Edit tour

Windows Analysis Report
https://snip.ly/kx81x2

Overview

General Information

Sample URL:	https://snip.ly/kx81x2
Analysis ID:	1587080
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Detected suspicious crossdomain redirect

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,18176569866736914474,990158801358147693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snip.ly/kx81x2" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Suricata Signatures

ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-09T22:45:52.676145+0100	2057333	1	Successful Credential Theft Detected	192.168.2.4	49743	203.170.87.17	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://google.com/404/

HTTP Parser: No favicon

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2057333 - Severity 1 - ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08 : 192.168.2.4:49743 -> 203.170.87.17:443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: snip.ly to https://brightstarskindy.com.au/n/?c3y9bzm2nv8xx3zvawnljnjhbmq9wkdzm1vuaz0mdwlkpvvtrvixmda3mjaynfvosvfvrteyntywnzewmtgymdi0mjaynda3mta1njeymtg=n0123n&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /kx81x2 HTTP/1.1Host: snip.lyConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WkdZM1Vuaz0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply HTTP/1.1Host: brightstarskindy.com.auConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /404/ HTTP/1.1Host: google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/errors/robot.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: snip.ly
Source: global traffic	DNS traffic detected: DNS query: brightstarskindy.com.au
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1565Date: Thu, 09 Jan 2025 21:45:53 GMTAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal48.win@17/11@10/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,18176569866736914474,990158801358147693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snip.ly/kx81x2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,18176569866736914474,990158801358147693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://snip.ly/kx81x2	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://brightstarskindy.com.au/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WkdZM1Vuaz0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	172.217.18.14	true	false	high
brightstarskindy.com.au	203.170.87.17	true	true	unknown
snip.ly	104.22.7.164	true	false	high
www.google.com	142.250.181.228	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://brightstarskindy.com.au/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WkdZM1Vuaz0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply	true	Avira URL Cloud: safe	unknown
https://snip.ly/kx81x2	false		high
https://www.google.com/images/errors/robot.png	false		high
https://google.com/404/	false		high
https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png	false		high
https://google.com/favicon.ico	false		high
https://www.google.com/favicon.ico	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
203.170.87.17	brightstarskindy.com.au	Australia	38719	DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.22.7.164	snip.ly	United States	13335	CLOUDFLARENETUS	false
216.58.212.132	unknown	United States	15169	GOOGLEUS	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
172.217.18.14	google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587080
Start date and time:	2025-01-09 22:44:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://snip.ly/kx81x2
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@17/11@10/7

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.142, 74.125.206.84, 142.250.185.174, 142.250.184.206, 142.250.185.78, 2.16.100.168, 192.229.221.95, 172.217.16.206, 142.250.185.206, 142.250.186.46, 216.58.206.78, 142.250.185.67, 142.250.186.174, 142.250.181.238, 23.56.254.164, 52.149.20.212, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://snip.ly/kx81x2

Input	Output
URL: https://snip.ly Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://snip.ly
URL: https://google.com/404/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://google.com/404/ Model: Joe Sandbox AI	{ "brands": [ "Google" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3170
Entropy (8bit):	7.934630496764965
Encrypted:	false
SSDEEP:	96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
MD5:	9D73B3AA30BCE9D8F166DE5178AE4338
SHA1:	D0CBC46850D8ED54625A3B2B01A2C31F37977E75
SHA-256:	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
SHA-512:	8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
Malicious:	false
Reputation:	low
URL:	https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
Preview:	.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(...N_R."0`.-.A..\|.N..`....n..{.&..l.o..;.....a....d..$.................J.1......7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4\|.F...9......pP.8.\|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 171 x 213, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6327
Entropy (8bit):	7.917392761938663
Encrypted:	false
SSDEEP:	192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
MD5:	4C9ACF280B47CEF7DEF3FC91A34C7FFE
SHA1:	C32BB847DAF52117AB93B723D7C57D8B1E75D36B
SHA-256:	5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
SHA-512:	369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ \|S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C..S......nR.-..A[5.....\|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[..........r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!\|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 171 x 213, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6327
Entropy (8bit):	7.917392761938663
Encrypted:	false
SSDEEP:	192:fqjwqVtaVHyEy9BWc2AwJ+3qg1f6WUBIT8mIKPNc93Y8Nm:Yk3WBkAkg1CWUCwmIKS93O
MD5:	4C9ACF280B47CEF7DEF3FC91A34C7FFE
SHA1:	C32BB847DAF52117AB93B723D7C57D8B1E75D36B
SHA-256:	5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7
SHA-512:	369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E39779526219301C66C2FD59FE92170B324E70CF63CE2B429C
Malicious:	false
Reputation:	low
URL:	https://www.google.com/images/errors/robot.png
Preview:	.PNG........IHDR...................WPLTE...z..z........2........W..{..V........z.....2..3.....V..2..................W.....>`......tRNS.............................Y..j....IDATx....BcI.@A.s..HX....k.0c...T.?n./.~....b....GM.Gu.c...?.{5.5...4.'.o<...i.O.n<.f..?).g.&..8.E4..tl.4.G.o4.....'.....\......._ ...../.~..<......../.~^.}...?...~...Z../.~.]._ ...I. .Q.Y....YQu..i..4.._ \|S...A.-.-h...9...o...k.....9o..?N.U,../+...Z.y...nbMu....4O.7>..Y.-L=J..q..`.B^{4~.p...bR.j.....Gq=..]&..7Y)G6.....A.h`i]...Pd.'.7....9.2...2x.........&..a0N..By.Y.C..S......nR.-..A[5.....\|.p...+v...d\e..]Yq;.&q0..F.c.....p3.&.`..!q..}...k.g5n#........NG-.9...C..[.7.n.v..u......{o.C&n!.(.G7.JA.'6..{(<....p....:..!=..1.f.."..n.8....~o..N.3l..p.[..........r..6..z...(.g1qA.[....q.v+..&...B{.I.\..-.....S.y&.......J.Wn!\|D.....+...y.....9.......> .j......{.....K\X.n!..e.I.+'...j...-pA.[..2...8g.DO.#.?p.. ....-.w5.d......4....n..!q..=..Gu.X..O.........sN.h.q..n!..qP

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3170
Entropy (8bit):	7.934630496764965
Encrypted:	false
SSDEEP:	96:c2ZEPhMXQnPkVrTEnGD9c4vnrmBYBaSfS18:c2/XQnPGroGD9vvnXVaq
MD5:	9D73B3AA30BCE9D8F166DE5178AE4338
SHA1:	D0CBC46850D8ED54625A3B2B01A2C31F37977E75
SHA-256:	DBEF5E5530003B7233E944856C23D1437902A2D3568CDFD2BEAF2166E9CA9139
SHA-512:	8E55D1677CDBFE9DB6700840041C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E29014517234DEBFBCEE58DAB9FC56C81DD147FDC058
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......6.....%.`....)IDATx..].pT..>.l......b..(Hv7 D7.n.8....V..H_.R;S.hY`w.(...N_R."0`.-.A..\|.N..`....n..{.&..l.o..;.....a....d..$.................J.1......7+.c...o..T/.~V.r.....D..G.Ic.....E_.FUR.&..U%...X.4!!Q.H";......e(Ic...$..."1..jR[.L..../Ek.}AH...W.L.V....Y..S..q...!._r.D....G,%...Hu.$q..\.j.x...G.....]....B.i.I.+B.....Hu.....Q...K;...J.q..._......_.x....A:......j....:c...^.....k=GIj..Y]B.V..m...Y.\....$..!....+.R%..U/;p.....R4.g.R...XH.3%..JHHby.eqOZdnS..$.. ....dn...$.w....E.o.8...b@.z.)5.L4\|.F...9......pP.8.\|....-.M..:..ux...7.]...'..(q..~.....KQ.W..,b..L<.Y.].V+....t4.$.V.O.....D.5..v.j...Hd.M....z.......V..q.p.......;:.J.%2.G.;./.E...!.H. ..../Dk.8.T....+..%Vs4..DC.R.`..Z..........0.[)N!.....%.>&.b.$.M....P.!...!....'Kv..Nd...mvR.:.L....w..y%.i..H..u....s.Se1.[.)."..)%.I.....(.#M..4.@....#.....X..P<...k..g....O..I..>-...'._.Q..T.y.=Z.GR{]..&t}......>J..!,..X6.HC..$.:.}..z...._b.b.4.E.....;.Ha.?s.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	downloaded
Size (bytes):	1565
Entropy (8bit):	5.2675078899224985
Encrypted:	false
SSDEEP:	24:hY6svD+6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z8xKdS8f:3qD+2+pUAew85zsKQA
MD5:	BC0AD2DB3272298238C3933EA0D944D1
SHA1:	CCB1767CAF616C73513DC921CD3F5DA072582A77
SHA-256:	0A6AD5109827EFF80F61F2106F29D9FB38CE486FA397551E506BF5B6ED861F36
SHA-512:	064388FD474E86ECB2D17082C79F6C9232DB605F62979598D9EA525600B8F9786716B758220D7C3ECC116E8E84AF8BB6AB6297C4005BCEF26E69DD64F4D61A72
Malicious:	false
Reputation:	low
URL:	https://google.com/404/
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 404 (Not Found)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-09T22:45:52.676145+0100	2057333	ET PHISHING MAMBA Credential Phish Landing Page 2024-11-08	1	192.168.2.4	49743	203.170.87.17	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 22:45:44.245100021 CET	49675	443	192.168.2.4	173.222.162.32
Jan 9, 2025 22:45:48.505362988 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:48.505408049 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:48.505507946 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:48.505677938 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:48.505707979 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:49.151241064 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:49.153584003 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:49.153629065 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:49.154835939 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:49.154902935 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:49.163701057 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:49.163806915 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:49.195060968 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.195091009 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.195143938 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.195514917 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.195527077 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.196124077 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.196223021 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.196317911 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.196568012 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.196605921 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.215769053 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:49.215795994 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:49.265302896 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:49.665766954 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.665996075 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.666007042 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.667262077 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.667546988 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.667607069 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.668521881 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.668582916 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.669511080 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.669595003 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.669832945 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.669841051 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.670268059 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.670345068 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.671335936 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.671442986 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.718503952 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.718641043 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:49.718703032 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:49.758375883 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:50.479962111 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:50.480067015 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:50.480160952 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:50.480997086 CET	49740	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:45:50.481014967 CET	443	49740	104.22.7.164	192.168.2.4
Jan 9, 2025 22:45:50.657885075 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:50.657910109 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:50.657967091 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:50.658135891 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:50.658139944 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.617469072 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.617810965 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:51.617826939 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.619471073 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.619596004 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:51.622936010 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:51.623032093 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.623225927 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:51.663331032 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.666795015 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:51.666810989 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:51.713488102 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:52.676255941 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:52.676456928 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:52.677546978 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:52.677561045 CET	443	49743	203.170.87.17	192.168.2.4
Jan 9, 2025 22:45:52.677571058 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:52.677589893 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:52.677607059 CET	49743	443	192.168.2.4	203.170.87.17
Jan 9, 2025 22:45:52.685545921 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:52.685595036 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:52.685672045 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:52.685869932 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:52.685902119 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.326442957 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.326834917 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.326873064 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.328219891 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.328357935 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.329410076 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.329456091 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.330249071 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.330317974 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.330451965 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.330461025 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.384938955 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.696161032 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.696332932 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.696491003 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.696525097 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.696598053 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.696651936 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.697237968 CET	49744	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:53.697266102 CET	443	49744	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:53.734163046 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.734970093 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.735019922 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.735240936 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.735727072 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.735754013 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.775331020 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.920722961 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.920842886 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.920928001 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.921006918 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.921015978 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.921081066 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.921117067 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.921161890 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.921205044 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.921220064 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.921519041 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.921603918 CET	443	49739	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:53.921667099 CET	49739	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:53.935192108 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:53.935282946 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:53.935375929 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:53.935544968 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:53.935564995 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.385484934 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.385749102 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.385782003 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.388891935 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.388963938 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.389305115 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.389399052 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.389405966 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.429799080 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.429861069 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.476890087 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.604479074 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.605156898 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.605221033 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.608764887 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.608897924 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.609277964 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.609342098 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.609416008 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.609432936 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.655092001 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.663438082 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.663566113 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.663640976 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.663702965 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.663909912 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.664051056 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.664406061 CET	49745	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:54.664469004 CET	443	49745	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:54.670991898 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:54.671042919 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:54.671268940 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:54.671469927 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.671555996 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.671643972 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.671844006 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:54.671901941 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:54.672252893 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.672339916 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880309105 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880407095 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880477905 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880489111 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.880522013 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880572081 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.880579948 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880633116 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.880678892 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.880685091 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.881683111 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:54.881766081 CET	443	49746	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:54.881838083 CET	49746	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.315434933 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.315809011 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.315871000 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.319170952 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.319259882 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.319586039 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.319674015 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.319705009 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.326919079 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.327245951 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.327310085 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.328146935 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.328548908 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.328548908 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.328644037 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.328726053 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.367340088 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.369693041 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.369751930 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.369920015 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.416568995 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.594839096 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.594978094 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.595118046 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.595181942 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.595251083 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.595299959 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.595334053 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.595360041 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.595680952 CET	49748	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:55.595712900 CET	443	49748	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:55.598591089 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.598831892 CET	443	49747	172.217.18.14	192.168.2.4
Jan 9, 2025 22:45:55.598912954 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.598913908 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.598913908 CET	49747	443	192.168.2.4	172.217.18.14
Jan 9, 2025 22:45:55.600177050 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:55.600219011 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:55.600279093 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:55.600465059 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:55.600481987 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.237998009 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.238260031 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.238281012 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.238735914 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.239070892 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.239147902 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.239233017 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.279334068 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517740965 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517800093 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517833948 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517853022 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.517868042 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517884970 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517919064 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.517930984 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.517959118 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.519082069 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.519143105 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.519340992 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.520220041 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.520235062 CET	443	49749	142.250.181.228	192.168.2.4
Jan 9, 2025 22:45:56.520343065 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.520356894 CET	49749	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:45:56.527044058 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:56.527123928 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:56.527206898 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:56.527467966 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:56.527499914 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.156022072 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.156291008 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.156354904 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.157829046 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.158149958 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.158262968 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.158333063 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.199331999 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424154997 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424220085 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424262047 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424299955 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424329042 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.424405098 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424417019 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.424526930 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:45:57.424595118 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.425295115 CET	49750	443	192.168.2.4	216.58.212.132
Jan 9, 2025 22:45:57.425324917 CET	443	49750	216.58.212.132	192.168.2.4
Jan 9, 2025 22:46:01.523013115 CET	49723	80	192.168.2.4	199.232.210.172
Jan 9, 2025 22:46:01.528305054 CET	80	49723	199.232.210.172	192.168.2.4
Jan 9, 2025 22:46:01.528359890 CET	49723	80	192.168.2.4	199.232.210.172
Jan 9, 2025 22:46:04.563626051 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:46:04.563839912 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:46:04.563996077 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:46:06.246486902 CET	49741	443	192.168.2.4	104.22.7.164
Jan 9, 2025 22:46:06.246553898 CET	443	49741	104.22.7.164	192.168.2.4
Jan 9, 2025 22:46:48.557995081 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:46:48.558034897 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:48.558104992 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:46:48.558367968 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:46:48.558386087 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:49.217901945 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:49.218394995 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:46:49.218425035 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:49.219100952 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:49.219562054 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:46:49.219671965 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:49.260164022 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:46:50.385354996 CET	49724	80	192.168.2.4	199.232.210.172
Jan 9, 2025 22:46:50.390477896 CET	80	49724	199.232.210.172	192.168.2.4
Jan 9, 2025 22:46:50.390773058 CET	49724	80	192.168.2.4	199.232.210.172
Jan 9, 2025 22:46:59.127130032 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:59.127383947 CET	443	49809	142.250.181.228	192.168.2.4
Jan 9, 2025 22:46:59.127692938 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:47:00.246489048 CET	49809	443	192.168.2.4	142.250.181.228
Jan 9, 2025 22:47:00.246522903 CET	443	49809	142.250.181.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 22:45:43.878464937 CET	53	56758	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:43.913680077 CET	53	61442	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:44.982577085 CET	53	53466	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:48.496656895 CET	60260	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:48.496723890 CET	61220	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:48.504559994 CET	53	60260	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:48.504573107 CET	53	61220	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:49.155272007 CET	50946	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:49.155391932 CET	64107	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:49.165394068 CET	53	64107	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:49.166248083 CET	53	50946	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:50.482980967 CET	50403	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:50.483299971 CET	65487	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:50.524039030 CET	53	65487	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:50.657346964 CET	53	50403	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:52.678225040 CET	54136	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:52.678323030 CET	58966	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:52.685056925 CET	53	54136	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:52.685069084 CET	53	58966	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:53.928080082 CET	53467	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:53.928235054 CET	52068	53	192.168.2.4	1.1.1.1
Jan 9, 2025 22:45:53.934679031 CET	53	53467	1.1.1.1	192.168.2.4
Jan 9, 2025 22:45:53.934855938 CET	53	52068	1.1.1.1	192.168.2.4
Jan 9, 2025 22:46:01.969021082 CET	138	138	192.168.2.4	192.168.2.255
Jan 9, 2025 22:46:02.052373886 CET	53	62549	1.1.1.1	192.168.2.4
Jan 9, 2025 22:46:20.799761057 CET	53	53031	1.1.1.1	192.168.2.4
Jan 9, 2025 22:46:43.665843964 CET	53	54356	1.1.1.1	192.168.2.4
Jan 9, 2025 22:46:43.981584072 CET	53	52686	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 22:45:48.496656895 CET	192.168.2.4	1.1.1.1	0x2eb8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:48.496723890 CET	192.168.2.4	1.1.1.1	0xa3e8	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 22:45:49.155272007 CET	192.168.2.4	1.1.1.1	0x86cc	Standard query (0)	snip.ly	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:49.155391932 CET	192.168.2.4	1.1.1.1	0x250	Standard query (0)	snip.ly	65	IN (0x0001)	false
Jan 9, 2025 22:45:50.482980967 CET	192.168.2.4	1.1.1.1	0x2209	Standard query (0)	brightstarskindy.com.au	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:50.483299971 CET	192.168.2.4	1.1.1.1	0xa79e	Standard query (0)	brightstarskindy.com.au	65	IN (0x0001)	false
Jan 9, 2025 22:45:52.678225040 CET	192.168.2.4	1.1.1.1	0x4f6e	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:52.678323030 CET	192.168.2.4	1.1.1.1	0x89ae	Standard query (0)	google.com	65	IN (0x0001)	false
Jan 9, 2025 22:45:53.928080082 CET	192.168.2.4	1.1.1.1	0xc576	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:53.928235054 CET	192.168.2.4	1.1.1.1	0xa5d7	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 22:45:48.504559994 CET	1.1.1.1	192.168.2.4	0x2eb8	No error (0)	www.google.com	142.250.181.228	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:48.504573107 CET	1.1.1.1	192.168.2.4	0xa3e8	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 9, 2025 22:45:49.165394068 CET	1.1.1.1	192.168.2.4	0x250	No error (0)	snip.ly		65	IN (0x0001)	false
Jan 9, 2025 22:45:49.166248083 CET	1.1.1.1	192.168.2.4	0x86cc	No error (0)	snip.ly	104.22.7.164	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:49.166248083 CET	1.1.1.1	192.168.2.4	0x86cc	No error (0)	snip.ly	172.67.11.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:49.166248083 CET	1.1.1.1	192.168.2.4	0x86cc	No error (0)	snip.ly	104.22.6.164	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:50.657346964 CET	1.1.1.1	192.168.2.4	0x2209	No error (0)	brightstarskindy.com.au	203.170.87.17	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:52.685056925 CET	1.1.1.1	192.168.2.4	0x4f6e	No error (0)	google.com	172.217.18.14	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:52.685069084 CET	1.1.1.1	192.168.2.4	0x89ae	No error (0)	google.com		65	IN (0x0001)	false
Jan 9, 2025 22:45:53.934679031 CET	1.1.1.1	192.168.2.4	0xc576	No error (0)	www.google.com	216.58.212.132	A (IP address)	IN (0x0001)	false
Jan 9, 2025 22:45:53.934855938 CET	1.1.1.1	192.168.2.4	0xa5d7	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

snip.ly

brightstarskindy.com.au

google.com

https:

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	104.22.7.164	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:49 UTC	656	OUT	GET /kx81x2 HTTP/1.1 Host: snip.ly Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:50 UTC	633	IN	HTTP/1.1 302 Found Date: Thu, 09 Jan 2025 21:45:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: https://brightstarskindy.com.au/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WkdZM1Vuaz0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply Referer: (direct) Vary: Cookie, Origin Set-Cookie: sessionid=dmu2b7sp4rym0c5r8o8hk08l2py2rzaq; expires=Wed, 09 Apr 2025 21:45:50 GMT; HttpOnly; Max-Age=7776000; Path=/; SameSite=None; Secure CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8ff79dd5ed7e4299-EWR
2025-01-09 21:45:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49743	203.170.87.17	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:51 UTC	839	OUT	GET /n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9WkdZM1Vuaz0mdWlkPVVTRVIxMDA3MjAyNFVOSVFVRTEyNTYwNzEwMTgyMDI0MjAyNDA3MTA1NjEyMTg=N0123N&utm_source=sniply&utm_campaign=sniply&utm_medium=sniply HTTP/1.1 Host: brightstarskindy.com.au Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:52 UTC	309	IN	HTTP/1.1 302 Moved Temporarily Date: Thu, 09 Jan 2025 21:45:51 GMT Server: Apache X-Powered-By: PHP/8.2.11 Cache-Control: no-store Upgrade: h2,h2c Connection: Upgrade, close Location: https://google.com/404/ Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 21:45:52 UTC	11	IN	Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	172.217.18.14	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:53 UTC	657	OUT	GET /404/ HTTP/1.1 Host: google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:53 UTC	231	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Referrer-Policy: no-referrer Content-Length: 1565 Date: Thu, 09 Jan 2025 21:45:53 GMT Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:53 UTC	1159	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-se
2025-01-09 21:45:53 UTC	406	IN	Data Raw: 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 0a 20 20 Data Ascii: .google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span id=logo aria-label=Google></span></a>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	142.250.181.228	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:53 UTC	727	OUT	GET /images/errors/robot.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:53 UTC	683	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 6327 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 07 Jan 2025 08:55:12 GMT Expires: Wed, 07 Jan 2026 08:55:12 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/png Age: 219041 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:53 UTC	707	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69 Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
2025-01-09 21:45:53 UTC	1390	IN	Data Raw: 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 26 fb bc d9 0b d7 a8 17 8e 4a e2 82 57 6e 21 7c 44 dc bd 98 e4 99 13 e6 2b 9e 14 cf 79 b7 e5 1a d3 1c 39 a8 81 0b c3 1d b7 10 3e 20 eb 6a 1c c8 c6 f8 c7 b4 f1 a4 b8 7b e4 0d c1 0d b8 4b 5c 58 16 6e 21 bc af 65 e5 49 19 2b 27 c6 ca b3 87 6a bc c5 b2 00 2d 70 41 95 5b 08 ef 32 1f 8c a3 38 67 e7 44 4f bc 23 a9 3f 70 10 06 20 05 2e 8c c2 2d 84 77 35 e7 89 64 f7 81 13 bb ca db 34 e7 ec 1c c4 6e d0 9c 0b 21 Data Ascii: '6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!\|D+y9> j{K\Xn!eI+'j-pA[28gDO#?p .-w5d4n!
2025-01-09 21:45:53 UTC	1390	IN	Data Raw: 05 d5 c6 51 4b c5 78 43 09 6b 77 31 6e 24 bc a6 ce 1f 75 1c bd 6e 39 30 1e 24 ea c2 13 db 45 2e d9 10 7a 89 1c a4 94 a2 71 5d 7c 18 dd 0b b7 11 5e 8b 63 e2 49 49 36 85 4d d0 a0 1a 7a 1e e3 ca 2b 47 e6 89 2b 24 04 a9 1c 58 d2 12 b9 ce 4a c8 43 04 e6 b8 e2 6b 84 2b 64 9c 01 4b 21 02 2a 83 fa 2e 94 58 13 77 0b 47 d6 13 57 59 0a 5a b7 06 94 94 9a 71 9d 8c 9b 30 0d 29 f2 45 c2 15 31 14 26 19 1a 07 26 40 13 c0 02 d1 13 47 cb 23 6f b0 a2 21 84 95 41 ac 22 91 2b ac 8c 7d b3 5b 1e f9 2a e1 9a fb 2c 65 e2 49 14 20 2a 07 52 79 f4 c8 41 6f bc 6d 5b 54 43 6a 60 55 52 31 4e 59 15 df 6c b4 46 6a e0 ab 84 ab 8a eb 5d e4 a8 0a 10 07 8e ea 14 3d eb 90 24 2f bc 2f a6 10 c2 0a 5b b5 54 66 5e 44 f5 bc c9 a1 19 d0 94 af 12 ae 6b da 47 2d c5 56 8b 01 35 71 d4 c6 30 88 4a 48 3d Data Ascii: QKxCkw1n$un90$E.zq]\|^cII6Mz+G+$XJCk+dK!.XwGWYZq0)E1&&@G#o!A"+}[,eI *RyAom[TCj`UR1NYlFj]=$//[Tf^DkG-V5q0JH=
2025-01-09 21:45:53 UTC	1390	IN	Data Raw: 1f 7a f4 ec 7d e6 2d 51 67 4e a5 ac 5c 30 30 71 0f de 5b b8 07 cc c5 38 b0 31 44 03 84 d7 4c 1b 78 01 9a 72 90 bc f1 09 51 c2 66 3f 84 66 5c 15 84 53 16 02 6f 88 9e 47 37 cc d3 96 a3 28 d9 9b 81 f0 5a 15 48 0b 10 83 01 96 85 3f 6c 9e 92 06 e3 2d 71 f0 9e d7 21 99 71 c2 cc c0 c6 ca 19 49 bc a9 f9 e8 0c f7 3c 69 2e e2 15 10 5e a9 0b c4 60 60 1e 81 d5 30 f0 87 79 77 0f dd b7 bc 29 ca 10 f6 bd 8f 69 e2 45 eb c1 2b 84 3b ce 14 e5 1d 32 78 36 8e 82 37 cc 77 06 c2 2b 21 42 52 b0 70 0f 4c be 18 2f 54 63 35 f3 02 36 f3 a6 47 0d 3e 66 6f 5b 8e cc 83 f9 18 d1 c4 3f 36 63 91 f7 44 cf 62 40 08 11 30 15 10 2e 15 81 38 18 54 01 4c 83 71 14 ff 03 06 0f bd d7 5c b1 e0 c3 7f bc ad ca ac 79 2d 1c 8d 0d 59 cf a4 60 bc 88 a1 f0 91 69 93 13 44 e7 c8 c2 00 c2 05 0b 11 e4 11 18 Data Ascii: z}-QgN\00q[81DLxrQf?f\SoG7(ZH?l-q!qI<i.^``0yw)iE+;2x67w+!BRpL/Tc56G>fo[?6cDb@0.8TLq\y-Y`iD
2025-01-09 21:45:53 UTC	1390	IN	Data Raw: 7a 00 e2 58 78 62 b5 cf bc 4d f8 a7 5a 5d f9 c4 57 cc a3 6d 07 35 2e d4 ae fc 11 bd 1b d8 ae 01 65 a7 de fb 7e 48 c6 1f 41 ad 89 ee 2b cf 6a af bc 4d 78 21 e3 7a 93 3d 0f ad 24 89 ab 15 ac f8 98 05 81 41 38 97 bc 67 e5 8f ba 1e 1f 30 55 20 ad f3 fd e3 1c c5 c3 96 67 c1 d7 3e ba 73 30 27 98 5d 78 9b f0 47 cd e3 22 79 3f a6 c1 47 7f 92 e2 8a 0f cc 6d b3 80 04 4e 58 94 ae 53 71 35 9e c9 5e e1 ce 1b a9 6b e5 c0 dc 57 3c 9b 53 69 b6 04 0e da ba 80 27 de 26 fc e1 79 b6 92 37 01 6c 1b a5 25 a9 3e 7a 08 d5 8c b7 ac da d8 93 c1 e4 c6 3f 45 3d cc 10 47 bf 33 9e 14 0f ff 31 04 5c d8 72 60 a9 71 22 7a 03 6c c8 13 0c 0b 7f cd c5 38 23 1c 95 41 7a dd aa e7 2c fc 13 eb e0 e3 6e b7 a4 d9 78 cd d4 3d a4 b4 34 ee 47 e3 85 dd 29 c6 51 ec d9 1f 23 47 ad ef 28 bd f9 03 4f a2 Data Ascii: zXxbMZ]Wm5.e~HA+jMx!z=$A8g0U g>s0']xG"y?GmNXSq5^kW<Si'&y7l%>z?E=G31\r`q"zl8#Az,nx=4G)Q#G(O
2025-01-09 21:45:53 UTC	60	IN	Data Raw: df 25 fc aa e8 62 40 d2 9c 8c ef 12 7e d7 a4 63 35 93 f5 3e f2 6d c2 6f 2b 7d 18 46 99 f9 3e e1 d7 d9 5c b6 fc 84 ff 01 4e de f0 b9 5c 13 aa be 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: %b@~c5>mo+}F>\N\IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	142.250.181.228	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:54 UTC	763	OUT	GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:54 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3170 Date: Thu, 09 Jan 2025 21:45:54 GMT Expires: Thu, 09 Jan 2025 21:45:54 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:54 UTC	719	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07 Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(N_R"0`-A\|N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
2025-01-09 21:45:54 UTC	1390	IN	Data Raw: df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 ef 89 86 cf 73 dd 53 65 31 b1 5b c5 29 02 22 c7 cd 29 25 d8 85 49 ba 1d d8 91 f8 bc 28 82 23 4d 81 d9 34 ba 40 16 b7 03 9f 23 17 f9 cd e2 1b 58 9f e7 84 50 3c c1 fc 13 6b df 94 b1 67 a4 95 f0 16 4f eb a8 86 df 49 a9 13 3e 2d 9c 02 a2 27 1f 5f e9 51 e1 12 54 ea 79 0f 3d 5a 9e 47 52 7b 5d 14 80 26 74 7d 2a 1a ee c6 e4 bc 8e 94 12 3e 4a 04 9b 21 2c d0 d9 58 36 f3 48 43 a0 1b 24 f1 3a 8e 7d be ec 7a bb da Data Ascii: /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{]&t}*>J!,X6HC$:}z
2025-01-09 21:45:54 UTC	1061	IN	Data Raw: ab 50 1a 37 9a 50 9e f0 62 0d d1 67 44 a4 6d b3 e8 52 9d 27 0a 80 0c 90 57 cf 83 f3 85 03 40 9a e0 3e 0f 51 30 cf 8d 8d 03 11 18 1d ea 36 e1 00 74 df 9d 6c 69 a7 3e 30 e6 84 85 36 ca 2d d6 73 a1 28 82 e0 63 b9 00 e9 89 af f4 89 40 0a 0f a0 56 28 a2 38 b0 c9 6f 43 dc d5 5c 13 1c e9 cf 25 26 8c 47 6d ca 2e 59 22 c2 4f 6a e2 6d 17 8a 22 40 f0 8a 62 36 7a 8b ac 7f 9e be d1 aa ac 01 cd 89 31 dd 5d e8 11 2a a2 5f cd c6 7d 4c 91 f5 2f 8c 5c d0 c8 65 75 d4 ad 60 2b 09 a0 9b 81 eb 86 a0 f7 36 89 02 70 f3 c7 b9 4d 25 ae 7f dd f6 54 53 42 fb 83 df 92 8e 29 2b c0 42 31 e4 6a a6 8e 85 b1 c2 06 a8 bf a2 62 61 66 d4 10 4f 1d 5a 2f 9e 10 78 4a 4c d1 56 8e b8 b1 15 19 0b 74 19 f4 c6 a3 be 88 7e 23 fa ec 7c 94 2c 68 61 76 db fd 0c ec c6 48 2c 6d 29 b4 c1 6a 99 b2 03 33 d6 Data Ascii: P7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm"@b6z1]*_}L/\eu`+6pM%TSB)+B1jbafOZ/xJLVt~#\|,havH,m)j3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	216.58.212.132	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:54 UTC	458	OUT	GET /images/errors/robot.png HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:54 UTC	683	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 6327 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 07 Jan 2025 08:55:12 GMT Expires: Wed, 07 Jan 2026 08:55:12 GMT Cache-Control: public, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/png Age: 219042 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:54 UTC	707	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ab 00 00 00 d5 08 03 00 00 00 1f 1e f0 9a 00 00 00 57 50 4c 54 45 9d c7 ed 7a b3 e7 7a b3 e8 d4 e6 f7 9e c7 ee 32 8a db bb d8 f3 ba d8 f3 bb d8 f4 57 9f e1 7b b3 e8 56 9e e1 d4 e6 f8 d3 e6 f7 7a b2 e7 e9 f3 fb 32 89 da 33 8a db ea f3 fc 56 9f e1 32 8a da 9d c6 ed 9e c7 ed d3 e5 f7 ba d7 f3 e9 f2 fb ea f3 fb 57 9f e2 ff ff ff 3e 60 10 a0 00 00 00 1d 74 52 4e 53 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 59 86 e7 6a 00 00 17 f2 49 44 41 54 78 01 b5 c1 07 42 63 49 0c 40 41 a9 73 ff e4 48 58 e9 dd ff 9c 6b c3 30 63 1b 93 0c 54 09 3f 6e c5 2f 11 7e d6 14 97 1e 62 8c fc 02 e1 47 4d de 47 75 cf 63 e4 e7 09 3f aa 7b 35 88 35 b8 cc fc 34 e1 27 15 6f 3c 93 1c f8 69 Data Ascii: PNGIHDRWPLTEzz2W{Vz23V2W>`tRNSYjIDATxBcI@AsHXk0cT?n/~bGMGuc?{554'o<i
2025-01-09 21:45:54 UTC	1390	IN	Data Raw: 27 36 a7 9e 7b 28 3c b9 9b b9 85 70 93 e8 06 c3 3a f1 be e6 21 3d 80 d5 bb 31 87 66 fc 11 22 b7 10 6e f2 38 02 da 8d 0f c4 a2 7e 6f b3 bb 4e fc 33 6c b9 85 70 13 5b 0c a6 c4 c1 2a 0a ef 89 da 93 18 a7 a4 72 0b e1 36 8b f1 ac 7a de 14 ae 28 91 67 31 71 41 85 5b 08 9f 11 8b 71 c6 76 2b 9e d8 26 e7 1c b8 42 7b e1 49 8b 5c f0 ca 2d 84 0f c5 ba f4 ec 89 53 d1 79 26 fb bc d9 0b d7 a8 17 8e 4a e2 82 57 6e 21 7c 44 dc bd 98 e4 99 13 e6 2b 9e 14 cf 79 b7 e5 1a d3 1c 39 a8 81 0b c3 1d b7 10 3e 20 eb 6a 1c c8 c6 f8 c7 b4 f1 a4 b8 7b e4 0d c1 0d b8 4b 5c 58 16 6e 21 bc af 65 e5 49 19 2b 27 c6 ca b3 87 6a bc c5 b2 00 2d 70 41 95 5b 08 ef 32 1f 8c a3 38 67 e7 44 4f bc 23 a9 3f 70 10 06 20 05 2e 8c c2 2d 84 77 35 e7 89 64 f7 81 13 bb ca db 34 e7 ec 1c c4 6e d0 9c 0b 21 Data Ascii: '6{(<p:!=1f"n8~oN3lp[*r6z(g1qA[qv+&B{I\-Sy&JWn!\|D+y9> j{K\Xn!eI+'j-pA[28gDO#?p .-w5d4n!
2025-01-09 21:45:54 UTC	1390	IN	Data Raw: 05 d5 c6 51 4b c5 78 43 09 6b 77 31 6e 24 bc a6 ce 1f 75 1c bd 6e 39 30 1e 24 ea c2 13 db 45 2e d9 10 7a 89 1c a4 94 a2 71 5d 7c 18 dd 0b b7 11 5e 8b 63 e2 49 49 36 85 4d d0 a0 1a 7a 1e e3 ca 2b 47 e6 89 2b 24 04 a9 1c 58 d2 12 b9 ce 4a c8 43 04 e6 b8 e2 6b 84 2b 64 9c 01 4b 21 02 2a 83 fa 2e 94 58 13 77 0b 47 d6 13 57 59 0a 5a b7 06 94 94 9a 71 9d 8c 9b 30 0d 29 f2 45 c2 15 31 14 26 19 1a 07 26 40 13 c0 02 d1 13 47 cb 23 6f b0 a2 21 84 95 41 ac 22 91 2b ac 8c 7d b3 5b 1e f9 2a e1 9a fb 2c 65 e2 49 14 20 2a 07 52 79 f4 c8 41 6f bc 6d 5b 54 43 6a 60 55 52 31 4e 59 15 df 6c b4 46 6a e0 ab 84 ab 8a eb 5d e4 a8 0a 10 07 8e ea 14 3d eb 90 24 2f bc 2f a6 10 c2 0a 5b b5 54 66 5e 44 f5 bc c9 a1 19 d0 94 af 12 ae 6b da 47 2d c5 56 8b 01 35 71 d4 c6 30 88 4a 48 3d Data Ascii: QKxCkw1n$un90$E.zq]\|^cII6Mz+G+$XJCk+dK!.XwGWYZq0)E1&&@G#o!A"+}[,eI *RyAom[TCj`UR1NYlFj]=$//[Tf^DkG-V5q0JH=
2025-01-09 21:45:54 UTC	1390	IN	Data Raw: 1f 7a f4 ec 7d e6 2d 51 67 4e a5 ac 5c 30 30 71 0f de 5b b8 07 cc c5 38 b0 31 44 03 84 d7 4c 1b 78 01 9a 72 90 bc f1 09 51 c2 66 3f 84 66 5c 15 84 53 16 02 6f 88 9e 47 37 cc d3 96 a3 28 d9 9b 81 f0 5a 15 48 0b 10 83 01 96 85 3f 6c 9e 92 06 e3 2d 71 f0 9e d7 21 99 71 c2 cc c0 c6 ca 19 49 bc a9 f9 e8 0c f7 3c 69 2e e2 15 10 5e a9 0b c4 60 60 1e 81 d5 30 f0 87 79 77 0f dd b7 bc 29 ca 10 f6 bd 8f 69 e2 45 eb c1 2b 84 3b ce 14 e5 1d 32 78 36 8e 82 37 cc 77 06 c2 2b 21 42 52 b0 70 0f 4c be 18 2f 54 63 35 f3 02 36 f3 a6 47 0d 3e 66 6f 5b 8e cc 83 f9 18 d1 c4 3f 36 63 91 f7 44 cf 62 40 08 11 30 15 10 2e 15 81 38 18 54 01 4c 83 71 14 ff 03 06 0f bd d7 5c b1 e0 c3 7f bc ad ca ac 79 2d 1c 8d 0d 59 cf a4 60 bc 88 a1 f0 91 69 93 13 44 e7 c8 c2 00 c2 05 0b 11 e4 11 18 Data Ascii: z}-QgN\00q[81DLxrQf?f\SoG7(ZH?l-q!qI<i.^``0yw)iE+;2x67w+!BRpL/Tc56G>fo[?6cDb@0.8TLq\y-Y`iD
2025-01-09 21:45:54 UTC	1390	IN	Data Raw: 7a 00 e2 58 78 62 b5 cf bc 4d f8 a7 5a 5d f9 c4 57 cc a3 6d 07 35 2e d4 ae fc 11 bd 1b d8 ae 01 65 a7 de fb 7e 48 c6 1f 41 ad 89 ee 2b cf 6a af bc 4d 78 21 e3 7a 93 3d 0f ad 24 89 ab 15 ac f8 98 05 81 41 38 97 bc 67 e5 8f ba 1e 1f 30 55 20 ad f3 fd e3 1c c5 c3 96 67 c1 d7 3e ba 73 30 27 98 5d 78 9b f0 47 cd e3 22 79 3f a6 c1 47 7f 92 e2 8a 0f cc 6d b3 80 04 4e 58 94 ae 53 71 35 9e c9 5e e1 ce 1b a9 6b e5 c0 dc 57 3c 9b 53 69 b6 04 0e da ba 80 27 de 26 fc e1 79 b6 92 37 01 6c 1b a5 25 a9 3e 7a 08 d5 8c b7 ac da d8 93 c1 e4 c6 3f 45 3d cc 10 47 bf 33 9e 14 0f ff 31 04 5c d8 72 60 a9 71 22 7a 03 6c c8 13 0c 0b 7f cd c5 38 23 1c 95 41 7a dd aa e7 2c fc 13 eb e0 e3 6e b7 a4 d9 78 cd d4 3d a4 b4 34 ee 47 e3 85 dd 29 c6 51 ec d9 1f 23 47 ad ef 28 bd f9 03 4f a2 Data Ascii: zXxbMZ]Wm5.e~HA+jMx!z=$A8g0U g>s0']xG"y?GmNXSq5^kW<Si'&y7l%>z?E=G31\r`q"zl8#Az,nx=4G)Q#G(O
2025-01-09 21:45:54 UTC	60	IN	Data Raw: df 25 fc aa e8 62 40 d2 9c 8c ef 12 7e d7 a4 63 35 93 f5 3e f2 6d c2 6f 2b 7d 18 46 99 f9 3e e1 d7 d9 5c b6 fc 84 ff 01 4e de f0 b9 5c 13 aa be 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: %b@~c5>mo+}F>\N\IENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49748	216.58.212.132	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:55 UTC	494	OUT	GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:55 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 3170 Date: Thu, 09 Jan 2025 21:45:55 GMT Expires: Thu, 09 Jan 2025 21:45:55 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:55 UTC	719	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 96 00 00 00 36 08 06 00 00 00 25 1d 60 0c 00 00 0c 29 49 44 41 54 78 da ed 5d 0b 70 54 d5 19 3e 98 6c 00 1f 88 da 97 b5 82 62 ad 14 28 48 76 37 20 44 37 f7 6e 08 38 83 a2 a5 b4 56 ab a5 48 5f 82 52 3b 53 1f 68 59 60 77 13 28 b6 d5 2a b6 4e 5f 52 ab 22 30 60 a9 2d e6 41 a9 1d 7c b4 2a 4e c5 fa 60 b0 a8 80 ec 6e 02 84 7b ef 26 90 84 6c ff 6f e0 0e 3b 9b ff de bd 8f 84 61 9a f3 cd 9c d9 64 ef dd 24 e7 f0 9d ff f1 fd ff b9 08 09 09 09 89 fe 89 e9 b1 dc e9 4a 9d 31 ae 2a 91 9d a1 d4 1a 37 2b 09 63 8e 9a d4 6f a0 a1 54 2f cf 7e 56 e4 72 03 84 84 84 13 44 eb da 47 a8 49 63 11 91 e7 e5 aa b8 d6 45 5f e7 ac 46 55 52 db a3 26 f4 df 55 25 8c a9 b1 58 ee 34 21 21 51 88 48 22 3b 91 c8 f4 1c 08 e3 65 28 49 63 07 Data Ascii: PNGIHDR6%`)IDATx]pT>lb(Hv7 D7n8VH_R;ShY`w(N_R"0`-A\|N`n{&lo;ad$J1*7+coT/~VrDGIcE_FUR&U%X4!!QH";e(Ic
2025-01-09 21:45:55 UTC	1390	IN	Data Raw: df d8 08 c8 2f 44 6b db ae 38 9e 54 fd 99 be 7f 2b 7f f8 25 56 73 34 14 ce 44 43 1b 52 d1 60 a7 f5 5a 06 df c2 e6 05 c1 bc 0a a2 1f 30 13 5b 29 4e 21 a4 ab 83 95 19 25 fc 3e 26 ec 62 ec 24 92 4d 12 0e d1 d1 50 1a 21 c2 fc 97 21 92 1d c1 de 27 4b 76 a5 e3 b5 4e 64 af a1 b5 6d 76 52 fa 3a 96 4c e9 0b e8 eb 77 0b af 79 25 d6 8e 69 9f 1f 48 eb f2 b0 bb 75 0c d5 ef 89 86 cf 73 dd 53 65 31 b1 5b c5 29 02 22 c7 cd 29 25 d8 85 49 ba 1d d8 91 f8 bc 28 82 23 4d 81 d9 34 ba 40 16 b7 03 9f 23 17 f9 cd e2 1b 58 9f e7 84 50 3c c1 fc 13 6b df 94 b1 67 a4 95 f0 16 4f eb a8 86 df 49 a9 13 3e 2d 9c 02 a2 27 1f 5f e9 51 e1 12 54 ea 79 0f 3d 5a 9e 47 52 7b 5d 14 80 26 74 7d 2a 1a ee c6 e4 bc 8e 94 12 3e 4a 04 9b 21 2c d0 d9 58 36 f3 48 43 a0 1b 24 f1 3a 8e 7d be ec 7a bb da Data Ascii: /Dk8T+%Vs4DCR`Z0[)N!%>&b$MP!!'KvNdmvR:Lwy%iHusSe1[)")%I(#M4@#XP<kgOI>-'_QTy=ZGR{]&t}*>J!,X6HC$:}z
2025-01-09 21:45:55 UTC	1061	IN	Data Raw: ab 50 1a 37 9a 50 9e f0 62 0d d1 67 44 a4 6d b3 e8 52 9d 27 0a 80 0c 90 57 cf 83 f3 85 03 40 9a e0 3e 0f 51 30 cf 8d 8d 03 11 18 1d ea 36 e1 00 74 df 9d 6c 69 a7 3e 30 e6 84 85 36 ca 2d d6 73 a1 28 82 e0 63 b9 00 e9 89 af f4 89 40 0a 0f a0 56 28 a2 38 b0 c9 6f 43 dc d5 5c 13 1c e9 cf 25 26 8c 47 6d ca 2e 59 22 c2 4f 6a e2 6d 17 8a 22 40 f0 8a 62 36 7a 8b ac 7f 9e be d1 aa ac 01 cd 89 31 dd 5d e8 11 2a a2 5f cd c6 7d 4c 91 f5 2f 8c 5c d0 c8 65 75 d4 ad 60 2b 09 a0 9b 81 eb 86 a0 f7 36 89 02 70 f3 c7 b9 4d 25 ae 7f dd f6 54 53 42 fb 83 df 92 8e 29 2b c0 42 31 e4 6a a6 8e 85 b1 c2 06 a8 bf a2 62 61 66 d4 10 4f 1d 5a 2f 9e 10 78 4a 4c d1 56 8e b8 b1 15 19 0b 74 19 f4 c6 a3 be 88 7e 23 fa ec 7c 94 2c 68 61 76 db fd 0c ec c6 48 2c 6d 29 b4 c1 6a 99 b2 03 33 d6 Data Ascii: P7PbgDmR'W@>Q06tli>06-s(c@V(8oC\%&Gm.Y"Ojm"@b6z1]*_}L/\eu`+6pM%TSB)+B1jbafOZ/xJLVt~#\|,havH,m)j3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	172.217.18.14	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:55 UTC	683	OUT	GET /favicon.ico HTTP/1.1 Host: google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:55 UTC	454	IN	HTTP/1.1 301 Moved Permanently Location: https://www.google.com/favicon.ico Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Server: sffe Content-Length: 231 X-XSS-Protection: 0 Date: Thu, 09 Jan 2025 21:25:27 GMT Expires: Thu, 09 Jan 2025 21:55:27 GMT Cache-Control: public, max-age=1800 Content-Type: text/html; charset=UTF-8 Age: 1228 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:55 UTC	231	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/favicon.ico">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49749	142.250.181.228	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:56 UTC	685	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:56 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 09 Jan 2025 20:18:39 GMT Expires: Fri, 17 Jan 2025 20:18:39 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 5237 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:56 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2025-01-09 21:45:56 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2025-01-09 21:45:56 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2025-01-09 21:45:56 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2025-01-09 21:45:56 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49750	216.58.212.132	443	5856	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-09 21:45:57 UTC	446	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 21:45:57 UTC	705	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 09 Jan 2025 20:18:39 GMT Expires: Fri, 17 Jan 2025 20:18:39 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 5238 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2025-01-09 21:45:57 UTC	685	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2025-01-09 21:45:57 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
2025-01-09 21:45:57 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2025-01-09 21:45:57 UTC	1390	IN	Data Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBF!4I
2025-01-09 21:45:57 UTC	575	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Target ID:	0
Start time:	16:45:39
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	16:45:42
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1716,i,18176569866736914474,990158801358147693,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	16:45:48
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://snip.ly/kx81x2"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://snip.ly/kx81x2

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2104, Parent PID: 1184

General

Chronological Activities

Analysis Process: chrome.exePID: 5856, Parent PID: 2104

General

Chronological Activities

Analysis Process: chrome.exePID: 6560, Parent PID: 1184

General

Windows Analysis Report
https://snip.ly/kx81x2