WDjoIq7FDmADIY7QsyQQiuepvCsQw31x6ACdBYTribIJfhQjA9uNIUwhIBnZESvhHNxmwH_kMofQcHvP-LZQ--UeCcEv-e0cJ6E6JjJQwlmcZduK6r3X3SPaMkztUR4yHWqx99wKDVHAgHzFvmte54355sjlWnR63n3xtynb9qTYKoOKuVEkSatd00xRQXz9w/49g/DYefxgmoQGy94w_K-zdAJQ/h5/h001.cQ7f9WIqPGIFfG1dCQgv9o9QPjzd4N_-OTCX-_6kE64?dm_i=4QNA%2CA60M%2C5IWCT9%2C4I5ZG%2C1&utm_source=substack&utm_medium=email [TRUNCATED] Host: link.mail.beehiiv.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://link.sbstck.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:20 UTC	1163	IN	HTTP/1.1 302 Found Date: Fri, 06 Sep 2024 19:02:20 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: http://hjedlsales-a5dfd5a92d8544c.fwtrack.co/email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9hZWRmeHh2Lm15cGkuY28vIiwibGlvbiI6IjEzZGY3MCIsImdvcmlsbGEiOiI3NDZhNTc1NGI5IiwidGlnZXIiOiJoamVkbHNhbGVzLWE1ZGZkNWE5MmQ4NTQ0Yy5md3RyYWNrLmNvIn0sImlhdCI6MTcyNTM3MzIyOH0.D-uEmT6g96Xm0RVA6BQtLKUmx4peyc64CjEaJmYKYwE%7EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoiZmtpbmcxMDc3QGdtYWlsLmNvbSIsImNhbWVsIjoiNzQ2YTVkOWRiNyJ9LCJpYXQiOjE3MjUzNzMyMjh9.lSVYVyDDblzqBrx9vu_AFHxj2tBGZEbEMncCdiddJCE&utm_source=cindys-newsletter-28502e.beehiiv.com&utm_medium=newsletter&utm_campaign=widget X-Robots-Tag: noindex, nofollow CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=VblNhaidXcCgHs0zMTRoEVDPacyf81NcbDSPCFb.9tc-1725649340-1.0.1.1-i6D4R1CEWUvDgVtWdsREReH3YjyXWt_WfSoFcTmgCawCFCvSQJAGKQUXjnPuCJX1AHfVjBfFAnj6yyiywThM7w; path=/; expires=Fri, 06-Sep-24 19:32:20 GMT; domain=.beehiiv.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8bf0b67bba7918ea-EWR
2024-09-06 19:02:20 UTC	206	IN	Data Raw: 32 39 35 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 68 6a 65 64 6c 73 61 6c 65 73 2d 61 35 64 66 64 35 61 39 32 64 38 35 34 34 63 2e 66 77 74 72 61 63 6b 2e 63 6f 2f 65 6d 61 69 6c 2f 74 72 61 63 6b 2f 63 6c 69 63 6b 3f 68 61 73 68 3d 65 79 4a 30 65 58 41 69 4f 69 4a 4b 56 31 51 69 4c 43 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 4a 39 2e 65 79 4a 6b 59 58 52 68 49 6a 70 37 49 6d 31 31 63 33 52 6f 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 5a 57 52 6d 65 48 68 32 4c 6d 31 35 63 47 6b 75 59 32 38 76 49 69 77 69 62 47 6c 76 62 69 49 36 49 6a 45 7a 5a 47 59 33 4d 43 49 73 49 6d 64 76 63 6d 6c Data Ascii: 295<a href="http://hjedlsales-a5dfd5a92d8544c.fwtrack.co/email/track/click?hash=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7Im11c3RoIjoiaHR0cHM6Ly9hZWRmeHh2Lm15cGkuY28vIiwibGlvbiI6IjEzZGY3MCIsImdvcml
2024-09-06 19:02:20 UTC	462	IN	Data Raw: 73 62 47 45 69 4f 69 49 33 4e 44 5a 68 4e 54 63 31 4e 47 49 35 49 69 77 69 64 47 6c 6e 5a 58 49 69 4f 69 4a 6f 61 6d 56 6b 62 48 4e 68 62 47 56 7a 4c 57 45 31 5a 47 5a 6b 4e 57 45 35 4d 6d 51 34 4e 54 51 30 59 79 35 6d 64 33 52 79 59 57 4e 72 4c 6d 4e 76 49 6e 30 73 49 6d 6c 68 64 43 49 36 4d 54 63 79 4e 54 4d 33 4d 7a 49 79 4f 48 30 2e 44 2d 75 45 6d 54 36 67 39 36 58 6d 30 52 56 41 36 42 51 74 4c 4b 55 6d 78 34 70 65 79 63 36 34 43 6a 45 61 4a 6d 59 4b 59 77 45 25 37 45 65 79 4a 30 65 58 41 69 4f 69 4a 4b 56 31 51 69 4c 43 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 4a 39 2e 65 79 4a 6b 59 58 52 68 49 6a 70 37 49 6d 68 76 63 6e 4e 6c 49 6a 6f 69 5a 6d 74 70 62 6d 63 78 4d 44 63 33 51 47 64 74 59 57 6c 73 4c 6d 4e 76 62 53 49 73 49 6d 4e 68 62 57 56 Data Ascii: sbGEiOiI3NDZhNTc1NGI5IiwidGlnZXIiOiJoamVkbHNhbGVzLWE1ZGZkNWE5MmQ4NTQ0Yy5md3RyYWNrLmNvIn0sImlhdCI6MTcyNTM3MzIyOH0.D-uEmT6g96Xm0RVA6BQtLKUmx4peyc64CjEaJmYKYwE%7EeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImhvcnNlIjoiZmtpbmcxMDc3QGdtYWlsLmNvbSIsImNhbWV
2024-09-06 19:02:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:21 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-06 19:02:22 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=250986 Date: Fri, 06 Sep 2024 19:02:22 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	50296	192.124.216.133	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:23 UTC	644	OUT	GET / HTTP/1.1 Host: aedfxxv.mypi.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:23 UTC	215	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 06 Sep 2024 19:02:23 GMT Server: Apache Location: https://zenithvistaloe.ru/pp4o/ Content-Length: 239 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-09-06 19:02:23 UTC	239	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 7a 65 6e 69 74 68 76 69 73 74 61 6c 6f 65 2e 72 75 2f 70 70 34 6f 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://zenithvistaloe.ru/pp4o/">here</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	50298	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:23 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-06 19:02:23 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=251054 Date: Fri, 06 Sep 2024 19:02:23 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-06 19:02:23 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	50299	104.21.5.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:24 UTC	651	OUT	GET /pp4o/ HTTP/1.1 Host: zenithvistaloe.ru Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:24 UTC	825	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close x-powered-by: PHP/7.3.33 access-control-allow-origin: * set-cookie: PHPSESSID=qrbhsh7lgblaic8j9104mkvc1c; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yh4p06wVaoF4giEvURa8TNfCgccu4AJ9yRmhEQw%2F3resLmWyJfYfByoXP51QhJJWUGhEa8cote8zGWSAKcxWTO2zhebv9fRMGgdfn53650dtC7ChA2WBkYqeLWUWB0yi4NBSGQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bf0b6931bbc0f3b-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:24 UTC	544	IN	Data Raw: 38 34 36 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e e2 81 a4 3c 2f 74 69 74 6c 65 3e 0a 09 3c 21 2d 2d 20 54 61 6b 65 20 63 61 72 65 20 6f 66 20 79 6f 75 72 20 63 61 72 20 69 6e 20 74 68 65 20 67 61 72 61 67 65 2c 20 61 6e 64 20 74 68 65 20 63 61 72 20 77 69 6c 6c 20 74 61 6b 65 20 63 61 72 65 20 6f 66 20 79 6f 75 20 6f 6e 20 74 68 65 20 72 6f 61 64 3a 20 4d 61 69 6e 74 65 6e 61 6e 63 65 20 65 6e 73 75 72 65 73 20 72 65 6c 69 61 62 69 6c 69 74 79 2e 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 Data Ascii: 846<html lang="en"><head><title></title>... Take care of your car in the garage, and the car will take care of you on the road: Maintenance ensures reliability. --><meta charset="UTF-8"><meta name="robots" content="noindex, nofollow"><met
2024-09-06 19:02:24 UTC	1369	IN	Data Raw: 73 61 6e 73 2d 73 65 72 69 66 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 65 6e 74 65 72 65 64 2d 63 6f 6e 74 65 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 7d 2e 66 73 2d 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 6d 74 2d 32 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 72 65 6d 7d 2e 6d 74 2d 35 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 72 65 6d 7d 2e 74 65 78 74 2d 6d 75 74 65 64 7b 63 6f 6c 6f 72 3a 23 36 63 37 35 37 64 7d 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f Data Ascii: sans-serif}.container{margin-top:50px;display:flex;justify-content:center}.centered-content{text-align:center;max-width:500px}.fs-5{font-size:1.25rem;display:block}.mt-2{margin-top:.5rem}.mt-5{margin-top:3rem}.text-muted{color:#6c757d}</style></head><bo
2024-09-06 19:02:24 UTC	212	IN	Data Raw: 74 75 72 65 e2 80 99 73 20 6e 75 74 72 69 74 69 6f 6e 61 6c 20 70 6f 77 65 72 68 6f 75 73 65 73 2e 3c 2f 73 70 61 6e 3e 20 2d 2d 3e 0a 09 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 61 6e 64 6c 65 73 73 28 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 66 6f 72 6d 73 5b 30 5d 2e 73 75 62 6d 69 74 28 29 3b 7d 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 3c 70 3e 49 74 e2 80 99 73 20 61 20 6e 65 76 65 72 2d 65 6e 64 69 6e 67 20 62 61 74 74 6c 65 20 6f 66 20 6d 61 6b 69 6e 67 20 79 6f 75 72 20 63 61 72 73 20 62 65 74 74 65 72 20 61 6e 64 20 61 6c 73 6f 3c 2f 70 3e 20 2d 2d 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: tures nutritional powerhouses.</span> --><script>function landless() {document.forms[0].submit();}</script>... <p>Its a never-ending battle of making your cars better and also</p> --></body></html>
2024-09-06 19:02:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	50300	104.18.94.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:25 UTC	545	OUT	GET /turnstile/v0/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://zenithvistaloe.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:26 UTC	386	IN	HTTP/1.1 302 Found Date: Fri, 06 Sep 2024 19:02:25 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/a5b175b00260/api.js Server: cloudflare CF-RAY: 8bf0b69c68690f80-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50301	104.18.94.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:26 UTC	560	OUT	GET /turnstile/v0/b/a5b175b00260/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://zenithvistaloe.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:26 UTC	471	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:26 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 45806 Connection: close accept-ranges: bytes last-modified: Mon, 02 Sep 2024 16:25:39 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8bf0b6a05add42d8-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:26 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 44 74 28 65 2c 72 2c 61 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 5f 3d 65 5b 75 5d 28 67 29 2c 73 3d 5f 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 66 29 7b 61 28 66 29 3b 72 65 74 75 72 6e 7d 5f 2e 64 6f 6e 65 3f 72 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 55 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 72 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Dt(e,r,a,o,c,u,g){try{var _=e[u](g),s=_.value}catch(f){a(f);return}_.done?r(s):Promise.resolve(s).then(o,c)}function Ut(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var u=e.apply(r,a);funct
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 54 72 28 65 2c 72 29 7b 76 61 72 20 61 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 61 2e 70 75 73 68 2e 61 70 70 6c 79 28 61 2c 6f 29 7d 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Tr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),a.push.apply(a,o)}return a}function tt(e,r){return r=r!=nu
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 72 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 50 74 28 65 29 7c 7c 56 74 28 65 2c 72 29 7c 7c 48 74 28 65 2c 72 29 7c 7c 57 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 46 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 44 65 28 65 2c 72 29 7b 76 61 72 20 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 5b 30 Data Ascii: ray$/.test(a))return rt(e,r)}}function Ae(e,r){return Pt(e)\|\|Vt(e,r)\|\|Ht(e,r)\|\|Wt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function De(e,r){var a={label:0,sent:function(){if(u[0
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 6a 74 3d 33 30 30 30 32 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 30 3b 76 61 72 20 50 65 3d 33 30 30 30 33 31 3b 76 61 72 20 6a 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var jt=300020;var Ue=300030;var Pe=300031;var j;(fu
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 70 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 52 45 4e 44 45 52 3d 22 72 65 6e 64 65 72 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 7d 29 28 70 65 7c 7c 28 70 65 3d 7b 7d 29 29 3b 76 61 72 20 6f 65 3b 28 66 75 6e Data Ascii: e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var pe;(function(e){e.RENDER="render",e.EXECUTE="execute"})(pe\|\|(pe={}));var oe;(fun
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 Data Ascii: function gt(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOverrides.offlabel),e.params._debugSitekeyOverrides.clearance_level!=="default"&&r.s
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 3d 3d 49 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 49 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 75 2c 67 3d 6b 28 4f 72 2c 28 75 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 75 21 3d 3d 76 6f 69 64 20 30 3f 75 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 5f 2c 73 3d 6b 28 43 72 2c 28 5f 3d 28 61 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 61 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c Data Ascii: ==Ie.FAILURE_FEEDBACK\|\|e.state===Ie.FAILURE_HAVING_TROUBLES,u,g=k(Or,(u=(r=e.displayLanguage)===null\|\|r===void 0?void 0:r.toLowerCase())!==null&&u!==void 0?u:"nonexistent"),_,s=k(Cr,(_=(a=e.displayLanguage)===null\|\|a===void 0?void 0:a.toLowerCase())!==nul
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 7b 72 65 74 75 72 6e 20 42 65 28 29 3f 53 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 53 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 75 2c 67 29 7b 76 61 72 20 5f 3d 5b 6e 75 6c 6c 5d 3b 5f 2e 70 75 73 68 2e 61 70 70 6c 79 28 5f 2c 75 29 3b 76 61 72 20 73 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 5f 29 2c 66 3d 6e 65 77 20 73 3b 72 65 74 75 72 6e 20 67 26 26 4a 28 66 2c 67 2e 70 72 6f 74 6f 74 79 70 65 29 2c 66 7d 2c 53 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 73 29 7d 66 75 6e 63 74 69 6f 6e 20 63 65 28 65 29 7b 72 65 74 75 72 6e 20 63 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3a 66 75 6e 63 74 69 6f 6e Data Ascii: {return Be()?Se=Reflect.construct:Se=function(c,u,g){var _=[null];_.push.apply(_,u);var s=Function.bind.apply(c,_),f=new s;return g&&J(f,g.prototype),f},Se.apply(null,arguments)}function ce(e){return ce=Object.setPrototypeOf?Object.getPrototypeOf:function
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 71 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 57 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 57 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 57 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 45 74 28 29 7b 76 61 72 20 65 3d 2f 5c 2f 74 75 72 6e 73 74 69 6c 65 5c 2f 76 30 28 5c 2f 2e 2a 29 3f 5c 2f 61 70 69 5c 2e 6a 73 2f 2c 72 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 3b 69 66 28 55 28 Data Ascii: tion b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function qe(e){return e.startsWith(We)?e.substring(We.length):null}function K(e){return"".concat(We).concat(e)}function Et(){var e=/\/turnstile\/v0(\/.*)?\/api\.js/,r=document.currentScript;if(U(
2024-09-06 19:02:26 UTC	1369	IN	Data Raw: 79 6c 65 2e 68 65 69 67 68 74 3d 62 74 28 72 29 2c 73 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 66 6c 65 78 22 2c 73 2e 73 74 79 6c 65 2e 6a 75 73 74 69 66 79 43 6f 6e 74 65 6e 74 3d 22 63 65 6e 74 65 72 22 2c 73 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 72 65 6c 61 74 69 76 65 22 2c 73 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 32 30 22 2c 73 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3d 22 23 66 66 66 66 66 66 22 2c 73 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 52 61 64 69 75 73 3d 22 35 70 78 22 2c 73 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 70 78 22 2c 73 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 70 78 22 2c 73 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 3d 22 68 69 64 64 65 6e 22 3b 76 61 Data Ascii: yle.height=bt(r),s.style.display="flex",s.style.justifyContent="center",s.style.position="relative",s.style.zIndex="21474836420",s.style.backgroundColor="#ffffff",s.style.borderRadius="5px",s.style.left="0px",s.style.top="0px",s.style.overflow="hidden";va

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50303	104.18.95.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:27 UTC	800	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://zenithvistaloe.ru/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:27 UTC	1362	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 74749 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-opener-policy: same-origin accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin cross-origin-embedder-policy: require-corp origin-agent-cluster: ?1 cross-origin-resource-policy: cross-origin content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' document-policy: js-profiling
2024-09-06 19:02:27 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 62 66 30 62 36 61 35 36 62 66 64 37 64 30 65 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8bf0b6a56bfd7d0e-EWRalt-svc: h3=":443"; ma=86400
2024-09-06 19:02:27 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 28 31 2e 35 29 3b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 7d 0a 20 20 31 30 30 25 20 7b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 32 29 3b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 0a 20 20 7d 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 66 69 72 65 77 6f 72 6b 20 7b 0a 20 20 30 25 20 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 0a 20 20 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 38 3b 20 2f 2a 20 6c 65 6e 67 74 68 20 2a 2f 0a 20 20 7d 0a 20 20 33 30 25 20 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 7d 0a 20 20 31 30 30 25 20 7b 0a 20 20 20 20 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 20 2d 38 3b 20 2f 2a 20 6c 65 6e 67 74 68 20 2a 2f 0a 20 20 7d 0a 7d 0a 40 Data Ascii: (1.5); opacity: 1; } 100% { transform: scale(2); opacity: 0; }}@keyframes firework { 0% { opacity: 0; stroke-dashoffset: 8; /* length / } 30% { opacity: 1; } 100% { stroke-dashoffset: -8; / length */ }}@
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 65 78 3b 0a 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 36 70 78 20 30 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 7d 0a 0a 23 73 70 69 6e 6e 65 72 2d 69 63 6f 6e 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 33 30 70 78 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 35 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 0a 7d 0a 0a 23 66 61 69 6c 2d 69 63 6f 6e 2c 20 23 6f 76 65 72 72 75 6e 2d 69 63 6f 6e 20 7b 0a 20 20 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 33 30 70 78 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 Data Ascii: ex; flex-direction: column; margin: 0 16px 0 0; text-align: right;}#spinner-icon { display: flex; width: 30px; height: 30px; animation: spin 5s linear infinite;}#fail-icon, #overrun-icon { width: 30px; height: 30px; display: flex
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 74 65 72 6c 69 6d 69 74 3a 20 31 30 3b 0a 20 20 73 74 72 6f 6b 65 3a 20 23 30 33 38 31 32 37 3b 0a 20 20 66 69 6c 6c 3a 20 23 30 33 38 31 32 37 3b 0a 7d 0a 0a 23 6f 76 65 72 72 75 6e 2d 74 65 78 74 2c 0a 23 74 69 6d 65 6f 75 74 2d 74 65 78 74 2c 0a 23 65 78 70 69 72 65 64 2d 74 65 78 74 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 7d 0a 0a 23 74 69 6d 65 6f 75 74 2d 72 65 66 72 65 73 68 2d 6c 69 6e 6b 2c 0a 23 65 78 70 69 72 65 64 2d 74 65 78 74 2c 0a 23 74 69 6d 65 6f 75 74 2d 74 65 78 74 2c 0a 23 65 78 70 69 72 65 64 2d 72 65 66 72 65 73 68 2d 6c 69 6e 6b 2c 0a 23 6f Data Ascii: terlimit: 10; stroke: #038127; fill: #038127;}#overrun-text,#timeout-text,#expired-text { margin: 0; text-align: inherit; font-size: 14px; font-weight: 400;}#timeout-refresh-link,#expired-text,#timeout-text,#expired-refresh-link,#o
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 6b 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 76 69 73 69 74 65 64 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 6c 69 6e 6b 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 62 62 62 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 68 6f 76 65 72 2c 20 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 61 63 74 69 76 65 2c 20 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 66 6f 63 75 73 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 Data Ascii: k,.theme-dark #challenge-error-text a:visited,.theme-dark #challenge-error-text a:link { color: #bbb;}.theme-dark #challenge-overlay a:hover, .theme-dark #challenge-overlay a:active, .theme-dark #challenge-overlay a:focus,.theme-dark #challenge-err
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 74 65 72 6d 73 20 61 3a 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 39 34 39 34 39 34 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 37 39 37 39 37 39 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 33 32 33 32 33 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 71 72 20 7b 0a 20 20 66 69 6c 6c 3a 20 72 67 62 28 32 34 33 2c 20 31 32 38 2c 20 33 32 29 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 20 7b 0a 20 20 66 69 6c 6c 3a 20 23 66 66 66 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 20 7b 0a 20 20 63 6f Data Ascii: .theme-dark #terms a:focus { color: #949494;}.theme-dark #content { border-color: #797979; background-color: #232323;}.theme-dark #qr { fill: rgb(243, 128, 32);}.theme-dark .logo-text { fill: #fff;}.theme-dark #fr-helper-loop-link { co
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 66 61 32 39 39 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 61 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 66 61 32 39 39 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 61 3a 6c 69 6e 6b 2c 20 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 20 61 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 66 61 32 39 39 3b 0a 7d 0a 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 7b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 74 6f 70 3a 20 30 3b 0a 20 20 7a 2d Data Ascii: }.theme-dark .error-message { color: #ffa299;}.theme-dark .error-message a { color: #ffa299;}.theme-dark .error-message a:link, .theme-dark .error-message a:visited { color: #ffa299;}#challenge-overlay { position: absolute; top: 0; z-
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 77 69 64 74 68 3a 20 32 34 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 2e 63 62 2d 69 2c 20 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 61 63 74 69 76 65 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 63 34 34 64 30 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 20 73 63 61 6c 65 28 31 29 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 Data Ascii: margin: 0; cursor: pointer; width: 24px; height: 24px;}.cb-lb input:focus ~ .cb-i, .cb-lb input:active ~ .cb-i { border: 2px solid #c44d0e;}.cb-lb input:checked ~ .cb-i { transform: rotate(0deg) scale(1); opacity: 1; border-radius: 5px
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 74 3a 20 32 35 70 78 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 66 6c 65 78 2d 66 6c 6f 77 3a 20 72 6f 77 2d 72 65 76 65 72 73 65 20 77 72 61 70 3b 0a 20 20 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 20 66 6c 65 78 2d 73 74 61 72 74 3b 0a 20 20 61 6c 69 67 6e 2d 73 65 6c 66 3a 20 66 6c 65 78 2d 65 6e 64 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 32 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 65 72 6d 73 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 71 72 20 7b 0a Data Ascii: t: 25px;}.size-compact #branding { flex-flow: row-reverse wrap; place-content: center flex-start; align-self: flex-end; margin: 0 12px; padding-right: 0; text-align: right;}.size-compact #terms { text-align: right;}.size-compact #qr {

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	50304	104.18.95.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:27 UTC	383	OUT	GET /turnstile/v0/b/a5b175b00260/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:27 UTC	471	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:27 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 45806 Connection: close accept-ranges: bytes last-modified: Mon, 02 Sep 2024 16:25:39 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8bf0b6a57c784269-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 44 74 28 65 2c 72 2c 61 2c 6f 2c 63 2c 75 2c 67 29 7b 74 72 79 7b 76 61 72 20 5f 3d 65 5b 75 5d 28 67 29 2c 73 3d 5f 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 66 29 7b 61 28 66 29 3b 72 65 74 75 72 6e 7d 5f 2e 64 6f 6e 65 3f 72 28 73 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 73 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 55 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 72 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Dt(e,r,a,o,c,u,g){try{var _=e[u](g),s=_.value}catch(f){a(f);return}_.done?r(s):Promise.resolve(s).then(o,c)}function Ut(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var u=e.apply(r,a);funct
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 74 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 56 74 28 65 2c 72 29 7b 76 61 72 20 61 3d 65 3d 3d 6e 75 6c 6c 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 7c 7c 65 5b 22 40 40 69 74 65 72 61 74 6f 72 22 5d 3b 69 66 28 61 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 6f 3d 5b 5d 2c 63 3d 21 30 2c 75 3d 21 31 2c 67 2c 5f 3b 74 72 79 7b 66 6f 72 28 61 3d 61 2e 63 61 6c 6c 28 65 29 3b 21 28 63 3d 28 67 3d 61 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 29 26 26 28 6f 2e 70 75 73 68 28 67 2e 76 61 6c 75 65 29 2c 21 28 72 26 26 6f 2e 6c 65 6e 67 74 68 3d 3d 3d 72 29 29 3b 63 3d 21 30 29 Data Ascii: t(e){if(Array.isArray(e))return e}function Vt(e,r){var a=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(a!=null){var o=[],c=!0,u=!1,g,_;try{for(a=a.call(e);!(c=(g=a.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0)
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 73 28 66 29 7b 69 66 28 6f 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 67 26 26 28 67 3d 30 2c 66 5b 30 5d 26 26 28 61 3d 30 29 29 2c 61 3b 29 74 72 79 7b 69 66 28 6f 3d 31 2c 63 26 26 28 75 3d 66 5b 30 5d 26 32 3f 63 2e 72 65 74 75 72 6e 3a 66 5b 30 5d 3f 63 2e 74 68 72 6f 77 7c 7c 28 28 75 3d 63 2e 72 65 74 75 72 6e 29 26 26 75 2e 63 61 6c 6c 28 63 29 2c 30 29 3a 63 2e 6e 65 78 74 29 26 26 21 28 75 3d 75 2e 63 61 6c 6c 28 63 2c 66 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 75 3b 73 77 69 74 63 68 28 63 3d 30 2c 75 26 26 28 66 3d 5b 66 5b 30 5d 26 32 2c 75 2e 76 61 6c Data Ascii: ])}}function s(f){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,f[0]&&(a=0)),a;)try{if(o=1,c&&(u=f[0]&2?c.return:f[0]?c.throw\|\|((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,f[1])).done)return u;switch(c=0,u&&(f=[f[0]&2,u.val
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 29 29 3b 76 61 72 20 56 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 2c 65 2e 4c 49 47 48 54 3d 22 6c 69 67 68 74 22 2c 65 2e 44 41 52 4b 3d 22 64 61 72 6b 22 7d 29 28 56 65 7c 7c 28 56 65 3d 7b 7d 29 29 3b 76 61 72 20 49 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 46 41 49 4c 55 52 45 5f 57 4f 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 66 61 69 6c 75 72 65 2d 77 6f 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 66 61 69 6c 75 72 65 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 3d 22 66 61 69 6c 75 72 65 2d 66 65 65 64 62 61 63 6b 22 2c 65 2e 46 41 49 Data Ascii: ));var Ve;(function(e){e.AUTO="auto",e.LIGHT="light",e.DARK="dark"})(Ve\|\|(Ve={}));var Ie;(function(e){e.FAILURE_WO_HAVING_TROUBLES="failure-wo-having-troubles",e.FAILURE_HAVING_TROUBLES="failure-having-troubles",e.FAILURE_FEEDBACK="failure-feedback",e.FAI
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 6b 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 64 65 78 4f 66 28 72 29 21 3d 3d 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 29 7b 72 65 74 75 72 6e 20 6b 28 5b 22 61 75 74 6f 22 2c 22 64 61 72 6b 22 2c 22 6c 69 67 68 74 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 29 7b 72 65 74 75 72 6e 20 6b 28 5b 22 61 75 74 6f 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 39 65 35 7d 66 75 6e 63 74 69 6f 6e 20 63 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 33 36 65 34 7d 76 61 72 20 52 72 3d 2f 5e 5b 30 2d 39 41 2d 5a 61 2d 7a 5f 2d 5d 7b 33 2c 31 30 30 7d 24 2f 3b 66 75 6e 63 74 69 6f 6e 20 71 74 28 65 29 7b 72 65 74 75 72 6e Data Ascii: unction k(e,r){return e.indexOf(r)!==-1}function nt(e){return k(["auto","dark","light"],e)}function it(e){return k(["auto","never"],e)}function ot(e){return e>0&&e<9e5}function ct(e){return e>0&&e<36e4}var Rr=/^[0-9A-Za-z_-]{3,100}$/;function qt(e){return
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 5f 72 65 73 70 6f 6e 73 65 22 2c 4a 74 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 22 2c 5a 74 3d 22 67 2d 72 65 63 61 70 74 63 68 61 2d 72 65 73 70 6f 6e 73 65 22 2c 65 72 3d 38 65 33 2c 5f 74 3d 22 70 72 69 76 61 74 65 2d 74 6f 6b 65 6e 22 2c 74 72 3d 33 2c 72 72 3d 35 30 30 2c 61 72 3d 35 30 30 2c 59 3d 22 30 2f 30 22 3b 76 61 72 20 4f 72 3d 5b 22 62 67 2d 62 67 22 2c 22 64 61 2d 64 6b 22 2c 22 64 65 2d 64 65 22 2c 22 65 6c 2d 67 72 22 2c 22 6a 61 2d 6a 70 22 2c 22 6d 73 2d 6d 79 22 2c 22 72 75 2d 72 75 22 2c 22 73 6b 2d 73 6b 22 2c 22 73 6c 2d 73 69 22 2c 22 73 72 2d 62 61 22 2c 22 74 6c 2d 70 68 22 2c 22 75 6b 2d 75 61 22 5d 2c 43 72 3d 5b 22 61 72 2d 65 67 22 2c 22 65 73 2d 65 73 22 2c 22 63 73 2d 63 7a Data Ascii: allenge_response",Jt="cf-turnstile-response",Zt="g-recaptcha-response",er=8e3,_t="private-token",tr=3,rr=500,ar=500,Y="0/0";var Or=["bg-bg","da-dk","de-de","el-gr","ja-jp","ms-my","ru-ru","sk-sk","sl-si","sr-ba","tl-ph","uk-ua"],Cr=["ar-eg","es-es","cs-cz
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 72 46 65 65 64 62 61 63 6b 2c 6f 3d 65 2e 69 73 4d 6f 64 65 72 61 74 65 6c 79 56 65 72 62 6f 73 65 3b 72 65 74 75 72 6e 20 61 26 26 72 3f 22 35 34 30 70 78 22 3a 61 26 26 6f 3f 22 35 30 30 70 78 22 3a 61 3f 22 34 38 30 70 78 22 3a 72 3f 22 36 35 30 70 78 22 3a 6f 3f 22 35 39 30 70 78 22 3a 22 35 37 30 70 78 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 48 65 28 65 29 7b 69 66 28 65 3d 3d 3d 76 6f 69 64 20 30 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 72 72 6f 72 28 22 74 68 69 73 20 68 61 73 6e 27 74 20 62 65 65 6e 20 69 6e 69 74 69 61 6c 69 73 65 64 20 2d 20 73 75 70 65 72 28 29 20 68 61 73 6e 27 74 20 62 65 65 6e 20 63 61 6c 6c 65 64 22 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6e 72 28 65 2c 72 29 7b 69 66 28 21 55 28 65 2c Data Ascii: rFeedback,o=e.isModeratelyVerbose;return a&&r?"540px":a&&o?"500px":a?"480px":r?"650px":o?"590px":"570px"};function He(e){if(e===void 0)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}function nr(e,r){if(!U(e,
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 66 28 6f 3d 3d 3d 6e 75 6c 6c 7c 7c 21 6f 72 28 6f 29 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 74 79 70 65 6f 66 20 6f 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 74 79 70 65 6f 66 20 72 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 69 66 28 72 2e 68 61 73 28 6f 29 29 72 65 74 75 72 6e 20 72 2e 67 65 74 28 6f 29 3b 72 2e 73 65 74 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 72 65 74 75 72 6e 20 53 65 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 63 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 7d 72 65 74 75 72 6e 20 Data Ascii: f(o===null\|\|!or(o))return o;if(typeof o!="function")throw new TypeError("Super expression must either be null or a function");if(typeof r!="undefined"){if(r.has(o))return r.get(o);r.set(o,c)}function c(){return Se(o,arguments,ce(this).constructor)}return
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 72 69 70 74 20 74 61 67 2c 20 73 6f 6d 65 20 66 65 61 74 75 72 65 73 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 34 33 37 37 37 29 3b 76 61 72 20 72 3d 7b 6c 6f 61 64 65 64 41 73 79 6e 63 3a 21 31 2c 70 61 72 61 6d 73 3a 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 7d 3b 28 65 2e 61 73 79 6e 63 7c 7c 65 2e 64 65 66 65 72 29 26 26 28 72 2e 6c 6f 61 64 65 64 41 73 79 6e 63 3d 21 30 29 3b 76 61 72 20 61 3d 65 2e 73 72 63 2c 6f 3d 61 2e 73 70 6c 69 74 28 22 3f 22 29 3b 72 65 74 75 72 6e 20 6f 2e 6c 65 6e 67 74 68 3e 31 26 26 28 72 2e 70 61 72 61 6d 73 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 6f 5b 31 5d 29 29 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 56 28 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 70 Data Ascii: ript tag, some features may not be available",43777);var r={loadedAsync:!1,params:new URLSearchParams};(e.async\|\|e.defer)&&(r.loadedAsync=!0);var a=e.src,o=a.split("?");return o.length>1&&(r.params=new URLSearchParams(o[1])),r}function V(){return typeof p
2024-09-06 19:02:27 UTC	1369	IN	Data Raw: 22 29 2c 66 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 63 72 6f 6c 6c 69 6e 67 22 2c 22 6e 6f 22 29 2c 66 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 57 69 64 74 68 3d 22 30 70 78 22 2c 66 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 30 30 25 22 2c 66 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 30 30 25 22 2c 66 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 3d 22 68 69 64 64 65 6e 22 3b 76 61 72 20 45 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 4e 53 28 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 2c 22 73 76 67 22 29 3b 45 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 45 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 32 36 70 78 22 2c 45 2e 73 74 79 6c 65 2e Data Ascii: "),f.setAttribute("scrolling","no"),f.style.borderWidth="0px",f.style.width="100%",f.style.height="100%",f.style.overflow="hidden";var E=document.createElementNS("http://www.w3.org/2000/svg","svg");E.style.position="absolute",E.style.width="26px",E.style.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50305	104.18.95.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:27 UTC	730	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8bf0b6a56bfd7d0e&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:28 UTC	331	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:28 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 114265 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8bf0b6a95bd441ef-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:28 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 65 74 62 41 56 35 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.etbAV5={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"http
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 6c 79 20 73 75 62 6d 69 74 74 65 64 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 6c 6f 6e 67 65 72 5f 74 68 61 6e 5f 65 78 70 65 63 74 65 64 22 3a 22 25 33 43 61 25 32 30 68 72 65 66 25 33 44 25 32 32 25 32 33 25 32 32 25 32 30 63 6c 61 73 73 25 33 44 25 32 32 72 65 66 72 65 73 68 5f 6c 69 6e 6b 25 32 32 25 33 45 52 65 66 72 65 73 68 25 33 43 25 32 46 61 25 33 45 22 2c 22 68 75 6d 61 6e 5f 62 75 74 74 6f 6e 5f 74 65 78 74 22 3a 22 56 65 72 69 66 79 25 32 30 79 6f 75 25 32 30 61 72 65 25 32 30 68 75 6d 61 6e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 76 65 72 69 66 79 69 6e 67 22 3a 22 56 65 72 69 66 79 69 6e 67 2e 2e 2e 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 66 65 65 64 62 61 63 6b 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 53 65 6e 64 25 32 30 46 65 65 64 62 61 Data Ascii: ly submitted","turnstile_longer_than_expected":"%3Ca%20href%3D%22%23%22%20class%3D%22refresh_link%22%3ERefresh%3C%2Fa%3E","human_button_text":"Verify%20you%20are%20human","turnstile_verifying":"Verifying...","turnstile_feedback_description":"Send%20Feedba
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 72 73 65 49 6e 74 28 67 48 28 31 30 30 36 29 29 2f 31 30 29 2c 64 3d 3d 3d 66 29 62 72 65 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 36 30 33 38 35 34 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 49 28 31 32 39 38 29 5d 2c 65 4f 3d 66 75 6e 63 74 69 6f 6e 28 67 4a 2c 64 2c 65 2c 66 2c 67 29 7b 72 65 74 75 72 6e 20 67 4a 3d 67 49 2c 64 3d 7b 27 52 6e 43 41 72 27 3a 67 4a 28 38 30 33 29 2c 27 45 6a 65 75 58 27 3a 67 4a 28 36 35 37 29 2c 27 5a 53 4d 74 6d 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 5e 68 7d 2c 27 52 6a 77 55 74 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 Data Ascii: rseInt(gH(1006))/10),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,603854),eM=this\|\|self,eN=eM[gI(1298)],eO=function(gJ,d,e,f,g){return gJ=gI,d={'RnCAr':gJ(803),'EjeuX':gJ(657),'ZSMtm':function(h,i){return i^h},'RjwUt':function(h,i){re
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 29 7d 2c 27 61 6e 43 54 4b 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 57 64 4d 58 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 76 61 64 51 66 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 69 7d 2c 27 75 50 51 76 54 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 6a 64 59 4b 73 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 70 65 67 49 61 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 26 68 7d 2c 27 46 74 58 59 52 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 69 7d 2c 27 46 68 7a 7a 4d 27 3a 66 75 Data Ascii: )},'anCTK':function(h,i){return h(i)},'WdMXZ':function(h,i){return h(i)},'vadQf':function(h,i){return h!=i},'uPQvT':function(h,i){return h>i},'jdYKs':function(h,i){return i==h},'pegIa':function(h,i){return i&h},'FtXYR':function(h,i){return h<i},'FhzzM':fu
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 62 6a 65 63 74 5b 67 4d 28 31 35 36 39 29 5d 5b 67 4d 28 31 35 33 35 29 5d 5b 67 4d 28 31 36 36 33 29 5d 28 78 2c 4c 29 29 43 3d 4c 3b 65 6c 73 65 7b 69 66 28 4f 62 6a 65 63 74 5b 67 4d 28 31 35 36 39 29 5d 5b 67 4d 28 31 35 33 35 29 5d 5b 67 4d 28 31 36 36 33 29 5d 28 42 2c 43 29 29 7b 69 66 28 64 5b 67 4d 28 31 35 37 36 29 5d 21 3d 3d 67 4d 28 31 36 35 34 29 29 7b 69 66 28 64 5b 67 4d 28 31 33 34 32 29 5d 28 32 35 36 2c 43 5b 67 4d 28 31 31 33 36 29 5d 28 30 29 29 29 7b 66 6f 72 28 73 3d 30 3b 64 5b 67 4d 28 38 39 37 29 5d 28 73 2c 46 29 3b 48 3c 3c 3d 31 2c 64 5b 67 4d 28 31 30 37 32 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 67 4d 28 38 30 34 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d 43 5b 67 4d 28 Data Ascii: bject[gM(1569)][gM(1535)][gM(1663)](x,L))C=L;else{if(Object[gM(1569)][gM(1535)][gM(1663)](B,C)){if(d[gM(1576)]!==gM(1654)){if(d[gM(1342)](256,C[gM(1136)](0))){for(s=0;d[gM(897)](s,F);H<<=1,d[gM(1072)](I,j-1)?(I=0,G[gM(804)](o(H)),H=0):I++,s++);for(M=C[gM(
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 28 4d 2c 31 29 2c 6a 2d 31 3d 3d 49 3f 28 49 3d 30 2c 47 5b 67 4d 28 38 30 34 29 5d 28 64 5b 67 4d 28 37 32 34 29 5d 28 6f 2c 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3e 3e 3d 31 2c 73 2b 2b 29 3b 7d 7d 65 6c 73 65 20 69 66 28 67 4d 28 31 36 30 30 29 21 3d 3d 64 5b 67 4d 28 31 30 31 34 29 5d 29 7b 69 66 28 46 5b 67 4d 28 36 34 32 29 5d 29 72 65 74 75 72 6e 3b 47 5b 67 4d 28 36 34 32 29 5d 3d 21 21 5b 5d 7d 65 6c 73 65 7b 66 6f 72 28 4d 3d 31 2c 73 3d 30 3b 64 5b 67 4d 28 37 36 34 29 5d 28 73 2c 46 29 3b 48 3d 64 5b 67 4d 28 39 35 38 29 5d 28 48 2c 31 29 7c 4d 2c 64 5b 67 4d 28 31 35 38 31 29 5d 28 49 2c 6a 2d 31 29 3f 28 49 3d 30 2c 47 5b 67 4d 28 38 30 34 29 5d 28 6f 28 48 29 29 2c 48 3d 30 29 3a 49 2b 2b 2c 4d 3d 30 2c 73 2b 2b 29 3b 66 6f 72 28 4d 3d Data Ascii: (M,1),j-1==I?(I=0,G[gM(804)](d[gM(724)](o,H)),H=0):I++,M>>=1,s++);}}else if(gM(1600)!==d[gM(1014)]){if(F[gM(642)])return;G[gM(642)]=!![]}else{for(M=1,s=0;d[gM(764)](s,F);H=d[gM(958)](H,1)\|M,d[gM(1581)](I,j-1)?(I=0,G[gM(804)](o(H)),H=0):I++,M=0,s++);for(M=
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 28 48 3d 6a 2c 47 3d 64 5b 67 50 28 35 37 33 29 5d 28 6f 2c 49 2b 2b 29 29 2c 4a 7c 3d 28 64 5b 67 50 28 34 37 36 29 5d 28 30 2c 4c 29 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 4d 3d 65 28 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 67 50 28 31 31 32 32 29 5d 28 32 2c 31 36 29 2c 46 3d 31 3b 64 5b 67 50 28 31 31 37 30 29 5d 28 46 2c 4b 29 3b 4c 3d 48 26 47 2c 48 3e 3e 3d 31 2c 30 3d 3d 48 26 26 28 48 3d 6a 2c 47 3d 6f 28 49 2b 2b 29 29 2c 4a 7c 3d 46 2a 28 30 3c 4c 3f 31 3a 30 29 2c 46 3c 3c 3d 31 29 3b 4d 3d 65 28 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 27 27 7d 66 6f 72 28 45 3d 73 5b 33 5d 3d 4d 2c 44 5b 67 50 28 38 30 34 29 5d 28 4d 29 3b 3b 29 7b 69 66 28 64 5b 67 50 28 37 Data Ascii: (H=j,G=d[gP(573)](o,I++)),J\|=(d[gP(476)](0,L)?1:0)F,F<<=1);M=e(J);break;case 1:for(J=0,K=Math[gP(1122)](2,16),F=1;d[gP(1170)](F,K);L=H&G,H>>=1,0==H&&(H=j,G=o(I++)),J\|=F(0<L?1:0),F<<=1);M=e(J);break;case 2:return''}for(E=s[3]=M,D[gP(804)](M);;){if(d[gP(7
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 67 3d 2d 31 3b 21 66 5b 68 69 28 34 35 34 29 5d 28 69 73 4e 61 4e 2c 6b 3d 63 5b 68 69 28 31 31 33 36 29 5d 28 2b 2b 67 29 29 3b 69 5b 68 69 28 38 30 34 29 5d 28 53 74 72 69 6e 67 5b 68 69 28 31 36 39 30 29 5d 28 28 28 6b 26 32 35 35 2e 30 36 29 2d 68 2d 67 25 36 35 35 33 35 2b 36 35 35 33 35 29 25 32 35 35 29 29 29 3b 72 65 74 75 72 6e 20 69 5b 68 69 28 31 35 38 35 29 5d 28 27 27 29 7d 2c 66 30 3d 5b 5d 2c 66 31 3d 30 3b 32 35 36 3e 66 31 3b 66 30 5b 66 31 5d 3d 53 74 72 69 6e 67 5b 67 49 28 31 36 39 30 29 5d 28 66 31 29 2c 66 31 2b 2b 29 3b 66 32 3d 28 30 2c 65 76 61 6c 29 28 67 49 28 37 34 36 29 29 2c 66 33 3d 61 74 6f 62 28 67 49 28 31 32 31 35 29 29 2c 66 74 3d 7b 7d 2c 66 74 5b 67 49 28 31 30 30 33 29 5d 3d 27 6f 27 2c 66 74 5b 67 49 28 31 36 35 32 Data Ascii: g=-1;!f[hi(454)](isNaN,k=c[hi(1136)](++g));i[hi(804)](String[hi(1690)](((k&255.06)-h-g%65535+65535)%255)));return i[hi(1585)]('')},f0=[],f1=0;256>f1;f0[f1]=String[gI(1690)](f1),f1++);f2=(0,eval)(gI(746)),f3=atob(gI(1215)),ft={},ft[gI(1003)]='o',ft[gI(1652
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 34 34 33 29 5b 67 49 28 33 32 38 29 5d 28 27 3b 27 29 2c 66 7a 3d 66 79 5b 67 49 28 31 35 33 39 29 5d 5b 67 49 28 39 33 33 29 5d 28 66 79 29 2c 65 4d 5b 67 49 28 31 30 35 39 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 69 2c 68 54 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 29 7b 66 6f 72 28 68 54 3d 67 49 2c 6a 3d 7b 7d 2c 6a 5b 68 54 28 31 36 37 36 29 5d 3d 68 54 28 31 35 39 30 29 2c 6a 5b 68 54 28 37 33 39 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 73 2c 76 29 7b 72 65 74 75 72 6e 20 73 2b 76 7d 2c 6a 5b 68 54 28 35 31 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 73 2c 76 29 7b 72 65 74 75 72 6e 20 76 3d 3d 3d 73 7d 2c 6a 5b 68 54 28 35 32 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 73 2c 76 29 7b 72 65 74 75 72 6e 20 73 3c 76 7d 2c 6a 5b 68 54 28 35 34 32 29 5d 3d 66 75 6e 63 74 Data Ascii: 443)[gI(328)](';'),fz=fy[gI(1539)][gI(933)](fy),eM[gI(1059)]=function(h,i,hT,j,k,l,m,n,o){for(hT=gI,j={},j[hT(1676)]=hT(1590),j[hT(739)]=function(s,v){return s+v},j[hT(516)]=function(s,v){return v===s},j[hT(525)]=function(s,v){return s<v},j[hT(542)]=funct
2024-09-06 19:02:28 UTC	1369	IN	Data Raw: 2c 6a 5b 68 58 28 38 30 36 29 5d 3d 68 58 28 36 39 37 29 2c 6a 5b 68 58 28 31 32 34 38 29 5d 3d 68 58 28 38 38 30 29 2c 6a 5b 68 58 28 39 34 36 29 5d 3d 68 58 28 33 39 38 29 2c 6a 5b 68 58 28 31 33 34 30 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 47 29 7b 72 65 74 75 72 6e 20 46 2b 47 7d 2c 6a 29 3b 74 72 79 7b 69 66 28 6c 3d 69 7c 7c 68 58 28 31 31 37 37 29 2c 6d 3d 65 4d 5b 68 58 28 35 32 32 29 5d 5b 68 58 28 31 34 37 39 29 5d 3f 27 68 2f 27 2b 65 4d 5b 68 58 28 35 32 32 29 5d 5b 68 58 28 31 34 37 39 29 5d 2b 27 2f 27 3a 27 27 2c 6e 3d 6b 5b 68 58 28 37 32 37 29 5d 28 6b 5b 68 58 28 35 32 33 29 5d 28 6b 5b 68 58 28 35 36 37 29 5d 28 6b 5b 68 58 28 33 34 36 29 5d 28 6b 5b 68 58 28 31 34 39 38 29 5d 28 6b 5b 68 58 28 31 31 35 35 29 5d 2b 6d 2c 6b 5b 68 58 Data Ascii: ,j[hX(806)]=hX(697),j[hX(1248)]=hX(880),j[hX(946)]=hX(398),j[hX(1340)]=function(F,G){return F+G},j);try{if(l=i\|\|hX(1177),m=eM[hX(522)][hX(1479)]?'h/'+eM[hX(522)][hX(1479)]+'/':'',n=k[hX(727)](k[hX(523)](k[hX(567)](k[hX(346)](k[hX(1498)](k[hX(1155)]+m,k[hX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50306	104.18.95.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:28 UTC	795	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4s8a6/0x4AAAAAAAicu_ya5fIOVIDH/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:28 UTC	240	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:28 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8bf0b6ae6e561a03-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:28 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50307	104.21.5.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:29 UTC	641	OUT	GET /favicon.ico HTTP/1.1 Host: zenithvistaloe.ru Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://zenithvistaloe.ru/pp4o/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=qrbhsh7lgblaic8j9104mkvc1c
2024-09-06 19:02:29 UTC	659	IN	HTTP/1.1 404 Not Found Date: Fri, 06 Sep 2024 19:02:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8bf0b6b26f3fc431-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:29 UTC	710	IN	Data Raw: 34 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f Data Ascii: 4e0<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</
2024-09-06 19:02:29 UTC	545	IN	Data Raw: 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 Data Ascii: The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px
2024-09-06 19:02:29 UTC	6	IN	Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1
2024-09-06 19:02:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50308	104.18.95.41	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:29 UTC	438	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:29 UTC	240	IN	HTTP/1.1 200 OK Date: Fri, 06 Sep 2024 19:02:29 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8bf0b6b349400ca1-EWR alt-svc: h3=":443"; ma=86400
2024-09-06 19:02:29 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50309	35.190.80.1	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:30 UTC	546	OUT	OPTIONS /report/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://zenithvistaloe.ru Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:30 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Fri, 06 Sep 2024 19:02:30 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50311	35.190.80.1	443	3484	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-06 19:02:31 UTC	486	OUT	POST /report/v4?s=NtRJRb0PcehgiuHRvLY7RZgtUR%2FywI95MO07kVm9VPhzxTqaCNIJ9T6HiLMVSvlW5m6sIV%2B8oLYOez2p3SpgHJo5WWZYd%2BzFfu7ZH1YjzJ1hIYM84hAz%2FQ5pgy4ytiZdMDik9A%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 429 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-06 19:02:31 UTC	429	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 33 34 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 38 34 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 7a 65 6e 69 74 68 76 69 73 74 61 6c 6f 65 2e 72 75 2f 70 70 34 6f 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 35 2e 34 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c Data Ascii: [{"age":340,"body":{"elapsed_time":847,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://zenithvistaloe.ru/pp4o/","sampling_fraction":1.0,"server_ip":"104.21.5.41","status_code":404,"type":"http.error"},"type":"network-error",
2024-09-06 19:02:31 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Fri, 06 Sep 2024 19:02:31 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	15:02:11
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	15:02:13
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=2436,i,9114331318443087887,3057030909401622998,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	15:02:16
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3132, Parent PID: 5244

General

Chronological Activities

Analysis Process: chrome.exePID: 3484, Parent PID: 3132

General

Chronological Activities

Windows Analysis Report
https://marketing.edinburghairport.com/4QNA-A60M-5IWCT9-JVKO0-1/c.aspx?_externalContentRedirect=https://link.sbstck.com/redirect/43698733-83ea-4129-b836-e9d43d1ad5ed?j=eyJ1IjoiNDltdXZ6In0.CxolcWPhPGrBgw3rA0jd5lscc71sjQLfIOZNSPA48EY