Edit tour

Windows Analysis Report
https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNr

Overview

General Information

Sample URL:	https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZT
Analysis ID:	1586006
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

HTTP GET or POST without a user agent

Classification

Process Tree

System is w11x64_office

chrome.exe (PID: 6696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 1540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1884,i,8009130386860404038,1329796000336826048,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2096 /prefetch:11 MD5: 290DF23002E9B52249B5549F0C668A86)

chrome.exe (PID: 7288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt" MD5: 290DF23002E9B52249B5549F0C668A86)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://bofa.com-onlinebanking.com
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: https://bofa.com-onlinebanking.com

HTTP Parser: No favicon

Source: global traffic

HTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1736348770086&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1Accept-Encoding: gzip, deflateContent-Length: 4609Content-Type: application/json; charset=UTF-8Host: browser.events.data.msn.cnConnection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 104.92.227.202
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.50.102
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.168.125
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 18.238.49.124
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /api/tips-content/de-ch/xml/tips?release=cobalt&environment=dashboard&resolutionType=merge HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://windows.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "93eaa60326dc4c17c3c6a4c2dbeb6569"
Source: global traffic	HTTP traffic detected: GET /REST/v1/Imagery/Map/RoadVibrant/40.7300,-74.0397/13?ms=266,192&ml=Basemap,OsmBuildings,TrafficFlow&key=AuK9Wj9_fIFeSA2BncPNlMXKaYsr9N1FuExVVA5dMSpJYQ8_Ga2AaeMqEE2MT2j6&c=de-ch&fmt=png&od=1&logo=n&da=ro&maxAge=1200&pushpin=40.729975,-74.039683;cls.f HTTP/1.1Host: ecn.dev.virtualearth.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239339388236_1HL4SRJ7X21NUOQZ9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239339388237_16CFOYO7VUY1K6DRH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/public/tips/de/23b55788-94ef-4c74-b788-6d113904023a/310dace32071f9253c7f2a071b4ef52aaf776116.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"If-None-Match: "0x8DB691A52D4377A"If-Modified-Since: Fri, 09 Jun 2023 18:49:58 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/tips/de/db2aaf74-8048-464f-ae26-52372f85ceb4/f49b1fdaaca03f383caad268bd5f515e6eff7bb1.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"If-None-Match: "0x8DB691962B45C43"If-Modified-Since: Fri, 09 Jun 2023 18:43:15 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/tips/de/5ccfd50b-ed81-4c21-9361-270665d309e3/b30f174e0405ed31625771bc24fac996ca8ac1fc.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"If-None-Match: "0x8DB691B35487381"If-Modified-Since: Fri, 09 Jun 2023 18:56:18 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/tips/neutral/7db53a66-96c6-4332-8c6f-81e7f5d62570/498761922e2f5acb85554a36eef3bb6ad9b0fb7b.gif HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"If-None-Match: "0x8D94877DB7E464D"If-Modified-Since: Fri, 16 Jul 2021 16:36:27 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/public/tips/de/7c1c10b0-cf38-4853-a3d4-c3b5680ef60b/fcd30da16278b94dc1d2ea4cc4f8f04233fada5c.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100"If-None-Match: "0x8DB691A53AF5A73"If-Modified-Since: Fri, 09 Jun 2023 18:49:59 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://windows.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt HTTP/1.1Host: bofa.com-onlinebanking.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bofa.com-onlinebanking.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmtAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bofa.com-onlinebanking.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: res.public.onecdn.static.microsoftConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Cache-Control: max-age = 3600Connection: Keep-AliveAccept: /If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMTIf-None-Match: "65ca969f-2cd"User-Agent: Microsoft-CryptoAPI/10.0Host: x1.c.lencr.org

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: bofa.com-onlinebanking.com

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 51847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51788
Source: unknown	Network traffic detected: HTTP traffic on port 51786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51822
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51786
Source: unknown	Network traffic detected: HTTP traffic on port 51801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51787
Source: unknown	Network traffic detected: HTTP traffic on port 51799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51790
Source: unknown	Network traffic detected: HTTP traffic on port 51787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51799
Source: unknown	Network traffic detected: HTTP traffic on port 51844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51833
Source: unknown	Network traffic detected: HTTP traffic on port 51848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51831
Source: unknown	Network traffic detected: HTTP traffic on port 51806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 51822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51846
Source: unknown	Network traffic detected: HTTP traffic on port 51788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51806
Source: unknown	Network traffic detected: HTTP traffic on port 51790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51848
Source: unknown	Network traffic detected: HTTP traffic on port 51807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51807
Source: unknown	Network traffic detected: HTTP traffic on port 51778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65523
Source: unknown	Network traffic detected: HTTP traffic on port 51846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51855
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 51804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51850
Source: unknown	Network traffic detected: HTTP traffic on port 51836 -> 443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6696_2137541747

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6696_2137541747

Jump to behavior

Source: classification engine

Classification label: mal52.win@16/2@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1884,i,8009130386860404038,1329796000336826048,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2096 /prefetch:11
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1884,i,8009130386860404038,1329796000336826048,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2096 /prefetch:11	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt	100%	Avira URL Cloud	phishing

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.164	true	false	high
landing.training.knowbe4.com	3.220.156.219	true	false	high
bofa.com-onlinebanking.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://tse1.mm.bing.net/th?id=OADD2.10239339388237_16CFOYO7VUY1K6DRH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://res.public.onecdn.static.microsoft/creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg	false	high
https://cxcs.microsoft.net/static/public/tips/de/db2aaf74-8048-464f-ae26-52372f85ceb4/f49b1fdaaca03f383caad268bd5f515e6eff7bb1.png	false	high
https://cxcs.microsoft.net/static/public/tips/de/23b55788-94ef-4c74-b788-6d113904023a/310dace32071f9253c7f2a071b4ef52aaf776116.png	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239339388236_1HL4SRJ7X21NUOQZ9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://cxcs.microsoft.net/static/public/tips/neutral/7db53a66-96c6-4332-8c6f-81e7f5d62570/498761922e2f5acb85554a36eef3bb6ad9b0fb7b.gif	false	high
https://cxcs.microsoft.net/static/public/tips/de/7c1c10b0-cf38-4853-a3d4-c3b5680ef60b/fcd30da16278b94dc1d2ea4cc4f8f04233fada5c.png	false	high
https://cxcs.microsoft.net/api/tips-content/de-ch/xml/tips?release=cobalt&environment=dashboard&resolutionType=merge	false	high
https://cxcs.microsoft.net/static/public/tips/de/5ccfd50b-ed81-4c21-9361-270665d309e3/b30f174e0405ed31625771bc24fac996ca8ac1fc.png	false	high
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Map/RoadVibrant/40.7300,-74.0397/13?ms=266,192&ml=Basemap,OsmBuildings,TrafficFlow&key=AuK9Wj9_fIFeSA2BncPNlMXKaYsr9N1FuExVVA5dMSpJYQ8_Ga2AaeMqEE2MT2j6&c=de-ch&fmt=png&od=1&logo=n&da=ro&maxAge=1200&pushpin=40.729975,-74.039683;cls.f	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://browser.events.data.msn.cn/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1736348770086&w=0&anoncknm=al_app_anon&NoResponseBody=true	false	high
https://bofa.com-onlinebanking.com/favicon.ico	false	high
https://deff.nelreports.net/api/report?cat=msn	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
3.220.156.219	landing.training.knowbe4.com	United States		14618	AMAZON-AESUS	false
142.250.185.164	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.24
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1586006
Start date and time:	2025-01-08 16:05:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt
Analysis system description:	Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@16/2@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.174, 142.251.173.84, 216.58.206.78, 142.250.186.110, 142.250.184.206, 216.58.206.46, 142.250.186.142, 142.250.184.238, 142.250.186.170, 142.250.181.234, 142.250.185.170, 216.58.206.42, 142.250.184.234, 172.217.23.106, 142.250.185.106, 142.250.185.138, 142.250.186.138, 142.250.185.234, 142.250.184.202, 172.217.18.10, 172.217.16.138, 216.58.212.138, 142.250.185.202, 142.250.185.74, 172.217.18.14, 142.250.186.78, 199.232.214.172, 142.250.185.131, 34.104.35.123, 40.113.110.67, 40.126.32.76, 40.126.32.134, 40.126.32.68, 20.190.160.22, 40.126.32.74, 20.190.160.17, 40.126.32.133, 40.126.32.138, 2.23.227.198, 184.28.90.27, 20.12.23.50, 20.74.47.205
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fd.api.iris.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, login.msa.msidentity.com, wns.notify.trafficmanager.net, x1.c.lencr.org, clients2.google.com, redirector.gvt1.com, edgedl.me.gvt1.com, login.live.com, res.public.onecdn.static.microsoft, update.googleapis.com, clients.l.google.com, c.pki.goog, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt

Input	Output
URL: https://bofa.com-onlinebanking.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://bofa.com-onlinebanking.com
URL: https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGl Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGl Model: Joe Sandbox AI	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	485
Entropy (8bit):	5.346925395723081
Encrypted:	false
SSDEEP:	12:BMQtJOo9arYffNJWqFuPhViHHr2WTotMTRLRMA4AHWqFuPeIQL:WCqs9gqF2Vo5DV9PV2qFVj
MD5:	2C42775B2A328C445B7122B571378437
SHA1:	1C0EFD0B31BC40AA0BCF66EA226A708E1DF98B70
SHA-256:	01A432B43B929122A2C355002BAF21A439B54020A72BF041B481053E3AF0138B
SHA-512:	83C8DE2D7061EF37140D671A32082494CDC28808B93E97350C0D0A5BAC9479F21AA95D1BFE26CAAD5A31BA68CAB4CC598F1F7924EBC1F27BD8CBCE4A96860704
Malicious:	false
Reputation:	low
URL:	https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt
Preview:	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>.<head>..<meta http-equiv="content-type" content="text/html; charset=UTF-8" />..<title>The page you were looking for doesn't exist (404)</title>..<style type="text/css">...body { background-color: #fff; font-family: Helvetica, sans-serif; }...h1 { margin: 10px 0; }...img { border: 0; }..</style>.</head>..<body>. <h1>The page you were looking for doesn't exist.</h1>.</body>.</html>.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 16:06:14.538705111 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538728952 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538831949 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538875103 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.538878918 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538912058 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538923025 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538923979 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.538939953 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.538940907 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.538969994 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.538976908 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539000034 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539025068 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539206982 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539222956 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539264917 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539269924 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539288998 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539309025 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539488077 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539503098 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539544106 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539549112 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539572001 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539580107 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539779902 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539794922 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539827108 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539832115 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.539860964 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.539870977 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.540045023 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.540061951 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.540107012 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.540112019 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.540149927 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.540371895 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.540388107 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.540431023 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.540436029 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.540460110 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.540469885 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631424904 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631448030 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631577969 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631592989 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631617069 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631632090 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631653070 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631655931 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631670952 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631683111 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631688118 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631707907 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631741047 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631793976 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631839991 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631843090 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631861925 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.631886959 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631895065 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.631998062 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:14.632042885 CET	443	51822	150.171.27.10	192.168.2.24
Jan 8, 2025 16:06:14.632097960 CET	51822	443	192.168.2.24	150.171.27.10
Jan 8, 2025 16:06:24.783478975 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:24.783509016 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:24.783797979 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:24.784245968 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:24.784265041 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:25.614515066 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:25.614814997 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:25.614835978 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:25.615873098 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:25.615930080 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:25.617160082 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:25.617218971 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:25.663405895 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:25.663427114 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:25.710341930 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:26.316515923 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:26.316572905 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:26.316694975 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:26.316736937 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:26.316741943 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:26.316795111 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:26.317173004 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:26.317189932 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:26.317517996 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:26.317533016 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.178350925 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.178649902 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.178683043 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.179739952 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.179822922 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.181567907 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.181633949 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.182533979 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.182543039 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.205499887 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.208189964 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.208219051 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.209244013 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.209307909 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.209822893 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.209880114 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.227700949 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.259897947 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.259907961 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.306668997 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.355297089 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.355402946 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.355521917 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.356439114 CET	51833	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.356458902 CET	443	51833	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.420146942 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.467334032 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.583796024 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.583868980 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.583928108 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.585222960 CET	51834	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.585239887 CET	443	51834	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.635647058 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.635690928 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:27.635771990 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.636511087 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:27.636527061 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.324095011 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.324413061 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.324444056 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.325521946 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.325594902 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.326021910 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.326090097 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.326262951 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.326271057 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.365983009 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.439965963 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.440036058 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:28.440092087 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.440773010 CET	51836	443	192.168.2.24	3.220.156.219
Jan 8, 2025 16:06:28.440788984 CET	443	51836	3.220.156.219	192.168.2.24
Jan 8, 2025 16:06:30.212440014 CET	443	51807	104.92.227.202	192.168.2.24
Jan 8, 2025 16:06:30.212516069 CET	443	51807	104.92.227.202	192.168.2.24
Jan 8, 2025 16:06:30.212667942 CET	51807	443	192.168.2.24	104.92.227.202
Jan 8, 2025 16:06:30.219223022 CET	443	51806	23.199.50.102	192.168.2.24
Jan 8, 2025 16:06:30.219290018 CET	443	51806	23.199.50.102	192.168.2.24
Jan 8, 2025 16:06:30.219371080 CET	51806	443	192.168.2.24	23.199.50.102
Jan 8, 2025 16:06:35.525227070 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:35.525317907 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:35.525460005 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:35.697524071 CET	51831	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:06:35.697577953 CET	443	51831	142.250.185.164	192.168.2.24
Jan 8, 2025 16:06:46.860847950 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:46.860929966 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:46.861030102 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:46.864125967 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:46.864137888 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.511085987 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.511148930 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.512772083 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.512784004 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.513834000 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.513900995 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.517766953 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.517976046 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.518102884 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.518109083 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.518150091 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.570975065 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.611331940 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.775074959 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.775106907 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.775182009 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:47.775198936 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.775198936 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.775243998 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.778965950 CET	51844	443	192.168.2.24	2.16.168.125
Jan 8, 2025 16:06:47.778986931 CET	443	51844	2.16.168.125	192.168.2.24
Jan 8, 2025 16:06:49.476063967 CET	51778	443	192.168.2.24	204.79.197.203
Jan 8, 2025 16:06:49.481194019 CET	443	51778	204.79.197.203	192.168.2.24
Jan 8, 2025 16:06:50.257335901 CET	51787	443	192.168.2.24	18.238.49.124
Jan 8, 2025 16:06:50.262305975 CET	443	51787	18.238.49.124	192.168.2.24
Jan 8, 2025 16:06:50.288579941 CET	51789	443	192.168.2.24	20.110.205.119
Jan 8, 2025 16:06:50.293437958 CET	443	51789	20.110.205.119	192.168.2.24
Jan 8, 2025 16:06:50.366698980 CET	51788	443	192.168.2.24	204.79.197.203
Jan 8, 2025 16:06:50.371609926 CET	443	51788	204.79.197.203	192.168.2.24
Jan 8, 2025 16:06:50.507333994 CET	51790	443	192.168.2.24	13.107.21.237
Jan 8, 2025 16:06:50.512315989 CET	443	51790	13.107.21.237	192.168.2.24
Jan 8, 2025 16:06:50.585448980 CET	51786	443	192.168.2.24	20.42.73.31
Jan 8, 2025 16:06:50.590260029 CET	443	51786	20.42.73.31	192.168.2.24
Jan 8, 2025 16:06:52.304270029 CET	51799	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:06:52.309142113 CET	443	51799	172.64.41.3	192.168.2.24
Jan 8, 2025 16:06:52.929198027 CET	51800	443	192.168.2.24	23.57.90.154
Jan 8, 2025 16:06:52.937216043 CET	443	51800	23.57.90.154	192.168.2.24
Jan 8, 2025 16:06:52.976082087 CET	51801	443	192.168.2.24	204.79.197.203
Jan 8, 2025 16:06:52.980968952 CET	443	51801	204.79.197.203	192.168.2.24
Jan 8, 2025 16:06:54.257360935 CET	51780	443	192.168.2.24	104.117.182.9
Jan 8, 2025 16:06:54.262242079 CET	443	51780	104.117.182.9	192.168.2.24
Jan 8, 2025 16:06:55.429219007 CET	51804	443	192.168.2.24	23.57.90.171
Jan 8, 2025 16:06:55.434123039 CET	443	51804	23.57.90.171	192.168.2.24
Jan 8, 2025 16:06:55.554231882 CET	51781	443	192.168.2.24	72.21.81.200
Jan 8, 2025 16:06:55.559161901 CET	443	51781	72.21.81.200	192.168.2.24
Jan 8, 2025 16:07:01.758827925 CET	65523	443	192.168.2.24	23.209.72.39
Jan 8, 2025 16:07:01.766484976 CET	443	65523	23.209.72.39	192.168.2.24
Jan 8, 2025 16:07:01.870995998 CET	443	65523	23.209.72.39	192.168.2.24
Jan 8, 2025 16:07:01.871010065 CET	443	65523	23.209.72.39	192.168.2.24
Jan 8, 2025 16:07:01.871021986 CET	443	65523	23.209.72.39	192.168.2.24
Jan 8, 2025 16:07:01.871062040 CET	65523	443	192.168.2.24	23.209.72.39
Jan 8, 2025 16:07:01.871098995 CET	65523	443	192.168.2.24	23.209.72.39
Jan 8, 2025 16:07:02.477612972 CET	51807	443	192.168.2.24	104.92.227.202
Jan 8, 2025 16:07:02.477639914 CET	443	51807	104.92.227.202	192.168.2.24
Jan 8, 2025 16:07:02.477653980 CET	51806	443	192.168.2.24	23.199.50.102
Jan 8, 2025 16:07:02.477695942 CET	443	51806	23.199.50.102	192.168.2.24
Jan 8, 2025 16:07:03.245939016 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.245990038 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.246031046 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.246062040 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.246073961 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.246263981 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.246380091 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.246392965 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.246638060 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.246690035 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.246850014 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.246892929 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.246906996 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.247019053 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.247030020 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.414130926 CET	51849	80	192.168.2.24	142.250.185.163
Jan 8, 2025 16:07:03.418976068 CET	80	51849	142.250.185.163	192.168.2.24
Jan 8, 2025 16:07:03.419086933 CET	51849	80	192.168.2.24	142.250.185.163
Jan 8, 2025 16:07:03.419203997 CET	51849	80	192.168.2.24	142.250.185.163
Jan 8, 2025 16:07:03.423970938 CET	80	51849	142.250.185.163	192.168.2.24
Jan 8, 2025 16:07:03.554346085 CET	49729	80	192.168.2.24	192.229.221.95
Jan 8, 2025 16:07:03.554414034 CET	49727	443	192.168.2.24	98.64.238.3
Jan 8, 2025 16:07:03.554476976 CET	51774	80	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:03.559375048 CET	80	49729	192.229.221.95	192.168.2.24
Jan 8, 2025 16:07:03.559428930 CET	49729	80	192.168.2.24	192.229.221.95
Jan 8, 2025 16:07:03.559922934 CET	443	49727	98.64.238.3	192.168.2.24
Jan 8, 2025 16:07:03.559937000 CET	80	51774	204.79.197.203	192.168.2.24
Jan 8, 2025 16:07:03.559976101 CET	49727	443	192.168.2.24	98.64.238.3
Jan 8, 2025 16:07:03.560003042 CET	51774	80	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:03.723052025 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.723444939 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.723473072 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.724693060 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.724759102 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.725807905 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.726186037 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.726200104 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.727303982 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.727503061 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.729460001 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.729551077 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.729818106 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.729903936 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.730020046 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.730026960 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.730074883 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.730088949 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.730429888 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.730660915 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.730680943 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.731725931 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.731781960 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.732244015 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.732302904 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.732381105 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.732392073 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.772964001 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.772964001 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.773013115 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.838932991 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.839004993 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.839077950 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.839346886 CET	51847	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.839364052 CET	443	51847	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.845509052 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.845583916 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.845679998 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.845803022 CET	51848	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.845818996 CET	443	51848	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.846195936 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.846226931 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.846366882 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.846584082 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:03.846596003 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:03.848192930 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.848251104 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:03.848309040 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.848483086 CET	51846	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:03.848498106 CET	443	51846	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.053781033 CET	80	51849	142.250.185.163	192.168.2.24
Jan 8, 2025 16:07:04.074814081 CET	51851	80	192.168.2.24	23.209.209.135
Jan 8, 2025 16:07:04.079751968 CET	80	51851	23.209.209.135	192.168.2.24
Jan 8, 2025 16:07:04.079909086 CET	51851	80	192.168.2.24	23.209.209.135
Jan 8, 2025 16:07:04.080048084 CET	51851	80	192.168.2.24	23.209.209.135
Jan 8, 2025 16:07:04.084847927 CET	80	51851	23.209.209.135	192.168.2.24
Jan 8, 2025 16:07:04.101073027 CET	51849	80	192.168.2.24	142.250.185.163
Jan 8, 2025 16:07:04.312246084 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.313358068 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:04.313369036 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.313699007 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.318243980 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:04.318331003 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.319333076 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:04.363331079 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.469223022 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.469299078 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.469429970 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:04.469624996 CET	51850	443	192.168.2.24	23.200.0.21
Jan 8, 2025 16:07:04.469635010 CET	443	51850	23.200.0.21	192.168.2.24
Jan 8, 2025 16:07:04.725239038 CET	80	51851	23.209.209.135	192.168.2.24
Jan 8, 2025 16:07:04.773257971 CET	51851	80	192.168.2.24	23.209.209.135
Jan 8, 2025 16:07:17.952121019 CET	80	51821	204.79.197.203	192.168.2.24
Jan 8, 2025 16:07:17.952179909 CET	51821	80	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:17.952234030 CET	51821	80	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:17.957035065 CET	80	51821	204.79.197.203	192.168.2.24
Jan 8, 2025 16:07:24.837575912 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:24.837642908 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:24.837810040 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:24.838195086 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:24.838216066 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:25.743307114 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:25.743622065 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:25.743655920 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:25.744056940 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:25.744594097 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:25.744669914 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:25.789110899 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:25.991539001 CET	49673	443	192.168.2.24	20.198.118.190
Jan 8, 2025 16:07:25.991566896 CET	443	49673	20.198.118.190	192.168.2.24
Jan 8, 2025 16:07:34.491842031 CET	51778	443	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:34.496782064 CET	443	51778	204.79.197.203	192.168.2.24
Jan 8, 2025 16:07:35.288688898 CET	51787	443	192.168.2.24	18.238.49.124
Jan 8, 2025 16:07:35.293570042 CET	443	51787	18.238.49.124	192.168.2.24
Jan 8, 2025 16:07:35.304299116 CET	51789	443	192.168.2.24	20.110.205.119
Jan 8, 2025 16:07:35.309087992 CET	443	51789	20.110.205.119	192.168.2.24
Jan 8, 2025 16:07:35.382500887 CET	51788	443	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:35.387331963 CET	443	51788	204.79.197.203	192.168.2.24
Jan 8, 2025 16:07:35.523066044 CET	51790	443	192.168.2.24	13.107.21.237
Jan 8, 2025 16:07:35.527853012 CET	443	51790	13.107.21.237	192.168.2.24
Jan 8, 2025 16:07:35.586565971 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:35.586632013 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:35.586795092 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:35.601176023 CET	51786	443	192.168.2.24	20.42.73.31
Jan 8, 2025 16:07:35.605954885 CET	443	51786	20.42.73.31	192.168.2.24
Jan 8, 2025 16:07:35.677751064 CET	443	49726	2.16.158.192	192.168.2.24
Jan 8, 2025 16:07:35.677907944 CET	443	49726	2.16.158.192	192.168.2.24
Jan 8, 2025 16:07:35.677907944 CET	49726	443	192.168.2.24	2.16.158.192
Jan 8, 2025 16:07:35.677963972 CET	49726	443	192.168.2.24	2.16.158.192
Jan 8, 2025 16:07:35.696521997 CET	51855	443	192.168.2.24	142.250.185.164
Jan 8, 2025 16:07:35.696544886 CET	443	51855	142.250.185.164	192.168.2.24
Jan 8, 2025 16:07:37.319936037 CET	51799	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:37.324824095 CET	443	51799	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:37.944935083 CET	51800	443	192.168.2.24	23.57.90.154
Jan 8, 2025 16:07:37.949739933 CET	443	51800	23.57.90.154	192.168.2.24
Jan 8, 2025 16:07:37.991803885 CET	51801	443	192.168.2.24	204.79.197.203
Jan 8, 2025 16:07:37.996690035 CET	443	51801	204.79.197.203	192.168.2.24
Jan 8, 2025 16:07:38.290201902 CET	49728	443	192.168.2.24	104.126.37.201
Jan 8, 2025 16:07:38.295317888 CET	443	49728	104.126.37.201	192.168.2.24
Jan 8, 2025 16:07:38.295547009 CET	49728	443	192.168.2.24	104.126.37.201
Jan 8, 2025 16:07:39.273377895 CET	51780	443	192.168.2.24	104.117.182.9
Jan 8, 2025 16:07:39.278189898 CET	443	51780	104.117.182.9	192.168.2.24
Jan 8, 2025 16:07:40.445255995 CET	51804	443	192.168.2.24	23.57.90.171
Jan 8, 2025 16:07:40.450978994 CET	443	51804	23.57.90.171	192.168.2.24
Jan 8, 2025 16:07:40.570275068 CET	51781	443	192.168.2.24	72.21.81.200
Jan 8, 2025 16:07:40.575047970 CET	443	51781	72.21.81.200	192.168.2.24

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 8, 2025 16:06:20.291296005 CET	53	57566	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:20.479552984 CET	53	53603	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:21.716957092 CET	53	60125	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:24.774548054 CET	56549	53	192.168.2.24	1.1.1.1
Jan 8, 2025 16:06:24.774775982 CET	56020	53	192.168.2.24	1.1.1.1
Jan 8, 2025 16:06:24.781383038 CET	53	56020	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:24.781465054 CET	53	56549	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:24.833374977 CET	443	57345	23.44.203.14	192.168.2.24
Jan 8, 2025 16:06:24.866698980 CET	57345	443	192.168.2.24	23.44.203.14
Jan 8, 2025 16:06:24.981040955 CET	443	61170	23.57.90.154	192.168.2.24
Jan 8, 2025 16:06:25.007334948 CET	61170	443	192.168.2.24	23.57.90.154
Jan 8, 2025 16:06:25.133887053 CET	443	50806	23.57.90.171	192.168.2.24
Jan 8, 2025 16:06:25.163552999 CET	50806	443	192.168.2.24	23.57.90.171
Jan 8, 2025 16:06:25.332241058 CET	443	57345	23.44.203.14	192.168.2.24
Jan 8, 2025 16:06:25.366691113 CET	57345	443	192.168.2.24	23.44.203.14
Jan 8, 2025 16:06:25.480099916 CET	443	61170	23.57.90.154	192.168.2.24
Jan 8, 2025 16:06:25.507674932 CET	61170	443	192.168.2.24	23.57.90.154
Jan 8, 2025 16:06:25.633418083 CET	443	50806	23.57.90.171	192.168.2.24
Jan 8, 2025 16:06:25.663666964 CET	50806	443	192.168.2.24	23.57.90.171
Jan 8, 2025 16:06:26.276820898 CET	49882	53	192.168.2.24	1.1.1.1
Jan 8, 2025 16:06:26.277334929 CET	52466	53	192.168.2.24	1.1.1.1
Jan 8, 2025 16:06:26.312779903 CET	53	49882	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:26.315593004 CET	53	52466	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:27.593075991 CET	52525	53	192.168.2.24	1.1.1.1
Jan 8, 2025 16:06:27.593262911 CET	60069	53	192.168.2.24	1.1.1.1
Jan 8, 2025 16:06:27.619147062 CET	53	52525	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:27.647380114 CET	53	60069	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:34.833148003 CET	443	57345	23.44.203.14	192.168.2.24
Jan 8, 2025 16:06:34.980364084 CET	443	61170	23.57.90.154	192.168.2.24
Jan 8, 2025 16:06:35.133147001 CET	443	50806	23.57.90.171	192.168.2.24
Jan 8, 2025 16:06:38.750053883 CET	53	58362	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:49.735274076 CET	53	54015	1.1.1.1	192.168.2.24
Jan 8, 2025 16:06:57.578108072 CET	53	51606	1.1.1.1	192.168.2.24
Jan 8, 2025 16:07:02.493428946 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:02.496392965 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:02.518325090 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:02.521358013 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:02.939466000 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:02.939950943 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:02.976264954 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:03.033708096 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.033804893 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.033828020 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.033895969 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.033986092 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:03.034058094 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:03.127958059 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.128232956 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:03.245202065 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.245234013 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.245567083 CET	443	60669	172.64.41.3	192.168.2.24
Jan 8, 2025 16:07:03.246165991 CET	60669	443	192.168.2.24	172.64.41.3
Jan 8, 2025 16:07:03.840234995 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.292588949 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.292733908 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.292756081 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.292763948 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.293262959 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.308789968 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.309550047 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.309678078 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.310116053 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.310193062 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.310193062 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.310372114 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.447884083 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.447900057 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.447909117 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.447922945 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.447942972 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.447953939 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.448129892 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.448240995 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.448359013 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.451551914 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.451565027 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.451581955 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.451591969 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:04.451948881 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.451948881 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.492090940 CET	61475	443	192.168.2.24	104.117.182.8
Jan 8, 2025 16:07:04.551563978 CET	443	61475	104.117.182.8	192.168.2.24
Jan 8, 2025 16:07:20.119247913 CET	53	64489	1.1.1.1	192.168.2.24
Jan 8, 2025 16:07:20.377226114 CET	53	64644	1.1.1.1	192.168.2.24

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 8, 2025 16:06:27.647443056 CET	192.168.2.24	1.1.1.1	c27d	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 8, 2025 16:06:24.774548054 CET	192.168.2.24	1.1.1.1	0x6d0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:24.774775982 CET	192.168.2.24	1.1.1.1	0xfe43	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 8, 2025 16:06:26.276820898 CET	192.168.2.24	1.1.1.1	0xc2cd	Standard query (0)	bofa.com-onlinebanking.com	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.277334929 CET	192.168.2.24	1.1.1.1	0x3f3c	Standard query (0)	bofa.com-onlinebanking.com	65	IN (0x0001)	false
Jan 8, 2025 16:06:27.593075991 CET	192.168.2.24	1.1.1.1	0x5d09	Standard query (0)	bofa.com-onlinebanking.com	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.593262911 CET	192.168.2.24	1.1.1.1	0x1ce9	Standard query (0)	bofa.com-onlinebanking.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 8, 2025 16:06:24.781383038 CET	1.1.1.1	192.168.2.24	0xfe43	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 8, 2025 16:06:24.781465054 CET	1.1.1.1	192.168.2.24	0x6d0	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	bofa.com-onlinebanking.com	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	landing.training.knowbe4.com		3.220.156.219	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	landing.training.knowbe4.com		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	landing.training.knowbe4.com		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	landing.training.knowbe4.com		34.202.208.224	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.312779903 CET	1.1.1.1	192.168.2.24	0xc2cd	No error (0)	landing.training.knowbe4.com		34.203.118.130	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:26.315593004 CET	1.1.1.1	192.168.2.24	0x3f3c	No error (0)	bofa.com-onlinebanking.com	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	bofa.com-onlinebanking.com	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	landing.training.knowbe4.com		3.220.156.219	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	landing.training.knowbe4.com		3.231.74.234	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	landing.training.knowbe4.com		34.193.6.123	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	landing.training.knowbe4.com		34.195.197.181	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	landing.training.knowbe4.com		34.202.208.224	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.619147062 CET	1.1.1.1	192.168.2.24	0x5d09	No error (0)	landing.training.knowbe4.com		34.203.118.130	A (IP address)	IN (0x0001)	false
Jan 8, 2025 16:06:27.647380114 CET	1.1.1.1	192.168.2.24	0x1ce9	No error (0)	bofa.com-onlinebanking.com	landing.training.knowbe4.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

cxcs.microsoft.net

ecn.dev.virtualearth.net

bofa.com-onlinebanking.com

tse1.mm.bing.net

browser.events.data.msn.cn

res.public.onecdn.static.microsoft

deff.nelreports.net

c.pki.goog

x1.c.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.24	51849	142.250.185.163	80

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 16:07:03.419203997 CET	200	OUT	GET /r/r1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Jan 8, 2025 16:07:04.053781033 CET	222	IN	HTTP/1.1 304 Not Modified Date: Wed, 08 Jan 2025 14:56:14 GMT Expires: Wed, 08 Jan 2025 15:46:14 GMT Age: 649 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.24	51851	23.209.209.135	80

Timestamp	Bytes transferred	Direction	Data
Jan 8, 2025 16:07:04.080048084 CET	227	OUT	GET / HTTP/1.1 Cache-Control: max-age = 3600 Connection: Keep-Alive Accept: / If-Modified-Since: Mon, 12 Feb 2024 22:07:27 GMT If-None-Match: "65ca969f-2cd" User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.c.lencr.org
Jan 8, 2025 16:07:04.725239038 CET	1023	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-crl Last-Modified: Fri, 13 Dec 2024 18:01:23 GMT ETag: "675c7673-2de" Cache-Control: max-age=3600 Expires: Wed, 08 Jan 2025 16:07:04 GMT Date: Wed, 08 Jan 2025 15:07:04 GMT Content-Length: 734 Connection: keep-alive Data Raw: 30 82 02 da 30 81 c3 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 17 0d 32 34 31 32 31 31 30 30 30 30 30 30 5a 17 0d 32 35 31 31 31 30 32 33 35 39 35 39 5a a0 40 30 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0a 06 03 55 1d 14 04 03 02 01 69 30 0f 06 03 55 1d 1c 01 01 ff 04 05 30 03 82 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 25 d9 d5 af d1 d6 2f 91 05 35 50 65 d7 ad 13 d8 3b 73 d1 3f 5e 09 69 7f d7 82 29 12 c5 82 d0 96 fe 5f 07 a4 fe f5 92 dc e4 e2 8a 1a 2a 29 c5 eb 97 c8 85 a5 44 9b 9d ba 7b 05 2b 3f e3 3c 18 1c de 8d 37 f6 27 b5 e7 9b ef 45 e7 57 0e c1 f9 07 a5 95 44 fe e1 de 7f 9d e1 31 8c f8 1b 4f 18 5d f8 3d d7 5b e6 e2 03 a6 cb 71 0d ef 7a fe e0 8e f4 5d 1c c5 [TRUNCATED] Data Ascii: 000H0O10UUS1)0'U Internet Security Research Group10UISRG Root X1241211000000Z251110235959Z@0>0U#0yY{sXn0Ui0U00H%/5Pe;s?^i)_)D{+?<7'EWD1O]=[qz]"2t@^+(zULdQpK?W)pqxW[6[V7?36_s$BwT+xw_]df_nu}yIqC`sVuP,@`\|T+`/Pm w[!:O%'w9enSkbv}gGL")V 2kzr/xx}8i]oA,^i=pt>#6&7$_?k/( kAslBQDhXh~N T/BF?QCGwsS:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.24	51809	104.92.227.202	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:10 UTC	746	OUT	GET /api/tips-content/de-ch/xml/tips?release=cobalt&environment=dashboard&resolutionType=merge HTTP/1.1 Host: cxcs.microsoft.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://windows.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: "93eaa60326dc4c17c3c6a4c2dbeb6569"
2025-01-08 15:06:10 UTC	203	IN	HTTP/1.1 304 Not Modified Content-Type: text/xml; charset=utf-8 ETag: "93eaa60326dc4c17c3c6a4c2dbeb6569" Cache-Control: public, max-age=1300 Date: Wed, 08 Jan 2025 15:06:10 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.24	51805	23.199.50.102	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:10 UTC	880	OUT	GET /REST/v1/Imagery/Map/RoadVibrant/40.7300,-74.0397/13?ms=266,192&ml=Basemap,OsmBuildings,TrafficFlow&key=AuK9Wj9_fIFeSA2BncPNlMXKaYsr9N1FuExVVA5dMSpJYQ8_Ga2AaeMqEE2MT2j6&c=de-ch&fmt=png&od=1&logo=n&da=ro&maxAge=1200&pushpin=40.729975,-74.039683;cls.f HTTP/1.1 Host: ecn.dev.virtualearth.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:11 UTC	759	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Headers: Content-Type,X-FD-Features,X-FD-FLIGHT,PreferAnonymous Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Origin: * X-BM-TraceID: fcb4ad162f61ce710d0ce4454ebb84d3 X-BM-Srv: mapsplatform-frontend-78964f8bcc-9kn5l, mapsplatform-imagery-service-c95d7c9f5-gfqqf X-MS-BM-WS-INFO: 0 X-BM-FE-Elapsed: 97 x-azure-ref: 20250108T150546Z-156796c549bndwlbhC1EWRbq0c00000016w00000000049h3 AKS_4209_WEIGHT: 100 Content-Length: 118127 Cache-Control: public, max-age=1128 Date: Wed, 08 Jan 2025 15:06:11 GMT Connection: close X-Cache-Remote: TCP_REFRESH_MISS from a23-200-89-59.deploy.akamaitechnologies.com (AkamaiGHost/11.7.2.1-35a4fcef889a1f053c9fa641f2ccd99a) (S)
2025-01-08 15:06:11 UTC	477	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 0a 00 00 00 c0 08 02 00 00 00 73 ad ba f8 00 00 20 00 49 44 41 54 78 01 b4 bc 77 74 9e f5 95 2d ac 99 7b 67 26 61 26 c9 24 24 84 40 82 e9 b8 00 21 80 09 6d 28 09 10 6a 08 21 04 d2 28 09 81 80 c1 b6 dc 3b d8 c6 f4 66 1c d3 6c dc 64 59 96 2c c9 ea 5d 56 97 d5 a5 b7 f7 fe f4 de fb f3 9c 6f 3d 56 26 f7 fb ee f7 cf cd dc cc 5a 67 bd 4b 4b e5 7d 55 7e fb b7 f7 3e fb 1c 95 01 83 28 a0 a5 f3 39 8e e1 41 d3 c1 b5 0c b0 68 95 71 45 11 18 8e 42 8b 45 10 b7 63 5d 97 d4 ac f8 c9 ec 07 2f 41 cf b7 47 d7 df 3e f3 6e 0e 14 59 63 59 8e 94 55 25 53 2a 61 3c 27 3b b6 01 9e ea d9 8a a5 29 96 a6 3b 9a 0b 0e 8a 96 68 8a 70 0c 1d 1c b0 44 05 34 07 6c d7 34 75 cd 55 39 83 cd 81 76 cf e8 7b 97 f4 6f 7e 51 6f bd 73 ea ad 6f Data Ascii: PNGIHDRs IDATxwt-{g&a&$$@!m(j!(;fldY,]Vo=V&ZgKK}U~>(9AhqEBEc]/AG>nYcYU%S*a<';);hpD4l4uU9v{o~Qoso
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: d8 9e 5a 00 f5 f1 d8 81 c5 0d 6b 4f d9 49 c2 a2 18 89 f0 6c ed 83 5d af 7d fd 2b ff 56 df d9 1a c7 8b 26 00 27 89 2c cf 79 00 d9 7c c6 b0 74 82 a1 69 9a 16 70 8a 29 96 22 e1 20 c1 13 79 16 29 71 98 61 a9 48 3e a3 0a 2c 78 b6 a1 c8 86 ff 17 e3 44 b0 aa 20 7c 67 ef f6 fb 27 de fb 43 f4 8b 3b f6 bf 7c 82 1f 4b 00 11 01 b4 53 0a 54 21 43 1f 0c 1f 1b e5 c2 98 41 a0 3a 5e 04 ee 60 b2 e7 b1 a6 d7 ef 3c b4 e6 d9 aa 37 d3 a0 0f 30 89 39 9b c8 82 31 09 d8 11 ac ef 1d b6 eb da 91 57 1e 57 ea 7e 3c f2 d6 67 dc 70 4e 43 5c 43 52 44 0a c0 08 8e 9d 46 f2 05 5c 16 4b b2 ac 3b 10 8c a4 a3 39 a4 48 31 b2 a2 09 60 f5 43 e9 89 63 db 8e e4 bb 73 c0 e1 c0 c7 ad 42 11 a4 49 a2 34 59 24 d2 22 94 74 68 9f 20 fa 82 52 c7 34 33 92 76 d2 0a 4c 60 d0 1d 87 fa 19 bd 6a 4a ab 0e 7b c7 Data Ascii: ZkOIl]}+V&',y\|tip)" y)qaH>,xD \|g'C;\|KST!CA:^`<7091WW~<gpNC\CRDF\K;9H1`CcsBI4Y$"th R43vL`jJ{
2025-01-08 15:06:11 UTC	8192	IN	Data Raw: 67 80 17 42 3e af 97 08 d1 20 87 78 82 8d b1 32 13 f5 c6 02 e7 d4 a1 59 95 49 2f 19 be 9f d5 94 f4 44 7b 5a 23 92 d9 87 f8 88 6f 72 af 83 a3 e9 b0 d9 61 14 80 0f 61 be a0 d3 16 76 d8 4c e3 23 1e a7 29 1c 76 86 7c 66 a0 90 be 9d 32 4f 84 38 c7 30 e0 2f 94 6f 59 54 b2 e9 5b 98 b8 b9 21 e1 b1 ba 2d 2e 88 f8 ed e3 02 e5 8b 49 51 b7 d7 14 26 bd 9c 4a f6 c7 9c 8f 56 65 4c 6b dd 92 01 1d 0b 8a d7 7e d6 7f 60 1c 02 02 44 42 a2 ab 03 02 cb 0a 76 bd 51 78 b8 07 e0 a2 d9 7b 59 4f 9f 1a 57 b3 6c 90 6b 40 7d aa 3c 3d 3a 05 46 28 34 41 2e 82 59 a9 59 86 ff be 3d 7e 2c ca a7 e2 e7 a7 34 76 f3 74 28 36 8a 34 4a 81 76 32 c5 d2 fd d8 e7 cd 32 28 d7 f4 4a b1 09 ae 8d d0 45 13 42 a5 05 b6 17 0d 67 e9 b9 ab 06 e9 d4 00 7d 71 44 49 cb 33 1e a8 0f c5 fd b6 e1 cb db fa 12 7e 51 Data Ascii: gB> x2YI/D{Z#oraavL#)v\|f2O80/oYT[!-.IQ&JVeLk~`DBvQx{YOWlk@}<=:F(4A.YY=~,4vt(64Jv22(JEBg}qDI3~Q
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 47 c7 1b ef bf f7 db df 5d f7 ed fe 83 61 af 1f 59 47 a9 d0 db df 07 b2 60 0f 59 74 80 bd 5f bb ff f1 8e 5d 37 94 af bb af 76 f3 0b d5 db 1a 63 7a 0c 68 4c 8d 7a 43 6e 45 41 12 14 9e 9a f4 42 40 fc 04 c6 68 d1 8e 6b 46 28 99 33 13 fe d6 a0 de 88 ae 14 4a 0b e1 5a b0 27 12 65 37 76 6c fc 63 67 fc e2 fe 9d f7 17 ac b8 bf 31 69 46 57 fa 1d 35 1b 6f a8 5e 1f 57 fd f5 cf fa 92 7e 36 96 f6 4b cd 96 3f f6 27 3d 54 9f 68 84 d0 47 1b fe fe ab 9b e2 a6 3f 78 eb eb cf 2d 3a b9 7d 67 5b 6e a1 5f a3 03 54 da 09 06 c0 87 80 ba 04 ba 54 bc e6 ed f1 e3 8b 5a 33 1f 29 4b 78 a2 3c f9 c5 8a b4 65 45 9b 5f cf 4d 79 ab 28 6d bd fe 74 12 51 b8 05 7a 53 60 78 39 34 2c b4 9d bc a3 7d cb ef 1a d6 ff 76 20 39 ae 6d d5 2f 6b 3e 9f 55 13 ff 65 c3 37 e5 f6 66 32 16 66 65 2c 0a b4 03 Data Ascii: G]aYG`Yt_]7vczhLzCnEAB@hkF(3JZ'e7vlcg1iFW5o^W~6K?'=ThG?x-:}g[n_TTZ3)Kx<eE_My(mtQzS`x94,}v 9m/k>Ue7f2fe,
2025-01-08 15:06:11 UTC	8192	IN	Data Raw: 0a 99 14 48 27 96 31 24 31 43 9a 99 4c 70 d3 49 69 26 a5 ba 58 18 09 f1 16 1c 1c 0c b8 45 98 c1 61 24 05 ad 3e 28 b7 0a 25 06 be c4 82 f6 71 e7 51 42 fb 37 ee b6 ff fe f2 b8 64 43 18 68 c4 68 b6 2a d5 36 e9 e2 28 76 cb 33 45 ef ed ad ab 34 89 55 36 38 d2 47 6c b8 ec 7c e5 f3 be 92 9c 97 f0 50 3f f1 d6 e1 fe 4f 9a c2 2b 4e 4f bc fb d5 e0 b9 19 b5 e0 ab 60 7b 00 a8 04 ca 3c 42 69 08 52 ce d2 8d 06 f6 2c 4b 90 6c 82 66 13 82 90 51 14 56 93 41 12 52 c0 bf 10 bf f8 af 23 eb 96 c2 c0 0d a3 3b af e8 58 73 97 fb e0 af 07 36 3e 64 fd fc 1d b2 fa f6 96 75 4f 4e ee 6b 85 a8 17 d2 24 30 26 09 11 59 14 10 4f 1d fd f2 c4 a1 2f 40 55 35 d0 49 1e b9 32 fc c9 e0 2b 2b fe 5c de df 18 01 d2 cf 27 dd 31 df a2 67 16 52 2a 1a 29 1e 3b 7c 70 ef ae 9d 32 cb ea 9a 82 32 7b 00 a5 Data Ascii: H'1$1CLpIi&XEa$>(%qQB7dChh6(v3E4U68Gl\|P?O+NO`{<BiR,KlfQVAR#;Xs6>duONk$0&YO/@U5I2++\'1gR);\|p22{
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 5f 7a f4 bd da b3 7f 69 3e f3 7a e9 96 df 0c 1d ba 6f 7c c7 8f 7b d6 bd ae 39 fe 54 d5 da 05 75 1b 73 43 e5 a7 52 9d 45 d4 48 a3 ac 1f 06 97 1b 52 61 48 47 20 91 44 5e 65 ca 0f 74 0c 64 0a 30 52 ec 8d fa 0f f8 55 6f 06 87 1e 53 4c 73 78 d5 d3 c1 a6 8f 3e 7e fa 7f bc f4 f8 0f 67 cf f9 d9 7d 4f 3f 78 df 0b b3 ef 9b 7f f7 c2 d7 7e fa c7 d7 67 a8 da 9f a1 dc cf 71 de a7 23 aa a7 13 aa 77 58 c3 41 88 b6 00 6f 47 ab 1a 1d 01 26 8d 12 d1 88 cc 40 53 3d f0 04 48 24 86 05 15 29 23 71 49 85 8a 02 13 07 36 21 51 11 99 4f c9 62 9a a3 62 e8 e4 97 c6 fc 46 5d d8 e7 8a c6 02 24 95 c6 89 64 3c 11 8a 27 42 c9 54 04 c3 13 0e a7 39 83 c5 69 06 03 10 05 91 8e c6 02 04 99 22 c8 34 12 16 b0 42 92 87 3e 73 ac ce 90 29 33 f0 08 9f 6e 43 9b f5 e2 6f cb 23 fb d7 be bc dc 2c 96 9a Data Ascii: _zi>zo\|{9TusCREHRaHG D^etd0RUoSLsx>~g}O?x~gq#wXAoG&@S=H$)#qI6!QObbF]$d<'BT9i"4B>s)3nCo#,
2025-01-08 15:06:11 UTC	8192	IN	Data Raw: 18 09 5e da 71 96 95 60 d5 c3 2c ad 30 b2 0e bb f7 b5 1f 3f 33 bd bb ae 67 6b 5d cb 8b 47 9b dc 1c ac c8 d0 9f 95 5a 02 a5 d1 94 d4 1f 62 3b 83 5c 73 58 ba 9c 50 cf 27 8d b7 12 e6 85 04 34 a6 a0 23 5d 33 64 8a 7e fb 50 f3 99 e1 4c 47 0c 5d 1d bd 69 94 68 fd 57 b7 07 22 6b a1 c2 a3 c6 65 d4 db 03 7a 5b d0 6c 0d da 4d 3e 44 78 e8 08 c1 8d 65 f1 ca 64 79 ef eb 23 4f ff ea cc 98 57 1a 4e c2 bb cb 4c 57 06 75 84 bf 5a d7 7e 72 bc f2 56 15 fa f6 a5 97 de a9 6f f3 f7 c6 10 3c bb 37 0e ef 3a c4 ae 24 b4 23 4a 1d e2 4f 37 55 79 45 9b 18 90 f6 1e df ff ab df fe 42 d7 24 b0 ad 50 d0 4f e3 15 0c 2b a4 0a 19 13 2c 64 7f a1 eb 0a aa 2b 0c 46 64 2b 3c 95 ca 65 3d 1e 8f 29 23 22 d6 e4 f4 94 63 7d 75 68 72 68 61 69 56 12 59 4d e2 33 f1 08 59 2a 30 44 39 99 8a c6 b3 49 de Data Ascii: ^q`,0?3gk]GZb;\sXP'4#]3d~PLG]ihW"kez[lM>Dxedy#OWNLWuZ~rVo<7:$#JO7UyEB$PO+,d+Fd+<e=)#"c}uhrhaiVYM3Y*0D9I
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: f8 e1 8e 1d 9f ef da f1 40 ef 8e cf f4 ee b8 a7 77 fb 67 87 f6 3c e9 7c f9 d7 c5 a6 23 d2 dc 65 33 33 06 c6 3a 42 ca c2 26 00 43 90 d8 0a 43 c8 aa 64 72 12 9d 2f 09 0c 8d 20 91 d5 9e ac aa a2 a5 a2 da d4 42 51 24 51 e4 a7 a6 26 08 a2 12 0e 07 69 9a ac d1 5a 6b 85 bb aa ca 24 89 97 cb 18 c7 31 8a 22 29 8a b4 be be 3a 3e 3e ba b8 38 1f 0a 05 70 bc ac 28 12 42 e7 83 9e 2b 65 d6 c2 6b 0b 91 15 47 76 63 31 b9 ba 9e 72 27 72 81 44 c6 9b 24 a3 73 c5 95 19 48 fd 62 fe b5 07 87 f6 3f 15 7b 7b 07 2c dd e6 38 f4 e1 f1 6d 9f 1e dd 75 30 df 31 08 f4 3f cc ee ff ec d2 99 20 90 82 c1 26 f9 3c 66 d3 28 f5 56 49 82 2e 16 89 74 a0 12 59 cb 78 b2 e5 4c a1 98 59 5d 59 8a c7 42 99 44 b4 94 cf 30 44 59 e6 19 53 55 4c 43 33 74 35 97 4d 23 15 89 a1 49 8a a8 68 b2 65 a3 0e 8f ac Data Ascii: @wg<\|#e33:B&CCdr/ BQ$Q&iZk$1"):>>8p(B+ekGvc1r'rD$sHb?{{,8mu01? &<f(VI.tYxLY]YBD0DYSULC3t5M#Ihe
2025-01-08 15:06:11 UTC	8192	IN	Data Raw: 52 23 07 97 e1 5d 17 de ef 7a bc 9d 4e b3 d7 6c f3 db 5d 7e a3 d7 a3 1f f3 e8 83 5e 6d c0 2d f5 2e 31 9d f3 c5 b6 b9 6c cb 6c a6 d7 c3 0e 84 94 16 17 db e8 16 5b 82 d6 51 9f 55 1f ac 6a f9 7c 48 40 3b e9 34 f6 4c b2 4f f7 27 7e fe e2 e0 db 53 dc bb 0b 5a 77 fc fc 59 88 b8 d2 34 7b d0 63 a0 d1 25 0d f9 f4 91 65 e9 91 c7 9a 7f b3 f9 f0 81 d1 c2 e3 ad de e3 69 14 ce 5a f7 ca cc 8b 6d 99 ed 4d c1 43 cb 88 3e 6c 0b c3 3b 73 ca af 5f 1b 7d f5 14 d5 1e 81 b7 26 f9 d7 4f 33 2d 41 f8 5d 6f e2 c8 8a d3 1a c2 d2 8b 20 03 8e ba 6d 92 b8 c8 36 a6 c6 05 b9 12 68 39 93 09 17 e2 92 2e aa ba c4 f2 94 89 40 6d b3 a4 d0 2b a9 00 07 26 0d 1a 07 58 4d c9 a6 8e e5 b4 62 68 b4 cc 67 69 2e 43 89 45 26 19 45 71 ce 7c 2e 63 5b 06 21 57 28 b2 58 2c e4 c8 d4 4b 12 79 b2 2a 99 9c 9e Data Ascii: R#]zNl]~^m-.1ll[QUj\|H@;4LO'~SZwY4{c%eiZmMC>l;s_}&O3-A]o m6h9.@m+&XMbhgi.CE&Eq\|.c[!W(X,Ky*
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: d2 e1 55 cf f8 f7 9d 80 48 00 49 bc 32 82 49 ca 74 a6 14 0f 80 2e 66 12 fe 9c 92 0d 83 b0 b5 d8 75 75 fd 8b d7 77 2f fb 85 ff c3 75 30 fc 1f 53 2b 3e e3 ae f8 c2 a9 45 b7 f5 af 7b f8 f8 fa 5e 08 b3 36 cd a5 a2 bc cf 2b 78 bd 5c 30 58 8a 04 fc a3 c3 e9 80 8b 4e c5 c8 58 40 2f e4 50 3d 80 2c 02 47 e9 1c a5 4a 54 3c 1b 96 4d 9e 61 f2 26 32 50 d6 cf 74 76 46 26 1d c8 3c 5e 36 11 3f 47 32 d1 6d 48 31 75 51 46 2d 75 cd 90 59 56 e6 51 c5 0f fb 3d cc 50 c5 b0 53 8f 24 09 24 49 e0 ca 58 32 19 f7 f9 3c 1d 1d ed fd fd 7d a3 a3 23 c8 38 65 78 30 14 0a a4 d3 49 ac 66 c7 78 cb 78 3c 4a 92 04 76 23 52 55 e4 a8 8a cd 78 91 b3 9b 65 cb 36 9a 12 60 54 8b 91 4d 56 35 14 c3 94 75 83 e6 25 5e b7 44 1b 11 b1 52 12 9c f4 14 1b bd da cc e5 f2 cf 38 29 a3 75 ad 63 21 e4 80 b3 7f Data Ascii: UHI2It.fuuw/u0S+>E{^6+x\0XNX@/P=,GJT<Ma&2PtvF&<^6?G2mH1uQF-uYVQ=PS$$IX2<}#8ex0Ifxx<Jv#RUxe6`TMV5u%^DR8)uc!

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.24	51811	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:11 UTC	375	OUT	GET /th?id=OADD2.10239359955652_1UH15L5Z2LXM3P8PA&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-08 15:06:11 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 591970 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 5A4CC1E61BEC46EAA735C9A2E0F5EED0 Ref B: EWR30EDGE0819 Ref C: 2025-01-08T15:06:11Z Date: Wed, 08 Jan 2025 15:06:10 GMT Connection: close
2025-01-08 15:06:11 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 18 6c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 33 37 3a 31 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``lExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:37:118
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 51 4d 67 6d 70 ff 00 e9 96 db 52 3f f5 6d bb 1b fd 33 5e ac 60 31 5c 69 f6 1a 66 b3 f6 55 8b 73 3d bf 91 e6 79 ca 17 18 19 fb b8 35 f1 e4 7f 1e 25 f1 5a f8 6c df c2 be 16 d6 3c 2b 79 12 dc 1d 8b 24 0f bf e4 92 4d 87 9c 77 28 7f 03 5f 4f d8 eb b7 3e 20 bc d1 e3 fe ca 37 b6 91 ee 97 fb 7a 2d d1 5a 3b 6d 2a 36 a6 77 7c df f7 cf bd 7a f8 1c 65 09 b9 a8 6f a6 9f 24 bf ae 87 35 58 ca c9 f4 ff 00 82 74 1a ca 34 1a 7c 5a cb dd a4 57 16 cd f3 cb 6f 1b 32 cc a7 e5 da c9 fc 5f d2 b9 5f 8a 50 5d eb 1e 17 93 55 b9 b0 99 de ce e1 61 b5 d3 1e 1d cf 36 e9 10 37 cc bc e5 ba 7c bd 05 74 3e 2c b7 d4 e5 d1 15 05 f4 16 16 50 b2 49 2c b6 90 ee 64 8d 3e 66 f9 5b f8 7f dd ed 59 7f 13 e4 4d 5b c4 9e 14 d0 9b 51 fb 3e 9d aa 5d f9 b3 6c 91 57 cf f2 57 cd 58 f3 90 ff 00 37 fb 35 e8 Data Ascii: QMgmpR?m3^`1\ifUs=y5%Zl<+y$Mw(_O> 7z-Z;m*6w\|zeo$5Xt4\|ZWo2__P]Ua67\|t>,PI,d>f[YM[Q>]lWWX75
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 1a 66 a5 a8 dc 69 71 4d e6 c3 69 34 fe 6c 0f 1a af ce 8c bf c2 d8 3c 57 b8 7e d3 da 64 ba 8f 8f 3c 13 79 a0 e9 fa 75 b4 3a 86 a3 1d a4 37 51 40 aa ad 20 90 3e 1f 8d 8e 57 66 ce 98 f5 ae eb 53 d3 bc 05 f1 5b 4d d6 fc 2f af e9 b0 da ea da 4b 4f 15 a6 a0 9a 73 40 ce a8 a3 73 a8 1f 7b 6b 7c af 1f f4 35 c0 f0 52 9d 59 3a 6d 45 a7 a6 eb ee 65 fb 58 fb 35 cc ae 73 7e 1f fd a5 74 7b ff 00 0b c5 6d a2 78 79 d7 54 b8 f9 53 4b b9 ba 55 df bf fb bb bd 47 f7 4e 3d ab a3 d7 fc 4b a4 78 df 5c b1 89 fc 37 7d e4 f8 42 d3 fb 4d 52 6b a4 85 ad ae 36 85 8d f9 3f bc da bb ff 00 1a f9 17 e3 07 c3 cd 6b e1 c7 8c 2e 2c 35 0b e8 44 d6 0f 1f 95 2a c1 26 d7 84 af ee e4 8a 4e 9f 55 3c 83 52 7c 35 f8 f5 a6 6a 9e 3c d3 6d 7e 2a e9 a8 eb 04 4d a5 25 f2 7f a3 23 ae ef 93 ed 05 54 ef c3 Data Ascii: fiqMi4l<W~d<yu:7Q@ >WfS[M/KOs@s{k\|5RY:mEeX5s~t{mxyTSKUGN=Kx\7}BMRk6?k.,5D&NU<R\|5j<m~M%#T
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: da a6 e9 fc 9f e2 9b 0b b7 0b 8f bb 9a e1 24 9d af 3c 3e 9a c4 da 4d d5 ac cb 32 c6 fb f7 34 1b 57 b9 66 e7 75 75 fa 4e a3 24 17 5a 84 70 c1 03 49 14 cb 73 a7 24 db 9b fe 5a 63 62 c6 dc ff 00 7b 35 7b cb 8b fb 62 66 d3 7c bb d9 a2 7b 49 13 f8 55 24 dd bf 88 9b 28 cb bb ad 79 f5 2a 37 25 ae 8f fa 67 4f 2f bb 7e a7 49 f0 7f 42 d5 7c 61 e0 eb 4b ab 1f 1b df 58 69 6b 71 f6 19 b7 be e8 3e d0 7e ed bc 96 f9 2c ea 55 9f 04 0e b5 ea 9e 07 f8 6f a9 58 f8 c2 d2 1d 23 c7 52 7d b1 ac 83 5b b5 f7 99 e7 fd 96 1f dd 32 3a f1 fb a6 e8 bd 18 0a d2 b3 b8 b9 fe d2 87 c5 96 7e 04 4b cd 3f c5 16 31 b5 dd f4 33 c3 14 b6 d7 10 7e f3 6f 96 ea bf dc 6d bd fd 0f 35 db ea de 20 b4 bc fe cf f1 65 b5 ad ae 9d 1c 17 11 7f a6 6b 36 2f 04 ad 6f 23 7e f1 90 b0 f9 43 fc 83 e9 cd 7d 25 3c Data Ascii: $<>M24WfuuN$ZpIs$Zcb{5{bf\|{IU$(y*7%gO/~IB\|aKXikq>~,UoX#R}[2:~K?13~om5 ek6/o#~C}%<
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 76 6d a7 47 71 6b 6b 3d af d9 65 d4 63 96 19 bc f5 97 fd 1c e0 b8 3f dc 6d dd bd 6b 37 c1 bf 0e e0 b7 d0 53 5c f1 27 8a 2d 75 2d 6a 29 96 54 8a de 06 69 7c c3 95 73 e6 f4 da 3d 2b 8e d7 ee 7c 43 e0 4d 4a d3 c3 f6 bb f5 6d 3f 4b b4 fb 4d da 3f cb 14 cb bb cd 7d ac bc e4 7c a3 03 e9 4b 1d 98 55 c5 4d 42 ab 4e c9 35 b2 f5 b7 dd b3 23 0f 4e 8d 3b fb 3d fa 9b be 19 d2 af ac af ad e6 bc d3 63 b8 b8 d5 2e 2e 6c ee 21 df f3 43 f7 db ef 75 fb be 86 b4 b4 ff 00 0b b3 f8 71 35 88 75 28 ef 37 5f 47 05 c7 d9 a4 f9 61 63 c2 1d df dd f5 a8 fe 1b dc d8 fc 4c f0 ad f7 88 2d 6c 6e a0 6b 7b 89 ae 52 1b ef 95 a1 fd d8 fe 1f f7 ba 11 5d 0f 85 fc 43 07 c3 8f 0c ae 9b e3 3f 0b ea 2d a3 eb 32 c6 a9 77 63 f3 7e f0 b7 de 95 7f 83 0d d0 fa d7 93 57 30 a9 09 3a 71 5f bd 8b d6 3a 6a Data Ascii: vmGqkk=ec?mk7S\'-u-j)Ti\|s=+\|CMJm?KM?}\|KUMBN5#N;=c..l!Cuq5u(7_GacL-lnk{R]C?-2wc~W0:q_:j
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 17 fa 3e ef dd b0 df fc 0a 8d b7 77 fb 14 ed 72 f2 2b 8f 84 be 19 87 58 4b 1f ec 8b c9 63 57 6b b8 7f 74 90 06 c7 cd 23 70 b9 4f c6 bc 8b c1 29 a9 4b e0 eb 8f 1d 78 a3 c5 12 6b 6d 75 6f 1c 57 10 a6 e5 b6 d3 e1 4f f9 60 8b ed bb 2d fe f5 69 eb 1a ba 6a 7a 7c 5a 36 a6 f3 cf 65 67 2f 95 69 65 f7 63 85 8f 39 d9 d1 bd b3 45 7e 2b a3 56 ad 5a 53 a6 ee a3 c9 7f b2 f6 76 77 d7 6d 3f 1e a6 f4 e2 9c 62 93 d2 f7 37 3c 5d a7 7c 1c 6d 51 ad 7c 0f 3c 10 b5 9c b0 db 5c 25 8f 98 b0 43 0e e3 e6 26 ef ba c4 8e 45 72 1a 6d d7 82 ad fe 1d 5f 78 6e c6 04 bf bc d5 ae 3c cb 44 fb db e6 8e 67 28 d0 7f 71 76 75 42 69 6e 9e 2b 7d 62 d2 d7 4f 7f f4 59 fe 66 7f b2 f9 4b c2 fd d6 5f d2 bc fb 48 bd d1 ad 2f a1 fb 3e cb 0b 8b 54 93 fb 3a 18 64 f2 b6 62 4f e0 ff 00 3c d7 9e f3 7a b8 a9 Data Ascii: >wr+XKcWkt#pO)KxkmuoWO`-ijz\|Z6eg/iec9E~+VZSvwm?b7<]\|mQ\|<\%C&Erm_xn<Dg(qvuBin+}bOYfK_H/>T:dbO<z
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 19 27 bd 8e d3 e1 f6 85 67 e2 bf 1a 4b 0f 99 04 ba 5d 8d f2 ac 57 69 f2 c1 32 8f f9 69 fe d6 6b ea e8 fc 79 e1 0f 0e 68 ef 6b 67 3f da a4 b3 85 7f 73 12 7c bf f7 d5 79 5d c6 97 a3 78 5b e2 32 f8 7e de 7f b1 e9 ad 62 bf 64 b7 96 35 58 b7 05 fb db bf be 7d 6a bf f6 c6 fb a7 b5 d1 ef 92 05 f9 a2 9a e2 db 6b 2f b8 ff 00 6a bc 98 71 37 f6 66 25 e1 a9 53 bd 34 97 34 ba ff 00 96 e7 1d 7a 95 1d 4e 77 f0 87 8d 3e 2c f8 8f c4 52 4d 6b ac 49 05 86 9b 2f cb 6e 90 a6 e5 da 3f bd bb 8c d4 7f 0e 7c 6b a9 de cf fd 83 6f a9 58 dd 6c f3 3e ce 89 f2 cb 36 17 e5 4d cf c2 93 5e 5b f1 22 d6 ef 50 f1 55 a7 87 7c 3d af 25 ba de 4d b9 d1 5f 74 5e 67 7f 99 be 99 1e 95 cb d9 24 7a 04 fa b6 b5 67 3d d4 5a 85 ac d0 ca ff 00 68 f9 7f 78 8d f2 b0 51 d8 fe b5 ac b1 54 f1 b2 8d 5a 8d bb Data Ascii: 'gK]Wi2ikyhkg?s\|y]x[2~bd5X}jk/jq7f%S44zNw>,RMkI/n?\|koXl>6M^["PU\|=%M_t^g$zg=ZhxQTZ
2025-01-08 15:06:11 UTC	16067	IN	Data Raw: f7 da 5e c9 3c 4f df e5 66 e5 b3 de a9 eb 97 96 da d6 b9 a4 dd 59 e9 b1 de 4f 14 5f f1 ef 70 ff 00 bb fc 71 fe d5 72 c2 a5 49 56 5c d1 bd 3d 6d aa 7d fa bf eb 41 f2 5b dd be ba 1d df 82 34 bb 6f 10 78 16 de fa fe c7 c3 2d 66 c5 16 1b 2b 8b 56 8a f9 d8 b6 31 f2 fc 8d 91 d0 b5 70 f7 56 da 7d 9f 8c 5b c2 93 7f 6a c5 6f 04 db 75 18 bc 85 59 d1 4b 72 98 3c 7e 06 ba 2b 8b cb 9b 89 f5 1f 0f df 41 0b 5c 5a c5 34 57 16 89 f2 c4 98 c3 2a 83 fe cb 74 35 db 7c 2d 8d bf e1 2d 87 4d f1 35 dd ad d4 76 7a 73 35 be a1 70 8a d7 90 a8 6e 23 dd d6 48 d7 fd ae 47 6a f1 15 49 e1 5d 49 4b ad da 8f 6e cd 77 b7 de fc f6 36 8c 34 51 b6 bd ff 00 43 ce e1 fe c3 d3 bc 46 8d a7 df 3a e9 eb 34 cb 2a 79 1e 42 ee db bb 0b fe ef 6a 9b c7 1e 2e bb f1 06 a3 71 0b 4e 8f a6 e8 d6 9f 6c 69 91 Data Ascii: ^<OfYO_pqrIV\=m}A[4ox-f+V1pV}[jouYKr<~+A\Z4Wt5\|--M5vzs5pn#HGjI]IKnw64QCF:4yBj.qNli
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 47 44 fe e7 f5 aa bf da 73 f8 8f c0 f7 7f 67 f9 6e 22 8b ee 3f de e7 d2 a6 87 55 9f fb 1e c6 ea 39 3f 7d 6b 36 d7 ff 00 ae 65 7f a5 72 52 a7 cb 56 cd d9 de df 91 cd 88 97 bb a6 c7 9d fc 6b d4 e1 b8 f1 57 87 35 fb 84 dd f2 2c 13 4a 9f 79 59 7e 5c fd 2b 5b 4d bc b6 8f 52 49 a1 b4 f9 60 dd bf 67 bb 63 9a f3 5f 89 97 eb 7b a7 f9 76 f2 7e ee 2b 89 19 13 fe 05 9a f4 8f 05 dc c1 35 ad dc 97 4f fb e4 d3 20 64 74 f7 6a fa 3a 94 25 4f 09 0d 35 57 5f 8e 9f 99 e7 c2 a2 9a 71 f9 9d 26 a5 24 ba 7e 9b 71 75 36 ff 00 b3 ad a3 37 c9 fd de b5 89 f0 9f 5f 5f 10 58 b4 97 1f f1 f9 67 e6 6c 7f bb be 33 f7 53 3e a3 b5 6f f8 9b 53 59 7e 14 6e ba 8d 16 6b f4 fb 32 7f bb da b8 1f 87 3a 16 a3 2e 9b 35 8d 8b c7 15 d6 f9 2e dd dd f6 aa 47 0d 79 98 4a 30 96 1e a7 3e f7 b2 f4 ea 2a 71 Data Ascii: GDsgn"?U9?}k6erRVkW5,JyY~\+[MRI`gc_{v~+5O dtj:%O5W_q&$~qu67__Xgl3S>oSY~nk2:.5.GyJ0>*q
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: d6 cf 2e f6 6f 27 7a 90 a1 47 f0 ae ea ee 3c 0d 68 da a5 c6 99 1c de 64 53 5a a4 36 72 ef f6 85 6b 8d f1 96 8b 1d 9f 8a ae db cc 8e 5b 76 b8 87 ec 3f de dc 1b e6 cd 7a 5f 83 6d a7 5d 7e e1 a1 f9 bf d3 a4 fb 9f c7 88 ca ff 00 e8 55 f5 f9 93 a5 cd 4e 71 d3 9a cf ef b7 e8 ff 00 01 62 29 c6 51 d3 73 d9 fe 00 f8 6e d9 3e 21 ff 00 6d 2c 1f 2d ad 8a b2 3f fb 5f 70 57 a0 6a 97 b2 6a 3a 95 db 2c 9f 2e fd bf 95 60 7c 2d 2d a6 f8 3a 6b a9 3e f3 22 aa 7e 0b 4b a7 df c4 9a 3c d2 37 de 97 73 57 d8 61 64 a8 e1 d4 bb 9c bc dc 91 f3 3c 97 e2 46 99 6d aa 78 83 c4 9a d4 93 c8 cd 6f 68 d0 79 3f 4e 98 af 9f 75 0b 1d 55 fc 41 12 d8 ff 00 ab 5b 78 bc ed ff 00 2f ef 37 7a 7f 17 15 ef 91 de 5e 45 e2 0d 41 96 4d b6 f2 c3 23 24 df df 63 cf 35 e7 bf 0a 52 db c4 7f 11 b7 34 7f b9 5b Data Ascii: .o'zG<hdSZ6rk[v?z_m]~UNqb)Qsn>!m,-?_pWjj:,.`\|--:k>"~K<7sWad<Fmxohy?NuUA[x/7z^EAM#$c5R4[

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.24	51810	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:11 UTC	375	OUT	GET /th?id=OADD2.10239339388236_1HL4SRJ7X21NUOQZ9&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-08 15:06:11 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 585469 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 284013BBF3F943A390567C908C0E63E4 Ref B: EWR311000108053 Ref C: 2025-01-08T15:06:11Z Date: Wed, 08 Jan 2025 15:06:10 GMT Connection: close
2025-01-08 15:06:11 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 18 98 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 30 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 32 3a 31 31 3a 31 38 20 31 31 3a 33 38 3a 34 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.0 (Windows)2022:11:18 11:38:408
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: ff 00 13 d7 0b e3 af 83 7e 0e d6 6c 7c 99 f4 64 4f 9d 99 1e 1f 97 e6 35 f6 b8 5e 3a a3 53 4a d0 6b d0 f9 bc 4f 0b 4d c1 aa 75 3e ff 00 f3 47 ce bf 05 a4 d1 b4 df 13 3b 1b b9 e5 b8 6f 96 1b 8f 95 55 1b d1 6b d7 3c 49 f0 7b 49 f1 4c 91 6b 8d 63 6b 6f ab 45 ff 00 2f 70 a6 df b4 a9 fe fa d5 7f 0c fc 06 d2 f4 8f 18 43 ab 69 36 3b 7c af e0 9a 76 65 fd 6b dd 3c 3b 6a cb 62 90 cd 06 d6 af 27 38 cf 63 ed a3 5b 0b 37 7b 6a 76 65 59 3b a7 87 74 31 30 4d 7e 07 c8 5f 17 3e 05 c3 a7 49 0d f6 8e 7c 8b ef bd 71 6f 34 9b a3 99 7f bd fe c9 aa df 14 3c 0b af 6a 5e 19 b2 b5 8a c2 3b 6f b1 a2 aa 3a ba aa cd fd e1 b6 be ae f8 99 f0 fa c7 c4 fa 6f 96 de 64 57 11 7f a9 99 1f 6e c6 ae 6f 52 f0 63 5d 69 50 d9 ea 1e 64 ad 12 2a ef 4f 6e f5 78 5e 2a 9b 85 37 39 5d a6 f7 ff 00 87 d4 Data Ascii: ~l\|dO5^:SJkOMu>G;oUk<I{ILkckoE/pCi6;\|vek<;jb'8c[7{jveY;t10M~_>I\|qo4<j^;o:odWnoRc]iPdOnx^79]
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: ff 00 ac af 38 93 c6 f1 45 27 fa cd df dc fe 1d f5 1c 9e 3d 81 be f7 97 ba 88 e5 f5 1e d1 1f d6 e9 ae a7 61 a9 5d ee de d5 cf 6a 97 6d f7 bf bd 59 17 5e 28 59 d1 d9 7c cf 95 2b 16 eb c4 0a f1 fc bf 2b 57 75 1c 1c d7 43 0a b8 88 ae a5 dd 6a ed 5a 07 5a f3 1f 1f 5a 2d ec fb 5a 3d de 57 fe 3e b5 d4 eb 5a fe c8 3c b9 20 91 7f cf 7a e4 3c 4d ae 5b 45 0b 48 d1 ee db 5e f6 5f 4a a4 26 9c 56 a7 8d 98 54 a5 2a 6e 33 7a 1c 4d c6 92 f6 f3 ee f2 ff 00 73 fc 6f 59 f2 45 fc 5b 3e f7 dc ad 8b af 12 ef 3b bc 91 f3 27 dd ff 00 3d ab 1a f3 51 f3 d9 d9 be f7 fb 15 f6 34 15 77 f1 a3 e2 6b c2 95 ef 49 b1 ca 55 7e 5a 8e 4d 95 5f cf dd 43 3b 35 76 c6 16 30 54 da 61 26 d3 f2 d4 72 c7 ff 00 7d 50 df 35 2b 1a da 3a 1a ad 06 e1 bb 7d da 6a 8f dd d3 d7 fd 9a 5d 95 a2 63 bd 88 a9 71 Data Ascii: 8E'=a]jmY^(Y\|++WuCjZZZ-Z=W>Z< z<M[EH^_J&VT*n3zMsoYE[>;'=Q4wkIU~ZM_C;5v0Ta&r}P5+:}j]cq
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 94 6b e1 ea 4a 4b 5b 5f 5b bd bc 8f 8a ef ac 4c 51 a4 f1 ff 00 c7 bc bf ea b7 7d ef c6 a9 32 ed ae c7 c7 77 71 cb 27 92 a9 03 f9 af e7 c3 e5 3f fa 95 3f c1 5c 93 57 ed 38 5a ce a5 35 26 8f c4 f1 54 e3 46 b3 84 5d d2 19 cd 33 15 26 29 2b a8 e7 19 8a 5d be f4 fc 51 8a 57 1d c8 b0 68 5e b5 2e 29 b8 a2 e1 71 98 c5 35 85 4b 8a 31 45 c7 cc 44 a8 b4 6c fe 1a 97 14 94 83 99 91 79 74 dc 54 f8 cd 0c bf de f9 68 e6 1a 91 5d 85 37 9a 96 44 a6 32 50 68 9a 63 18 d3 18 54 9b 37 52 6c f9 28 29 34 88 58 55 bd 16 e1 6c f5 18 6e 5a 3d db 5e ab b0 a3 1b 6a 64 ae 99 aa 93 5b 1e e1 f0 f7 e2 ac 76 5a 76 dd 7b ec ab b9 d5 52 5b 6f 97 67 d5 6b e8 2f 00 ea 76 da a5 aa 4d 63 3c 73 db b2 2b 23 a7 bd 7c 43 a2 69 77 da a6 f6 b5 b4 7b 85 b7 f9 a6 f9 ff 00 86 be ae f8 13 78 b6 7e 1f b7 Data Ascii: kJK[_[LQ}2wq'??\W8Z5&TF]3&)+]QWh^.)q5K1EDlytTh]7D2PhcT7Rl()4XUlnZ=^jd[vZv{R[ogk/vMc<s+#\|Ciw{x~
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: e0 69 3e 5f bb 54 2e 8e 91 6f 3e ef b2 7e f3 ef 7f fa aa c4 9a 5e 23 dd 1d df cd 59 17 5a 34 ed 27 ef af f7 32 d5 c2 cd eb 21 49 3b 6c 63 f8 d3 c2 5e 1e d6 e4 86 f2 e2 0d b2 2f cc 89 bf f8 ab 94 f1 47 82 ec ee ad 76 c7 02 2b 7f b1 b7 ff 00 1d ae e2 6d 2e 55 83 6f da e3 db fd ca a3 79 a6 6f 8f fd 7f cd fe dd 7a 14 31 55 21 6b 4d e8 71 55 c2 53 a8 a4 9c 16 bb 9e 2f aa 78 1a f1 21 f2 ec 63 f3 64 ff 00 7f e6 aa 5a 3e 85 aa e9 1a a2 4d a8 69 33 b4 29 f7 f7 fd d7 fc 6b d9 21 d3 bc a9 12 4f 33 e6 5a 5d 4a 5b 37 81 e3 92 48 ff 00 dc af 5e 39 ad 56 b9 5a b9 e1 cf 23 c3 a9 73 c5 f2 b4 64 f8 6f 51 81 ed 52 68 63 db b7 ef a2 7b 53 26 d5 74 fb c9 3e d9 e5 ed 9b fb ef f7 aa 9b 3d 8e 9f e7 34 3e 5a af f7 11 ff 00 95 79 d6 bd aa ce 97 ce b1 cf be 36 fe 14 a7 43 09 ed e6 Data Ascii: i>_T.o>~^#YZ4'2!I;lc^/Gv+m.Uoyoz1U!kMqUS/x!cdZ>Mi3)k!O3Z]J[7H^9VZ#sdoQRhc{S&t>=4>Zy6C
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: ff 00 ef 8a f3 79 34 6b 3b 2d 62 5b eb 5b 49 17 72 7c ee 9f 79 f3 5b 5e 11 93 64 8f b6 49 3e 67 dc e8 ef f7 2b 5a d8 7a 7c b7 8e c6 54 ea cd 3b 48 f5 fd 0f 54 df ff 00 2d 2b 76 1b d5 fe 2a f3 ed 2e e5 56 b7 f4 fb 95 97 ee d7 83 5b 0f 66 7a 94 aa 9d 47 da 62 6f bb 45 bb fe f3 e5 ac 98 4b 2c 95 7a 19 15 64 f9 a4 f9 ab 91 c6 c8 e9 52 d7 52 d5 f4 6b 2c 0f 1b 7f 15 70 be 26 f0 16 99 aa 48 97 12 47 27 da 22 ff 00 53 32 7d e4 ae e9 9d bc bf 9a aa dd 3a f9 7f 2d 55 0a d5 29 4a f0 76 15 48 46 4b 54 79 15 bf 83 17 4e 92 6f dc 6d 5d ff 00 3b a7 de 7a e6 bc 6d e0 55 f1 06 f5 b7 49 17 6f fe 85 5e ec b1 2c b2 6e 68 eb 99 b8 d0 b5 eb 7d 4a 66 b1 fb 2b 43 2b ee 47 7f bc 9f ec d7 b9 87 cd 2a 46 7c dc d6 97 99 e7 56 c1 c2 51 e5 b5 d1 f2 8e b1 e0 7d 4e ca f9 ed e4 93 6c ca Data Ascii: y4k;-b[[Ir\|y[^dI>g+Zz\|T;HT-+v.V[fzGboEK,zdRRk,p&HG'"S2}:-U)JvHFKTyNom];zmUIo^,nh}Jf+C+GF\|VQ}Nl
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 5b f9 5f 71 1d fe 69 ab a2 b3 f1 43 5e 49 f7 27 f9 bf e9 83 7f 5a b5 fd bb 67 f3 b5 e4 f1 c5 b7 e5 fb ff 00 35 7b 74 27 8b c3 a5 18 c9 fe 67 9d 5a 38 6a d7 73 4b 53 cf f4 ff 00 82 7a 1b da f9 93 6b ba 95 bc 9f 79 d1 f6 b2 fe 15 ad a1 fc 33 f0 d6 9b 3e e9 35 2b ab 8f e1 44 df fc 5f 4a d4 d4 3c 43 04 f2 7e e6 7f 36 3f e0 d9 fd da a4 ba cd 8d bd d3 dc 37 dd 6a ed f6 d8 b9 ad 64 ff 00 03 92 34 70 b0 b5 a2 8e df c0 b6 fe 15 f0 e6 aa b7 10 d8 f9 51 fd 9d 96 5d e8 ad bd ba ee e7 bd 4d 35 ca b6 bf 0d e5 c4 11 ff 00 67 ab ab 3c 28 8a ab ff 00 02 ff 00 66 b8 1d 53 c4 7a 6d d4 0f 1a ea 50 33 37 dc f9 ea 78 7e 20 d9 cf 1b c3 34 1b 5a 24 5f 93 f8 5f fd da e2 96 0e ac 9b 9d 9b 6f 43 a9 62 a0 a3 cb a2 5d 2c 7b 2f 80 fc 63 a2 6a b7 4f a7 5e e9 56 56 b2 bc ac 90 ba 42 be Data Ascii: [_qiC^I'Zg5{t'gZ8jsKSzky3>5+D_J<C~6?7jd4pQ]M5g<(fSzmP37x~ 4Z$__oCb],{/cjO^VVB
2025-01-08 15:06:11 UTC	16069	IN	Data Raw: f6 af 5f d4 b5 0c ec 69 27 dd b7 fd ba b7 fd a7 6d 71 62 eb 34 9b 7e 4f ef d7 7c 73 5c 44 62 bf 77 17 f2 7f e6 72 4b 01 46 4f e3 6b e6 bf c8 f1 ff 00 02 f8 6f 53 bd f1 02 7f 68 7f a3 c3 17 dc 44 ff 00 d9 ab a1 be 92 ef c3 9a 8d c5 e4 7f e9 91 af ee bf 73 f2 b2 2f bf b5 75 50 eb 1a 44 51 ed 86 48 d6 b3 2f 86 8b 7b 3b c9 27 97 2f 9a fb 9e b4 96 2a a5 6a 97 a9 0f 76 d6 b0 46 8d 38 42 d1 96 a7 99 f8 c9 35 5f 12 69 57 12 69 b1 cf e6 2b ab 4b 68 f3 ee df ec 09 ac 6f 86 f0 78 d7 45 f1 12 5f 43 a6 c9 6b 24 51 34 7f 3a 2f dd 3d 6b d5 e6 f0 67 87 b5 28 5e 1d 0f 56 9f 49 ba 5f 9b fe 7a ab fd 54 d6 5c 9f 0e f5 35 75 5b 8f 1b fd df f9 e5 6b b7 e6 fc eb d2 a5 99 61 fd 94 a8 e8 93 e8 d3 bf e1 b9 c5 53 05 51 d4 55 16 ad 75 4d 25 f8 d9 9d ae 83 ae de 4b e1 9f 33 c4 5e 5c Data Ascii: _i'mqb4~O\|s\DbwrKFOkoShDs/uPDQH/{;'/*jvF8B5_iWi+KhoxE_Ck$Q4:/=kg(^VI_zT\5u[kaSQUuM%K3^\
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 3f f8 05 7c dd 0f ed 03 e3 ef e1 b7 d1 db fd fb 5a 93 fe 1a 0b c6 e3 6e ed 2b 41 dc bf c4 f0 37 f8 d3 fe d5 c3 76 64 7f 60 e3 fb 2f bd 1f 49 47 79 e5 ff 00 c0 69 cd 77 b7 e6 6f e1 fe 0f f6 6b e6 d5 fd a1 bc 6a 9f 30 d2 7c 3a ad fd ff 00 b2 37 f8 d4 91 fe d1 3e 30 1f 7f 42 d0 24 65 5d bb 8c 12 6e fe 75 3f da 98 6e cc 7f d8 39 87 65 f7 a3 e8 c6 9d 7c cd bf c3 52 43 2e d9 37 7d ea f9 d5 bf 68 df 15 41 b5 bf e1 1f f0 ca af f7 3c b9 3f c6 9b 1f ed 1b e2 df ba be 1b f0 ef cb ff 00 4c e4 ff 00 e2 a8 79 a6 1b 6b 3f b8 a8 e4 78 ed f9 7f 15 fe 67 d1 ed 2e ff 00 bd 27 dd fe e5 2f da 37 7c b2 79 7f ef a5 7c ea bf b4 af 8b 7e f7 fc 22 7e 19 ff 00 6b f7 12 7f f1 55 2a fe d3 1e 29 fb bf f0 87 f8 6b fe f8 93 ff 00 8a ac ff 00 b4 a8 76 66 9f d8 98 de df 8a ff 00 33 e8 15 Data Ascii: ?\|Zn+A7vd`/IGyiwokj0\|:7>0B$e]nu?n9e\|RC.7}hA<?Lyk?xg.'/7\|y\|~"~kU*)kvf3
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 98 bc f9 ae f1 ff 00 08 f5 d3 79 8a cc de 57 ff 00 5c 57 a5 d8 c6 62 f2 84 f7 9b 95 9d b6 fe e7 72 ab 0e db 2a e2 ed bc 9b 75 be c8 b7 6e f9 d3 e5 67 ad 23 51 ed 7f cb fe 09 c7 53 3c 49 ff 00 0b e7 76 79 6d c4 56 11 ab 34 3a 26 ab f7 76 cb f2 2b 37 e9 59 8b 36 9d 0a ac 2d 6f aa ac 8c ff 00 3f 9a 9f 2d 7b 30 69 62 b8 59 ad ae e6 de ad f7 e5 dc bb 33 d7 ad 41 71 6c ef 1a b7 d9 37 7c fb 76 6f dd 4e 75 1f 7f c8 54 f3 de 5d 25 07 ff 00 81 3f d5 1e 46 b7 36 27 cd 87 4e d3 67 66 65 f9 db 62 ed fe 5f 2d 43 1c 2c 76 ac 16 77 d7 12 37 cb b1 7f 95 7a e2 bd cd aa b5 bc 1e 4d ba 37 de 54 87 ff 00 1d e6 ab dc 5e da 46 8b fb cf b3 b7 cb f2 2a 7f 10 f7 15 ce eb 47 ab fc bf 43 78 e7 2d fc 34 ef ff 00 6f 37 f7 e9 f9 1c 16 9b a7 4f 73 79 e5 aa 5d d9 b3 7d e5 6b 4d df 37 a2 Data Ascii: yW\Wbrung#QS<IvymV4:&v+7Y6-o?-{0ibY3Aql7\|voNuT]%?F6'Ngfeb_-C,vw7zM7T^FGCx-4o7Osy]}kM7

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.24	51808	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:11 UTC	346	OUT	GET /th?id=OADD2.10239359955653_16Q8BS61PKT108CUW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-08 15:06:11 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 498769 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: F6782726C4E549A59E7264B71C2D95B0 Ref B: EWR311000104049 Ref C: 2025-01-08T15:06:11Z Date: Wed, 08 Jan 2025 15:06:10 GMT Connection: close
2025-01-08 15:06:11 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 33 37 3a 33 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:37:388C
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: d9 56 3a 2f fc 23 d6 b6 f1 e8 b1 ce f6 36 e9 f3 da 6f dc df 77 aa 6e ef f8 d7 c7 9e 13 69 2c f6 5e 79 1f 68 6f 3b 72 7f bc 1a be c5 d1 ee 7c 4b a9 78 72 1b 8f b3 d8 db b4 b0 ae c4 47 65 6e 7f de 1f 2d 3c 14 92 72 d3 51 62 23 aa 2f 68 77 2b 7f a5 25 e2 dc 46 cb 71 f3 26 cf e5 fe f0 ef 56 fc bd d1 fc d5 cb 7c 31 f0 f5 9f 86 74 79 ad d6 c2 4b 5d 4a 59 a4 96 ef 66 e9 55 d8 b1 23 db a5 74 1a 5e a8 d7 4e 90 c9 a6 df 5b cd f3 6f df 06 d5 e3 fd aa f4 a1 3b a5 7d ce 63 c2 7f 6c 8d 2f fb 27 5c d0 7c 55 a6 c9 f6 5b a6 76 89 dd 3e 56 f3 13 e7 47 fc 2b c6 a4 8f 5a bc d5 66 d5 af 35 6b a4 bc b8 4f b4 bd c3 c9 b5 a6 fa 9f e9 5f 46 7e da d7 30 59 fc 19 fb 54 d6 11 b5 c2 df 42 b6 93 3e dd d0 b1 6e a0 7f bb 5f 35 cd a9 cf 3e 8f fd a9 7d 7f 1b 6d 9b ca 78 53 fd 6a 7f b5 8a Data Ascii: V:/#6owni,^yho;r\|KxrGen-<rQb#/hw+%Fq&V\|1tyK]JYfU#t^N[o;}cl/'\\|U[v>VG+Zf5kO_F~0YTB>n_5>}mxSj
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: b1 d5 75 9b 44 fb 57 d9 65 8f fd 5c 49 68 9b 7e bb 54 f1 f8 d7 7c 52 c1 c2 13 c4 54 4d 5a d7 6a cd c8 99 49 4a fc ab 43 d2 ff 00 67 9f 0c 6a 7a f6 9b a8 2e 97 ae ea 3a 5d 8a ba ab bc 4e bf be f9 7f 8f 1f ca bd 77 58 4f 0b f8 5f c3 2e ba b5 86 9b e4 c4 8a be 4c 30 2e e9 9b f1 af 1e f8 03 e2 0d 4b c2 a9 71 a0 ac f1 d9 da cb 32 b4 29 71 02 f9 ae c7 fb a6 bb 0f 14 68 9f f0 95 ea 5f d9 fa b6 8b ac 5f dc 32 6e 49 9e 36 8a 2d be d2 74 c5 6f 1c ee 2e bc 70 78 7a 0e 75 2d ac ad ee 45 3e b7 eb e8 8e 3a 98 5d ea 4e 69 2e dd 59 c4 6b 91 78 f7 e3 0d bb db e9 fa 6c 96 fe 17 6b b5 58 7e d0 fb 60 45 1f 2e 40 fb d2 62 b9 df 8e 1f 03 b4 8b 2d 57 c2 de 05 f0 af da ee 35 cd 52 56 92 ee e3 e5 58 92 14 fb ef b4 7d da f7 8d 1f c4 11 e8 7a 6d 8d 9e a5 3d ae 9a b6 08 d6 df 61 4f Data Ascii: uDWe\Ih~T\|RTMZjIJCgjz.:]NwXO_.L0.Kq2)qh__2nI6-to.pxzu-E>:]Ni.YkxlkX~`E.@b-W5RVX}zm=aO
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 96 29 ba 69 cd 3b fc be ed c5 52 8d a7 6b fe 67 73 e0 7f 07 78 56 ce eb fb 73 4b b4 f9 9b 72 a2 3f cc a9 f3 7f 06 6b 75 53 fe 2a 69 a4 fd da aa 5a 2a bf fd f5 5e 4f 63 aa f8 f6 df c3 f6 f6 ba 3e bb 25 fb 7f cb ba 26 81 22 ef 53 ff 00 4d 1b 8a cd d7 bc 4b f1 2e e3 c4 09 a6 e9 fa 4d f6 a5 34 49 1a eb 36 89 63 e5 6f 8f 6f 03 cd 3c 26 7d a9 d3 af 4d 24 94 6d 7e dd fe f2 67 4d c9 fc 5b 1e ad e0 1d 4b 47 f1 1d f6 a7 af 69 bf bd 91 6e 1a c7 ce ff 00 66 3f ee ff 00 b2 6b 4b fb 3b 4f 83 55 76 5b 08 fc e9 fe 69 a6 d9 f7 ff 00 de af 25 f0 2f c4 bb cf 0e 6a ba b4 3e 30 f0 9e a5 a5 c9 74 f1 b7 d9 ed 20 5f 22 16 0b b7 19 cf 75 db 5b de 2a f1 e7 89 b5 28 62 9b c0 7e 1e 79 66 8b fe 3e 1f 54 9e 35 89 14 fd d7 c2 b6 e6 fe 55 b4 6b 43 97 5d 59 9f 23 5d 0f 29 f8 d1 05 8c 1f Data Ascii: )i;RkgsxVsKr?kuSiZ^Oc>%&"SMK.M4I6coo<&}M$m~gM[KGinf?kK;OUv[i%/j>0t _"u[*(b~yf>T5UkC]Y#])
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 5a 74 23 d9 6b 23 5e bd f0 fd ff 00 83 ef bc 31 27 85 ed 6d 7c 4f 61 a9 ac f6 37 b6 f1 ee df 6a fd 63 cf de fe f0 ae 83 f6 9a d4 7c 27 af f8 ab c3 7e 38 f0 ef 92 ba 87 9d b7 54 45 8d 97 7a 8f bb bb fd a1 58 da 5d ce 91 aa 7c 7a d2 6c e6 bf 82 c2 fa e1 e1 96 df 7a 6d 54 60 db 93 9e 8c b5 e4 56 a9 25 8b 74 e9 59 f3 7d d6 ff 00 33 ae 14 ef 45 39 2b 58 fa 16 6f 08 78 a3 49 d0 34 9d 5b c0 da cc 2d 77 65 69 1c 0f 6f 71 06 ef b4 c2 7b 37 fb 4b da bc fb c7 1a 66 a7 a6 fc 7a f0 b7 8f bc 55 a4 da b5 bd ba 35 9e a3 aa 5a 7e f6 07 62 b8 c3 a1 1f 26 0d 7d 15 25 ee 9b 6f 1f da 2e 2e 20 56 f9 77 ba 3d 79 7f c4 bb df 0e e8 be 3e d0 66 88 ea 5f 63 d4 2e e4 5d 46 d2 da 06 96 da e6 46 5d d1 97 43 fc 5e eb 5f 41 5a 8a 82 e6 4f 4d 3d 0f 3a 13 bb d5 15 7e 26 78 9f c3 af a5 ff Data Ascii: Zt#k#^1'm\|Oa7jc\|'~8TEzX]\|zlzmT`V%tY}3E9+XoxI4[-weioq{7KfzU5Z~b&}%o.. Vw=y>f_c.]FF]C^_AZOM=:~&x
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 39 ea de 1e d1 ee f5 0f 0d 5e ff 00 c2 59 a4 df b7 ef ac ae 2d 55 6e dd 7f bc 1c 70 f5 f3 ff 00 8a 3c 0d 3e 8d f6 8b 8d 2f c4 2f 6e b2 dc 6d b8 d3 ae d1 a2 96 d9 bf ba d5 f5 5f 82 3e 35 26 87 73 63 e1 7d 13 46 be f1 2e 99 15 be d5 8a df e6 be b6 db fc 3f dd 90 0f f8 0d 79 97 ed 3d e2 2d 37 c7 b7 5f 6e 4d 0e 4f 0d 6a d6 7e 64 77 29 71 1b 24 ee bf c1 e7 0c 0f c2 b8 b1 54 70 ae 9f 35 37 af 6d 7f 31 d3 75 39 f9 66 8f 34 f8 43 f1 53 c7 ff 00 0b b5 e8 63 58 37 d9 dc 3a ec b6 9b 6b 2b b7 fb 0d fc 39 af ae 3e 17 fc 63 d3 fc 67 71 a8 69 7a ad 8c da 5e af b2 36 b7 d9 07 ef 51 76 fd e3 ea 15 b9 f4 c5 7c 99 a7 fc 38 f1 55 ff 00 87 ed ee ae bc 3d e2 06 b3 5d b3 c3 7d 6f 6a d2 ae d1 fc 40 ff 00 76 b8 fd 7a 6d 73 43 92 2b cb 5b b9 22 6b 5b ef 2a 1b 88 5d b7 79 6f f7 79 Data Ascii: 9^Y-Unp<>//nm_>5&sc}F.?y=-7_nMOj~dw)q$Tp57m1u9f4CScX7:k+9>cgqiz^6Qv\|8U=]}oj@vzmsC+["k[*]yoy
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 8a 51 eb da 7f 84 61 d2 fe d5 6b ab 59 df 2c ac f6 ce be 57 98 8b 82 c8 b5 96 0e bc 29 42 a3 be e9 69 f3 36 c4 52 9d 57 1b 2d 11 db 7e d3 be 37 d0 4f 87 74 8b 1f b2 24 fa e2 db f9 e9 13 c2 bf e8 7b e3 db 9d df c2 de 95 e5 9f 0a 7c 6b ae f8 57 c2 ed ae 78 5b 49 9e e3 50 d7 26 6b 4b 8b 89 91 a5 5d c1 b8 93 db 15 6f e2 12 58 c1 a6 da 78 9a f3 cc 96 45 bb 87 ed d0 ef 5d d7 b1 ee dc 73 ee 6b dd fc 3b 37 8c f5 ef 07 7f c4 8f c2 16 3e 1a 59 37 7d 93 fb 47 ef 43 19 fb ac a8 9f 74 d6 be d2 78 ba ca a4 64 e3 6b 6c 9b 76 fd 3d 49 70 85 1a 7e cd ab df cf a9 f3 df c5 c3 7d a2 da 5c 5b ea 9a 95 8d d5 d5 c2 79 b7 6f 69 3f 9f 03 c8 ff 00 5f e2 fa 57 98 ea 57 16 31 6b 96 97 4b 6f 25 bd bd bc 2c d2 ef f9 95 e4 fe 1c 57 ad 7c 60 f8 5b e2 9d 24 34 fe 31 b8 b5 bd 86 e9 da 5f Data Ascii: QakY,W)Bi6RW-~7Ot${\|kWx[IP&kK]oXxE]sk;7>Y7}GCtxdklv=Ip~}\[yoi?_WW1kKo%,W\|`[$41_
2025-01-08 15:06:11 UTC	16069	IN	Data Raw: b1 d5 4a ad 5c 47 b9 2a 9b 6d a5 87 e8 71 cb 6f 6a da 7c d2 47 aa 6f 9b ca d3 b7 ff 00 1c 27 ee ef fa 74 ab 3a a6 a7 07 87 35 cf ec db 7b 08 16 4b 84 fd f5 c7 f7 3e 5f ba 2a 4f 18 41 a7 78 53 e1 ce b1 aa 35 8c 76 ea b6 fe 7f df 66 f3 a4 fe 15 5a e4 f4 fb dd 67 56 f0 fc 3a e5 9d dc 6d 63 79 6e b2 6f bb 83 cd 5d df d0 57 a5 43 88 b0 f5 70 f1 ab 6d 1e 8d f6 7d be 7e a5 ce 32 8e 89 5e e5 af 11 68 7e 29 bc f0 cd bf 8a b4 3b b9 ed f4 d9 6e 3c b9 ae 12 76 5d 92 2f 4e 41 cd 69 78 0f e3 7f 89 b4 3d 06 3d 32 da 7b 59 e4 bc dd 0c bb fe f6 ef bb e6 2f bd 5a d6 35 eb 6f f8 45 6d f4 1d 4b 52 8e df ed fb 7f d1 ed dd 55 52 4f ef 2a 57 97 69 3a 04 09 af f9 90 c7 f6 c6 b5 bb 91 53 7b ed 91 19 5b ef 1e d5 c7 84 cc 5c 65 ed 68 ce 71 4b af ad ef ae d6 d8 e7 ad 45 d4 f7 a4 8f Data Ascii: J\Gmqoj\|Go't:5{K>_OAxS5vfZgV:mcyno]WCpm}~2^h~);n<v]/NAix==2{Y/Z5oEmKRURO*Wi:S{[\ehqKE
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: d6 de 57 f7 d8 56 67 c5 2d 52 da e1 34 fd 0f 4f 47 ba 8e df 50 5f dc ef da b7 33 05 cf cc 7f ba 95 c0 7c 5a f1 35 f7 86 74 9b 7b 1d 3f 5d 7b 7d 7b 52 b8 fd ec 4f f3 2d b4 67 8f 9f fb ac 7f 95 62 7c 21 d6 ac a1 d7 21 99 6f 9e f6 fa c1 da 0b eb 8b bd de 54 2c ff 00 5e de f5 df 82 ca 2b 4f fd b6 55 2d 15 a2 5a db 4d 2f e9 7f bc d9 6d c9 63 dd 3c 23 73 37 85 7c 45 a3 e9 77 50 47 71 7d e2 a9 be 4f 2b ef 5c c8 fd 53 d9 51 79 15 83 fb 45 69 d6 d6 7f 11 ad fc 33 6b 3e 9d 79 71 aa 4d f3 dd ef db 14 2a 9f 36 dd a3 3d 2b ce 3e 27 78 d3 4d f1 07 c4 2d 06 38 ef ff 00 b2 61 b2 76 54 74 dc df 66 f9 7e ff 00 af 3e dd 05 61 6a da cd ce 97 e3 8d 2e e2 e2 48 25 68 a6 65 b7 bb 5f de c5 36 7f 89 b7 75 35 ed 51 c1 38 d0 8d 3a 8b 9a 6f de bd fd 6c 92 fb 9e e2 54 53 bc 9c ac b6 Data Ascii: WVg-R4OGP_3\|Z5t{?]{}{RO-gb\|!!oT,^+OU-ZM/mc<#s7\|EwPGq}O+\SQyEi3k>yqM*6=+>'xM-8avTtf~>aj.H%he_6u5Q8:olTS
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 07 96 ce bf ed 56 18 89 d5 4e 9e 13 97 d5 df f2 f5 25 c9 73 3a 8b 63 9d f1 05 86 8d 75 3c 53 47 04 8c d2 ee f2 91 13 e5 4f 9a ab cd a3 cf 17 89 fc c9 a4 ff 00 45 95 17 ed 1b 13 f8 47 52 bf 4a d1 f0 8e a1 14 5a b4 4d 75 1c 72 d9 dd 6e 64 df ec b5 7b 43 d6 60 8e 77 b7 b8 79 25 9a 2f 9b e7 f9 b7 a9 e8 d5 b4 65 52 9b 4b 75 6e a5 af 7d 21 f3 4a ba a4 fa b2 e8 bb 16 18 13 f7 56 ff 00 c4 f0 8e 37 fe 3d 6b 4f c3 7e 11 d7 6e 34 0b bb 89 ad 27 8a d6 58 95 93 66 df 2b fd e3 5c ee bd 6d 63 14 8f f6 59 3c 8b 85 7d d1 3f f1 6d fe ef fb b5 d2 6a 9f 19 35 a9 3c 1d 16 87 6b a6 d8 fd a9 51 7e d7 73 0f cd fb b4 fb a3 1f ce bc dc 4f d7 25 08 47 09 14 d3 7a df a2 ee 6a 9b 8a f7 8d 2f 87 51 5f 68 7a 5d a5 9c 73 da b5 f3 6a ca df be 83 cd 8b 68 5e df ec d7 56 f6 5e 3a f3 35 6d Data Ascii: VN%s:cu<SGOEGRJZMurnd{C`wy%/eRKun}!JV7=kO~n4'Xf+\mcY<}?mj5<kQ~sO%Gzj/Q_hz]sjh^V^:5m

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.24	51812	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:11 UTC	346	OUT	GET /th?id=OADD2.10239339388237_16CFOYO7VUY1K6DRH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-08 15:06:11 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 443021 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: CF46A44BC76745378325BE60B18AD1B6 Ref B: EWR311000107037 Ref C: 2025-01-08T15:06:11Z Date: Wed, 08 Jan 2025 15:06:10 GMT Connection: close
2025-01-08 15:06:11 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 30 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 32 3a 31 31 3a 31 38 20 31 31 3a 33 39 3a 31 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.0 (Windows)2022:11:18 11:39:178C
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 5b fb b4 f5 a5 a0 49 91 ed f6 a3 e6 a7 37 fb 34 d5 a0 a0 a7 62 8a 55 a9 25 b1 31 4d c7 ef 2a 4a 6d 00 36 86 a7 50 6a 80 6a 8a 4c 53 fa 53 6a 40 36 fb 50 a1 69 56 94 50 3b 8d c1 a4 c5 3f e5 a6 b1 a0 04 c5 27 cb 4e a3 0a b4 0c 6d 3b 6f b5 2e 3b d2 50 2b 8d 6f 9a 9b 52 51 4a c5 11 d1 52 63 f7 74 d5 ff 00 6a 90 5c 0d 14 e6 18 a6 b0 a0 42 36 ef e1 a3 fe 59 d2 af cb 45 03 b8 da 56 a5 34 0a 02 e3 68 a5 ff 00 96 94 62 81 89 8c d2 e3 14 a2 97 14 0a e3 28 a2 97 14 0e f6 11 4d 14 b8 a5 a9 01 b4 53 da 93 e6 a0 57 13 34 9d 29 56 86 a0 62 52 30 a7 62 92 a4 06 b0 a7 7c a6 97 ee d1 8a a0 18 c3 6d 3b f8 29 16 96 81 dc 6a d0 d4 ea 18 6e a9 18 da 36 fb 52 b0 a4 a0 03 77 bd 1b 7d a8 a7 50 04 6a 36 fc d4 ac 3d 29 72 b4 30 cd 03 13 25 68 c5 2d 14 08 46 18 a4 a2 97 1f 7a 81 8c Data Ascii: [I74bU%1M*Jm6PjjLSSj@6PiVP;?'Nm;o.;P+oRQJRctj\B6YEV4hb(MSW4)VbR0b\|m;)jn6Rw}Pj6=)r0%h-Fz
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: ff 00 8e ed ac e9 a7 8a ca 04 55 fd d7 f7 36 52 26 af a7 e9 f7 5f 37 98 f2 32 7c f5 c7 88 9c ab ed 1f 43 4c 3a 85 09 a7 29 fa 9d 34 7e 10 d3 25 fd f2 c1 1c b2 37 f7 fe ef e1 5c ff 00 88 3c 11 63 e6 39 85 3c a6 5f ee 7c d5 d2 f8 5f c4 96 d7 90 6e f3 36 fc fb 7f da ad 98 ee 60 ba 8f ce 87 ef 57 92 b1 78 ba 15 35 6c f6 7e ab 84 af 4d 38 25 f2 3c a2 1f 01 4b 33 ee 8f 7f cb fc 1f 77 af 6a ca f1 16 87 3e 97 f2 4d 1f ee db e5 af 65 99 37 49 b9 7c bd b5 c9 7c 44 b2 59 e3 f3 23 82 46 93 ee be cf 9b ff 00 d5 5e 86 17 34 ab 3a aa 33 d8 f3 b1 b9 7c 69 52 e6 83 77 47 90 c8 9b 5d 97 f8 aa 3a d3 d4 2d d7 e6 6f fb e2 a8 6c af a7 8c ae 79 f0 a8 a4 86 62 91 85 3f 14 b8 dd 56 5d c8 e9 71 4b 4e a0 2e 46 a2 8c 7c f5 25 35 46 2a 42 e3 58 7c f4 32 53 99 4d 39 bf f4 1a 02 e4 7b Data Ascii: U6R&_72\|CL:)4~%7\<c9<_\|_n6`Wx5l~M8%<K3wj>Me7I\|\|DY#F^4:3\|iRwG]:-olyb?V]qKN.F\|%5F*BX\|2SM9{
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: c7 ba 45 dc bb 1f e5 f9 ab ca 7e 25 78 81 a1 f0 ff 00 d8 da 4f 29 5a 65 f3 b6 7e 66 be d7 25 fa cc 65 15 06 d3 7e 67 cf 66 8e 84 a9 b7 35 74 8f 99 7e ee e5 6f 97 6b ed d9 fc 55 ea 3e 0d f8 6b 14 9e 13 b8 6d 66 49 ec 35 bb a7 f2 ed 2d 1e 0d db 17 b3 3f f7 73 57 75 2f 0d 36 b9 e2 cd 27 c4 5a 4d a4 12 b3 5c 2c 73 44 9b 55 53 6b 7f ad 6f a0 ae f3 50 f1 1b 59 47 0b 47 60 f7 97 0d 76 d1 da 45 6f f3 33 b7 f0 e4 f5 3c d7 de e6 19 bd 69 c6 11 a1 a3 dd f9 79 6b d3 b9 f1 58 1c a6 84 65 39 57 d5 6c b4 d1 dd 6f a6 bf e4 cf 20 d7 3e 12 78 da c2 47 d9 a6 f9 aa bf dc 7f e5 9f bd 59 ff 00 10 3c 0b ad 78 36 3b 57 d4 7c b9 61 bb f9 52 58 bf 82 4f ee 35 7d 71 e1 3f 09 78 b3 50 df a8 6b d6 90 c1 37 cb b2 dd 27 ff 00 3b 71 59 5f 1b be 1b 6a 1a f6 8f f6 1b 78 23 97 ed 51 6d d8 Data Ascii: E~%xO)Ze~f%e~gf5t~okU>kmfI5-?sWu/6'ZM\,sDUSkoPYGG`vEo3<iykXe9Wlo >xGY<x6;W\|aRXO5}q?xPk7';qY_jx#Qm
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 82 37 6f 2f 6b 37 df ab 16 b6 91 4f 3b cc b5 c4 c7 e2 9b 56 f9 5a 4f 99 6b 57 41 f1 3c 1f ea fc cf e3 ae 4a b8 6a d1 4e 56 77 37 8d 6a 6f 4b 9d b2 c5 12 ec a9 2e 8c 5f 64 f9 4e da c3 b7 d7 2d 5a 4f 96 4f 96 8d 6b 58 83 c8 f9 64 ae 2f 63 36 d1 bf 3c 43 54 96 26 f9 57 fe 07 58 d7 92 ed 3f 2d 66 5e 6a f1 1f 96 39 2b 3a 4d 59 7c fd cd 24 7f ee 57 a7 4a 84 92 39 65 55 1d 97 87 e5 64 fb df 75 ab 77 cd 56 83 6b 57 07 67 ae c1 f2 2c 92 6d 56 ab 37 1a c6 e9 19 7c fd bf f0 3a c6 a6 1e 52 91 71 a9 13 77 52 d4 a2 b5 f9 56 b8 cf 11 78 8e 7f f5 70 c7 f2 b3 ed 77 ff 00 0a b1 70 f1 4b f3 34 9b 99 aa d6 93 a7 db 4f 32 49 e5 c7 f2 d7 55 28 d3 a4 b9 a4 ae 63 2e 69 e8 99 5f 4b f0 c2 ea 1a 6f da 24 92 48 a4 95 f7 7c 9f 2b 57 4f a7 db 35 94 69 1e fd cb 5a 36 6b 12 40 ab 1f ca Data Ascii: 7o/k7O;VZOkWA<JjNVw7joK._dN-ZOOkXd/c6<CT&WX?-f^j9+:MY\|$WJ9eUduwVkWg,mV7\|:RqwRVxpwpK4O2IU(c.i_Ko$H\|+WO5iZ6k@
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: a7 da b9 5d 43 4a d6 99 ff 00 79 26 db 55 fb 89 f7 9b 6f ae 2b dd a5 87 a7 3a 5e ca f6 ef 73 cd a9 5a 71 9f 3e ef c8 f6 bd 07 55 6b a8 d2 e2 49 37 46 cf f2 6c fe 3a 2b 99 f0 3c 1e 46 8f 0e a0 d7 f2 7d 9e 2f f9 62 ff 00 ce 8a f1 6b 61 63 ed 1a 8a ba 5e a7 7d 3a f6 8a e6 3d 9a 43 b6 a8 cd 26 2a 6b 89 7e 4a a7 20 32 a3 ad 78 71 5d cf 46 45 85 89 6e 23 dc b5 c6 6b 5a 65 f6 97 ac 7d a3 e7 ba b7 67 dd f3 ff 00 05 75 b6 7b ad 63 db 57 23 2b 75 0b 47 32 7d ea da 9d 67 4a 57 b5 d1 9c e9 29 a5 ad 99 e3 bf 1b 3c 4d a5 5c 69 b0 db ac f1 b4 8b fc 7f d0 57 95 5d 6b 10 2d be d8 ff 00 7a cd fd ca f7 2f 89 5f 09 74 ff 00 10 d8 cc b6 b2 7d 96 e1 be e3 d7 8f 6b df 09 7c 59 a4 5d 24 7a 4d a5 d6 a9 b7 ef ca ff 00 e1 e9 5f 65 94 62 30 1e c5 41 4e cf b3 d0 f9 dc c2 96 35 54 72 Data Ascii: ]CJy&Uo+:^sZq>UkI7Fl:+<F}/bkac^}:=C&*k~J 2xq]FEn#kZe}gu{cW#+uG2}gJW)<M\iW]k-z/_t}k\|Y]$zM_eb0AN5Tr
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 85 1d c5 c5 c4 2c df 64 77 55 f2 7e a7 f8 bf 0a ca 35 b0 b5 6e f4 4f fc 49 97 2a 58 9a 56 57 6d 7f 85 99 cb 6f 3e a9 6f ff 00 12 9b 4b eb a5 97 e6 44 fb cb b8 7f 2a f4 cf 83 7a 3e a1 65 1c df da d6 12 2c 92 c3 b7 ed 0f fe b7 9f e1 ff 00 67 1d ab 1b e1 66 83 e3 df 0e 6b 8f 79 7d e1 f8 ee b4 db 84 dc f6 89 3a ab 23 76 db 55 f5 2d 13 e2 eb eb 1a 86 a5 0d a4 eb 0d d5 c4 9b 11 35 15 da 91 9e 8b b7 fd da e2 c5 d5 8d 6e 6a 11 a9 15 1e ee 4b ee dd 1d 18 78 4a 9f 2d 57 09 39 76 4b f1 d8 f7 3f 0e e9 8b a5 5b c5 1a 5d dd 3b 2e dd fb df 75 5c d7 63 8b 52 d2 65 b5 b8 b1 4b 88 65 4f 9d 1f ee ed ae 23 e1 1e a3 e3 69 f4 ab 7b 1f 14 5a 58 c5 34 1f bb ff 00 47 93 73 6d 1f c4 5a bb d9 42 b4 0d 1b 7c ca c9 b6 be 33 13 4e 74 ab 35 29 26 d7 54 ff 00 c8 fa 4a 13 53 a4 ac 9a 4f Data Ascii: ,dwU~5nOIXVWmo>oKDz>e,gfky}:#vU-5njKxJ-W9vK?[];.u\cReKeO#i{ZX4GsmZB\|3Nt5)&TJSO
2025-01-08 15:06:11 UTC	16069	IN	Data Raw: 6c dd 76 af f7 fe 67 53 fe cd 3e 49 f5 3b 75 da d6 f0 ff 00 b2 db f7 7e 55 25 a5 ce a1 34 2b e7 23 dd 46 bf 2f c9 f7 a1 fe b5 6a 5d 35 fb 8c e4 dd ae d2 b7 a9 4e ce 4b 59 5f 64 29 27 cd f7 f7 7d df a5 4d 25 cd 8c 13 6c 5b 79 ad db f8 da 1a d4 17 53 cb 6e d0 b6 8a 92 2c 7f 37 ee 7f ab 63 ad 58 82 08 0c 4b 25 ff 00 87 b5 28 d9 95 7c ad a8 bb 5e ae 36 e8 ff 00 03 9e 75 d2 77 94 5f a2 92 ff 00 33 9d fb 4e 9d 2a 34 31 ef dc df 73 e4 fe 55 0c 45 62 9b 77 db ef ad d9 53 fb 9b 99 eb 72 f0 5a 25 da b5 ce 9b ac 46 b1 a7 f0 c3 f2 fb 54 0b 75 a3 bd be f9 a0 bb 6f ee ae cf 9b fe fa ac e5 6e af 5f 46 6d 1a da 69 17 67 e8 ca d0 c1 04 9f bc 57 dc bf de a5 62 a9 07 ef ae f6 c9 fc 0a 9f 76 ac dd 9f b5 5c 6f 6b 4b ab 75 64 f9 55 53 6d 4b 65 6f 3c 91 b3 36 95 7c b1 b7 dc 97 Data Ascii: lvgS>I;u~U%4+#F/j]5NKY_d)'}M%l[ySn,7cXK%(\|^6uw_3N*41sUEbwSrZ%FTuon_FmigWbv\okKudUSmKeo<6\|
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: bd b6 d4 d2 19 1f 76 d7 9a 35 66 f9 3c af 99 5e b6 f6 71 5e 46 5f 5a a9 cd 77 66 bf ae cc e7 35 0d 31 61 6c a6 93 62 b2 4e cb b9 e1 99 9b a7 d6 99 ac da 4b 3d bf 97 e7 3d aa 47 f7 17 62 aa ee fa 2d 69 de 48 d1 3a 98 a1 fb 43 7f 13 2f ca d4 98 b6 8b 74 89 66 eb 70 ac ac cb f7 99 f3 59 cb 95 9d 10 c4 54 56 6f 57 fd 77 7a 1c d4 9a 64 91 c0 ac d7 f6 bf 37 fd 3d 7f ec b5 32 da 6d 8d a1 9a ff 00 4e 6f bb fc 7f d2 ba 26 4b 54 64 8f ec e8 df 2b 79 bb ec bc df 9b fd ea 9f 4d 8a c2 49 17 fd 0e 06 da ff 00 36 f8 36 b7 e3 44 69 a6 ed 72 e5 8e 92 8d da 39 e6 86 eb e5 70 6c 64 5f e1 65 f9 9b f0 a8 ef 2c 6f c2 f9 91 22 6d dd bb fe 05 f4 ad e6 b8 80 5d cb 6a bf d9 d6 ff 00 37 dd 8a 19 1b e9 cd 45 71 65 7e ed ff 00 21 77 66 6f e2 fb 2d 0e 29 a0 8e 29 a9 2b a4 bd 53 fd 13 Data Ascii: v5f<^q^F_Zwf51albNK==Gb-iH:C/tfpYTVoWwzd7=2mNo&KTd+yMI66Dir9pld_e,o"m]j7Eqe~!wfo-))+S
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 8d e2 1f b4 ec 8f fb c3 e4 da 18 0e d5 11 8e 5f 28 b9 34 95 bd 7f cc 95 5b 34 84 94 69 b9 49 bf 38 f5 f2 b7 cf d3 53 d1 2c fe 2f eb 96 d6 29 6b aa 7c 30 d4 b4 99 a5 7f dc db e9 3f 67 bc de bf c4 dc 1c ad 6b 78 63 e2 57 8f 75 68 e2 09 e0 cf 16 ab 6c dc b2 ae 9f 6f e5 4c a1 bb c9 23 f5 fa 57 39 a4 f8 5f e0 b7 80 b4 57 97 fe 12 7b 1d 79 ef 3e 54 fb 4e 9e b7 d7 ce ad c0 8c 79 65 5b ca e3 a1 18 f7 ae 73 c5 1f 09 b5 5f 1b 0b ad 6f c2 17 f7 56 f6 b3 27 da 6c 6c 6e b4 e9 b4 8b 1b 25 fe 22 b9 66 4d c7 fd 90 be b5 93 8e 0e 7a 25 6b f5 77 b7 e2 6d 53 13 98 41 da 12 72 97 58 c6 51 bf e0 bf 43 db af 34 8b 4d 73 41 9a e7 5b f0 17 87 67 b8 48 97 7d 96 a1 63 05 cc e8 a7 fe 7a 2a fc a3 d6 8a f1 df 06 f8 2b c7 16 56 f1 0b cd 1a 08 61 44 65 be be d2 75 eb 7f b5 23 0f bb 24 Data Ascii: _(4[4iI8S,/)k\|0?gkxcWuhloL#W9_W{y>TNye[s_oV'lln%"fMz%kwmSArXQC4MsA[gH}cz*+VaDeu#$

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.24	51814	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:11 UTC	346	OUT	GET /th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-08 15:06:11 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 837003 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: E8AF7F81BCAD47C497EBCDBC1D9B47F9 Ref B: EWR30EDGE1018 Ref C: 2025-01-08T15:06:11Z Date: Wed, 08 Jan 2025 15:06:11 GMT Connection: close
2025-01-08 15:06:11 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 17 7e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 39 3a 30 30 3a 32 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``~ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 19:00:248
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: 00 4c a2 ac ad 0d 2d ad bf e2 5f a7 c1 7b 6b 67 6b fb cf 36 59 bf 73 1f fd f5 5a 56 76 97 b0 e9 7f 68 d4 2c 61 96 f2 5f f9 65 17 fa e9 28 b7 b2 b9 b9 b2 fb 47 91 7b 15 c4 bf f2 cb 50 9b e7 ff 00 be 68 11 5a e2 5d 3a f2 6f 32 3f f4 fb 8f f9 65 75 14 3b fc ba 2c ed 2d 9e 69 6e 24 be f2 af 2e bf d5 7f 07 fe 83 55 a3 8b ed 3a 5f 99 27 d8 bf b3 ff 00 d6 4b e5 43 fe b3 fd 9f 2e a9 ff 00 a4 ea bf bc fe ca 9b 46 b3 8a 2f 2a 2b a8 a1 ff 00 48 ac fd f3 43 7a de de 4f b1 7d 9e e2 c7 ed 56 f2 fe ef f7 53 7f 07 fb d5 0c 71 59 5b 59 4b 71 fd 95 f6 5b 89 65 f2 a2 8a ee 6d f5 5b ec ff 00 66 bd b5 bc bc f1 1f 9b 6f 17 ee fc af b9 0e fa 9b ed ba 72 59 79 9a 87 fa 07 ef 7f e5 d2 f7 e4 b8 ad 00 bf 1e 95 1c df bc d5 20 86 5f 2b fd 57 d9 2a 86 9f 77 e1 47 fd de 9f a5 7f a4 7e Data Ascii: L-_{kgk6YsZVvh,a_e(G{PhZ]:o2?eu;,-in$.U:_'KC.F/+HCzO}VSqY[YKq[em[forYy _+WwG~
2025-01-08 15:06:11 UTC	16384	IN	Data Raw: f1 1e 8a 9a 5c 52 49 a1 cd 6b a8 5f c5 fe aa 29 bc ef fb ef fd ba 86 f3 5b d5 6d a1 f2 f4 bd 2a 1d 2e 4f f9 65 75 ad cd f3 ff 00 df ba a7 e1 fd 43 4d d6 26 96 e3 fb 0f ca bc 97 fd 6c 56 9f f2 e9 ff 00 5d 5a 8d 42 df c1 fa 3f 9b 79 aa 41 7b aa 59 cb fe aa 59 7f e7 af fb b5 7e e4 67 cb ca 48 41 ae c8 9a 67 97 ae 6b 90 cb 79 2f ef 25 96 2f 9d 3f dd 8d aa cd e5 bf da 7c 33 fe 99 fd a9 fb df dd cb 2d a4 29 f6 cf fb ea a9 eb 16 51 dc e9 7e 5e a9 a1 fd ab 4f 96 54 fe cf fe c9 b2 f9 e0 ff 00 ae 8b bb ef 55 f9 35 2b 9d 12 f7 ed 11 f8 56 f7 ed 1e 57 ee ae ad 3f 7d ff 00 7f 97 fb d4 fe 1f 83 70 2b 59 e8 9a 0e a5 a5 c5 e6 68 77 b7 f1 d8 7f c7 af 9b f2 4d ba b6 34 bb 4b 9b 3b ed 42 e2 48 2c a2 b3 f2 bf d1 6d 7e ff 00 fd fc ff 00 6a 99 e1 7d 4f 5a bc d1 7f e2 61 07 da Data Ascii: \RIk_)[m*.OeuCM&lV]ZB?yA{YY~gHAgky/%/?\|3-)Q~^OTU5+VW?}p+YhwM4K;BH,m~j}OZa
2025-01-08 15:06:12 UTC	16384	IN	Data Raw: b6 2d f4 3d 32 2d 62 ea 5f de cb a7 fc ff 00 ba fe 0f dd d1 cf cb ef 74 01 9e 6d cd 9c d1 59 e8 73 cd 15 e4 b1 79 91 7d ae 1f f4 68 ea b4 72 de bd 97 d9 f5 cf 11 d9 45 71 fe ae 29 62 ff 00 e2 1e ae 47 e2 0b dd 4b 53 fe cb ff 00 84 72 f6 28 fc a9 24 96 ea d2 64 48 64 6f ee fc d5 95 1b eb d7 fa 9c 37 12 58 e9 92 e9 7f f4 d6 1d 93 41 b7 ef 6f 6f fe 26 8e 70 99 43 54 f0 e6 ad fd 97 15 e6 a9 e2 ab 2d 7b 4f 8b fe 5c 25 9a 18 53 fe 03 f3 7d fa a7 fd 89 6d 61 0f fc 4b fc 2b 65 75 25 d7 ee fc a9 66 d9 34 6b fe cc 8b c5 5f d6 3c 2b a0 dc 4d fd a1 ab f8 57 c9 b3 8a 29 24 8b fe 5e 21 ff 00 ae 94 59 eb b6 da 94 df 67 f0 5e b9 aa 79 9f 24 97 56 b2 d9 79 30 c7 b5 3f db ae d8 4e 72 87 b9 f3 ec 62 53 d6 3c 2f e1 8d 37 4c 8b 4f bc 82 f7 cc ba ff 00 5b 2c bf dd ff 00 66 8a Data Ascii: -=2-b_tmYsy}hrEq)bGKSr($dHdo7XAoo&pCT-{O\%S}maK+eu%f4k_<+MW)$^!Yg^y$Vy0?NrbS</7LO[,f
2025-01-08 15:06:12 UTC	16384	IN	Data Raw: af fa 89 6d e5 ba 8f ed 5e 6f dc d9 5c f8 e7 c9 42 65 f3 9e 8b fb 3b a7 8e 34 4f 13 ea 16 f2 58 fd 82 48 ad 7c b9 65 bb 86 bd 23 58 d6 f5 e7 d5 25 8e df fb 2e c3 ca 8a 49 22 ba 8b e7 fb 46 df fd 0d 2a cd c7 83 f4 5d 2b 4b ff 00 84 6e e3 fd 3e 3f 36 39 3e df 14 df be b4 7f fd 9f fb d5 cc 78 b3 c2 57 36 7e 1f fb 1e a1 7d 37 97 aa 4b 1f f6 7f d9 7e fc 7b 7f e7 a7 fd 33 af c5 b1 58 9c 36 33 15 cd a2 3d 6a 70 9c 60 74 ff 00 62 d3 b4 d8 6e a4 b8 be d4 ef ff 00 b5 3f 77 14 5f 71 3f df 8f fb bb 7b 56 c6 9f 65 e2 24 f1 07 f6 5c 7a ae 99 16 8f e5 7f aa 86 1f f4 89 22 fe f7 fd 75 6a e4 b4 bd 43 65 e7 f6 3d e5 8f f6 a5 bc 5f f2 f5 e7 7e e6 47 5a bb aa 7f c2 0f e1 fd 53 54 d4 2e 35 cb d8 a4 96 24 92 5d 2a 28 5f ed 13 ee fb b1 ef fe ed 79 33 a3 37 cd 1d db db a9 d0 5e Data Ascii: m^o\Be;4OXH\|e#X%.I"F]+Kn>?69>xW6~}7K~{3X63=jp`tbn?w_q?{Ve$\z"ujCe=_~GZST.5$](_y37^
2025-01-08 15:06:12 UTC	16384	IN	Data Raw: 00 ee 6d 8b fb e2 8b 8b 5d 3a 1d 6a 1b 7d 1f 43 fe cb bc ff 00 8f 99 6e ad 3e 4f b3 ff 00 df 7f 7a a8 68 fe 12 bd 4d 52 eb 5c d4 3c f8 ae 25 d9 24 b7 5f f1 f3 f3 7f d3 3a c5 ce 13 f8 a4 5f f8 4b 96 7a 05 c5 fe a9 6a 9a ff 00 88 ec b5 88 e2 fd e4 bf 6b 85 3f d5 6f fd da 7c bf 2a 56 96 a9 6f 64 f6 5f 68 f1 5e 95 fe 8f 14 bf 66 b0 b0 f0 ff 00 ef a1 f2 bf bd 25 57 d1 d7 4a d1 20 96 df 4b f0 ee b5 f6 39 3f 79 75 75 77 65 b1 2e 1b fb ad fd cf 6a 3c 19 aa de 5c fd ab fb 0f c1 f7 b6 b1 ff 00 cf 5f 3b fd 66 df f9 66 df dc ac 79 e7 cf e4 5d 31 34 bd 3f 4e d4 b5 4f ed 48 ff 00 b5 2c 34 fb 5f dd c5 61 2c 2e ff 00 6b fe 2f 9f fe 79 d5 fd 3e 1d 47 52 d6 a2 8e 3d 0e 6f 2f cd fd d6 ab e4 ec f2 d3 fb df 2f df ff 00 81 53 2c f4 fb 6f ec c8 ad fc fd 52 29 22 97 cc 96 5f 3b Data Ascii: m]:j}Cn>OzhMR\<%$_:_Kzjk?o\|*Vod_h^f%WJ K9?yuuwe.j<\_;ffy]14?NOH,4_a,.k/y>GR=o//S,oR)"_;
2025-01-08 15:06:12 UTC	16384	IN	Data Raw: 6f 9f fe d9 ec aa de 20 fe c1 b3 d2 e2 f0 9c 9e 75 d5 c7 95 1f fa d8 76 7f df 72 25 74 cf 93 d9 a8 91 c9 33 12 df 47 d6 7c 67 f6 af 33 43 d1 62 b7 8a 5f de df c5 36 f7 9d ff 00 dd e9 4f d5 2c 6e 7e d9 17 86 ee 34 a8 62 b3 b0 8b cc ba ba ff 00 53 6f 1f fb 95 71 2c ad 93 46 fb 05 e5 8d 95 8f 95 fb bb 5b 0d 2a f5 d3 cb dd fc 4d 27 f7 eb 37 c6 9e 37 d2 b4 7b 2f f8 43 f4 79 e6 d5 2c ed 62 f2 ee af e2 fb 90 4a df c1 2f f7 e8 83 ad 52 7f ba fb 3f d5 c2 7c 83 6f 2c 74 1f 09 43 2d e4 97 d3 5f c9 2f fa ab ad 3e cd 2e 3e 76 ff 00 3f 7a 8a b9 a7 f8 5f 51 d1 f4 5b 5b 3d 22 cb 4c ba 92 59 63 96 ea c2 d2 f5 d3 ef 7f 0d 15 a5 e9 c9 b6 dd fc c2 c6 37 da 34 ed 4a ca 2d 42 48 21 b5 f2 a5 fd ed af dc 9a 3f f7 2a e5 bd c4 96 de 55 c5 bc 10 cb 6f 17 fc ba cb fd fa 65 c2 5b 68 Data Ascii: o uvr%t3G\|g3Cb_6O,n~4bSoq,F[M'77{/Cy,bJ/R?\|o,tC-_/>.>v?z_Q[[="LYc74J-BH!?Uoe[h
2025-01-08 15:06:12 UTC	16067	IN	Data Raw: 04 58 49 fd 95 a3 5f c1 e5 27 da ac 3c 9d 97 de 6b 7d f6 8e 5a b3 e1 78 7c 56 ff 00 da 9a fd e7 85 ff 00 b3 24 97 f7 71 58 45 79 f3 cf fe d4 92 53 34 b8 35 e9 af 7f d2 e7 bd fe df f9 ed ad 6f f4 f8 7f e5 92 ff 00 cb 37 dd 4e b7 b2 d4 61 d3 3e d1 79 a5 f9 51 cb 2f 97 75 e5 7c ff 00 f6 d2 46 76 ac eb d7 87 27 24 61 1b f7 1f 21 47 48 7b 3b cf 35 2e 34 48 74 bb 7b 59 7f e5 ac 2f fb c6 fe f7 9b fd ed d5 66 f3 ec 49 7b 2c 56 f7 da d6 a9 e6 ff 00 aa b0 bb d3 13 f7 0f fc 5b 93 f8 eb 1b 50 f1 ad 95 9e b3 6b 61 a7 d8 cd f6 78 b7 f9 b2 f9 df 69 f2 3f bb e6 54 f7 1e 24 d4 6f d6 d5 2c ec b5 3b eb 39 22 79 3f b5 3f d7 26 cf f6 95 3f 8b fb b5 5e c6 ba f7 b9 6c 89 2c d9 a4 76 37 ba 7c 97 93 e9 96 bf 6a 96 48 fe cb 69 a6 79 2f fe db 6d fe 0d d5 d0 68 77 ba 0d 87 fa 64 70 Data Ascii: XI_'<k}Zx\|V$qXEyS45o7Na>yQ/u\|Fv'$a!GH{;5.4Ht{Y/fI{,V[Pkaxi?T$o,;9"y??&?^l,v7\|jHiy/mhwdp
2025-01-08 15:06:12 UTC	16384	IN	Data Raw: 0f 42 b8 87 5a 86 4d 52 7d 17 5e 8e d6 2f f4 0b 5d 3f 62 4d 71 ff 00 5d 99 2b 9b db 61 a1 47 92 94 fd e0 f7 fe d1 c7 de 78 6a f7 5e bd 9a e2 cf c3 96 57 fa a6 a9 fe b6 5b 4d 89 63 04 4b f7 5f c9 fe fd 6f 35 fc 7e 12 b1 b5 f0 84 9e 1d d4 f5 39 35 4f f8 fa 96 2f f8 f9 83 fd cf e3 e2 8d 1d f5 1d 4a ce ef cb ff 00 8a 4f fd 3f ca 97 45 8a 1f 39 ef e5 ff 00 7e ac 78 83 50 fe ca 82 d7 c1 9a 3e 89 37 f6 84 5f bc ba ba f3 b6 3c 72 ff 00 73 cd 6e 6b 59 57 94 bf 77 3e 86 9c 90 2b ea 0f 7b e0 0f 0f c5 ff 00 12 a8 75 4d 3f cd 93 f7 ba 84 db 35 18 df f8 7f 8a b2 7c 0f aa dc de 4d 75 6f e2 4f b6 da f9 b2 ff 00 a2 c5 e7 6f 7f fb ef fb b5 5f c2 fe 0e d2 b4 e9 bf b7 3e 25 f8 8f 4c b6 bc 93 fe 3d 74 bf 3b ce b8 9f 6f f7 ab bc b7 d5 7c 31 a2 79 52 5b f8 73 53 b5 d4 2e a5 fd Data Ascii: BZMR}^/]?bMq]+aGxj^W[McK_o5~95O/JO?E9~xP>7_<rsnkYWw>+{uM?5\|MuoOo_>%L=t;o\|1yR[sS.
2025-01-08 15:06:12 UTC	16384	IN	Data Raw: 6e 7c db cd 03 44 b3 d2 fc a8 bc bf b7 ea 17 be 4c d7 1f ee 7f 7d 7f f4 2a 9b 50 7d 67 ec 72 c7 ad f8 c3 c3 f6 1f bd ff 00 45 96 d2 cf f7 3f fd 9d 69 69 09 be 1f 33 50 d5 34 5d 7a e2 2f dd da da c5 64 fb e3 6f f7 eb 49 d6 54 61 70 38 fb 4d 0a e3 c2 b0 7f 68 5c 0d 6b 5e 92 fe 2f f8 98 5a cb 37 d9 2d 3c df ef 23 d5 eb 7f 05 5e f8 86 1f b6 68 fe 1c b2 d2 ff 00 7b e6 4b 14 d7 be 72 7f d7 44 4f ef 57 5b 67 71 e1 db 6d 4e 5b 8d 43 55 bd bf b8 8b cc f3 6d 65 87 ce b7 83 ff 00 89 6a cb f1 3f c5 7f 0e 7f ac b0 d2 e6 d7 6e 3f ea 1f 07 92 f6 09 fe d5 74 43 19 8a a9 ef 52 87 bd dc 39 21 f6 89 ac fe 1b db 58 43 f6 cf 12 4d 35 fd e7 9b e6 7d aa d2 6f 27 ed 0d ff 00 3c d9 12 a9 f8 ae 5d 56 ce f6 6b 7d 23 fb 33 cc ff 00 59 2f 9b 0b c3 f7 bf e7 95 4d 71 7f 73 79 63 f6 7f Data Ascii: n\|DL}*P}grE?ii3P4]z/doITap8Mh\k^/Z7-<#^h{KrDOW[gqmN[CUmej?n?tCR9!XCM5}o'<]Vk}#3Y/Mqsyc

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.24	51815	104.92.227.202	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:11 UTC	815	OUT	GET /static/public/tips/de/23b55788-94ef-4c74-b788-6d113904023a/310dace32071f9253c7f2a071b4ef52aaf776116.png HTTP/1.1 Host: cxcs.microsoft.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" If-None-Match: "0x8DB691A52D4377A" If-Modified-Since: Fri, 09 Jun 2023 18:49:58 GMT sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:11 UTC	255	IN	HTTP/1.1 304 Not Modified Content-Type: image/png Last-Modified: Fri, 09 Jun 2023 18:49:58 GMT ETag: "0x8DB691A52D4377A" Cache-Control: max-age=2592000 Expires: Fri, 07 Feb 2025 15:06:11 GMT Date: Wed, 08 Jan 2025 15:06:11 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.24	51816	104.92.227.202	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:12 UTC	815	OUT	GET /static/public/tips/de/db2aaf74-8048-464f-ae26-52372f85ceb4/f49b1fdaaca03f383caad268bd5f515e6eff7bb1.png HTTP/1.1 Host: cxcs.microsoft.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" If-None-Match: "0x8DB691962B45C43" If-Modified-Since: Fri, 09 Jun 2023 18:43:15 GMT sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:12 UTC	255	IN	HTTP/1.1 304 Not Modified Content-Type: image/png Last-Modified: Fri, 09 Jun 2023 18:43:15 GMT ETag: "0x8DB691962B45C43" Cache-Control: max-age=2592000 Expires: Fri, 07 Feb 2025 15:06:12 GMT Date: Wed, 08 Jan 2025 15:06:12 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.24	51818	104.92.227.202	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:12 UTC	815	OUT	GET /static/public/tips/de/5ccfd50b-ed81-4c21-9361-270665d309e3/b30f174e0405ed31625771bc24fac996ca8ac1fc.png HTTP/1.1 Host: cxcs.microsoft.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" If-None-Match: "0x8DB691B35487381" If-Modified-Since: Fri, 09 Jun 2023 18:56:18 GMT sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:12 UTC	255	IN	HTTP/1.1 304 Not Modified Content-Type: image/png Last-Modified: Fri, 09 Jun 2023 18:56:18 GMT ETag: "0x8DB691B35487381" Cache-Control: max-age=2592000 Expires: Fri, 07 Feb 2025 15:06:12 GMT Date: Wed, 08 Jan 2025 15:06:12 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.24	51819	104.92.227.202	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:12 UTC	820	OUT	GET /static/public/tips/neutral/7db53a66-96c6-4332-8c6f-81e7f5d62570/498761922e2f5acb85554a36eef3bb6ad9b0fb7b.gif HTTP/1.1 Host: cxcs.microsoft.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" If-None-Match: "0x8D94877DB7E464D" If-Modified-Since: Fri, 16 Jul 2021 16:36:27 GMT sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:12 UTC	255	IN	HTTP/1.1 304 Not Modified Content-Type: image/gif Last-Modified: Fri, 16 Jul 2021 16:36:27 GMT ETag: "0x8D94877DB7E464D" Cache-Control: max-age=2592000 Expires: Fri, 07 Feb 2025 15:06:12 GMT Date: Wed, 08 Jan 2025 15:06:12 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.24	51817	104.92.227.202	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:12 UTC	815	OUT	GET /static/public/tips/de/7c1c10b0-cf38-4853-a3d4-c3b5680ef60b/fcd30da16278b94dc1d2ea4cc4f8f04233fada5c.png HTTP/1.1 Host: cxcs.microsoft.net Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100", "Microsoft Edge WebView2";v="100" If-None-Match: "0x8DB691A53AF5A73" If-Modified-Since: Fri, 09 Jun 2023 18:49:59 GMT sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://windows.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:12 UTC	255	IN	HTTP/1.1 304 Not Modified Content-Type: image/png Last-Modified: Fri, 09 Jun 2023 18:49:59 GMT ETag: "0x8DB691A53AF5A73" Cache-Control: max-age=2592000 Expires: Fri, 07 Feb 2025 15:06:12 GMT Date: Wed, 08 Jan 2025 15:06:12 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.24	51813	20.189.173.11	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:13 UTC	473	OUT	POST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=c498711f02654edca8a715ca6e1cb4d4-dc31da17-845c-4cca-84e5-547d05dad708-6945&upload-time=1736348770086&w=0&anoncknm=al_app_anon&NoResponseBody=true HTTP/1.1 Accept-Encoding: gzip, deflate Content-Length: 4609 Content-Type: application/json; charset=UTF-8 Host: browser.events.data.msn.cn Connection: Keep-Alive Cache-Control: no-cache
2025-01-08 15:06:13 UTC	4609	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 53 65 72 76 65 72 4c 6f 67 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 63 34 39 38 37 31 31 66 30 32 36 35 34 65 64 63 61 38 61 37 31 35 63 61 36 65 31 63 62 34 64 34 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 35 2d 30 31 2d 30 38 54 31 35 3a 30 36 3a 30 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 64 61 74 61 22 3a 7b 22 70 61 67 65 22 3a 7b 22 70 72 6f 64 75 63 74 22 3a 22 65 6e 74 77 69 6e 64 6f 77 73 64 61 73 68 22 2c 22 61 70 70 54 79 70 65 22 3a 22 77 69 6e 57 69 64 67 65 74 73 22 2c 22 6e 61 6d 65 22 3a 22 77 69 6e 70 32 62 61 63 6b 69 6e 67 61 70 70 22 2c 22 69 73 4d 6f 63 6b 45 6e 76 22 3a 66 61 6c 73 65 2c 22 68 6f 73 74 56 65 72 22 3a 22 35 32 34 2e 33 30 35 30 32 2e 33 30 2e 30 22 2c 22 Data Ascii: {"name":"MS.News.Web.ServerLog","iKey":"o:c498711f02654edca8a715ca6e1cb4d4","time":"2025-01-08T15:06:00Z","ver":"4.0","data":{"page":{"product":"entwindowsdash","appType":"winWidgets","name":"winp2backingapp","isMockEnv":false,"hostVer":"524.30502.30.0","

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.24	51822	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:13 UTC	375	OUT	GET /th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: tse1.mm.bing.net Connection: Keep-Alive
2025-01-08 15:06:13 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 944899 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 2DA8C3A7DBEE44C49B5A48169A60EC0B Ref B: EWR30EDGE0414 Ref C: 2025-01-08T15:06:13Z Date: Wed, 08 Jan 2025 15:06:13 GMT Connection: close
2025-01-08 15:06:13 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 18 8c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 35 39 3a 35 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:59:538
2025-01-08 15:06:13 UTC	16384	IN	Data Raw: 95 66 ff 00 4d b9 86 44 b5 7d 5e f6 c9 ed 76 cd 3a 3f df 92 2f ef 42 df de f5 ae 58 cf d9 a8 c6 ff 00 d7 98 1c 9f 8b bc 17 79 aa 48 96 57 be 65 ae b1 75 6a d3 4f b2 3f dc c7 d3 fe f8 88 d7 9b a7 86 f5 2d 2f c4 1e 6d de 99 f6 db 44 7f 26 7b 58 e3 f2 5f 7f a2 c7 d7 dc fa d7 ba ea 53 59 b7 9d 64 6f 6c e6 d4 2f 60 5f b1 5a df 79 b7 13 41 13 37 cb e6 48 9f 7b 77 f7 8f dd aa b3 58 f8 4f 48 b2 b2 d1 f5 d9 2f 53 50 f2 1b c8 93 cc fb 47 97 2b ff 00 cf 27 07 3f f7 df 4a f5 b0 79 d5 7a 11 e4 6a e9 f4 b7 e2 65 ec e2 78 d6 89 71 6d 26 ad 7c 90 c5 25 ad c2 4e ce f7 51 c7 fb 98 d3 fe 59 c4 d0 e3 e5 f9 ba d7 41 79 f1 3b c6 7a 0d 95 ac a9 6d a5 4c 91 a2 ef 48 2f 3c ef 31 1b a6 df f9 68 99 fe f5 5e bf d1 74 7d 0e 4d 56 e1 2f bc 9b 8b d4 5b 67 7b bf f9 78 45 6d ce 15 ff 00 Data Ascii: fMD}^v:?/BXyHWeujO?-/mD&{X_SYdol/`_ZyA7H{wXOH/SPG+'?Jyzjexqm&\|%NQYAy;zmLH/<1h^t}MV/[g{xEm
2025-01-08 15:06:13 UTC	16384	IN	Data Raw: b5 db f3 76 f9 3f f4 2a 99 4a 11 97 37 35 c2 3e f1 cd cd a6 dc ea d6 32 59 5d c5 6f f3 ed 4d e9 70 ce ff 00 27 f0 c5 8f f6 78 da 38 5e f5 a9 67 a6 e9 ba 5c 97 49 e5 7d 97 67 cf 74 91 ff 00 cb 05 5f b9 1a 7f 0a ff 00 e8 55 b1 35 bf da 3c c8 ae 2c 7c bb 48 5d 9d 3f 78 9f f7 db b2 fc df 4a cc 86 de f3 52 b6 82 cb ec d7 b7 49 33 ef 9a 09 24 d9 69 1f 7c a7 1f a9 e6 b8 a5 88 75 3d de 6d 3b 15 cb ca 5f f0 db 5b 7d a2 e9 e2 be b9 bd bb fb 9f 65 93 7e c8 3f de df c3 7f c0 aa 5d 53 c4 b6 76 d2 e3 54 96 3d 3e ca 14 ff 00 5d 04 7e 73 ef ff 00 80 0f 93 f0 ac fd 62 ce e6 6b 9f ec 78 af a4 ba df f2 5e f9 ff 00 72 05 6f 9b 6a 95 3d 5b b5 67 e9 b3 4d a2 47 05 86 91 f6 78 53 cf 69 9e c9 2d d5 ee 36 ee e3 ef 9e ff 00 fd 7a ca 14 d4 9d dc 9f a7 f5 fe 46 9c c5 cb 77 d0 b5 1b Data Ascii: v?*J75>2Y]oMp'x8^g\I}gt_U5<,\|H]?xJRI3$i\|u=m;_[}e~?]SvT=>]~sbkx^roj=[gMGxSi-6zFw
2025-01-08 15:06:13 UTC	16384	IN	Data Raw: 78 6e 2a f5 9f 86 6d a4 ff 00 89 85 dd b5 c4 30 a7 c8 fe 44 89 37 fe 39 fc 1f 8d 47 35 aa 49 1c 6f a3 ea f7 10 a3 fc 96 be 5c 7f 24 7f c3 f3 7f 79 8d 79 b5 b1 7e d2 f2 8c 9a ee 54 62 48 fa 2f f6 5c 9f da 7a 56 9b 6f 0c 57 4f bf 7c 9f 24 db 97 87 8b 67 f1 62 8b ff 00 11 68 97 96 d2 5b dc 4b 71 f6 87 fb 9e 44 7f c7 df 2b fd 6a 1b 3d 3e e6 4b 6b ab 8b 49 63 87 56 df fb f7 9e 4f df 48 8b d5 b6 f5 45 ad 28 6d 74 db 5b 6f b4 6a b2 db da dd c3 03 3c f7 a9 6f e7 4d 27 fb 9f ed 7a d7 97 39 53 e6 8f 35 db e9 dc d4 cf d3 74 dd 36 fa da 44 d2 a2 b9 d3 ed 2e 9f ce be ba f3 3f 81 7f 8c 7f 77 e9 5d 05 82 a5 9e 9b 25 bd a4 5e 75 a3 c1 f2 4f fc 72 7c 9f ed 7e 95 0d b4 97 31 f9 71 69 97 d6 7f 71 bc 88 24 93 64 37 1e c4 7f 0f d2 b1 ff 00 b4 a6 8e 39 ee 2f 63 b7 b2 69 bf e5 Data Ascii: xn*m0D79G5Io\$yy~TbH/\zVoWO\|$gbh[KqD+j=>KkIcVOHE(mt[oj<oM'z9S5t6D.?w]%^uOr\|~1qiq$d79/ci
2025-01-08 15:06:13 UTC	16384	IN	Data Raw: cd 28 e8 60 6a 5a d7 8d b5 e9 20 d3 f4 c9 7e d5 a6 4c ff 00 bf 81 2e 1f f7 f1 7f 7a 50 c3 7a af fb b5 6d f5 7b 9b 3b 97 bb be d3 75 5f 3a 4d a9 a5 ff 00 a3 ef b7 b7 45 f9 7f 76 58 e2 75 5e 9d b3 5d 0d f7 f6 f5 e4 9f 62 f0 54 9f 62 b8 f2 f7 ba 3d 9a 23 c8 ad f7 95 0b 72 8d f2 ff 00 c0 aa 3d 2a c7 c6 72 6a d2 78 83 50 be b7 d3 fe cb f2 24 13 db f9 3e 63 af 03 ce cf cb bb fd b1 d6 b7 f6 d4 e5 0f 86 29 2e 9d 48 e5 97 37 c4 53 91 5e 4d 73 ed 1a 97 c9 77 e6 7f c7 f5 8f 9b 6f f7 53 e6 f9 9b 9d cc cd fd dc 55 2b 0b 7b 3d 6a da fb 52 7b eb 37 fb 6b f9 29 06 ab 27 fa 44 10 23 7f cb 25 4f 9e 4f 9b d5 6b 4a f2 4d 1f 49 d6 9f 54 d4 b4 db 8b 2d 6e 64 64 4f dd fd ad 24 5e bb ad 7f 81 bd 68 be 86 da 7b 2f ed 2d 73 53 b7 d4 e1 93 e7 8e 0f b1 bf da 6e e5 5f f9 68 91 c6 37 Data Ascii: (`jZ ~L.zPzm{;u_:MEvXu^]bTb=#r=*rjxP$>c).H7S^MswoSU+{=jR{7k)'D#%OOkJMIT-nddO$^h{/-sSn_h7
2025-01-08 15:06:13 UTC	16384	IN	Data Raw: 67 e1 ad 17 c6 d0 c7 a8 f8 c3 48 d7 2c bc 66 ce 92 c3 22 5f 6a 1e 4d cc 72 ff 00 d3 25 fb 9e 60 fe 15 6a c9 f0 8f 89 2f 35 2f 12 69 c9 e2 6d 37 c3 53 36 9a fb ee 92 fa 3d 97 7a 6c 51 e7 21 9f 85 52 5b b3 1f 9a a4 93 44 f0 ac 7a 26 fb 59 7c 44 9a 4e 9f 3e c9 2f 6e ee 22 7b 1d bc 7f cb 18 f0 db 59 be 55 27 ad 76 37 9f 10 3c 2b ff 00 08 ff 00 f6 87 84 ac 74 14 ff 00 42 68 6f 6d 6f a3 ff 00 89 be e5 ff 00 96 9b 9f f7 5b 49 fb 83 e6 db 5f 37 4f 2d 8e 61 cf 57 0d 4d 2e 97 da df 99 dd 19 54 a7 f1 f4 31 fc 38 9a 97 8a ad 5e e2 df c4 3e 19 fd f4 ec 8f 3c 11 cb f6 b8 d9 be 72 f2 37 ca ab b5 7e ea 37 4f e1 af 48 f0 bd b4 be 04 d2 6f 6e 34 af 8a 57 9b 75 2b 27 b7 78 52 2b 7f b3 c7 fc 2a ec d2 2e e5 7c fb d7 11 e2 08 35 5f 19 6b 56 36 f7 1a 1d e3 ad d5 94 09 bf 46 b6 Data Ascii: gH,f"_jMr%`j/5/im7S6=zlQ!R[Dz&Y\|DN>/n"{YU'v7<+tBhomo[I_7O-aWM.T18^><r7~7OHon4Wu+'xR+*.\|5_kV6F
2025-01-08 15:06:13 UTC	16384	IN	Data Raw: b6 3c 33 b7 b6 df e2 ff 00 7b e6 a8 a4 d3 7c 53 24 b0 69 b7 3a 46 85 7b 69 bf e4 7b 1f b9 1a ed fb ef fc 51 b6 6b 2a ff 00 52 b3 f0 ad ec f1 7f 64 49 0b c6 9b 1f f7 71 7d 9e d1 1b f8 5a 3f f9 6a cd fd f1 5d 28 d4 35 58 6d ee ac b4 0b a9 26 d4 e4 82 37 78 2d 37 db bc 71 7d ed d2 86 5d ad 8f 4a e4 a9 19 45 fb 44 ae 9e cd fe 65 47 b1 52 1f 0f d9 e9 36 d7 57 ba 15 cd ed 93 5d 26 cb ab ab e9 11 ff 00 7b 1f cd f5 5a e6 ee 5b c4 33 6b 7a 6f 95 ab c9 74 ee 9b fe cb 1c 9f 3f 95 fc 47 e6 e3 9a e8 3c 67 e1 db 6d 63 48 ba b7 48 b4 e7 b8 7f 9e 79 e3 bd f9 f7 b7 dd f2 76 7f e8 0c 2b 07 c3 7f 0f d3 4f b6 f3 75 5d 32 f6 f5 dd 3e 47 8e e1 d2 1f fb e3 8d d5 be 16 a5 39 53 75 6a ce f2 f4 09 73 47 dd 25 9b fd 2b 5a 9e ff 00 58 b1 bd d3 e2 44 d9 03 cf 71 2a 43 3f fb f8 fe 2f Data Ascii: <3{\|S$i:F{i{QkRdIq}Z?j](5Xm&7x-7q}]JEDeGR6W]&{Z[3kzot?G<gmcHHyv+Ou]2>G9SujsG%+ZXDqC?/
2025-01-08 15:06:14 UTC	16067	IN	Data Raw: 3c bc df 13 4b ee 23 98 d4 ff 00 84 6e c2 fb fe 26 11 4b 70 e8 f0 6f 92 ca 09 17 66 ce bf 72 ac 5c ea 50 d8 cb f6 89 7f b5 6e b5 07 8d 76 24 96 e8 fe 5f f7 7f 2f e5 58 36 ba 0f 89 cd f6 d4 d4 a4 87 ed 4f be 78 e0 91 3f 76 bd 7e 59 2b a2 b3 85 34 db 94 d4 35 bf ed 5b dd 43 7f c8 89 26 cf 2f fd f6 fe ef ad 67 52 a7 2c b4 9f 3f 64 1f 22 8c d7 6b 0f 97 77 2d 8c 7a b4 b3 7c ef a7 7d f4 9e 26 fb 8d 9f 6f 61 f2 d6 b6 8f 79 aa de 69 a9 71 7b 6b f6 54 df fb fb 58 fe 4f 33 f8 b7 3b 75 ad 0f ed ef b2 e9 31 dd 5b d8 fd 99 1e 4d f3 a3 ed 7f f8 1a ba fd d6 fa 1c 1a c6 d5 6c 6c ee 06 ff 00 11 6a 57 17 57 72 7c fb ed 3f d4 c7 bb fb ff 00 de 6a e4 a9 53 9a 3c b3 8f 5f 56 51 b7 e2 ad 62 c2 ea c6 0d 3e de da ca e9 e1 db bf ec 32 6c 44 4e ab ee 95 8b a5 e8 ba ad fd cc 7a 95 Data Ascii: <K#n&Kpofr\Pnv$_/X6Ox?v~Y+45[C&/gR,?d"kw-z\|}&oayiq{kTXO3;u1[MlljWWr\|?jS<_VQb>2lDNz
2025-01-08 15:06:14 UTC	16384	IN	Data Raw: 26 57 4d 9f bb 91 ad d2 e3 f8 bf 79 16 7e 5a 6a f8 92 6d 1e 4b a8 a5 b1 d4 2d 7c 98 37 f9 d0 79 48 96 88 dd 95 e3 e5 19 7a f3 5c f6 bd af 3a cd 7b 7b 71 e1 2b 7d 3e 5b 97 ff 00 42 7d 57 7a 43 7e bf ed 6f f9 b9 eb f2 f3 59 29 af de 5f 5e 5d 3d ed ad e6 ad 6f a8 79 49 b1 ed f6 5a 58 44 bf f4 cd 3e 59 d7 3f c5 bb 77 b5 74 d2 c0 d6 ab 14 ea ea 97 9f e4 4c aa 46 3b 1b 57 9e 25 b9 d6 34 99 ee 6d 6f b5 0d 41 2d 7e 4f ed 77 8d 52 1f fb 78 bb fe 26 1f c3 b3 75 4f a3 f8 96 db 5c b7 dd a8 49 f6 a7 4f 91 ee a7 b7 6b 7b 49 11 7a b3 dc f0 fb 3f 11 9e 95 ce 27 8b 34 ab 89 23 d3 74 7d 36 f2 1b 7b 3f b9 3d f5 e2 c5 a5 c8 bf df 78 d3 e5 4f f7 7f ad 6c f8 83 4d b3 d6 b4 d8 2c ad fe db 75 35 d6 d8 6c a0 fe d1 d9 63 f2 ff 00 cf 28 d3 8f 2b f5 ad e7 87 a5 0f 8e 2e 3d 9f f9 91 Data Ascii: &WMy~ZjmK-\|7yHz\:{{q+}>[B}WzC~oY)_^]=oyIZXD>Y?wtLF;W%4moA-~OwRx&uO\IOk{Iz?'4#t}6{?=xOlM,u5lc(+.=
2025-01-08 15:06:14 UTC	16384	IN	Data Raw: 26 44 e3 fe 05 5d 77 8a b5 4f f8 46 74 5b 59 ad 64 8e d7 7a 7d 9a 7b df 33 ce b8 83 fb c6 3d aa db 9f fd ad b5 f0 38 ec d5 d6 c5 2e 55 7d 7b ff 00 5f 81 f4 b4 30 dc 94 cf 39 d3 fc 17 e4 5c c2 ff 00 66 91 f5 29 3e 78 34 fd 3a dd bc a9 15 97 e5 8d 76 b6 c5 51 de bb 28 67 d7 6f 2e 61 b6 d4 a5 b3 d3 34 7b 27 6f ed a7 8c 2f fa 03 6c 1b 23 5f 39 57 af 43 83 f4 ab 90 78 b9 c6 83 7d fd 97 1c 68 db db ed ba 8d d5 bb 5b fc cc a3 88 a3 8d 7f 7d 23 77 2a 00 a6 ea 56 7a 76 9b f6 59 75 5f 02 eb 37 3a 94 31 ff 00 a2 fd aa 35 b8 fb 47 fb 0b bb f7 70 c4 1b e6 e7 e6 af 26 75 eb 54 a9 fb f8 dd f4 fe bf ae fb 1d 11 8c 7e c9 87 e0 5b 0f 0d 78 7e e2 ea e3 c0 d6 da c7 9d ac ee f2 27 be b7 6b 7b 79 11 9f e7 48 37 b1 f3 3d ea d1 9a 49 a3 ba d3 6e 74 eb 94 d2 b4 db d5 b4 bd b5 f3 Data Ascii: &D]wOFt[Ydz}{3=8.U}{_09\f)>x4:vQ(go.a4{'o/l#_9WCx}h[}#w*VzvYu_7:15Gp&uT~[x~'k{yH7=Int

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.24	51833	3.220.156.219	443	1540	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:27 UTC	960	OUT	GET /XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt HTTP/1.1 Host: bofa.com-onlinebanking.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:27 UTC	574	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 15:06:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 485 Connection: close X-Frame-Options: SAMEORIGIN X-XSS-Protection: 0 X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade ETag: W/"01a432b43b929122a2c355002baf21a4" Cache-Control: max-age=0, private, must-revalidate Content-Security-Policy: X-Request-Id: 4b70dc49-4a26-4960-98c1-5c69a39c4536 X-Runtime: 0.020687 Strict-Transport-Security: max-age=63113904; includeSubDomains; preload
2025-01-08 15:06:27 UTC	485	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 77 65 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 6e 27 74 20 65 78 69 73 74 20 28 34 30 34 29 3c 2f 74 69 74 6c 65 3e 0a 09 3c 73 74 79 6c 65 20 74 79 70 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8" /><title>The page you were looking for doesn't exist (404)</title><style type

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.24	51834	3.220.156.219	443	1540	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:27 UTC	899	OUT	GET /favicon.ico HTTP/1.1 Host: bofa.com-onlinebanking.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:27 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 15:06:27 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Tue, 07 Jan 2025 18:40:05 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.24	51836	3.220.156.219	443	1540	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:28 UTC	367	OUT	GET /favicon.ico HTTP/1.1 Host: bofa.com-onlinebanking.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-01-08 15:06:28 UTC	253	IN	HTTP/1.1 200 OK Date: Wed, 08 Jan 2025 15:06:28 GMT Content-Type: image/vnd.microsoft.icon Content-Length: 0 Connection: close Last-Modified: Tue, 07 Jan 2025 18:40:05 GMT Strict-Transport-Security: max-age=63113904; includeSubDomains; preload

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.24	51844	2.16.168.125	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:06:47 UTC	399	OUT	GET /creativeservice/2d863f0f-0fd5-72db-6971-f905df03ef53_3255140379518978990_128000000004796009_assets__image_1709055739600.jpg HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631 Host: res.public.onecdn.static.microsoft Connection: Keep-Alive
2025-01-08 15:06:47 UTC	1293	IN	HTTP/1.1 200 OK Content-Type: text/plain Last-Modified: Thu, 12 Dec 2024 01:09:10 GMT x-ms-request-id: aaaaf9e2-d01e-0020-021e-5b8430000000 Cache-Control: max-age=630720000 Date: Wed, 08 Jan 2025 15:06:47 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Content-Length: 2495 Connection: close Akamai-Request-BC: [a=2.17.44.86,b=3818305072,c=g,n=DE_HE_FRANKFURT,o=20940] AK-Network: FF Report-To: {"group":"NelM365CDNUpload1","max_age":604800,"endpoints":[{"url":"https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=FRANKFURT&ASN=20940&Country=DE&Region=HE&RequestIdentifier=0.562c1102.1736348807.e396b630&TotalRTCDNTime=86&CompressionType=gzip&FileSize=2149"}],"include_subdomains ":true} NEL: {"report_to":"NelM365CDNUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} Server-Timing: clientrtt; dur=86, clienttt; dur=, origin; dur=0 , cdntime; dur=0 Akamai-Cache-Status: Hit from child Timing-Allow-Origin: * Access-Control-Expose-Headers: date,Akamai-Request-BC,X-Cdn-Provider,X-Ms-Request-Id Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=31536000; includeSubDomains X-CDN-Provider: Akamai
2025-01-08 15:06:47 UTC	2495	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff db 00 43 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff db 00 43 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 ff c0 00 11 08 00 40 00 40 03 01 11 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFHHCC@@}!1AQa"q2

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.24	51848	23.200.0.21	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:07:03 UTC	422	OUT	OPTIONS /api/report?cat=msn HTTP/1.1 Host: deff.nelreports.net Connection: keep-alive Origin: https://assets.msn.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:07:03 UTC	332	IN	HTTP/1.1 200 OK Content-Length: 0 Server: Kestrel Date: Wed, 08 Jan 2025 15:07:03 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.26ac2d17.1736348823.8443f9 Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.24	51847	104.117.182.8	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:07:03 UTC	436	OUT	OPTIONS /api/report?cat=bingth&ndcParam=QUZE HTTP/1.1 Host: aefd.nelreports.net Connection: keep-alive Origin: https://th.bing.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:07:03 UTC	444	IN	HTTP/1.1 200 OK Content-Length: 0 Server: Kestrel Date: Wed, 08 Jan 2025 15:07:03 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.47b67568.1736348823.1980067 Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.24	51846	104.117.182.8	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:07:03 UTC	441	OUT	OPTIONS /api/report?cat=bingth&ndcParam=QWthbWFp HTTP/1.1 Host: aefd.nelreports.net Connection: keep-alive Origin: https://www.bing.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:07:03 UTC	445	IN	HTTP/1.1 200 OK Content-Length: 0 Server: Kestrel Date: Wed, 08 Jan 2025 15:07:03 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.14b67568.1736348823.17983ca9 Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.24	51850	23.200.0.21	443

Timestamp	Bytes transferred	Direction	Data
2025-01-08 15:07:04 UTC	365	OUT	POST /api/report?cat=msn HTTP/1.1 Host: deff.nelreports.net Connection: keep-alive Content-Length: 474 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-08 15:07:04 UTC	474	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 38 30 33 32 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 31 35 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 77 69 6e 64 6f 77 73 2e 6d 73 6e 2e 63 6f 6d 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2e 31 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 30 2c 22 74 79 70 65 22 3a 22 61 62 61 6e 64 6f 6e 65 64 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 Data Ascii: [{"age":58032,"body":{"elapsed_time":115,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://windows.msn.com/","sampling_fraction":0.1,"server_ip":"","status_code":0,"type":"abandoned"},"type":"network-error","url":"https://asse
2025-01-08 15:07:04 UTC	333	IN	HTTP/1.1 200 OK Content-Length: 0 Server: Kestrel Date: Wed, 08 Jan 2025 15:07:04 GMT Connection: close PMUSER_FORMAT_QS: X-CDN-TraceId: 0.15ac2d17.1736348824.9f53270 Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET, OPTIONS, POST Access-Control-Allow-Origin: *

Target ID:	0
Start time:	10:06:18
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff768a70000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	10:06:18
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --field-trial-handle=1884,i,8009130386860404038,1329796000336826048,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20241208-180523.718000 --mojo-platform-channel-handle=2096 /prefetch:11
Imagebase:	0x7ff768a70000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	10:06:25
Start date:	08/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bofa.com-onlinebanking.com/XUjhZMU0zUjZ5aGd6UDcrVXphQlM3REhqSnRiYmJRdDFWRFQvTXlWOEI4SVFWU1lnMmdOV3J2dzcrYlBXU2FRMzNGenI3ZlZ3Z296ZUJrN3lDMEZoTFFDTUg4NUcvRmcwZmVEQnk1bUo1UHRTczJhb2FrZitRWXpWUHZTd2F6VzlKdmhsNU51TU1DR3F3SFY5OWk0OEpxaWtndjZDcDVoVkdJTGlLenlTTjdyOHpTUDRia3pYeHRXWW4zSTRrdFZsMVlUWXNrY0RhbzZsR0wrTXpoVmt"
Imagebase:	0x7ff768a70000
File size:	3'001'952 bytes
MD5 hash:	290DF23002E9B52249B5549F0C668A86
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 89

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6696, Parent PID: 2004

General

Chronological Activities

Analysis Process: chrome.exePID: 1540, Parent PID: 6696

General

Chronological Activities

Analysis Process: chrome.exePID: 7288, Parent PID: 2004

General

Chronological Activities

Disassembly