Edit tour

Windows Analysis Report
http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4

Overview

General Information

Sample URL:	http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4
Analysis ID:	1592341
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6420 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,14094037973103786662,3093910472341777868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:21:51 GMTContent-Length: 4288Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: chromecache_64.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: chromecache_64.2.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: chromecache_64.2.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: chromecache_64.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: chromecache_64.2.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: classification engine

Classification label: mal52.phis.win@18/15@17/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,14094037973103786662,3093910472341777868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,14094037973103786662,3093910472341777868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	0%	Avira URL Cloud	safe
https://alphatrade-options.com/git/rand/favicon.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.2.137	true	false	high
www.google.com	142.250.184.228	true	false	high
fac.corp.fortinet.com	208.91.114.103	true	false	unknown
d28h3jm4r3crf8.cloudfront.net	65.9.66.13	true	false	unknown
ipfs.io	209.94.90.1	true	false	high
alphatrade-options.com	unknown	unknown	false	high
ik.imagekit.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-2.2.4.min.js	false		high
https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/	false	Avira URL Cloud: safe	unknown
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false		high
https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://alphatrade-options.com/git/rand/favicon.png	chromecache_64.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
65.9.66.52	unknown	United States	16509	AMAZON-02US	false
208.91.114.103	fac.corp.fortinet.com	United States	40934	FORTINETUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false
65.9.66.13	d28h3jm4r3crf8.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592341
Start date and time:	2025-01-16 01:20:51 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@18/15@17/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.74.206, 64.233.167.84, 142.250.186.78, 172.217.18.110, 142.250.184.238, 142.250.185.170, 142.250.186.170, 142.250.185.234, 216.58.206.74, 142.250.74.202, 172.217.18.106, 142.250.185.138, 142.250.185.74, 142.250.186.106, 142.250.186.42, 142.250.184.234, 172.217.16.202, 142.250.186.74, 216.58.212.138, 142.250.185.202, 142.250.181.234, 2.22.50.144, 2.23.77.188, 172.217.18.14, 142.250.186.46, 142.250.185.206, 142.250.184.206, 142.250.185.131, 142.250.181.238, 184.28.90.27, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4

Input	Output
URL: http://ipfs.io Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This is the legitimate domain for the InterPlanetary File System (IPFS). The .io TLD is commonly used for technology services and is the official domain for IPFS." }
URL: http://ipfs.io
URL: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This is a very important security measure. To protect your email account. Your account may be restricted until you can verify your identity.", "prominent_button_name": "Log in", "text_input_field_labels": [ "Email:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To protect your email account. Your account may be restricted until you can verify your identity.", "prominent_button_name": "Log in", "text_input_field_labels": [ "Email:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:21:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.978802545756266
Encrypted:	false
SSDEEP:	48:8ddgTE9+hHRBidAKZdA19ehwiZUklqeh1y+3:8QE+fDmy
MD5:	2039EF933541C50E9151E8F5A92BCBF7
SHA1:	8C671CE94D15CA4F3AFAA31AF312A87ACCC69D75
SHA-256:	47DF180CA1906CFF46A1EA7133FE9425F5B49184BC86520577AB0F4CAD866733
SHA-512:	316A8945A6FB4FEA991FDA7DF34977D459DF3E4D677AAB58ACB34EA3329F941AB3001E9CB8B10ED0FB9C2F27A7DDABD2B98515B6CCD5E58CF05EFC8D649813F0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....F}y..g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:21:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.993757326512109
Encrypted:	false
SSDEEP:	48:8adgTE9+hHRBidAKZdA1weh/iZUkAQkqehWy+2:81E+fx9QLy
MD5:	1F45F9E906B4F922C6668A4CF55EEA68
SHA1:	0188591B16430B8C3A471106101DFC8E66A520FB
SHA-256:	AA13F4EAE533082532CFC961C155DB6E3AA4BC9B8B661EE9472C8E226ADEA16E
SHA-512:	26D8DF263604B543829F7CF1D1DA7427E3A9694299086984B34EB1B20341651FB3AB58B7EB2F33B6C11A903EC52907A1E9EF2D253B98248F69D4DE8004DD40FA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......k..g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.007161532380285
Encrypted:	false
SSDEEP:	48:8xBdgTE9+sHRBidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xsE+cBnqy
MD5:	B01FAE4360E4C24740D20455FAB48968
SHA1:	F5096C60B0213EA9AF4CEFA93D3ABE3785709122
SHA-256:	960FD5BAF941A4D2781E308CB85CF396993D70F5B3A471D345D21854E668FD68
SHA-512:	4C4FE62E371C10E61C8A0F058C50ED5A66E2D3CB892731520D8A8A878DBB0FDC74AD161B007E070F5130B797D5D98E5AB865279857F5CF657C2C1BDC09373C93
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:21:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991890706523154
Encrypted:	false
SSDEEP:	48:8QdgTE9+hHRBidAKZdA1vehDiZUkwqehCy+R:87E+fy8y
MD5:	80B2F5CFC46E9E4ADD48AF0C8D05B969
SHA1:	7E97CF6DC65718F212C56D732BF12275512A39A4
SHA-256:	99EDCCFC8C4D2D31F1EB0CD817D65BB591494EADFCF015278D29E20611BFB794
SHA-512:	380EFDAD5EE0EE4A7B5BFA6F5EAC52C906ADF379BC17096D136E732B5BBACC28ECF584F40D9DAA5B2C01018F4F0BE0F93E393B8D70D0EB8C5777AF11D49C55AA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....jf..g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:21:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.983031661274014
Encrypted:	false
SSDEEP:	48:8PdgTE9+hHRBidAKZdA1hehBiZUk1W1qehIy+C:86E+fC9oy
MD5:	8DF3BB6FA1B79F34DEC4658F6E9A53F8
SHA1:	C764F918FD37BBADAA0FA1F8FDFDEA987C32A8C8
SHA-256:	2D00E1CF975E185F2084E3E2C27AC5849ECBBC4A01C0DC6F5003245A518E0B1E
SHA-512:	8E84AADF8A09E05B5F203A84D9703A2C0AC37A816CF7913E2EFFA862551D10B8F4A4E92BEF472AB038CCC23BC74D5BDA5D259C8B56D0A7C38BE950C0949EB9F7
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......t..g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 15 23:21:46 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9928747946670713
Encrypted:	false
SSDEEP:	48:8ldgTE9+hHRBidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:84E+f8T/TbxWOvTbqy7T
MD5:	A91D43A41891B717EBB34C94A04F4758
SHA1:	D0F7266D53574D4DC3D268095E4AA5533E1C9782
SHA-256:	C203572019DEAD9575D47AC79390D7EBE06D5B5A6167E6832BC81E7BCCCD7D91
SHA-512:	CA9AE22B2949F53D17C955DEE08E965B8E10DDC4EF0A5709ED9FBB613A83295A2CF836804D7AB64214C8EC147A501E65169F27E1022D2FA73258607FEB328463
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C_..g..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I0Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52134), with CRLF line terminators
Category:	downloaded
Size (bytes):	159340
Entropy (8bit):	5.157176443825505
Encrypted:	false
SSDEEP:	3072:p8ygto9fDFVxwupNW2kJRCsZE6JtX6diUB9TNDyI6s:3gy9fDFVxwwN7kJRCsZE6JtX6diMTNWY
MD5:	D2E88A9199C094A3F88EA9BDAE0E7DA4
SHA1:	780DFB7FE6EB0A5097F82D6E2E0B676BC96C1DA5
SHA-256:	1C8D620A6E46D11A3B5D149613C61D0958FAD86C174E9EBCD3CF33E4FA94F76F
SHA-512:	12A8828DF6B6850F48A8B0DE6C8504C7DF4E4BFB32EA61E74600AA091B5C6EEDCDC2A0F637D24D9725283602DADF6CFABEB7EBF6FFF191CAB833A93A738F7DFD
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4
Preview:	<!DOCTYPE html>..<html lang="en">.. "lalx4fn5tsphd2xki9vl6xik4koxe7nykzbreqpuxj4udsrvnx8ynueqc1seiv2sm0fyaog43rcdnjf5iz9igrkrujhtn2b8o6ggykdj29fs57t0xkwqyeoiwlkzea4o91uzey6stmj"-->..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != windo

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	64894
Entropy (8bit):	5.372381556245512
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2Bu:v4J+OlfOhWpO
MD5:	1F7D4A604162F7566C0E9F2B37667B5B
SHA1:	0E82F84676C524496D77F1F9E6A02A3BAF8D99CD
SHA-256:	5A48524CCFC6ECCD293217644CBCE9443F0B4A0EFCF6145E177D0219B90AE658
SHA-512:	1007ABBD8B6711AFB48D3E9F4E2358A6DBDFDCF87B288AB19E8FE84981BC6DAA01CA4F426AB542B60B9A12D25CA35C37ED6445E77F25BB7712AA0D61602F59A2
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmOrPg53DWYGBIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 01:21:38.781784058 CET	49675	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:38.781788111 CET	49674	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:38.875518084 CET	49673	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:48.391475916 CET	49674	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:48.391650915 CET	49675	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:48.485219955 CET	49673	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:48.918809891 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:48.918905973 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:48.918987989 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:48.919172049 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:48.919203043 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:49.558491945 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:49.558784008 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:49.558824062 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:49.560302019 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:49.560364008 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:49.564515114 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:49.564609051 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:49.610146999 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:49.610161066 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:49.657020092 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:21:50.165256023 CET	443	49703	23.1.237.91	192.168.2.5
Jan 16, 2025 01:21:50.165375948 CET	49703	443	192.168.2.5	23.1.237.91
Jan 16, 2025 01:21:50.252464056 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.252543926 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.252621889 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.253061056 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.253098011 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.718672991 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.719146967 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.719216108 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.720102072 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.720175982 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.721065044 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.721129894 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.721194029 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.763328075 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.769043922 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.769108057 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.816255093 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.867269993 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867306948 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867333889 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867352009 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867367029 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.867373943 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867383003 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867393970 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.867413044 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867423058 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.867436886 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.867486954 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.867501974 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.868133068 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.868185997 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.868196964 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.908510923 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:50.908529043 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:50.908837080 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:50.909125090 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:50.909137011 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:50.920438051 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.920454025 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.925091982 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:50.925188065 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:50.925268888 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:50.925442934 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:50.925481081 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:50.937078953 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:50.937165022 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:50.937258005 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:50.937408924 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:50.937446117 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:50.955712080 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.955740929 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.955785036 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.955801964 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.955986023 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956005096 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956034899 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956034899 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.956053019 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956075907 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.956110954 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.956121922 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956834078 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956857920 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956886053 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956912041 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.956918955 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956928015 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.956933975 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.957379103 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.957392931 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.957756042 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.957778931 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.957802057 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.957811117 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.957822084 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.957848072 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.958504915 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.958534002 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.958559036 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:50.958564997 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.958573103 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:50.958632946 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.001100063 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.001169920 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.001184940 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044003010 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044043064 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044106960 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.044121027 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044229031 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.044269085 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044336081 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044395924 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.044408083 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044717073 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044773102 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.044784069 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.044837952 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.045205116 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.045267105 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.045278072 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.045418978 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.045691013 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.045753002 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.045799971 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.045861006 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.045866966 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.045907021 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.045944929 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.046634912 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.046694994 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.046705961 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.046741962 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.046775103 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.046786070 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.046808004 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.047586918 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.047645092 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.047655106 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.047673941 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.047691107 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.047724962 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.047740936 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.047763109 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.048053026 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.048641920 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.048683882 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.048696995 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.048707962 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.048736095 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.048754930 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.092315912 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.092390060 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.134852886 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.134932041 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.134974957 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135027885 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135082006 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135109901 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135133028 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135135889 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135164976 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135195017 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135202885 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135202885 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135229111 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135235071 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135235071 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135250092 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135277987 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135287046 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135287046 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135302067 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135334969 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135349989 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135385990 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135399103 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135437012 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135452032 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135463953 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135484934 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135493040 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135530949 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.135544062 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.135593891 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.136307001 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.136363983 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.136374950 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.136394024 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.136445045 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.136636972 CET	49714	443	192.168.2.5	209.94.90.1
Jan 16, 2025 01:21:51.136671066 CET	443	49714	209.94.90.1	192.168.2.5
Jan 16, 2025 01:21:51.458528996 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.458831072 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.458842993 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.460490942 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.460562944 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.461433887 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.461540937 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.461566925 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.503329039 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.516843081 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.516851902 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.563600063 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.757263899 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757452011 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757502079 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.757513046 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757641077 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757688046 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.757693052 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757807970 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757860899 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.757865906 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.757947922 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.758043051 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.758047104 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.758073092 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.758119106 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.758162022 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.761982918 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.762063980 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.762073040 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.763264894 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:51.763489008 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:51.763535976 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:51.764360905 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.764378071 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.764400005 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.764421940 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.764432907 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.764441967 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.764451981 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.764472008 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.764492989 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.764540911 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:51.764602900 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:51.765986919 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.766014099 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.766068935 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.766072989 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:51.766074896 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.766100883 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.766161919 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:51.766536951 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:51.766552925 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:51.766953945 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:51.767335892 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:51.767345905 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:51.768249989 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:51.768313885 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:51.768748045 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.768781900 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.768811941 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.768826008 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.768845081 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.769112110 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:51.769170046 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:51.769328117 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:51.769335985 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:51.770306110 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.770359993 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.770435095 CET	49715	443	192.168.2.5	151.101.2.137
Jan 16, 2025 01:21:51.770445108 CET	443	49715	151.101.2.137	192.168.2.5
Jan 16, 2025 01:21:51.808348894 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:51.820863962 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:52.111277103 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:52.111344099 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:52.111423016 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:52.111423016 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:52.111505985 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:52.112062931 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:52.112062931 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:52.112103939 CET	443	49717	208.91.114.103	192.168.2.5
Jan 16, 2025 01:21:52.112164974 CET	49717	443	192.168.2.5	208.91.114.103
Jan 16, 2025 01:21:52.129889965 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.129909992 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.129915953 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.129977942 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.129986048 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.130052090 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.130074978 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.130101919 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.130103111 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.130129099 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349101067 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349136114 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349184990 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349200964 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349291086 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349324942 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349337101 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349338055 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349359989 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349396944 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349400997 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349421978 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349432945 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349441051 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349457026 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349457026 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349524975 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349556923 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349648952 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349663973 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349705935 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.349751949 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.349879026 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.351059914 CET	49716	443	192.168.2.5	65.9.66.13
Jan 16, 2025 01:21:52.351106882 CET	443	49716	65.9.66.13	192.168.2.5
Jan 16, 2025 01:21:52.410429001 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:52.410512924 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:52.410584927 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:52.410944939 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:52.410964966 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.186564922 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.186836004 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.186871052 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.187932968 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.188018084 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.188389063 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.188460112 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.188627958 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.188647985 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.231622934 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.477332115 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.488696098 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.488704920 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.488718033 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.488796949 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.488867998 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.488940001 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.571476936 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.571502924 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.571603060 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.571639061 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.571655989 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.571717024 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.589329004 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.589375973 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.589440107 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.589462996 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.589481115 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.589504004 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.658715963 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.658793926 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:53.658807039 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.658863068 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.659209967 CET	49720	443	192.168.2.5	65.9.66.52
Jan 16, 2025 01:21:53.659224987 CET	443	49720	65.9.66.52	192.168.2.5
Jan 16, 2025 01:21:59.471793890 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:59.471949100 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:21:59.472013950 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:00.661422014 CET	49712	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:00.661485910 CET	443	49712	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:48.968815088 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:48.968858004 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:48.969391108 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:48.969598055 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:48.969609022 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:49.611464024 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:49.611948013 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:49.611970901 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:49.612431049 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:49.612863064 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:49.612938881 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:49.655282974 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:22:59.514455080 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:59.514524937 CET	443	49994	142.250.184.228	192.168.2.5
Jan 16, 2025 01:22:59.514580965 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:23:00.657602072 CET	49994	443	192.168.2.5	142.250.184.228
Jan 16, 2025 01:23:00.657638073 CET	443	49994	142.250.184.228	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 01:21:44.240628958 CET	53	52136	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:44.313388109 CET	53	62670	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:45.409104109 CET	53	56950	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:48.911118031 CET	59957	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:48.911118031 CET	54507	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:48.917916059 CET	53	59957	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:48.917937040 CET	53	54507	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.220588923 CET	59809	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.220720053 CET	49767	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.227134943 CET	53	59809	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.227791071 CET	53	49767	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.244405985 CET	63687	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.244613886 CET	60035	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.250984907 CET	53	63687	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.251897097 CET	53	60035	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.898958921 CET	63521	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.899420023 CET	64955	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.906090975 CET	53	63521	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.906210899 CET	53	64955	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.914040089 CET	61099	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.914163113 CET	61557	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.914530993 CET	53194	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.914664984 CET	54897	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:50.921489954 CET	53	53194	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.923037052 CET	53	61557	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:50.924781084 CET	53	61099	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:51.085534096 CET	53	54897	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:51.851810932 CET	53	54926	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:52.382782936 CET	64469	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:52.383146048 CET	52535	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:52.386771917 CET	52079	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:52.386989117 CET	50601	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:52.393004894 CET	53	52535	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:52.393021107 CET	53	64469	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:52.393812895 CET	62432	53	192.168.2.5	1.1.1.1
Jan 16, 2025 01:21:52.395585060 CET	53	50601	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:52.400774002 CET	53	62432	1.1.1.1	192.168.2.5
Jan 16, 2025 01:21:52.409907103 CET	53	52079	1.1.1.1	192.168.2.5
Jan 16, 2025 01:22:02.395153046 CET	53	49803	1.1.1.1	192.168.2.5
Jan 16, 2025 01:22:21.257247925 CET	53	62443	1.1.1.1	192.168.2.5
Jan 16, 2025 01:22:43.725373983 CET	53	53731	1.1.1.1	192.168.2.5
Jan 16, 2025 01:22:44.180871964 CET	53	52970	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 16, 2025 01:21:51.085623980 CET	192.168.2.5	1.1.1.1	c218	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 16, 2025 01:21:48.911118031 CET	192.168.2.5	1.1.1.1	0xbd50	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:48.911118031 CET	192.168.2.5	1.1.1.1	0x3f10	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 16, 2025 01:21:50.220588923 CET	192.168.2.5	1.1.1.1	0xec60	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.220720053 CET	192.168.2.5	1.1.1.1	0xd741	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 16, 2025 01:21:50.244405985 CET	192.168.2.5	1.1.1.1	0x6994	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.244613886 CET	192.168.2.5	1.1.1.1	0xc9d7	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 16, 2025 01:21:50.898958921 CET	192.168.2.5	1.1.1.1	0x60c6	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.899420023 CET	192.168.2.5	1.1.1.1	0xb531	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 16, 2025 01:21:50.914040089 CET	192.168.2.5	1.1.1.1	0x3762	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.914163113 CET	192.168.2.5	1.1.1.1	0x991d	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Jan 16, 2025 01:21:50.914530993 CET	192.168.2.5	1.1.1.1	0xd670	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.914664984 CET	192.168.2.5	1.1.1.1	0x365d	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Jan 16, 2025 01:21:52.382782936 CET	192.168.2.5	1.1.1.1	0x6a72	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.383146048 CET	192.168.2.5	1.1.1.1	0xae69	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Jan 16, 2025 01:21:52.386771917 CET	192.168.2.5	1.1.1.1	0x6e3d	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.386989117 CET	192.168.2.5	1.1.1.1	0x81a0	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Jan 16, 2025 01:21:52.393812895 CET	192.168.2.5	1.1.1.1	0xacc4	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 16, 2025 01:21:48.917916059 CET	1.1.1.1	192.168.2.5	0xbd50	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:48.917937040 CET	1.1.1.1	192.168.2.5	0x3f10	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 16, 2025 01:21:50.227134943 CET	1.1.1.1	192.168.2.5	0xec60	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.227791071 CET	1.1.1.1	192.168.2.5	0xd741	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 16, 2025 01:21:50.250984907 CET	1.1.1.1	192.168.2.5	0x6994	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.251897097 CET	1.1.1.1	192.168.2.5	0xc9d7	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 16, 2025 01:21:50.906090975 CET	1.1.1.1	192.168.2.5	0x60c6	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.906090975 CET	1.1.1.1	192.168.2.5	0x60c6	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.906090975 CET	1.1.1.1	192.168.2.5	0x60c6	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.906090975 CET	1.1.1.1	192.168.2.5	0x60c6	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.921489954 CET	1.1.1.1	192.168.2.5	0xd670	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.923037052 CET	1.1.1.1	192.168.2.5	0x991d	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:21:50.924781084 CET	1.1.1.1	192.168.2.5	0x3762	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:21:50.924781084 CET	1.1.1.1	192.168.2.5	0x3762	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.13	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.924781084 CET	1.1.1.1	192.168.2.5	0x3762	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.107	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.924781084 CET	1.1.1.1	192.168.2.5	0x3762	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.52	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:50.924781084 CET	1.1.1.1	192.168.2.5	0x3762	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.41	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.393004894 CET	1.1.1.1	192.168.2.5	0xae69	Name error (3)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Jan 16, 2025 01:21:52.393021107 CET	1.1.1.1	192.168.2.5	0x6a72	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.395585060 CET	1.1.1.1	192.168.2.5	0x81a0	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:21:52.400774002 CET	1.1.1.1	192.168.2.5	0xacc4	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.409907103 CET	1.1.1.1	192.168.2.5	0x6e3d	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:21:52.409907103 CET	1.1.1.1	192.168.2.5	0x6e3d	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.52	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.409907103 CET	1.1.1.1	192.168.2.5	0x6e3d	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.13	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.409907103 CET	1.1.1.1	192.168.2.5	0x6e3d	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.107	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:21:52.409907103 CET	1.1.1.1	192.168.2.5	0x6e3d	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.41	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	209.94.90.1	443	2124	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:21:50 UTC	714	OUT	GET /ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 HTTP/1.1 Host: ipfs.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:21:50 UTC	1069	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 00:21:50 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 x-ipfs-roots: bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 x-ipfs-pop: rainbow-ny5-01 CF-Cache-Status: HIT Age: 30143 Server: cloudflare CF-RAY: 9029f2a08f3c80df-EWR alt-svc: h3=":443"; ma=86400
2025-01-16 00:21:50 UTC	300	IN	Data Raw: 37 62 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 22 6c 61 6c 78 34 66 6e 35 74 73 70 68 64 32 78 6b 69 39 76 6c 36 78 69 6b 34 6b 6f 78 65 37 6e 79 6b 7a 62 72 65 71 70 75 78 6a 34 75 64 73 72 76 6e 78 38 79 6e 75 65 71 63 31 73 65 69 76 32 73 6d 30 66 79 61 6f 67 34 33 72 63 64 6e 6a 66 35 69 7a 39 69 67 72 6b 72 75 6a 68 74 6e 32 62 38 6f 36 67 67 79 6b 64 6a 32 39 66 73 35 37 74 30 78 6b 77 71 79 65 6f 69 77 6c 6b 7a 65 61 34 6f 39 31 75 7a 65 79 36 73 74 6d 6a 22 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f Data Ascii: 7b83<!DOCTYPE html><html lang="en">..."lalx4fn5tsphd2xki9vl6xik4koxe7nykzbreqpuxj4udsrvnx8ynueqc1seiv2sm0fyaog43rcdnjf5iz9igrkrujhtn2b8o6ggykdj29fs57t0xkwqyeoiwlkzea4o91uzey6stmj"--><head> <meta charset="UTF-8"> <meta name="viewport" co
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 69 64 3d 22 66 61 76 69 63 6f 6e 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 Data Ascii: > <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="referrer" content="strict-origin"> <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png"> <script src="h
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 35 31 35 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 75 Data Ascii: color: #425152; text-decoration: none; } a:hover { text-decoration: underline; } input { border-radius: 5px; padding: 5px 3px; } input.su
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 47 36 4a 2f 65 4f 2b 71 59 65 4f 61 50 47 74 53 61 36 6e 47 31 67 6f 5a 65 63 30 33 65 5a 4d 36 72 38 48 4f 39 30 30 70 73 66 7a 75 57 6d 4f 56 35 79 2f 58 47 30 31 31 74 4b 6c 74 56 4f 6c 37 49 79 31 63 31 53 49 65 74 62 52 48 6e 70 2f 73 41 36 57 39 59 39 74 4d 5a 56 79 6b 43 6e 4b 42 63 52 45 72 78 6e 4e 44 63 71 4d 42 63 62 4f 65 37 56 49 6e 41 4a 2f 2f 6b 42 47 63 37 56 67 54 54 59 64 66 4f 36 78 72 6a 52 55 42 65 4b 76 34 64 73 65 34 32 44 61 73 30 7a 36 71 4f 69 50 47 78 56 4a 52 6c 44 66 5a 73 66 71 59 2b 6d 79 6e 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 33 Data Ascii: G6J/eO+qYeOaPGtSa6nG1goZec03eZM6r8HO900psfzuWmOV5y/XG011tKltVOl7Iy1c1SIetbRHnp/sA6W9Y9tMZVykCnKBcRErxnNDcqMBcbOe7VInAJ//kBGc7VgTTYdfO6xrjRUBeKv4dse42Das0z6qOiPGxVJRlDfZsfqY+myn9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq3
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 Data Ascii: middle; padding-top: 4px; } .col1 { width: 124px; font-size: 13px; font-weight: 600; } .col2 { width: 286px; } .col2 input {
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 39 30 70 78 20 61 75 74 6f 20 61 75 74 6f 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: width: 500px; margin: 90px auto auto auto; padding-left: 10px; } @media only screen and (max-width: 600px) { body { background-image: none; }
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 20 Data Ascii: margin-top: -25px; } .xlogo img { vertical-align: middle; width: 5%; height: 5%; object-fit: contain } .xlogo span { vertical-align: middle
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 62 67 5f 73 63 72 65 65 6e 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6b 2e 69 6d 61 67 65 6b 69 74 2e 69 6f 2f 65 73 63 72 6f 77 6d 61 64 65 2f 52 6f 6c 6c 69 6e 67 2d 31 73 2d 32 30 30 70 78 5f 5f 31 5f 5f 74 72 48 43 57 58 79 39 6a 44 2e 67 69 66 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 35 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 22 Data Ascii: ; display:none" id="bg_screen"> </div> <img src="https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif" style="width:50px; position:absolute; top:50%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image"
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 72 64 5f 68 69 64 64 65 6e 3a 39 33 65 64 66 37 64 33 63 65 62 37 30 34 62 65 39 32 65 65 30 38 34 65 63 63 36 32 63 36 63 38 2f 22 20 61 6c 74 3d 22 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 65 74 56 69 73 69 62 69 6c 69 74 79 28 29 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 3c 62 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 Data Ascii: rd_hidden:93edf7d3ceb704be92ee084ecc62c6c8/" alt="" onclick="setVisibility()"> </div> <br><br> <div class="row"> <div><span class="error" id="error"></span></div> </div> <di
2025-01-16 00:21:50 UTC	1369	IN	Data Raw: 6f 6d 2f 76 30 2f 62 2f 70 6f 72 74 61 6c 2d 61 61 33 36 33 2e 61 70 70 73 70 6f 74 2e 63 6f 6d 2f 6f 2f 66 61 76 69 63 6f 6e 73 2e 70 6e 67 3f 61 6c 74 3d 6d 65 64 69 61 26 74 6f 6b 65 6e 3d 38 30 35 66 62 30 65 66 2d 61 32 64 39 2d 34 61 37 66 2d 38 35 65 36 2d 64 36 38 33 38 34 65 31 36 36 65 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 63 61 70 69 74 61 6c 69 7a 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 22 20 63 6c 61 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: om/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3"> <span style="text-transform: capitalize !important;" class='text-g' id="banNer"></span> </div> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49715	151.101.2.137	443	2124	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:21:51 UTC	547	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ipfs.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:21:51 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 16 Jan 2025 00:21:51 GMT Age: 2478482 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740046-EWR X-Cache: HIT, HIT X-Cache-Hits: 2413, 1 X-Timer: S1736986912.512404,VS0,VE1 Vary: Accept-Encoding
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 7c 7c 7b 7d 2c 68 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 7c 7c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 29 7c 7c 28 67 3d 7b 7d 29 2c 68 3d 3d 3d 69 26 26 28 67 3d 74 68 69 73 2c 68 2d 2d 29 3b 69 3e 68 3b 68 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 29 29 66 6f 72 28 62 20 69 6e 20 61 29 63 3d 67 5b 62 5d 2c 64 3d 61 5b 62 5d 2c 67 21 3d 3d 64 26 26 28 6a 26 26 64 26 26 28 6e 2e 69 73 50 6c 61 Data Ascii: ,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPla
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 2d 22 29 2e 72 65 70 6c 61 63 65 28 71 2c 72 29 7d 2c 6e 6f 64 65 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 73 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 63 3e 64 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e Data Ascii: -").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 3d 6e 2e 74 79 70 65 28 61 29 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 63 7c 7c 6e 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 21 31 3a 22 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 7d 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 67 61 28 29 2c 7a 3d 67 61 28 29 2c 41 3d 67 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d Data Ascii: =n.type(a);return"function"===c\|\|n.isWindow(a)?!1:"array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 4b 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4c 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4c 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4c 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 59 3d 2f 5e 68 5c 64 24 2f 69 2c 5a 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 24 3d 2f 5e 28 3f 3a 23 28 Data Ascii: i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+L+"((?:-\\d)?\\d)"+L+"\$\|)(?=[^-]\|$)","i")},X=/^(?:input\|select\|textarea\|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#(
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 61 61 2c 22 5c 5c 24 26 22 29 3a 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 6b 3d 75 29 2c 72 3d 67 28 61 29 2c 68 3d 72 2e 6c 65 6e 67 74 68 2c 6c 3d 56 2e 74 65 73 74 28 6b 29 3f 22 23 22 2b 6b 3a 22 5b 69 64 3d 27 22 2b 6b 2b 22 27 5d 22 3b 77 68 69 6c 65 28 68 2d 2d 29 72 5b 68 5d 3d 6c 2b 22 20 22 2b 71 61 28 72 5b 68 5d 29 3b 73 3d 72 2e 6a 6f 69 6e 28 22 2c 22 29 2c 77 3d 5f 2e 74 65 73 74 28 61 29 26 26 6f 61 28 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 62 7d 69 66 28 73 29 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 64 2c 77 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 73 Data Ascii: Case()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)\|\|b}if(s)try{return H.apply(d,w.querySelectorAll(s
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 3f 22 48 54 4d 4c 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 3a 21 31 7d 2c 6d 3d 66 61 2e 73 65 74 44 6f 63 75 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 65 2c 67 3d 61 3f 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 3a 76 3b 72 65 74 75 72 6e 20 67 21 3d 3d 6e 26 26 39 3d 3d 3d 67 2e 6e 6f 64 65 54 79 70 65 26 26 67 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3f 28 6e 3d 67 2c 6f 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 70 3d 21 66 28 6e 29 2c 28 65 3d 6e 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 65 2e 74 6f 70 21 3d 3d 65 26 26 28 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c Data Ascii: ).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument\|\|a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventL
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 6e 20 66 7d 2c 64 2e 66 69 6e 64 2e 43 4c 41 53 53 3d 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 70 3f 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 3a 76 6f 69 64 20 30 7d 2c 72 3d 5b 5d 2c 71 3d 5b 5d 2c 28 63 2e 71 73 61 3d 5a 2e 74 65 73 74 28 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 29 26 26 28 69 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 69 64 3d 27 22 2b 75 2b 22 27 3e 3c 2f 61 Data Ascii: n f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 6d 65 6e 74 3a 61 2c 64 3d 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 61 3d 3d 3d 64 7c 7c 21 28 21 64 7c 7c 31 21 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 63 2e 63 6f 6e 74 61 69 6e 73 3f 63 2e 63 6f 6e 74 61 69 6e 73 28 64 29 3a 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 64 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 77 68 69 6c 65 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 Data Ascii: ment:a,d=b&&b.parentNode;return a===d\|\|!(!d\|\|1!==d.nodeType\|\|!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!
2025-01-16 00:21:51 UTC	1378	IN	Data Raw: 72 48 61 6e 64 6c 65 5b 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 66 3d 65 26 26 44 2e 63 61 6c 6c 28 64 2e 61 74 74 72 48 61 6e 64 6c 65 2c 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 65 28 61 2c 62 2c 21 70 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 66 3f 66 3a 63 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 21 70 3f 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 3a 28 66 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 62 29 29 26 26 66 2e 73 70 65 63 69 66 69 65 64 3f 66 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 2c 66 61 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 Data Ascii: rHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes\|\|!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognize

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49716	65.9.66.13	443	2124	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:21:51 UTC	611	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:21:52 UTC	807	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: f3b958f7-e514-4441-9b79-2da1c5ddee92 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Mon, 30 Sep 2024 19:32:04 GMT Date: Thu, 31 Oct 2024 19:52:56 GMT Via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront), 1.1 3dd91613764eafe7ad199013ce202442.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: S85ZbDjsiPFRC3_6RY7x0BALm44g5yuvloX3lPyHL-MZaOdQa-Wo1w== Age: 6582536
2025-01-16 00:21:52 UTC	15577	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2025-01-16 00:21:52 UTC	16384	IN	Data Raw: cd 21 18 33 26 01 e0 00 2c 1d f9 ce 98 10 00 03 f9 b0 e6 00 75 32 1a 0e a0 b3 94 9b 64 ca 06 5a 50 01 19 66 52 06 e0 94 09 02 1a 40 02 10 70 13 91 1d c8 26 53 0a e8 c8 0c 90 b1 2a 57 fc a4 00 b4 c8 14 08 c5 12 8d 54 c1 0a 2e 3b 70 d1 a1 74 2f 96 11 28 a4 4e 0c ba ca 14 24 d4 22 92 c9 9c 24 4e 86 52 3c 6b 56 a0 a4 1e 39 41 3b 85 60 80 b8 a1 04 8c 3b 05 40 06 42 c9 90 22 06 15 00 32 e0 28 c8 8e 5a 84 07 f0 11 20 16 64 2a 00 24 a0 81 97 3a 23 06 52 3d c2 6c 98 b9 0d 5f 66 95 08 12 98 c1 e4 b8 21 ce a3 76 a0 05 bb e4 45 ef be ca 84 07 a8 40 04 38 d5 05 f3 d8 1a 05 01 70 e0 03 30 38 81 50 78 46 57 2a 14 c0 02 1c f8 55 5f 07 4b d8 c2 1a f6 b0 88 4d ac 62 17 cb d8 c6 3a f6 b1 90 8d ac 64 27 4b d9 ca 5a f6 b2 70 08 02 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 Data Ascii: !3&,u2dZPfR@p&SWT.;pt/(N$"$NR<kV9A;`;@B"2(Z d$:#R=l_f!vE@8p08PxFW*U_KMb:d'KZp!,
2025-01-16 00:21:52 UTC	16384	IN	Data Raw: 3e ea 6c 5b 48 87 f1 64 66 ff 2e 21 14 c4 33 eb ba 84 18 40 6c 39 e5 c2 2b c8 9d e6 fc 64 ef 20 aa c2 f3 c1 be 83 c8 0b 0f 0b 00 0f 82 2f 39 08 b4 5a 70 1e fd be 13 ed c2 7b 44 90 2e c4 80 d4 4a 4e 9b 14 fb b1 67 39 2f 64 ec 07 07 f1 28 ec f1 1c 12 c4 b3 ec c8 7a 14 9a 0d 83 28 eb 91 6c 39 b7 b6 6c 47 8d e6 88 2a f3 1d 2a c0 f3 e8 cd 77 54 00 8f b6 3c d7 f1 c0 4a 41 db 61 00 3c 0c 14 6d c7 bc d9 24 ad 34 1d 49 3a f5 34 1d b9 98 03 c1 d4 73 3c 5b ce d5 58 c7 a1 72 33 0a 74 1d 47 98 e4 84 2d f6 1b 5f 33 63 f6 d9 6d 30 8d cd da 6c ab 71 f4 3b 1b c4 cd c6 9f e6 bc 6b 37 1a 8d 9a 83 f1 de 68 80 fc ce 90 80 9f d1 e3 3b 36 17 5e 06 89 ef 1c a9 b8 19 5a 97 73 dd e3 64 48 0c 4f b8 94 87 31 e7 3b 08 64 4e 06 8a e6 10 ec b9 18 39 9a b3 f3 e8 5f 58 fe 8e ba a8 73 d1 Data Ascii: >l[Hdf.!3@l9+d /9Zp{D.JNg9/d(z(l9lG**wT<JAa<m$4I:4s<[Xr3tG-_3cm0lq;k7h;6^ZsdHO1;dN9_Xs
2025-01-16 00:21:52 UTC	6857	IN	Data Raw: ff ca 00 0a 7c 85 80 82 65 94 a6 15 75 af 1c a7 15 50 6b b4 a6 55 7e af f8 f6 d5 6a 68 6c f0 d5 0a b1 0c 30 d9 53 2c ac 61 00 5e b2 c8 f7 14 02 cf 91 21 a3 56 3a c5 f2 91 56 d9 9d 41 c1 57 1e c6 62 c0 70 3d a5 a0 46 3f 5a 91 40 0b 85 4a 69 a0 86 74 4f 59 25 8b 8a 4a 35 90 c6 8f 5f 59 38 4b 31 5f 15 19 46 07 09 d2 82 a0 56 5c 9d b1 a4 52 51 ce 42 e5 4d c2 9c 41 91 56 1a d2 62 de 53 12 96 31 c3 57 c0 d5 e2 a2 52 79 99 11 60 55 b6 38 30 23 1a e2 3d 85 82 2d 0c 02 8a 86 7f 44 f5 49 0b 86 4f b9 80 c6 40 4f d5 49 4b 67 5a e5 49 c6 8e 4a d1 37 8b 04 8e a1 c1 2a 51 24 ba 52 40 ac 67 cc da 53 ad ad dc aa 95 02 b2 7e 05 23 2d be 3e 05 ec 19 21 be 68 4b b1 4a 1d 6b 46 b2 4f 0d 3b 0b 87 bf a2 01 6d ab b6 50 6b ac b5 5f e1 46 4b 81 d5 9e 41 aa 52 bc d1 02 67 aa 68 0c Data Ascii: \|euPkU~jhl0S,a^!V:VAWbp=F?Z@JitOY%J5_Y8K1_FV\RQBMAVbS1WRy`U80#=-DIO@OIKgZIJ7*Q$R@gS~#->!hKJkFO;mPk_FKARgh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49717	208.91.114.103	443	2124	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:21:51 UTC	639	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:21:52 UTC	548	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 00:21:51 GMT Content-Length: 4288 Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2025-01-16 00:21:52 UTC	4288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49720	65.9.66.52	443	2124	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:21:53 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:21:53 UTC	805	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 77f56fe4-746b-47c7-81b6-47a394580022 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Thu, 31 Oct 2024 20:27:09 GMT Date: Wed, 15 Jan 2025 12:13:19 GMT Via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront), 1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: A1oZRay4gXCNVf75NopYwB5wFoW313l_6Iv28PE783FLCjENBUaeDQ== Age: 43714
2025-01-16 00:21:53 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2025-01-16 00:21:53 UTC	16384	IN	Data Raw: 06 15 30 ce 26 fd 80 69 00 09 a4 0c 34 c4 e0 aa 65 80 05 10 2b 22 fe c4 40 5a 12 86 9f 0d 66 3c 28 63 20 c5 d1 9f 01 2a 4f 72 80 13 83 2c 35 12 66 b4 bc 19 a0 75 23 13 37 7d c3 99 d0 20 79 a4 14 2f 45 fc 96 53 c1 c5 cb 19 8f 2a b8 3c 41 ec 8e 05 9b 24 39 34 f2 a0 7a 22 03 f1 7b 64 0c df 28 63 91 00 79 12 09 cc 30 8e 67 c0 08 92 04 66 23 1a d0 5c 63 03 86 81 64 d0 9f 79 82 19 f2 c1 46 23 d0 e7 c7 7d 1a 61 70 88 76 13 29 d0 de 21 31 68 96 10 7a 83 48 60 a1 3f 27 30 65 ff cc 06 13 11 00 60 20 03 7c 95 50 6e 8c 18 00 1e 42 0d 28 a8 c7 63 12 b5 f0 c8 00 17 4c 34 42 20 12 4c 64 42 24 9e 4d 44 d6 1f b7 21 84 61 24 57 9d f8 07 0a 12 ed 58 49 08 12 b1 c5 87 01 8b f5 73 a3 25 03 ac 48 0f 03 2e ce 51 24 45 99 18 60 62 3f 2a ec 51 42 42 2b 64 09 89 00 d8 f8 43 40 81 Data Ascii: 0&i4e+"@Zf<(c Or,5fu#7} y/ES<A$94z"{d(cy0gf#\cdyF#}apv)!1hzH`?'0e` \|PnB(cL4B LdB$MD!a$WXIs%H.Q$E`b?*QBB+dC@
2025-01-16 00:21:53 UTC	16384	IN	Data Raw: 08 bc 00 2e 7e 11 46 07 e8 f9 c2 a6 3a f5 a9 50 8d aa 54 a7 4a d5 aa 5a f5 aa 58 cd aa 56 b7 ca d5 ae 7a f5 ab 60 0d 2b 20 82 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 85 00 00 00 b5 b5 b5 f5 f5 f5 fd fd fd 9d 9d 9d f7 f7 f7 fb fb fb 99 99 99 9b 9b 9b ff ff ff a1 a1 a1 9f 9f 9f a5 a5 a5 ad ad ad c9 c9 c9 ed ed ed a3 a3 a3 f9 f9 f9 f3 f3 f3 df df df d1 d1 d1 e1 e1 e1 e9 e9 e9 b9 b9 b9 bd bd bd ef ef ef c3 c3 c3 a9 a9 a9 db db db eb eb eb e7 e7 e7 c7 c7 c7 cf cf cf c1 c1 c1 bb bb bb cb cb cb bf bf bf f1 f1 f1 d5 d5 d5 ab ab ab dd dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 Data Ascii: .~F:PTJZXVz`+ !,
2025-01-16 00:21:53 UTC	6050	IN	Data Raw: d8 d2 28 0d 17 5c 31 0d 0f c0 12 25 97 11 49 47 38 71 93 07 80 40 0b ec 38 86 01 70 80 74 94 4c e1 24 8e 08 4a 69 88 92 94 5c c8 80 0a 2e a0 c7 54 66 82 95 ad c4 86 0b 46 10 03 2e 26 c1 02 2a 10 c1 c4 72 79 00 55 5a 02 97 c4 c4 06 04 5c 10 02 10 a0 c0 03 1d c8 80 00 fc 26 81 0e c4 20 05 14 68 81 16 93 b9 bb 4c 70 80 8c c9 0c a7 60 08 50 b1 4d 74 e0 91 e2 4c e7 57 18 e0 43 4e 08 60 9b ea 8c 27 48 38 38 0a 03 ac 50 9e f8 4c 88 3b 4c 91 82 5a e6 13 9f 56 4c 85 04 06 f7 4f 7c 06 60 89 a8 50 01 38 0b da 4a 02 b0 71 15 59 64 68 3a 57 10 c8 54 a4 60 98 12 4d 23 04 1a 06 0b 3c 2e 34 a3 7c 1b 81 2f 53 51 00 97 81 d4 35 08 bd c5 03 20 78 52 ad b0 80 7b 9a be e8 80 26 5b ba 12 11 84 f0 17 8d c4 28 4d 97 b1 00 07 a4 14 19 03 40 01 41 5b 7a 02 1a 8c b4 17 12 a0 00 2a Data Ascii: (\1%IG8q@8ptL$Ji\.TfF.&ryUZ\& hLp`PMtLWCN`'H88PL;LZVLO\|`P8JqYdh:WT`M#<.4\|/SQ5 xR{&[(M@A[z

Target ID:	0
Start time:	19:21:41
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:21:43
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1988,i,14094037973103786662,3093910472341777868,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:21:49
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==
Source: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==

Source: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4 HTTP/1.1Host: ipfs.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ipfs.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6420, Parent PID: 5484

Windows Analysis Report
http://ipfs.io/ipfs/bafkreia4rvrau3sg2endwxiusyj4mhijld5nq3axj2plzu6pgpspvfhxn4