Edit tour

Windows Analysis Report
https://kucoinrxlogine.webflow.io/

Overview

General Information

Sample URL:	https://kucoinrxlogine.webflow.io/
Analysis ID:	1642389
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish64

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5644 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,1997121478770627715,10133272766910537313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinrxlogine.webflow.io/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_64	Yara detected HtmlPhish_64	Joe Security

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://kucoinrxlogine.webflow.io/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

Yara detected HtmlPhish64

Source: Yara match

File source: 0.0.pages.csv, type: HTML

AI detected suspicious URL

Source: https://kucoinrxlogine.webflow.io

Joe Sandbox AI: The URL 'kucoinrxlogine.webflow.io' appears to be attempting to mimic the legitimate KuCoin website. The use of 'kucoin' in the subdomain suggests an attempt to associate with the known cryptocurrency exchange brand. The addition of 'rxlogine' is a structural change that could confuse users, especially if they are not paying close attention. The use of 'webflow.io' as a domain extension is not directly related to KuCoin and could be used to host a deceptive page. The similarity score is high due to the inclusion of the brand name and the structural changes that could lead to user confusion. The likelihood of typosquatting is also high, given the deceptive potential of the URL structure and the known brand being targeted.

Source: https://kucoinrxlogine.webflow.io/

HTTP Parser: Number of links: 0

Source: https://kucoinrxlogine.webflow.io/

HTTP Parser: No <meta name="author".. found

Source: https://kucoinrxlogine.webflow.io/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.8:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.36.248:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.36.248:443 -> 192.168.2.8:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.153.55:443 -> 192.168.2.8:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.153.55:443 -> 192.168.2.8:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.222.232.144:443 -> 192.168.2.8:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.161.117:443 -> 192.168.2.8:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.161.117:443 -> 192.168.2.8:49698 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.60.201.147
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.90
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: kucoinrxlogine.webflow.ioConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /652a35b0d18b14276290b333/css/kucoinrxlogine.webflow.df0c9a7a9.css HTTP/1.1Host: assets-global.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://kucoinrxlogine.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /652a35b0d18b14276290b333/js/webflow.eda963208.js HTTP/1.1Host: assets-global.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://kucoinrxlogine.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b333 HTTP/1.1Host: d3e54v103j8qbb.cloudfront.netConnection: keep-aliveOrigin: https://kucoinrxlogine.webflow.iosec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://kucoinrxlogine.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiKo8sBCIWgzQEI59DNAQi91c4BCIHWzgEIvODOAQiu5M4BCIvlzgEY4eLOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /652a35b0d18b14276290b333/652a35d79a8da6be30e9d7c4_kucoin%20new%20bnner.png HTTP/1.1Host: assets-global.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://kucoinrxlogine.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /652a35b0d18b14276290b333/652a37d5763ab4f523ccf249_kucoin%20favicon.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://kucoinrxlogine.webflow.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /652a35b0d18b14276290b333/652a37d5763ab4f523ccf249_kucoin%20favicon.png HTTP/1.1Host: cdn.prod.website-files.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: kucoinrxlogine.webflow.io
Source: global traffic	DNS traffic detected: DNS query: assets-global.website-files.com
Source: global traffic	DNS traffic detected: DNS query: d3e54v103j8qbb.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: cdn.prod.website-files.com

Source: chromecache_56.1.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_59.1.dr	String found in binary or memory: https://assets-global.website-files.com/652a35b0d18b14276290b333/js/webflow.eda963208.js
Source: chromecache_59.1.dr	String found in binary or memory: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b33
Source: chromecache_56.1.dr	String found in binary or memory: https://github.com/bkwld/tram

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443

Source: unknown	HTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.8:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.36.248:443 -> 192.168.2.8:49690 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.36.248:443 -> 192.168.2.8:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.153.55:443 -> 192.168.2.8:49692 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.64.153.55:443 -> 192.168.2.8:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.222.232.144:443 -> 192.168.2.8:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.161.117:443 -> 192.168.2.8:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.161.117:443 -> 192.168.2.8:49698 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5644_1809746272

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5644_1809746272

Jump to behavior

Source: classification engine

Classification label: mal60.phis.win@21/15@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,1997121478770627715,10133272766910537313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinrxlogine.webflow.io/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,1997121478770627715,10133272766910537313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://kucoinrxlogine.webflow.io/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label	Link
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b33	0%	Avira URL Cloud	safe
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b333	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
d3e54v103j8qbb.cloudfront.net	52.222.232.144	true	false	high
assets-global.website-files.com	172.64.153.55	true	false	high
cdn.prod.website-files.com	104.18.161.117	true	false	high
www.google.com	142.250.184.228	true	false	high
kucoinrxlogine.webflow.io	104.18.36.248	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets-global.website-files.com/652a35b0d18b14276290b333/652a35d79a8da6be30e9d7c4_kucoin%20new%20bnner.png	false		high
https://kucoinrxlogine.webflow.io/	true		unknown
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b333	false	Avira URL Cloud: safe	unknown
https://assets-global.website-files.com/652a35b0d18b14276290b333/js/webflow.eda963208.js	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE	false		high
https://cdn.prod.website-files.com/652a35b0d18b14276290b333/652a37d5763ab4f523ccf249_kucoin%20favicon.png	false		high
https://assets-global.website-files.com/652a35b0d18b14276290b333/css/kucoinrxlogine.webflow.df0c9a7a9.css	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/bkwld/tram	chromecache_56.1.dr	false		high
http://underscorejs.org	chromecache_56.1.dr	false		high
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b33	chromecache_59.1.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.36.248	kucoinrxlogine.webflow.io	United States	13335	CLOUDFLARENETUS	true
104.18.161.117	cdn.prod.website-files.com	United States	13335	CLOUDFLARENETUS	false
172.64.153.55	assets-global.website-files.com	United States	13335	CLOUDFLARENETUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
52.222.232.144	d3e54v103j8qbb.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.8
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1642389
Start date and time:	2025-03-19 01:46:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://kucoinrxlogine.webflow.io/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@21/15@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): sppsvc.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.110, 142.250.185.131, 64.233.167.84, 142.250.185.142, 142.250.184.206, 172.217.16.142, 142.250.184.238, 142.250.185.206, 199.232.210.172, 172.217.16.206, 142.250.186.174, 142.250.185.163, 142.250.186.67, 20.12.23.50, 104.103.102.195, 40.126.31.128, 184.86.251.27
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://kucoinrxlogine.webflow.io/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1312
Entropy (8bit):	7.789181347463841
Encrypted:	false
SSDEEP:	24:C3wX2lK67/vxnCgrDasfvXWVSrB3uH9B3olTPlIZ5qCJgEc7IozUp+dg+784O+hz:CxCg1WS3udBotA5C7Ioz3dP78l+5
MD5:	C1D7F1E816F43A77603A5204A7A1029A
SHA1:	F8DB8F70DFE156B0C63E9CCCE85D3EF2EBE20BE2
SHA-256:	6EE474E7CD75FB75DA6A55091E4742D7FB265CFCE486E46AB59F570DB8EA1FFD
SHA-512:	68EA594C195B7C614B519719720B8FB19BC26F36A784B57440F06A0F67B20CD0560191037D8ADA931262692CAB7CCC503F0A8BD1EFDFD84BE92FC1F31A66436A
Malicious:	false
Reputation:	low
URL:	https://cdn.prod.website-files.com/652a35b0d18b14276290b333/652a37d5763ab4f523ccf249_kucoin%20favicon.png
Preview:	.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........+......IDATXG.kL.U.....B..0T..m...f.N.C.....43......%K...%.>./..73...L...Q.P..9.e...8.9.rqc..+-->..y..o..M...9.}....<.).....89x....hk4..w.(.9i.x2o5.6..6#....X{.cX.)H...#.%..&.........c...K...G.q....V+?~k...p.........y...0R..9\|..RtyQ..m......u.&06./8){.5Y[;B..k..;...f.t.,>.u..5..x..d.......dm..j...F...rW.II....0,..q.p.3x.2............#?..ESS..a.... %...l.E..Y...i0./.M[..s...a../p...KMi.'>.i..].Q.../..O....$^...y.;..&.....H.....3..E;.l..L$....`5m......mH..>&Y..H..H........... J;.........E..m.D.-......P..^..s.. ..:.k...c..-r.cM......(.YD"..Y<....#^.%i.F.9Q.8t..LdP..r@....Q...>Q..;....Mt.L.....w...$.o...c#"Bj$m...+.3....U....t..P....-...Y.)h....}...G...T.9.\.8.F....0<.E..."i.5w..Gw.J.F'.G.?..k.b...3.....c.4.9+.)...q5TK.8.r..2...X...9.'.....t....,.".B....c.z....p.A\u....-&..t.......S$.(..\....".WWm.\|Q.B...?./m..V.a.<..~......S...{. .....(...,{....Z.."....v\|

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1312
Entropy (8bit):	7.789181347463841
Encrypted:	false
SSDEEP:	24:C3wX2lK67/vxnCgrDasfvXWVSrB3uH9B3olTPlIZ5qCJgEc7IozUp+dg+784O+hz:CxCg1WS3udBotA5C7Ioz3dP78l+5
MD5:	C1D7F1E816F43A77603A5204A7A1029A
SHA1:	F8DB8F70DFE156B0C63E9CCCE85D3EF2EBE20BE2
SHA-256:	6EE474E7CD75FB75DA6A55091E4742D7FB265CFCE486E46AB59F570DB8EA1FFD
SHA-512:	68EA594C195B7C614B519719720B8FB19BC26F36A784B57440F06A0F67B20CD0560191037D8ADA931262692CAB7CCC503F0A8BD1EFDFD84BE92FC1F31A66436A
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........+......IDATXG.kL.U.....B..0T..m...f.N.C.....43......%K...%.>./..73...L...Q.P..9.e...8.9.rqc..+-->..y..o..M...9.}....<.).....89x....hk4..w.(.9i.x2o5.6..6#....X{.cX.)H...#.%..&.........c...K...G.q....V+?~k...p.........y...0R..9\|..RtyQ..m......u.&06./8){.5Y[;B..k..;...f.t.,>.u..5..x..d.......dm..j...F...rW.II....0,..q.p.3x.2............#?..ESS..a.... %...l.E..Y...i0./.M[..s...a../p...KMi.'>.i..].Q.../..O....$^...y.;..&.....H.....3..E;.l..L$....`5m......mH..>&Y..H..H........... J;.........E..m.D.-......P..^..s.. ..:.k...c..-r.cM......(.YD"..Y<....#^.%i.F.9Q.8t..LdP..r@....Q...>Q..;....Mt.L.....w...$.o...c#"Bj$m...+.3....U....t..P....-...Y.)h....}...G...T.9.\.8.F....0<.E..."i.5w..Gw.J.F'.G.?..k.b...3.....c.4.9+.)...q5TK.8.r..2...X...9.'.....t....,.".B....c.z....p.A\u....-&..t.......S$.(..\....".WWm.\|Q.B...?./m..V.a.<..~......S...{. .....(...,{....Z.."....v\|

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21487)
Category:	downloaded
Size (bytes):	37399
Entropy (8bit):	5.446078791258965
Encrypted:	false
SSDEEP:	768:55p9L796k8g5gTT3dflN5GJrU1rNkl5RpN5wEWZpuOusJHA:55p9L796lg5s5cwql5R5
MD5:	EDA96320864A34AF07D4ABA928674B32
SHA1:	E0C983408E351D68BE772BCC10A955C80F6DFA62
SHA-256:	AA63EDEE755F0E874DB86F757B2A9DE7739130B8C4395A78F81FB77B7C2F232C
SHA-512:	61795B3631B11D87BD5ACD244BAF4D8F645B71FFE331362CB43248340BCDA0E419B3B7F85D4A6CC28CCDB8C0BBF3656C78B941F4A3CFDABF29CD958D9EC7163C
Malicious:	false
Reputation:	low
URL:	https://assets-global.website-files.com/652a35b0d18b14276290b333/js/webflow.eda963208.js
Preview:	./!. Webflow: Front-end site library. * @license MIT. * Inline scripts may access the api using an async handler:. * var Webflow = Webflow \|\| [];. * Webflow.push(readyFunction);. /..(()=>{var lt=(e,y)=>()=>(y\|\|e((y={exports:{}}).exports,y),y.exports);var Pt=lt(()=>{window.tram=function(e){function y(t,n){var i=new J.Bare;return i.init(t,n)}function l(t){return t.replace(/[A-Z]/g,function(n){return"-"+n.toLowerCase()})}function A(t){var n=parseInt(t.slice(1),16),i=n>>16&255,r=n>>8&255,s=255&n;return[i,r,s]}function C(t,n,i){return"#"+(1<<24\|t<<16\|n<<8\|i).toString(16).slice(1)}function g(){}function L(t,n){B("Type warning: Expected: ["+t+"] Got: ["+typeof n+"] "+n)}function _(t,n,i){B("Units do not match ["+t+"]: "+n+", "+i)}function R(t,n,i){if(n!==void 0&&(i=n),t===void 0)return i;var r=i;return we.test(t)\|\|!Xt.test(t)?r=parseInt(t,10):Xt.test(t)&&(r=1e3parseFloat(t)),0>r&&(r=0),r===r?r:i}function B(t){et.debug&&window&&window.console.warn(t)}function U(t){for(var n=-1,i=t?t.l

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
URL:	https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b333
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2587)
Category:	downloaded
Size (bytes):	37166
Entropy (8bit):	5.233187479911423
Encrypted:	false
SSDEEP:	768:oSh7f7A1RuqMrFyF54mkxWaIi1aUuF9ZlNF+FJFGFI9fmV/3P0mq1izJVmI:oSe1Ruq44UYcDoT/fC1q
MD5:	DF0C9A7A9A85720A8882884882FE68B6
SHA1:	F9C65D57305E330F4C277F2FC51521246CE22F1E
SHA-256:	157181BC3FFA67EAD83A457ECBDD8E07E9A9D884DD7978F32886282AD2DDC85D
SHA-512:	4F3D9265329DD1F7B85AAC656FB23238E718A794382EAC3CDD49ADA82FC173D3F3F1172A84B49E2E5AB2BA4DC7FB00AD414F0243507692F22C85FB52F76F56D6
Malicious:	false
Reputation:	low
URL:	https://assets-global.website-files.com/652a35b0d18b14276290b333/css/kucoinrxlogine.webflow.df0c9a7a9.css
Preview:	html {. -ms-text-size-adjust: 100%;. -webkit-text-size-adjust: 100%;. font-family: sans-serif;.}..body {. margin: 0;.}..article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary {. display: block;.}..audio, canvas, progress, video {. vertical-align: baseline;. display: inline-block;.}..audio:not([controls]) {. height: 0;. display: none;.}..[hidden], template {. display: none;.}..a {. background-color: rgba(0, 0, 0, 0);.}..a:active, a:hover {. outline: 0;.}..abbr[title] {. border-bottom: 1px dotted;.}..b, strong {. font-weight: bold;.}..dfn {. font-style: italic;.}..h1 {. margin: .67em 0;. font-size: 2em;.}..mark {. color: #000;. background: #ff0;.}..small {. font-size: 80%;.}..sub, sup {. vertical-align: baseline;. font-size: 75%;. line-height: 0;. position: relative;.}..sup {. top: -.5em;.}..sub {. bottom: -.25em;.}..img {. border: 0;.}..svg:not(:root) {. overflow: hidden;.}..figure {. margin: 1em 40px;.}..hr {.

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (5623), with no line terminators
Category:	downloaded
Size (bytes):	5625
Entropy (8bit):	5.174919023013046
Encrypted:	false
SSDEEP:	96:5yE8Ofqqj65LTPvbj7PT2vTWk3fKNEfCsBsb+wBOpbmxdbNTJJ9:5D8aqq+53Pz3PTwWk3fKqBsb+wM2bNT5
MD5:	F3572AEFC367DAB4DF24670A6BF140DF
SHA1:	CAA8769CB595A2E304B3FE1BBB4AC13E2A462B74
SHA-256:	979D3AA147ED806D0BE7CAD63BD9F98BF008477D89559893C2630DFC003B1032
SHA-512:	6FBBD9EC3274DD00D86DF250ECA75CB7FDCED42CFF4E03E02BFF3A9052932E6BD2AD0224D5CBCF27784778C1532C8DD8CCA7DE53AF2327BFD67BB2ABDA5EB4B2
Malicious:	false
Reputation:	low
URL:	https://kucoinrxlogine.webflow.io/
Preview:	<!DOCTYPE html> This site was created in Webflow. https://webflow.com --> Last Published: Sat Oct 14 2023 06:40:28 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="kucoinrxlogine.webflow.io" data-wf-page="652a35b0d18b14276290b365" data-wf-site="652a35b0d18b14276290b333"><head><meta charset="utf-8"/><title>KuCoin Login - Insights for Crypto Enthusiasts</title><meta content="KuCoin Login News offers valuable insights for crypto enthusiasts. Stay informed about industry trends, technological advances, and the latest developments in the crypto space" name="description"/><meta content="width=device-width, initial-scale=1" name="viewport"/><meta content="Webflow" name="generator"/><link href="https://assets-global.website-files.com/652a35b0d18b14276290b333/css/kucoinrxlogine.webflow.df0c9a7a9.css" rel="stylesheet" type="text/css"/><script type="text/javascript">!function(o,c){var n=c.documentElement,t=" w-mod-";n.className+=t+"js",("ontouchstart"in o\|\|o.DocumentTouch&&c

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3387)
Category:	downloaded
Size (bytes):	3392
Entropy (8bit):	5.846278185411438
Encrypted:	false
SSDEEP:	96:eLzlOH6666g8kQxLf8mk7dEf6XI6gRXffffQo:aOH6666g8kQ91gLIHF
MD5:	FC4FCDF350A33D6DFAA37A40DD83D9D4
SHA1:	80BDBBA6164DD83ED593BBF7A0A4110E34B2F42E
SHA-256:	ED4097F83EC7BB3FC9AD6BB2B0A4D905005CC4CDDC7959021214EE9FADC8BD97
SHA-512:	387B24F0CB7BC399446849AE3D0F39D0355252E23670E6049534CC7FCD2FC0ACE1790C6675B83D8DAA61C941BAC9D1A26C29DA0175B0C30271694B5A5C7C4DA9
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
Preview:	)]}'.["",["final jeopardy","pepsico buys prebiotic soda brand poppi","snow storm weather forecast","spring break travel warning fbi","nintendo switch games","mlb baseball","lego pokemon sets 2026","california lottery winner"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wOXAxNBIPQmFzZWJhbGwgbGVhZ3VlMucNZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBY0FBQUNBd0FEQVFBQUFBQUFBQUFBQUFBREJ3QUVCZ0lGQ0FIL3hBQTFFQUFCQWdVQ0JBUUZBUWtCQUFBQUFBQUJBZ01BQkFVUkVnWWhFekZSWVFjaVFZRVVJM0dVMFJVa0

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1348 x 618, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	130291
Entropy (8bit):	7.985082714825696
Encrypted:	false
SSDEEP:	3072:pfLJPQYKguEQVoMienIHUVxYQpZNLffZ0D+ehRXskNVO47R1f1o:pfuLfWOIHUHpZtfh6z1W
MD5:	E2083795E1CD0E08C2258B9ADDB7D355
SHA1:	0BA07AFCE02E378D7B2109E5C83E1BFB6EBD5ED1
SHA-256:	78F1687BF36F1A4F7257B4E1F95E6F6EBA42718BBB8626F7DB4B986BE211D9C0
SHA-512:	77699DEEB3BEA88E81F953F80C460C96940DFCE33633D40E1FCE431B2834DAC902B826380E51BB7A5BC7891517BD996FC6890C2B6AAD8726A3CB81903A08C17A
Malicious:	false
Reputation:	low
URL:	https://assets-global.website-files.com/652a35b0d18b14276290b333/652a35d79a8da6be30e9d7c4_kucoin%20new%20bnner.png
Preview:	.PNG........IHDR...D...j......}J.....sRGB....... .IDATx^.}...E...49..s.e....d..A$..x.....f.^n2'P.P..(.d....v.6..f'..a..Tw.\|.M....y.gv.KU..[............A@.....A@.....A@.....A@.....A@....X.....,E....A@.....A@.....A@.....A@.............A@.....A@.....A@.....A@.....A`. ..j). ..... ..... ..... ..... ..!m@.....A@.....A@.....A@.....A@......B.......... ..... ..... ..... ...........A@.....A@.....A@.....A@.....A`. ..j). ..... ..... ..... ..... ..!m@.....A@.....A@.....A@.....A@......B.......... ..... ..... ..... ...........A@.....A@.....A@.....A@.....A`. ..j). ..... ..... ..... ..... ..!*m@.....A@.....A@.....$".v...x.............b..j..i.....y. .....@..l...B..^....... ..... .....(B................v.].....A@.....f.K.1Q..."%... ..... ..... .....#.PIc....B.....-%?r...[................R..#==........r.^..k...3...d.(.sY...B.&.....A@.....A@.....A`.#.....l...$....#..b......?.....'GK.....'O..?.q.~....X><.s.p..B.....^A@.....A@.....A@..." .t:...$A...p..R

Total Packets: 213
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 19, 2025 01:47:03.009283066 CET	49677	80	192.168.2.8	23.60.201.147
Mar 19, 2025 01:47:03.009334087 CET	49672	443	192.168.2.8	2.19.104.63
Mar 19, 2025 01:47:04.009243011 CET	49674	443	192.168.2.8	2.23.227.208
Mar 19, 2025 01:47:04.009247065 CET	49675	443	192.168.2.8	2.23.227.215
Mar 19, 2025 01:47:04.009257078 CET	49676	443	192.168.2.8	2.23.227.215
Mar 19, 2025 01:47:11.724375010 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:11.724416971 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:11.724528074 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:11.724714994 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:11.724734068 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:12.572190046 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:12.572267056 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:12.573616028 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:12.573632956 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:12.574038029 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:12.621578932 CET	49672	443	192.168.2.8	2.19.104.63
Mar 19, 2025 01:47:12.621614933 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:12.621627092 CET	49677	80	192.168.2.8	23.60.201.147
Mar 19, 2025 01:47:13.145643950 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.145683050 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.145746946 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.145836115 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.145879984 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.146086931 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.146130085 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.146142006 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.146234035 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.146245003 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.618916035 CET	49676	443	192.168.2.8	2.23.227.215
Mar 19, 2025 01:47:13.618941069 CET	49674	443	192.168.2.8	2.23.227.208
Mar 19, 2025 01:47:13.619079113 CET	49675	443	192.168.2.8	2.23.227.215
Mar 19, 2025 01:47:13.665112019 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.665189981 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.667798042 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.667805910 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.668039083 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.668343067 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.716324091 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.780817986 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.780894041 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.781308889 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.781318903 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.781558037 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.834985971 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.859014988 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.859061956 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.859086990 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.859112024 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.859133959 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.859162092 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.859177113 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.859222889 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.859647989 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.860171080 CET	49690	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:13.860184908 CET	443	49690	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:13.924622059 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:13.924666882 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:13.924751043 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:13.925057888 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:13.925090075 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:13.925167084 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:13.925318003 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:13.925332069 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:13.925333023 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:13.925345898 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:13.929807901 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:13.929843903 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:13.929917097 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:13.930620909 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:13.930643082 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.439263105 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.439337969 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.440454006 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.440469980 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.440726042 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.441099882 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.445525885 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.445600986 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.446590900 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.446608067 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.446991920 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.447416067 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.488322020 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.488322020 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.620795965 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.621696949 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.621776104 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.621789932 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.625241041 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.625296116 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.625303984 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.629842043 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.629880905 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.629903078 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.629909992 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.629968882 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.629975080 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.634440899 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.634476900 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.634509087 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.634526968 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.634533882 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.634563923 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.636235952 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.636322975 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:14.637572050 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:14.637583971 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.637824059 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.638108969 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:14.639379025 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639508963 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639559031 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.639590979 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639677048 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639725924 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.639736891 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639834881 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639887094 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.639894009 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.639995098 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.640085936 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.640093088 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.643929958 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.643980980 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.643987894 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.644083023 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.644176006 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.644181967 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.680335045 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.687316895 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.687315941 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.714965105 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715095043 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715123892 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715146065 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.715164900 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715209007 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715248108 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.715256929 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715293884 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.715869904 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715929031 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.715961933 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716005087 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.716017962 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716058969 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.716732025 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716779947 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716804981 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716816902 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.716828108 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716860056 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716890097 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.716896057 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716933966 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.716939926 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.716978073 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.717020988 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.717197895 CET	49692	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.717216969 CET	443	49692	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.724492073 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.724675894 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.724814892 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.724853039 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.724950075 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.725090027 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.725099087 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.725330114 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.725364923 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.725375891 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.725383043 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.725474119 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.725481033 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726166964 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726201057 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726231098 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.726238012 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726283073 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.726629972 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726697922 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726728916 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726782084 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.726788998 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726818085 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.726834059 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.726866007 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.727565050 CET	49693	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.727582932 CET	443	49693	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.777148962 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.777189016 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.777457952 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.777857065 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:14.777870893 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:14.922616959 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.922648907 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.922663927 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.922732115 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:14.922750950 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:14.922799110 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.009891987 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.009913921 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.009980917 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.010004044 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.010046005 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.010077953 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.016563892 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.016582966 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.016658068 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.016664982 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.016705036 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.102961063 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.103017092 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.103085041 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.103105068 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.103142023 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.103157043 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.103837967 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.103852987 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.103929043 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.103941917 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.104767084 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.105133057 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.105209112 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.105218887 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.105257988 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.122328997 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.129188061 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:15.129511118 CET	49694	443	192.168.2.8	52.222.232.144
Mar 19, 2025 01:47:15.129533052 CET	443	49694	52.222.232.144	192.168.2.8
Mar 19, 2025 01:47:15.176321983 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.277527094 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.293286085 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.293313980 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.296120882 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.296130896 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.331110001 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:15.331152916 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:15.331219912 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:15.331403971 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:15.331419945 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:15.347816944 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.347873926 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.347904921 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.347959042 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:15.347975969 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.348026037 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:15.350035906 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.350157022 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.350213051 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:15.350363970 CET	49689	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:47:15.350374937 CET	443	49689	142.250.184.228	192.168.2.8
Mar 19, 2025 01:47:15.475291014 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.475332022 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.475370884 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.475398064 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.475415945 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.475433111 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.475444078 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.475797892 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.475846052 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.475855112 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.476133108 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.476172924 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.476180077 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.480146885 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.480173111 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.480199099 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.480209112 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.480263948 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.569282055 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.569346905 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.569396019 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.569416046 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.569525957 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.569560051 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.569582939 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.569591045 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.569644928 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.569966078 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570022106 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570058107 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570065975 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.570075989 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570310116 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.570317030 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570844889 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570883989 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570910931 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570925951 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.570934057 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.570956945 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.570975065 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571002960 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571017981 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.571032047 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571105957 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.571767092 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571822882 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571844101 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571880102 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571890116 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.571899891 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.571909904 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.612641096 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.663235903 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663296938 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663326979 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663368940 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.663397074 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663438082 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663480043 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.663486958 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663691044 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.663701057 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663712025 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663754940 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.663760900 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.663798094 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.664205074 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.664258003 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.664259911 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.664271116 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.664302111 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.665007114 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.665059090 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.665060997 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.665070057 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.665119886 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.665472984 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.665518045 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.666059971 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.666098118 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.666105032 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.666114092 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.666148901 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.666157007 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.666177988 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.666181087 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.666191101 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.667025089 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.667059898 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.667085886 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.667088032 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.667102098 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.667124033 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.667140961 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.757231951 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.757318974 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.757349968 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.757396936 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.757438898 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.757488012 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.757636070 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.757694960 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.757853031 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.757896900 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.758104086 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.758145094 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.758163929 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.758186102 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.758228064 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.758586884 CET	49696	443	192.168.2.8	172.64.153.55
Mar 19, 2025 01:47:15.758613110 CET	443	49696	172.64.153.55	192.168.2.8
Mar 19, 2025 01:47:15.889847040 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:15.889921904 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:15.891035080 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:15.891056061 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:15.891288996 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:15.891680002 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:15.932323933 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.059292078 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.059385061 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.059441090 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.061172009 CET	49697	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.061213970 CET	443	49697	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.075472116 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.075509071 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.075671911 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.075861931 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.075879097 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.726345062 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.726465940 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.726907015 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.726927042 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.727170944 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.727514982 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.772317886 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.899748087 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.899908066 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:16.899990082 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.901750088 CET	49698	443	192.168.2.8	104.18.161.117
Mar 19, 2025 01:47:16.901772976 CET	443	49698	104.18.161.117	192.168.2.8
Mar 19, 2025 01:47:24.615322113 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:47:24.621238947 CET	80	49701	142.250.185.67	192.168.2.8
Mar 19, 2025 01:47:24.621315002 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:47:24.623563051 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:47:24.628238916 CET	80	49701	142.250.185.67	192.168.2.8
Mar 19, 2025 01:47:24.741147041 CET	49673	443	192.168.2.8	2.23.227.215
Mar 19, 2025 01:47:24.741194010 CET	443	49673	2.23.227.215	192.168.2.8
Mar 19, 2025 01:47:25.254451036 CET	80	49701	142.250.185.67	192.168.2.8
Mar 19, 2025 01:47:25.262190104 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:47:25.266911030 CET	80	49701	142.250.185.67	192.168.2.8
Mar 19, 2025 01:47:25.445780039 CET	80	49701	142.250.185.67	192.168.2.8
Mar 19, 2025 01:47:25.494687080 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:47:28.545375109 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:28.545450926 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:28.545526028 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:30.121294975 CET	49691	443	192.168.2.8	104.18.36.248
Mar 19, 2025 01:47:30.121336937 CET	443	49691	104.18.36.248	192.168.2.8
Mar 19, 2025 01:47:39.667619944 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:47:39.979866982 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:47:40.589118004 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:47:41.795253992 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:47:44.198144913 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:47:47.792879105 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:47:48.104017973 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:47:48.713213921 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:47:49.010104895 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:47:49.916364908 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:47:52.322434902 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:47:57.134921074 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:47:58.619380951 CET	49671	443	192.168.2.8	204.79.197.203
Mar 19, 2025 01:48:06.760006905 CET	49678	443	192.168.2.8	20.42.65.90
Mar 19, 2025 01:48:11.777457952 CET	49715	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:48:11.777514935 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:11.777587891 CET	49715	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:48:11.777827978 CET	49715	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:48:11.777844906 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:12.477407932 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:12.477871895 CET	49715	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:48:12.477890968 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:22.364903927 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:22.364975929 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:22.365026951 CET	49715	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:48:24.121714115 CET	49715	443	192.168.2.8	142.250.184.228
Mar 19, 2025 01:48:24.121757984 CET	443	49715	142.250.184.228	192.168.2.8
Mar 19, 2025 01:48:25.979218960 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:48:25.986088037 CET	80	49701	142.250.185.67	192.168.2.8
Mar 19, 2025 01:48:25.986164093 CET	49701	80	192.168.2.8	142.250.185.67
Mar 19, 2025 01:48:27.882682085 CET	443	49681	13.107.246.60	192.168.2.8
Mar 19, 2025 01:48:27.882777929 CET	443	49681	13.107.246.60	192.168.2.8
Mar 19, 2025 01:48:27.882922888 CET	49681	443	192.168.2.8	13.107.246.60
Mar 19, 2025 01:48:27.883490086 CET	49681	443	192.168.2.8	13.107.246.60
Mar 19, 2025 01:48:27.888281107 CET	443	49681	13.107.246.60	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 19, 2025 01:47:07.367187023 CET	53	57241	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:07.402435064 CET	53	62555	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:08.461738110 CET	53	61843	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:08.596759081 CET	53	58630	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:11.716691017 CET	64420	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:11.716891050 CET	59754	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:11.723437071 CET	53	59754	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:11.723478079 CET	53	64420	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:13.133765936 CET	52370	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:13.134157896 CET	56590	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:13.142751932 CET	53	52370	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:13.144911051 CET	53	56590	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:13.913033962 CET	59305	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:13.913485050 CET	59335	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:13.920584917 CET	51792	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:13.920763016 CET	63102	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:13.922072887 CET	53	59305	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:13.923444986 CET	53	59335	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:13.927779913 CET	53	51792	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:13.928668022 CET	53	63102	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:15.322468042 CET	61279	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:15.323426962 CET	63361	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:15.329622984 CET	53	61279	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:15.330610037 CET	53	63361	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:16.066464901 CET	64751	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:16.066616058 CET	58608	53	192.168.2.8	1.1.1.1
Mar 19, 2025 01:47:16.074282885 CET	53	58608	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:16.074990988 CET	53	64751	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:25.573740959 CET	53	54150	1.1.1.1	192.168.2.8
Mar 19, 2025 01:47:44.542732954 CET	53	49956	1.1.1.1	192.168.2.8
Mar 19, 2025 01:48:07.084427118 CET	53	59414	1.1.1.1	192.168.2.8
Mar 19, 2025 01:48:07.473099947 CET	53	58131	1.1.1.1	192.168.2.8
Mar 19, 2025 01:48:10.721813917 CET	53	62191	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 19, 2025 01:47:11.716691017 CET	192.168.2.8	1.1.1.1	0x853c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:11.716891050 CET	192.168.2.8	1.1.1.1	0x694c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 19, 2025 01:47:13.133765936 CET	192.168.2.8	1.1.1.1	0x7971	Standard query (0)	kucoinrxlogine.webflow.io	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.134157896 CET	192.168.2.8	1.1.1.1	0xdab4	Standard query (0)	kucoinrxlogine.webflow.io	65	IN (0x0001)	false
Mar 19, 2025 01:47:13.913033962 CET	192.168.2.8	1.1.1.1	0xe217	Standard query (0)	assets-global.website-files.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.913485050 CET	192.168.2.8	1.1.1.1	0xf330	Standard query (0)	assets-global.website-files.com	65	IN (0x0001)	false
Mar 19, 2025 01:47:13.920584917 CET	192.168.2.8	1.1.1.1	0xb0ff	Standard query (0)	d3e54v103j8qbb.cloudfront.net	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.920763016 CET	192.168.2.8	1.1.1.1	0x5687	Standard query (0)	d3e54v103j8qbb.cloudfront.net	65	IN (0x0001)	false
Mar 19, 2025 01:47:15.322468042 CET	192.168.2.8	1.1.1.1	0x69e6	Standard query (0)	cdn.prod.website-files.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:15.323426962 CET	192.168.2.8	1.1.1.1	0xa807	Standard query (0)	cdn.prod.website-files.com	65	IN (0x0001)	false
Mar 19, 2025 01:47:16.066464901 CET	192.168.2.8	1.1.1.1	0x734d	Standard query (0)	cdn.prod.website-files.com	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:16.066616058 CET	192.168.2.8	1.1.1.1	0x5eee	Standard query (0)	cdn.prod.website-files.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 19, 2025 01:47:11.723437071 CET	1.1.1.1	192.168.2.8	0x694c	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 19, 2025 01:47:11.723478079 CET	1.1.1.1	192.168.2.8	0x853c	No error (0)	www.google.com	142.250.184.228	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.142751932 CET	1.1.1.1	192.168.2.8	0x7971	No error (0)	kucoinrxlogine.webflow.io	104.18.36.248	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.142751932 CET	1.1.1.1	192.168.2.8	0x7971	No error (0)	kucoinrxlogine.webflow.io	172.64.151.8	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.144911051 CET	1.1.1.1	192.168.2.8	0xdab4	No error (0)	kucoinrxlogine.webflow.io		65	IN (0x0001)	false
Mar 19, 2025 01:47:13.922072887 CET	1.1.1.1	192.168.2.8	0xe217	No error (0)	assets-global.website-files.com	172.64.153.55	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.922072887 CET	1.1.1.1	192.168.2.8	0xe217	No error (0)	assets-global.website-files.com	104.18.34.201	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.923444986 CET	1.1.1.1	192.168.2.8	0xf330	No error (0)	assets-global.website-files.com		65	IN (0x0001)	false
Mar 19, 2025 01:47:13.927779913 CET	1.1.1.1	192.168.2.8	0xb0ff	No error (0)	d3e54v103j8qbb.cloudfront.net	52.222.232.144	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.927779913 CET	1.1.1.1	192.168.2.8	0xb0ff	No error (0)	d3e54v103j8qbb.cloudfront.net	52.222.232.99	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.927779913 CET	1.1.1.1	192.168.2.8	0xb0ff	No error (0)	d3e54v103j8qbb.cloudfront.net	52.222.232.39	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:13.927779913 CET	1.1.1.1	192.168.2.8	0xb0ff	No error (0)	d3e54v103j8qbb.cloudfront.net	52.222.232.47	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:15.329622984 CET	1.1.1.1	192.168.2.8	0x69e6	No error (0)	cdn.prod.website-files.com	104.18.161.117	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:15.329622984 CET	1.1.1.1	192.168.2.8	0x69e6	No error (0)	cdn.prod.website-files.com	104.18.160.117	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:15.330610037 CET	1.1.1.1	192.168.2.8	0xa807	No error (0)	cdn.prod.website-files.com		65	IN (0x0001)	false
Mar 19, 2025 01:47:16.074282885 CET	1.1.1.1	192.168.2.8	0x5eee	No error (0)	cdn.prod.website-files.com		65	IN (0x0001)	false
Mar 19, 2025 01:47:16.074990988 CET	1.1.1.1	192.168.2.8	0x734d	No error (0)	cdn.prod.website-files.com	104.18.161.117	A (IP address)	IN (0x0001)	false
Mar 19, 2025 01:47:16.074990988 CET	1.1.1.1	192.168.2.8	0x734d	No error (0)	cdn.prod.website-files.com	104.18.160.117	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

kucoinrxlogine.webflow.io

assets-global.website-files.com

d3e54v103j8qbb.cloudfront.net

cdn.prod.website-files.com

www.google.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.8	49701	142.250.185.67	80

Timestamp	Bytes transferred	Direction	Data
Mar 19, 2025 01:47:24.623563051 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 19, 2025 01:47:25.254451036 CET	221	IN	HTTP/1.1 304 Not Modified Date: Wed, 19 Mar 2025 00:45:50 GMT Expires: Wed, 19 Mar 2025 01:35:50 GMT Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding Age: 95
Mar 19, 2025 01:47:25.262190104 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 19, 2025 01:47:25.445780039 CET	221	IN	HTTP/1.1 304 Not Modified Date: Wed, 19 Mar 2025 00:46:12 GMT Expires: Wed, 19 Mar 2025 01:36:12 GMT Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding Age: 73

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49690	104.18.36.248	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:13 UTC	675	OUT	GET / HTTP/1.1 Host: kucoinrxlogine.webflow.io Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:13 UTC	809	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:13 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close CF-Ray: 9228f50eeaefddb6-EWR CF-Cache-Status: HIT Age: 95464 Last-Modified: Fri, 14 Mar 2025 11:36:18 GMT content-security-policy: frame-ancestors 'self' https://.webflow.com http://.webflow.com http://*.webflow.io http://webflow.com https://webflow.com surrogate-control: max-age=2147483647 surrogate-key: kucoinrxlogine.webflow.io 652a35b0d18b14276290b333 pageId:652a35b0d18b14276290b365 x-lambda-id: ef0e330a-6031-419d-843e-ff3e0fc7c349 vary: Accept-Encoding Set-Cookie: _cfuvid=Y0eh4lH6v_jZaAkvmvu0BVwLhxpdy4do570FFtxnNSc-1742345233805-0.0.1.1-604800000; path=/; domain=.webflow.io; HttpOnly; Secure; SameSite=None Server: cloudflare alt-svc: h3=":443"; ma=86400
2025-03-19 00:47:13 UTC	560	IN	Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 77 61 73 20 63 72 65 61 74 65 64 20 69 6e 20 57 65 62 66 6c 6f 77 2e 20 68 74 74 70 73 3a 2f 2f 77 65 62 66 6c 6f 77 2e 63 6f 6d 20 2d 2d 3e 3c 21 2d 2d 20 4c 61 73 74 20 50 75 62 6c 69 73 68 65 64 3a 20 53 61 74 20 4f 63 74 20 31 34 20 32 30 32 33 20 30 36 3a 34 30 3a 32 38 20 47 4d 54 2b 30 30 30 30 20 28 43 6f 6f 72 64 69 6e 61 74 65 64 20 55 6e 69 76 65 72 73 61 6c 20 54 69 6d 65 29 20 2d 2d 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 77 66 2d 64 6f 6d 61 69 6e 3d 22 6b 75 63 6f 69 6e 72 78 6c 6f 67 69 6e 65 2e 77 65 62 66 6c 6f 77 2e 69 6f 22 20 64 61 74 61 2d 77 66 2d 70 61 67 65 3d 22 36 35 32 61 33 35 62 30 64 31 38 62 31 34 32 37 36 32 39 30 62 33 Data Ascii: 15f9<!DOCTYPE html>... This site was created in Webflow. https://webflow.com -->... Last Published: Sat Oct 14 2023 06:40:28 GMT+0000 (Coordinated Universal Time) --><html data-wf-domain="kucoinrxlogine.webflow.io" data-wf-page="652a35b0d18b14276290b3
2025-03-19 00:47:13 UTC	1369	IN	Data Raw: 69 6e 20 74 68 65 20 63 72 79 70 74 6f 20 73 70 61 63 65 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 2f 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 2f 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 57 65 62 66 6c 6f 77 22 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 2f 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 67 6c 6f 62 61 6c 2e 77 65 62 73 69 74 65 2d 66 69 6c 65 73 2e 63 6f 6d 2f 36 35 32 61 33 35 62 30 64 31 38 62 31 34 32 37 36 32 39 30 62 33 33 33 2f 63 73 73 2f 6b 75 63 6f 69 6e 72 78 6c 6f 67 69 6e 65 2e 77 65 62 66 6c 6f 77 Data Ascii: in the crypto space" name="description"/><meta content="width=device-width, initial-scale=1" name="viewport"/><meta content="Webflow" name="generator"/><link href="https://assets-global.website-files.com/652a35b0d18b14276290b333/css/kucoinrxlogine.webflow
2025-03-19 00:47:13 UTC	1369	IN	Data Raw: 62 31 34 32 37 36 32 39 30 62 33 33 33 2f 36 35 32 61 33 35 64 37 39 61 38 64 61 36 62 65 33 30 65 39 64 37 63 34 5f 6b 75 63 6f 69 6e 25 32 30 6e 65 77 25 32 30 62 6e 6e 65 72 2d 70 2d 31 30 38 30 2e 70 6e 67 20 31 30 38 30 77 2c 20 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 67 6c 6f 62 61 6c 2e 77 65 62 73 69 74 65 2d 66 69 6c 65 73 2e 63 6f 6d 2f 36 35 32 61 33 35 62 30 64 31 38 62 31 34 32 37 36 32 39 30 62 33 33 33 2f 36 35 32 61 33 35 64 37 39 61 38 64 61 36 62 65 33 30 65 39 64 37 63 34 5f 6b 75 63 6f 69 6e 25 32 30 6e 65 77 25 32 30 62 6e 6e 65 72 2e 70 6e 67 20 31 33 34 38 77 22 20 73 69 7a 65 73 3d 22 31 30 30 76 77 22 2f 3e 3c 2f 61 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 2d 72 69 63 68 74 65 78 74 22 3e 3c 68 31 3e 4b 75 43 6f 69 6e 20 4c Data Ascii: b14276290b333/652a35d79a8da6be30e9d7c4_kucoin%20new%20bnner-p-1080.png 1080w, https://assets-global.website-files.com/652a35b0d18b14276290b333/652a35d79a8da6be30e9d7c4_kucoin%20new%20bnner.png 1348w" sizes="100vw"/></a><div class="w-richtext"><h1>KuCoin L
2025-03-19 00:47:13 UTC	1369	IN	Data Raw: 3c 62 6c 6f 63 6b 71 75 6f 74 65 3e 4f 75 72 20 70 6c 61 74 66 6f 72 6d 20 69 73 20 64 65 73 69 67 6e 65 64 20 77 69 74 68 20 79 6f 75 20 69 6e 20 6d 69 6e 64 2e 20 57 68 65 74 68 65 72 20 79 6f 75 20 61 72 65 20 61 20 73 65 61 73 6f 6e 65 64 20 74 72 61 64 65 72 20 6f 72 20 6e 65 77 20 74 6f 20 74 68 65 20 63 72 79 70 74 6f 20 73 70 61 63 65 2c 20 6f 75 72 20 75 73 65 72 2d 63 65 6e 74 72 69 63 20 64 65 73 69 67 6e 20 65 6e 73 75 72 65 73 20 61 20 73 65 61 6d 6c 65 73 73 20 65 78 70 65 72 69 65 6e 63 65 20 66 6f 72 20 65 76 65 72 79 6f 6e 65 2e 3c 2f 62 6c 6f 63 6b 71 75 6f 74 65 3e 3c 62 6c 6f 63 6b 71 75 6f 74 65 3e 3c 73 74 72 6f 6e 67 3e 44 69 76 65 72 73 65 20 43 72 79 70 74 6f 20 50 6f 72 74 66 6f 6c 69 6f 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 62 6c 6f Data Ascii: <blockquote>Our platform is designed with you in mind. Whether you are a seasoned trader or new to the crypto space, our user-centric design ensures a seamless experience for everyone.</blockquote><blockquote><strong>Diverse Crypto Portfolio</strong></blo
2025-03-19 00:47:13 UTC	966	IN	Data Raw: 79 6f 75 20 77 69 74 68 20 74 68 65 20 6b 6e 6f 77 6c 65 64 67 65 20 61 6e 64 20 74 6f 6f 6c 73 20 6e 65 65 64 65 64 20 74 6f 20 6d 61 6b 65 20 69 6e 66 6f 72 6d 65 64 20 74 72 61 64 69 6e 67 20 64 65 63 69 73 69 6f 6e 73 2e 3c 2f 62 6c 6f 63 6b 71 75 6f 74 65 3e 3c 62 6c 6f 63 6b 71 75 6f 74 65 3e 59 6f 75 72 20 6a 6f 75 72 6e 65 79 20 77 69 74 68 20 4b 75 43 6f 69 6e 20 69 73 20 6e 6f 74 20 6a 75 73 74 20 61 62 6f 75 74 20 74 72 61 64 69 6e 67 3b 20 69 74 26 23 78 32 37 3b 73 20 61 62 6f 75 74 20 66 69 6e 64 69 6e 67 20 61 20 74 72 75 73 74 65 64 20 70 61 72 74 6e 65 72 20 69 6e 20 74 68 65 20 77 6f 72 6c 64 20 6f 66 20 63 72 79 70 74 6f 63 75 72 72 65 6e 63 79 2e 20 57 68 65 74 68 65 72 20 79 6f 75 26 23 78 32 37 3b 72 65 20 61 6e 20 65 78 70 65 72 69 Data Ascii: you with the knowledge and tools needed to make informed trading decisions.</blockquote><blockquote>Your journey with KuCoin is not just about trading; it's about finding a trusted partner in the world of cryptocurrency. Whether you're an experi
2025-03-19 00:47:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49692	172.64.153.55	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:14 UTC	660	OUT	GET /652a35b0d18b14276290b333/css/kucoinrxlogine.webflow.df0c9a7a9.css HTTP/1.1 Host: assets-global.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Referer: https://kucoinrxlogine.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:14 UTC	614	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:14 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close x-amz-id-2: Ha+R836HIR9MtBAYo5DW0L7otCFEmmrQS+Rkb+eVxd/PtcSs0JS3AQRw5x+8dj7HGOvcevJI4VY= x-amz-request-id: WFZ7VGS51NY94Q79 Last-Modified: Sat, 14 Oct 2023 06:40:29 GMT ETag: W/"8852792697033f91ba5087efb03b161b" x-amz-server-side-encryption: AES256 Cache-Control: max-age=84600, must-revalidate x-amz-version-id: scZX16B3aBjQuldeJOP6eyJphfOKg74D CF-Cache-Status: HIT Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 9228f513d9c542b0-EWR alt-svc: h3=":443"; ma=86400
2025-03-19 00:47:14 UTC	755	IN	Data Raw: 37 64 34 62 0d 0a 68 74 6d 6c 20 7b 0a 20 20 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 7d 0a 0a 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 64 65 74 61 69 6c 73 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 69 67 75 72 65 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 61 69 6e 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61 72 79 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a Data Ascii: 7d4bhtml { -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; font-family: sans-serif;}body { margin: 0;}article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { display: block;}
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 0a 0a 73 75 62 2c 20 73 75 70 20 7b 0a 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 3b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 7d 0a 0a 73 75 70 20 7b 0a 20 20 74 6f 70 3a 20 2d 2e 35 65 6d 3b 0a 7d 0a 0a 73 75 62 20 7b 0a 20 20 62 6f 74 74 6f 6d 3a 20 2d 2e 32 35 65 6d 3b 0a 7d 0a 0a 69 6d 67 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 0a 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 20 7b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 66 69 67 75 72 65 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 34 30 70 78 3b 0a 7d 0a 0a 68 72 20 7b 0a 20 20 62 6f Data Ascii: sub, sup { vertical-align: baseline; font-size: 75%; line-height: 0; position: relative;}sup { top: -.5em;}sub { bottom: -.25em;}img { border: 0;}svg:not(:root) { overflow: hidden;}figure { margin: 1em 40px;}hr { bo
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 3b 0a 7d 0a 0a 74 65 78 74 61 72 65 61 20 7b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 61 75 74 6f 3b 0a 7d 0a 0a 6f 70 74 67 72 6f 75 70 20 7b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 0a 74 61 62 6c 65 20 7b 0a 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 20 63 6f 6c 6c 61 70 73 65 3b 0a 20 20 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 74 64 2c 20 74 68 20 7b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 77 65 62 66 6c 6f 77 2d 69 63 6f 6e 73 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 22 64 61 74 61 3a 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 66 6f 6e 74 2d 74 74 66 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 Data Ascii: ;}textarea { overflow: auto;}optgroup { font-weight: bold;}table { border-collapse: collapse; border-spacing: 0;}td, th { padding: 0;}@font-face { font-family: webflow-icons; src: url("data:application/x-font-ttf;charset=utf-8
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 45 48 42 68 55 55 46 78 34 42 46 78 59 7a 41 67 42 71 58 56 36 4c 4b 43 67 6f 4b 49 74 65 58 57 70 71 58 56 36 4c 4b 43 67 6f 4b 49 74 65 58 57 70 56 53 6b 74 76 49 43 45 68 49 47 39 4c 53 6c 56 56 53 6b 74 76 49 43 45 68 49 47 39 4c 53 6c 56 41 4b 43 69 4c 58 6c 31 71 61 6c 31 65 69 79 67 6f 4b 43 69 4c 58 6c 31 71 61 6c 31 65 69 79 67 6f 5a 69 45 67 62 30 74 4b 56 56 56 4b 53 32 38 67 49 53 45 67 62 30 74 4b 56 56 56 4b 53 32 38 67 49 51 41 42 41 41 41 42 77 41 49 41 41 38 41 41 45 67 41 41 45 7a 51 33 50 67 45 33 4e 6a 4d 78 46 53 49 48 44 67 45 48 42 68 55 78 49 77 41 6f 4b 49 74 65 58 57 70 56 53 6b 74 76 49 43 46 6d 41 63 42 71 58 56 36 4c 4b 43 68 6d 49 53 42 76 53 30 70 56 41 41 41 41 41 67 41 41 2f 38 41 46 74 67 50 41 41 44 49 41 4f 67 41 41 41 Data Ascii: EHBhUUFx4BFxYzAgBqXV6LKCgoKIteXWpqXV6LKCgoKIteXWpVSktvICEhIG9LSlVVSktvICEhIG9LSlVAKCiLXl1qal1eiygoKCiLXl1qal1eiygoZiEgb0tKVVVKS28gISEgb0tKVVVKS28gIQABAAABwAIAA8AAEgAAEzQ3PgE3NjMxFSIHDgEHBhUxIwAoKIteXWpVSktvICFmAcBqXV6LKChmISBvS0pVAAAAAgAA/8AFtgPAADIAOgAAA
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 3d 3d 22 29 20 66 6f 72 6d 61 74 28 22 74 72 75 65 74 79 70 65 22 29 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 5b 63 6c 61 73 73 5e 3d 22 77 2d 69 63 6f 6e 2d 22 5d 2c 20 5b 63 6c 61 73 73 2a 3d 22 20 77 2d 69 63 6f 6e 2d 22 5d 20 7b 0a 20 20 73 70 65 61 6b 3a 20 6e 6f 6e 65 3b 0a 20 20 66 6f 6e 74 2d 76 61 72 69 61 6e 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 20 61 6e 74 69 61 6c 69 61 73 65 64 3b 0a 20 20 2d 6d 6f 7a 2d 6f 73 78 2d Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAA==") format("truetype"); font-weight: normal; font-style: normal;}[class^="w-icon-"], [class*=" w-icon-"] { speak: none; font-variant: normal; text-transform: none; -webkit-font-smoothing: antialiased; -moz-osx-
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 62 75 74 74 6f 6e 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 69 6e 68 65 72 69 74 3b 0a 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 38 39 38 65 63 3b 0a 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 39 70 78 20 31 35 70 78 3b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 7d 0a 0a 69 6e 70 75 74 2e 77 2d 62 75 74 74 6f 6e 20 7b 0a 20 20 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 62 75 74 74 6f 6e 3b 0a 7d 0a 0a 68 74 Data Ascii: button { color: #fff; line-height: inherit; cursor: pointer; background-color: #3898ec; border: 0; border-radius: 0; padding: 9px 15px; text-decoration: none; display: inline-block;}input.w-button { -webkit-appearance: button;}ht
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 6c 6f 77 3a 20 76 69 73 69 62 6c 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 2e 77 2d 77 65 62 66 6c 6f 77 2d 62 61 64 67 65 20 7b 0a 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 30 20 30 20 31 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 31 29 2c 20 30 20 31 70 78 20 33 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 31 29 3b 0a 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 76 69 73 69 62 6c 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 7a 2d 69 6e 64 65 78 3a 20 32 31 34 37 34 38 33 36 34 37 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 61 61 61 64 62 30 20 21 Data Ascii: low: visible; transform: none;}.w-webflow-badge { white-space: nowrap; cursor: pointer; box-shadow: 0 0 0 1px rgba(0, 0, 0, .1), 0 1px 3px rgba(0, 0, 0, .1); visibility: visible !important; z-index: 2147483647 !important; color: #aaadb0 !
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 36 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 30 70 78 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 7d 0a 0a 70 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 7d 0a 0a 62 6c 6f 63 6b 71 75 6f 74 65 20 7b 0a 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 35 70 78 20 73 6f 6c 69 64 20 23 65 32 65 32 65 32 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 30 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 32 30 70 78 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 32 70 78 3b 0a 7d 0a 0a 66 69 67 75 72 65 20 7b 0a Data Ascii: 6 { margin-top: 10px; font-size: 12px; line-height: 18px;}p { margin-top: 0; margin-bottom: 10px;}blockquote { border-left: 5px solid #e2e2e2; margin: 0 0 10px; padding: 10px 20px; font-size: 18px; line-height: 22px;}figure {
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 64 6c 65 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 38 70 78 20 31 32 70 78 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 32 38 35 37 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 2e 77 2d 69 6e 70 75 74 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 20 2e 77 2d 73 65 6c 65 63 74 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 39 39 39 3b 0a 7d 0a 0a 2e 77 2d 69 6e 70 75 74 3a 3a 2d 6d 6f 7a 2d 70 Data Ascii: dle; background-color: #fff; border: 1px solid #ccc; margin-bottom: 10px; padding: 8px 12px; font-size: 14px; line-height: 1.42857; display: block;}.w-input:-moz-placeholder, .w-select:-moz-placeholder { color: #999;}.w-input::-moz-p
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 0a 20 20 63 6c 65 61 72 3a 20 62 6f 74 68 3b 0a 7d 0a 0a 2e 77 2d 72 61 64 69 6f 2d 69 6e 70 75 74 20 7b 0a 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 33 70 78 20 30 20 30 20 2d 32 30 70 78 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 7d 0a 0a 2e 77 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 20 7b 0a 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 7d 0a 0a 2e 77 2d 66 69 6c 65 2d 75 70 6c 6f 61 64 2d 69 6e 70 75 74 20 7b 0a 20 20 77 69 64 74 68 3a 20 2e 31 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 2e 31 70 78 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 0a 20 20 7a 2d 69 6e 64 65 78 3a 20 2d 31 30 30 3b 0a 20 20 70 6f 73 69 74 Data Ascii: clear: both;}.w-radio-input { float: left; margin: 3px 0 0 -20px; line-height: normal;}.w-file-upload { margin-bottom: 10px; display: block;}.w-file-upload-input { width: .1px; height: .1px; opacity: 0; z-index: -100; posit

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49693	172.64.153.55	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:14 UTC	629	OUT	GET /652a35b0d18b14276290b333/js/webflow.eda963208.js HTTP/1.1 Host: assets-global.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://kucoinrxlogine.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:14 UTC	621	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:14 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close x-amz-id-2: h4i0giHmXzhOlRlMVBcXsOvYjL+gwPdmInUzGO/WQlgtHIXRqgW4QHupkux2RceHp0vJqgBeqD4= x-amz-request-id: WFZ6HJPBQR8RH1E1 Last-Modified: Sat, 14 Oct 2023 06:40:29 GMT ETag: W/"7e1f15df7c4f0ce83f9865a12656e413" x-amz-server-side-encryption: AES256 Cache-Control: max-age=84600, must-revalidate x-amz-version-id: 5Dmkedpv_9CLw7UglGaiErU8xBawDxf7 CF-Cache-Status: HIT Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 9228f513dad542bd-EWR alt-svc: h3=":443"; ma=86400
2025-03-19 00:47:14 UTC	748	IN	Data Raw: 37 64 34 34 0d 0a 0a 2f 2a 21 0a 20 2a 20 57 65 62 66 6c 6f 77 3a 20 46 72 6f 6e 74 2d 65 6e 64 20 73 69 74 65 20 6c 69 62 72 61 72 79 0a 20 2a 20 40 6c 69 63 65 6e 73 65 20 4d 49 54 0a 20 2a 20 49 6e 6c 69 6e 65 20 73 63 72 69 70 74 73 20 6d 61 79 20 61 63 63 65 73 73 20 74 68 65 20 61 70 69 20 75 73 69 6e 67 20 61 6e 20 61 73 79 6e 63 20 68 61 6e 64 6c 65 72 3a 0a 20 2a 20 20 20 76 61 72 20 57 65 62 66 6c 6f 77 20 3d 20 57 65 62 66 6c 6f 77 20 7c 7c 20 5b 5d 3b 0a 20 2a 20 20 20 57 65 62 66 6c 6f 77 2e 70 75 73 68 28 72 65 61 64 79 46 75 6e 63 74 69 6f 6e 29 3b 0a 20 2a 2f 0a 0a 28 28 29 3d 3e 7b 76 61 72 20 6c 74 3d 28 65 2c 79 29 3d 3e 28 29 3d 3e 28 79 7c 7c 65 28 28 79 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 29 2e 65 78 70 6f 72 74 73 2c 79 29 2c 79 Data Ascii: 7d44/! Webflow: Front-end site library * @license MIT * Inline scripts may access the api using an async handler: * var Webflow = Webflow \|\| []; * Webflow.push(readyFunction); */(()=>{var lt=(e,y)=>()=>(y\|\|e((y={exports:{}}).exports,y),y
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 52 28 74 2c 6e 2c 69 29 7b 69 66 28 6e 21 3d 3d 76 6f 69 64 20 30 26 26 28 69 3d 6e 29 2c 74 3d 3d 3d 76 6f 69 64 20 30 29 72 65 74 75 72 6e 20 69 3b 76 61 72 20 72 3d 69 3b 72 65 74 75 72 6e 20 77 65 2e 74 65 73 74 28 74 29 7c 7c 21 58 74 2e 74 65 73 74 28 74 29 3f 72 3d 70 61 72 73 65 49 6e 74 28 74 2c 31 30 29 3a 58 74 2e 74 65 73 74 28 74 29 26 26 28 72 3d 31 65 33 2a 70 61 72 73 65 46 6c 6f 61 74 28 74 29 29 2c 30 3e 72 26 26 28 72 3d 30 29 2c 72 3d 3d 3d 72 3f 72 3a 69 7d 66 75 6e 63 74 69 6f 6e 20 42 28 74 29 7b 65 74 2e 64 65 62 75 67 26 26 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 55 28 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 2d 31 2c 69 3d 74 3f Data Ascii: unction R(t,n,i){if(n!==void 0&&(i=n),t===void 0)return i;var r=i;return we.test(t)\|\|!Xt.test(t)?r=parseInt(t,10):Xt.test(t)&&(r=1e3*parseFloat(t)),0>r&&(r=0),r===r?r:i}function B(t){et.debug&&window&&window.console.warn(t)}function U(t){for(var n=-1,i=t?
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 69 65 72 28 30 2e 35 35 30 2c 20 30 2e 30 38 35 2c 20 30 2e 36 38 30 2c 20 30 2e 35 33 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 20 69 2a 28 74 2f 3d 72 29 2a 74 2b 6e 7d 5d 2c 22 65 61 73 65 2d 6f 75 74 2d 71 75 61 64 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 32 35 30 2c 20 30 2e 34 36 30 2c 20 30 2e 34 35 30 2c 20 30 2e 39 34 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 2d 69 2a 28 74 2f 3d 72 29 2a 28 74 2d 32 29 2b 6e 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 71 75 61 64 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 35 35 2c 20 30 2e 30 33 30 2c 20 30 2e 35 31 35 2c 20 30 2e 39 35 35 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c Data Ascii: ier(0.550, 0.085, 0.680, 0.530)",function(t,n,i,r){return i(t/=r)t+n}],"ease-out-quad":["cubic-bezier(0.250, 0.460, 0.450, 0.940)",function(t,n,i,r){return-i(t/=r)(t-2)+n}],"ease-in-out-quad":["cubic-bezier(0.455, 0.030, 0.515, 0.955)",function(t,n,i,
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 30 2c 20 30 2c 20 30 2e 37 34 35 2c 20 30 2e 37 31 35 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 2d 69 2a 4d 61 74 68 2e 63 6f 73 28 74 2f 72 2a 28 4d 61 74 68 2e 50 49 2f 32 29 29 2b 69 2b 6e 7d 5d 2c 22 65 61 73 65 2d 6f 75 74 2d 73 69 6e 65 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 33 39 30 2c 20 30 2e 35 37 35 2c 20 30 2e 35 36 35 2c 20 31 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 29 7b 72 65 74 75 72 6e 20 69 2a 4d 61 74 68 2e 73 69 6e 28 74 2f 72 2a 28 4d 61 74 68 2e 50 49 2f 32 29 29 2b 6e 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 73 69 6e 65 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 34 35 2c 20 30 2e 30 35 30 2c 20 30 2e 35 35 30 2c 20 30 2e 39 35 30 29 22 Data Ascii: 0, 0, 0.745, 0.715)",function(t,n,i,r){return-iMath.cos(t/r(Math.PI/2))+i+n}],"ease-out-sine":["cubic-bezier(0.390, 0.575, 0.565, 1)",function(t,n,i,r){return iMath.sin(t/r(Math.PI/2))+n}],"ease-in-out-sine":["cubic-bezier(0.445, 0.050, 0.550, 0.950)"
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 73 2b 31 29 2a 74 2b 73 29 2b 31 29 2b 6e 7d 5d 2c 22 65 61 73 65 2d 69 6e 2d 6f 75 74 2d 62 61 63 6b 22 3a 5b 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 36 38 30 2c 20 2d 30 2e 35 35 30 2c 20 30 2e 32 36 35 2c 20 31 2e 35 35 30 29 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 69 2c 72 2c 73 29 7b 72 65 74 75 72 6e 20 73 3d 3d 3d 76 6f 69 64 20 30 26 26 28 73 3d 31 2e 37 30 31 35 38 29 2c 28 74 2f 3d 72 2f 32 29 3c 31 3f 69 2f 32 2a 74 2a 74 2a 28 28 28 73 2a 3d 31 2e 35 32 35 29 2b 31 29 2a 74 2d 73 29 2b 6e 3a 69 2f 32 2a 28 28 74 2d 3d 32 29 2a 74 2a 28 28 28 73 2a 3d 31 2e 35 32 35 29 2b 31 29 2a 74 2b 73 29 2b 32 29 2b 6e 7d 5d 7d 2c 57 3d 7b 22 65 61 73 65 2d 69 6e 2d 62 61 63 6b 22 3a 22 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 36 30 30 2c Data Ascii: s+1)t+s)+1)+n}],"ease-in-out-back":["cubic-bezier(0.680, -0.550, 0.265, 1.550)",function(t,n,i,r,s){return s===void 0&&(s=1.70158),(t/=r/2)<1?i/2tt(((s=1.525)+1)t-s)+n:i/2((t-=2)t(((s=1.525)+1)*t+s)+2)+n}]},W={"ease-in-back":"cubic-bezier(0.600,
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 3b 72 65 74 75 72 6e 20 74 26 26 68 2e 62 69 6e 64 3f 74 2e 62 69 6e 64 28 58 29 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 58 2e 73 65 74 54 69 6d 65 6f 75 74 28 6e 2c 31 36 29 7d 7d 28 29 2c 63 74 3d 79 2e 6e 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 58 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2c 6e 3d 74 26 26 28 74 2e 6e 6f 77 7c 7c 74 2e 77 65 62 6b 69 74 4e 6f 77 7c 7c 74 2e 6d 73 4e 6f 77 7c 7c 74 2e 6d 6f 7a 4e 6f 77 29 3b 72 65 74 75 72 6e 20 6e 26 26 68 2e 62 69 6e 64 3f 6e 2e 62 69 6e 64 28 74 29 3a 44 61 74 65 2e 6e 6f 77 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 2b 6e 65 77 20 44 61 74 65 7d 7d 28 29 2c 70 74 3d 50 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 77 2c 4f 29 7b 76 61 72 20 59 3d Data Ascii: ;return t&&h.bind?t.bind(X):function(n){X.setTimeout(n,16)}}(),ct=y.now=function(){var t=X.performance,n=t&&(t.now\|\|t.webkitNow\|\|t.msNow\|\|t.mozNow);return n&&h.bind?n.bind(t):Date.now\|\|function(){return+new Date}}(),pt=P(function(t){function n(w,O){var Y=
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 64 75 72 61 74 69 6f 6e 3a 77 2c 63 6f 6e 74 65 78 74 3a 74 68 69 73 2c 63 6f 6d 70 6c 65 74 65 3a 6f 7d 29 2c 74 68 69 73 2e 61 63 74 69 76 65 3d 21 30 29 7d 66 75 6e 63 74 69 6f 6e 20 73 28 77 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 61 63 74 69 76 65 3f 28 74 68 69 73 2e 71 75 65 75 65 2e 70 75 73 68 28 7b 6f 70 74 69 6f 6e 73 3a 77 2c 61 72 67 73 3a 61 72 67 75 6d 65 6e 74 73 7d 29 2c 76 6f 69 64 28 74 68 69 73 2e 74 69 6d 65 72 2e 63 6f 6d 70 6c 65 74 65 3d 6f 29 29 3a 42 28 22 4e 6f 20 61 63 74 69 76 65 20 74 72 61 6e 73 69 74 69 6f 6e 20 74 69 6d 65 72 2e 20 55 73 65 20 73 74 61 72 74 28 29 20 6f 72 20 77 61 69 74 28 29 20 62 65 66 6f 72 65 20 74 68 65 6e 28 29 2e 22 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 29 7b 69 66 28 74 68 69 73 2e 74 69 6d 65 Data Ascii: duration:w,context:this,complete:o}),this.active=!0)}function s(w){return this.active?(this.queue.push({options:w,args:arguments}),void(this.timer.complete=o)):B("No active transition timer. Use start() or wait() before then().")}function o(){if(this.time
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 77 2e 73 74 6f 70 28 29 7d 66 75 6e 63 74 69 6f 6e 20 54 74 28 77 2c 4f 29 7b 77 2e 73 65 74 28 4f 29 7d 66 75 6e 63 74 69 6f 6e 20 67 65 28 77 29 7b 74 68 69 73 2e 24 65 6c 2e 63 73 73 28 77 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 74 28 77 2c 4f 29 7b 74 5b 77 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 63 68 69 6c 64 72 65 6e 3f 79 65 2e 63 61 6c 6c 28 74 68 69 73 2c 4f 2c 61 72 67 75 6d 65 6e 74 73 29 3a 28 74 68 69 73 2e 65 6c 26 26 4f 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 2c 74 68 69 73 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 77 2c 4f 29 7b 76 61 72 20 59 2c 4e 3d 74 68 69 73 2e 63 68 69 6c 64 72 65 6e 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 59 3d 30 3b 4e 3e 59 3b 59 2b 2b 29 77 2e 61 70 70 6c Data Ascii: w.stop()}function Tt(w,O){w.set(O)}function ge(w){this.$el.css(w)}function ot(w,O){t[w]=function(){return this.children?ye.call(this,O,arguments):(this.el&&O.apply(this,arguments),this)}}function ye(w,O){var Y,N=this.children.length;for(Y=0;N>Y;Y++)w.appl
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 74 68 69 73 2e 65 6c 3d 6f 5b 30 5d 3b 76 61 72 20 63 3d 6d 5b 30 5d 3b 78 5b 32 5d 26 26 28 63 3d 78 5b 32 5d 29 2c 48 74 5b 63 5d 26 26 28 63 3d 48 74 5b 63 5d 29 2c 74 68 69 73 2e 6e 61 6d 65 3d 63 2c 74 68 69 73 2e 74 79 70 65 3d 78 5b 31 5d 2c 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 3d 52 28 6d 5b 31 5d 2c 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 2c 73 2e 64 75 72 61 74 69 6f 6e 29 2c 74 68 69 73 2e 65 61 73 65 3d 69 28 6d 5b 32 5d 2c 74 68 69 73 2e 65 61 73 65 2c 73 2e 65 61 73 65 29 2c 74 68 69 73 2e 64 65 6c 61 79 3d 52 28 6d 5b 33 5d 2c 74 68 69 73 2e 64 65 6c 61 79 2c 73 2e 64 65 6c 61 79 29 2c 74 68 69 73 2e 73 70 61 6e 3d 74 68 69 73 2e 64 75 72 61 74 69 6f 6e 2b 74 68 69 73 2e 64 65 6c 61 79 2c 74 68 69 73 2e 61 63 74 69 76 65 3d 21 31 2c 74 68 Data Ascii: this.el=o[0];var c=m[0];x[2]&&(c=x[2]),Ht[c]&&(c=Ht[c]),this.name=c,this.type=x[1],this.duration=R(m[1],this.duration,s.duration),this.ease=i(m[2],this.ease,s.ease),this.delay=R(m[3],this.delay,s.delay),this.span=this.duration+this.delay,this.active=!1,th
2025-03-19 00:47:14 UTC	1369	IN	Data Raw: 65 78 74 53 74 79 6c 65 3d 6e 75 6c 6c 2c 62 74 28 74 68 69 73 2e 65 6c 2c 74 68 69 73 2e 6e 61 6d 65 2c 74 68 69 73 2e 67 65 74 28 29 29 29 3b 76 61 72 20 6f 3d 74 68 69 73 2e 74 77 65 65 6e 3b 6f 26 26 6f 2e 63 6f 6e 74 65 78 74 26 26 6f 2e 64 65 73 74 72 6f 79 28 29 7d 2c 74 2e 63 6f 6e 76 65 72 74 3d 66 75 6e 63 74 69 6f 6e 28 6f 2c 6d 29 7b 69 66 28 6f 3d 3d 22 61 75 74 6f 22 26 26 74 68 69 73 2e 61 75 74 6f 29 72 65 74 75 72 6e 20 6f 3b 76 61 72 20 78 2c 4b 3d 74 79 70 65 6f 66 20 6f 3d 3d 22 6e 75 6d 62 65 72 22 2c 63 3d 74 79 70 65 6f 66 20 6f 3d 3d 22 73 74 72 69 6e 67 22 3b 73 77 69 74 63 68 28 6d 29 7b 63 61 73 65 20 66 3a 69 66 28 4b 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 63 26 26 6f 2e 72 65 70 6c 61 63 65 28 7a 2c 22 22 29 3d 3d 3d 22 22 29 Data Ascii: extStyle=null,bt(this.el,this.name,this.get()));var o=this.tween;o&&o.context&&o.destroy()},t.convert=function(o,m){if(o=="auto"&&this.auto)return o;var x,K=typeof o=="number",c=typeof o=="string";switch(m){case f:if(K)return o;if(c&&o.replace(z,"")==="")

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49694	52.222.232.144	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:14 UTC	648	OUT	GET /js/jquery-3.5.1.min.dc5e7f18c8.js?site=652a35b0d18b14276290b333 HTTP/1.1 Host: d3e54v103j8qbb.cloudfront.net Connection: keep-alive Origin: https://kucoinrxlogine.webflow.io sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://kucoinrxlogine.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:14 UTC	550	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 89476 Connection: close Last-Modified: Mon, 20 Jul 2020 17:53:02 GMT Accept-Ranges: bytes Server: AmazonS3 Date: Wed, 19 Mar 2025 00:14:30 GMT Cache-Control: max-age=84600, must-revalidate Etag: "dc5e7f18c8d36ac1d3d4753a87c98d0a" Via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront) Age: 1966 Access-Control-Allow-Origin: * X-Cache: Hit from cloudfront X-Amz-Cf-Pop: FRA56-P4 X-Amz-Cf-Id: AEYGNzZIlm9sHlSLV9NnzpWMGGPknaZccHztwEUNlWNCisG8w47Adw==
2025-03-19 00:47:14 UTC	15834	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 Data Ascii: /! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
2025-03-19 00:47:15 UTC	16384	IN	Data Raw: 74 4e 6f 64 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 3d 79 21 3d 3d 6d 3f 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 3a 22 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 22 2c 63 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 78 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 70 3d 21 6e 26 26 21 78 2c 64 3d 21 31 3b 69 66 28 63 29 7b 69 66 28 79 29 7b 77 68 69 6c 65 28 6c 29 7b 61 3d 65 3b 77 68 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 Data Ascii: tNode}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"
2025-03-19 00:47:15 UTC	16384	IN	Data Raw: 3f 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 53 2e 72 65 61 64 79 29 3a 28 45 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 42 29 2c 43 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 42 29 29 3b 76 61 72 20 24 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 2c 61 29 7b 76 61 72 20 73 3d 30 2c 75 3d 65 2e 6c 65 6e 67 74 68 2c 6c 3d 6e 75 6c 6c 3d 3d 6e 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 28 6e 29 29 66 6f 72 28 73 20 69 6e 20 69 3d 21 30 2c 6e 29 24 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f Data Ascii: ?C.setTimeout(S.ready):(E.addEventListener("DOMContentLoaded",B),C.addEventListener("load",B));var $=function(e,t,n,r,i,o,a){var s=0,u=e.length,l=null==n;if("object"===w(n))for(s in i=!0,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)\|\|(a=!0),l&&(a?
2025-03-19 00:47:15 UTC	16384	IN	Data Raw: 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 7d 2c 6c 29 3a 62 28 75 2e 74 65 78 74 43 6f 6e 74 65 6e 74 2e 72 65 70 6c 61 63 65 28 6a 65 2c 22 22 29 2c 75 2c 6c 29 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 74 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 2c 69 3d 74 3f 53 2e 66 69 6c 74 65 72 28 74 2c 65 29 3a 65 2c 6f 3d 30 3b 6e 75 6c 6c 21 3d 28 72 3d 69 5b 6f 5d 29 3b 6f 2b 2b 29 6e 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 63 6c 65 61 6e 44 61 74 61 28 76 65 28 72 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 6e 26 26 69 65 28 72 29 26 26 79 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 72 29 29 3b 72 65 74 75 72 6e 20 65 Data Ascii: bute("nonce")},l):b(u.textContent.replace(je,""),u,l))}return n}function Re(e,t,n){for(var r,i=t?S.filter(t,e):e,o=0;null!=(r=i[o]);o++)n\|\|1!==r.nodeType\|\|S.cleanData(ve(r)),r.parentNode&&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return e
2025-03-19 00:47:15 UTC	16384	IN	Data Raw: 65 65 64 73 5b 72 5d 7c 7c 72 2c 65 3d 65 7c 7c 22 66 78 22 2c 74 68 69 73 2e 71 75 65 75 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 65 2c 72 29 3b 74 2e 73 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 43 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 6e 29 7d 7d 29 7d 2c 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 2c 69 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 79 2e 6f 70 Data Ascii: eeds[r]\|\|r,e=e\|\|"fx",this.queue(e,function(e,t){var n=C.setTimeout(e,r);t.stop=function(){C.clearTimeout(n)}})},rt=E.createElement("input"),it=E.createElement("select").appendChild(E.createElement("option")),rt.type="checkbox",y.checkOn=""!==rt.value,y.op
2025-03-19 00:47:15 UTC	8106	IN	Data Raw: 73 2e 63 68 69 6c 64 4e 6f 64 65 73 29 7d 29 2c 74 68 69 73 7d 7d 29 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 53 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 Data Ascii: s.childNodes)}),this}}),S.expr.pseudos.hidden=function(e){return!S.expr.pseudos.visible(e)},S.expr.pseudos.visible=function(e){return!!(e.offsetWidth\|\|e.offsetHeight\|\|e.getClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpReques

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49689	142.250.184.228	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:15 UTC	575	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiKo8sBCIWgzQEI59DNAQi91c4BCIHWzgEIvODOAQiu5M4BCIvlzgEY4eLOAQ== Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:15 UTC	1303	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:15 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-gnGF0xa8ob6aa5-ehGiM2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Downlink Accept-CH: RTT Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2025-03-19 00:47:15 UTC	87	IN	Data Raw: 64 34 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 69 6e 61 6c 20 6a 65 6f 70 61 72 64 79 22 2c 22 70 65 70 73 69 63 6f 20 62 75 79 73 20 70 72 65 62 69 6f 74 69 63 20 73 6f 64 61 20 62 72 61 6e 64 20 70 6f 70 70 69 22 2c 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 Data Ascii: d40)]}'["",["final jeopardy","pepsico buys prebiotic soda brand poppi","snow storm w
2025-03-19 00:47:15 UTC	1390	IN	Data Raw: 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 73 70 72 69 6e 67 20 62 72 65 61 6b 20 74 72 61 76 65 6c 20 77 61 72 6e 69 6e 67 20 66 62 69 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 67 61 6d 65 73 22 2c 22 6d 6c 62 20 62 61 73 65 62 61 6c 6c 22 2c 22 6c 65 67 6f 20 70 6f 6b 65 6d 6f 6e 20 73 65 74 73 20 32 30 32 36 22 2c 22 63 61 6c 69 66 6f 72 6e 69 61 20 6c 6f 74 74 65 72 79 20 77 69 6e 6e 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 6f 49 6b 6b 34 53 46 51 6f 52 56 48 Data Ascii: eather forecast","spring break travel warning fbi","nintendo switch games","mlb baseball","lego pokemon sets 2026","california lottery winner"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVH
2025-03-19 00:47:15 UTC	1390	IN	Data Raw: 56 53 4e 6a 4d 7a 54 6d 68 49 56 46 42 73 65 44 6b 32 5a 54 42 33 4e 55 78 36 53 32 77 77 4e 54 56 36 4f 55 68 74 57 46 64 57 51 56 42 4a 52 7a 5a 74 54 57 6c 4d 52 54 4a 43 65 46 42 79 61 6a 42 30 59 32 78 72 59 58 56 73 4e 6b 74 5a 62 31 4a 75 54 6c 4a 72 4e 6c 51 33 52 6d 70 51 56 55 64 30 4d 44 46 4e 64 33 56 77 56 56 64 61 59 6c 4d 30 56 44 67 31 4d 6c 68 56 62 45 46 51 55 48 6c 72 61 54 42 44 62 57 46 55 54 55 31 54 55 31 6f 72 57 6e 42 4e 4c 30 78 54 59 6e 46 46 4f 45 49 35 56 46 4e 31 52 33 4e 72 57 45 4a 35 53 58 4e 52 55 6e 56 4d 55 6e 46 4b 61 57 4a 4d 62 45 45 78 51 54 41 79 55 32 34 35 61 46 4e 54 61 32 4a 69 61 56 70 5a 52 7a 51 35 65 69 39 42 53 6b 31 4f 4e 6d 63 77 4b 31 52 79 53 47 68 73 55 6d 46 57 55 48 46 42 55 6b 39 56 63 47 78 77 55 Data Ascii: VSNjMzTmhIVFBseDk2ZTB3NUx6S2wwNTV6OUhtWFdWQVBJRzZtTWlMRTJCeFByajB0Y2xrYXVsNktZb1JuTlJrNlQ3RmpQVUd0MDFNd3VwVVdaYlM0VDg1MlhVbEFQUHlraTBDbWFUTU1TU1orWnBNL0xTYnFFOEI5VFN1R3NrWEJ5SXNRUnVMUnFKaWJMbEExQTAyU245aFNTa2JiaVpZRzQ5ei9BSk1ONmcwK1RySGhsUmFWUHFBUk9VcGxwU
2025-03-19 00:47:15 UTC	532	IN	Data Raw: 56 6e 4e 76 62 56 56 49 53 55 64 77 4c 79 38 79 55 54 30 39 4f 67 4e 4e 54 45 4a 4b 42 79 4d 30 4d 6a 51 79 4e 44 4a 53 4e 57 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 45 55 44 46 55 5a 58 64 4d 52 45 45 77 54 56 64 45 4d 44 52 7a 62 6b 35 54 56 6b 70 4a 55 32 6c 34 54 31 52 56 63 6b 31 35 55 55 56 42 56 55 68 72 53 45 35 42 63 41 64 77 46 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 22 2d 34 39 30 34 36 35 31 33 37 34 39 37 30 38 34 31 33 34 38 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c Data Ascii: VnNvbVVISUdwLy8yUT09OgNNTEJKByM0MjQyNDJSNWdzX3NzcD1lSnpqNHREUDFUZXdMREEwTVdEMDRzbk5TVkpJU2l4T1RVck15UUVBVUhrSE5BcAdwFw\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"-4904651374970841348","google:suggestrelevance":[1257,1256,
2025-03-19 00:47:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49696	172.64.153.55	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:15 UTC	715	OUT	GET /652a35b0d18b14276290b333/652a35d79a8da6be30e9d7c4_kucoin%20new%20bnner.png HTTP/1.1 Host: assets-global.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://kucoinrxlogine.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:15 UTC	708	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:15 GMT Content-Type: image/png Content-Length: 236975 Connection: close x-amz-id-2: 1HvAkuhlA4b74c03xJdrEKEG13xL3uQbU6l4udZW0U+Do7zS3s+0RuE1QNh/LJrv4g5unegtX9NUXaVvY206pcOPt9Gc506ZVg8K8k0xRPI= x-amz-request-id: 2XC1QGQB7XXKHG31 Last-Modified: Sat, 14 Oct 2023 06:31:54 GMT ETag: "0b9c6ecfa1ba8dd2ed1ac59c946ac095" x-amz-storage-class: INTELLIGENT_TIERING x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: TtlyL5NjEd5VXBDOLzRLntV56F9b1gNo CF-Cache-Status: HIT Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 9228f5191d3a4cb4-PHL alt-svc: h3=":443"; ma=86400
2025-03-19 00:47:15 UTC	661	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 05 44 00 00 02 6a 08 06 00 00 00 e3 7d 4a 9f 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 20 00 49 44 41 54 78 5e ec 7d 07 98 a4 45 b9 f5 e9 34 39 e7 d9 9c 73 de 65 97 b4 b0 b0 64 01 15 41 24 88 8a 78 cd d9 eb fd bd 66 bd 5e 6e 32 27 50 11 50 0c 80 28 8a 64 96 b4 cb 06 76 17 36 e7 1c 66 27 e7 dc 61 fe e7 54 77 f5 7c fd 4d e7 e9 e9 e9 99 79 eb 81 67 76 e6 4b 55 a7 d2 5b a7 ce fb 96 a5 af af af 0f 92 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 40 10 18 03 08 58 84 10 1d 03 b5 2c 45 14 04 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 85 80 10 a2 d2 10 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 40 10 10 04 Data Ascii: PNGIHDRDj}JsRGB IDATx^}E49sedA$xf^n2'PP(dv6f'aTw\|MygvKU[A@A@A@A@A@X,EA@A@A@A@A@A@A@
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: 80 c5 62 81 d5 6a 85 fe 69 b3 d9 12 fc 05 79 9d 20 20 08 08 02 a9 87 40 a8 b9 6c a4 8c 89 42 88 a6 5e 9b 92 1c 09 02 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 c0 28 42 80 c4 a7 cb e5 02 17 8f fc b7 a4 d1 8f 00 09 01 12 a3 76 bb 5d 11 a5 92 04 01 41 40 10 18 e9 08 0c 66 2e 4b c5 31 51 08 d1 91 de 22 25 ff 82 80 20 20 08 08 02 82 80 20 20 08 08 02 82 80 20 90 92 08 e8 c5 23 c9 50 49 63 17 01 92 a2 42 8c 8e dd fa 1f 2d 25 3f 72 e4 08 d6 ad 5b 87 f5 eb d7 a3 a6 a6 06 cd cd cd ea ff 9e 9e 9e d1 52 c4 84 95 23 3d 3d 1d 05 05 05 ea ff f2 f2 72 ac 5e bd 1a 6b d7 ae c5 8c 19 33 12 f6 8d 64 be 28 d1 73 59 aa 8c 89 42 88 26 b3 15 c9 b7 04 01 41 40 10 10 04 04 01 41 40 10 10 04 04 01 41 60 d4 23 90 e8 c5 e3 a8 07 6c 8c 14 90 24 80 c3 e1 18 23 a5 95 62 8e 16 04 fe Data Ascii: bjiy @lB^ (Bv]A@f.K1Q"% #PIcB-%?r[R#==r^k3d(sYB&A@A@A`#l$#b
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: 60 a1 21 43 52 74 5e 76 71 58 7c 79 aa e7 7f 1e 7f 53 dd 73 61 c1 38 5c 55 34 39 e0 fe fb cf ee c2 b9 9e 0e f5 b7 35 85 13 b0 a6 70 a2 fa f7 a1 ce 26 fc b1 fa 80 fa f7 6d 15 73 30 3b ab 30 e0 b9 fb ce ee 44 75 4f 27 48 ce 7e 64 fc c2 a0 79 a8 ed ed c4 83 e7 f6 c2 dd e7 c1 d2 dc 32 ac ca ab 0c bb 23 cd fb 1f af 3d 84 ba 5e af 01 3d 21 23 07 b7 94 cd 0a 1a 5a a0 db e3 c2 7f 9d d8 aa ee 3b 3f bf 12 d7 14 4f f1 e7 81 6a 84 ef 1c db 1c b2 cc ac 87 fb ce ec 52 d7 df 51 32 15 e7 e5 55 0c b6 8d fa 9f 8f b7 e3 25 2c 03 f2 22 41 40 10 10 04 04 01 41 40 10 10 04 52 00 81 d1 4a 88 fe e0 e4 36 1c eb 6a c5 37 a6 9d 8f b2 b4 ac a4 23 9d 88 ef 0f 05 21 4a 75 28 95 35 83 4d 55 55 55 78 eb ad b7 c0 9f 3c d4 82 89 8b c1 f1 e3 c7 63 f9 f2 e5 a8 a8 48 9c dd 3e d8 bc ca f3 43 Data Ascii: `!CRt^vqX\|ySsa8\U495p&ms0;0DuO'H~dy2#=^=!#Z;?OjRQ2U%,"A@A@RJ6j7#!Ju(5MUUUx<cH>C
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: d5 9f be f9 cd 6f 46 1c f3 79 3f e7 a2 9f fc e4 27 fe f9 88 ee 6c 1c 67 53 f1 14 62 dd 56 38 5f fe cf ff fc 0f f2 f2 f2 fc c5 a7 2b 31 17 37 2c 0b 17 22 c1 da 54 2a b5 fb 44 e4 25 56 42 b4 c4 9e 89 f7 8f 9b 07 b7 c7 83 75 4d a7 f0 5a d3 69 5c 50 30 4e d9 70 19 d6 c4 da 3a 83 29 5f bc 84 e4 68 26 44 39 5f 70 b3 6c 30 e9 f4 e9 d3 78 ea a9 a7 70 e1 85 17 2a 82 20 58 a2 5d b1 6d db 36 dc 7c f3 cd 28 2d 0d 2d 08 31 3e cb be 47 22 95 71 01 5b 5b 5b 95 bd 49 a2 87 8b 7e fe 3b 99 89 df df b4 69 13 e6 cc 99 83 c9 93 03 bd f6 92 99 8f 91 f0 2d da cd 89 5e e3 8c 84 72 0f 77 1e c7 2a 21 4a 5b 83 e4 64 b2 12 d7 65 8f 3e fa 28 16 2d 5a 84 f6 f6 76 9c 3d 7b 16 99 99 99 ca fe ef ec ec c4 7f fe e7 7f a2 a7 a7 47 ad 21 b9 51 f4 f9 cf 7f 3e a1 59 1b 69 84 e8 f7 be f7 3d a5 Data Ascii: oFy?'lgSbV8_+17,"TD%VBuMZi\P0Np:)_h&D9_pl0xp X]m6\|(--1>G"q[[[I~;i-^rw*!J[de>(-Zv={G!Q>Yi=
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: 22 e2 6e 34 d5 2a 34 22 0f 1c 38 a0 76 9d cc 8b 79 2e 6a 49 e8 71 a0 e3 bb 99 78 1f 77 a9 b8 98 e3 60 cc 01 91 24 17 77 b6 39 28 72 a2 e3 e4 c7 77 73 50 a6 6a 47 13 61 24 bc ba ba ba 54 1e 28 73 a7 1c 9f 04 0d dd 22 18 20 9f 4a 23 4e 86 24 1b 48 08 dd 70 c3 0d 98 39 73 a6 72 19 08 37 d9 c6 30 76 0c f9 ad 9a d4 22 ae c4 99 93 0e 8d 6e 26 12 cc 54 33 b1 9c c4 c8 48 88 f2 5e c6 c8 22 56 c4 83 ae f0 56 ab d5 8f 9d c6 57 1b ef 46 97 12 1a d4 ac 43 4e 7a fc 16 31 27 09 b6 79 f3 66 b5 98 a0 0c 9f d7 d8 2e f8 37 12 91 dc 59 23 89 45 23 83 75 c8 ba db b9 73 27 26 4d 9a 04 ba 6c f0 fe a1 4c da e8 31 aa 42 75 5b e4 77 49 aa b0 4c 57 5c 71 85 32 80 a9 e6 e0 33 34 14 e8 0a 6f 74 2d 23 e6 eb d7 af 57 6d 89 d7 59 3e 63 ff 60 9b a5 6b 1d fb 00 49 14 b6 f3 54 24 ef 74 db Data Ascii: "n4*4"8vy.jIqxw`$w9(rwsPjGa$T(s" J#N$Hp9sr70v"n&T3H^"VVWFCNz1'yf.7Y#E#us'&MlL1Bu[wILW\q234ot-#WmY>c`kIT$t
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: 16 15 3c 2c 81 ed 89 aa 5a 12 2e 5c f8 73 f1 40 52 9d c4 0b 8d 07 b6 33 4e e2 34 b0 68 1c 71 61 c4 b6 49 d2 9e ed 9b 7f a7 51 40 ec 79 9d 93 36 5d eb fe ed df fe 2d e2 c2 29 52 19 12 7d 3d 18 21 ca 6f b0 cf b0 3d 50 2d c3 05 1c db 07 8d 20 f6 5d 2e c4 74 ff 66 bf 26 a9 6e 6e 2f 7c 87 26 f0 b8 08 a4 31 c3 e7 19 b3 91 a4 25 d5 76 ac 73 92 35 c4 39 18 d6 dc f9 35 f7 4d 8e 37 7a ac a1 d1 45 03 8b fd 59 13 b7 34 24 b9 c3 4e 63 98 75 17 aa 5d b2 9d 71 e7 9b 2e d3 6c b3 34 d6 a8 e0 e1 ce ef f5 d7 7b d5 61 a9 94 22 a9 25 e2 ed cf c4 81 46 3f 37 4e b8 e1 94 68 c5 7f a2 30 34 d6 2b 17 40 6c 3f ac 37 2a 1d d9 af 48 e4 b2 2e 49 08 d0 c3 80 06 5b a8 ba 27 f9 49 c2 9f 7d 9e 4a 08 8e 81 ec a3 0c ff 42 63 3d 52 18 86 37 de 78 43 cd 5b 54 52 5c 7c 71 7f 0c c6 44 95 75 b0 Data Ascii: <,Z.\s@R3N4hqaIQ@y6]-)R}=!o=P- ].tf&nn/\|&1%vs595M7zEY4$Ncu]q.l4{a"%F?7Nh04+@l?7*H.I['I}JBc=R7xC[TR\\|qDu
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: 18 70 8c e0 66 0a 17 25 dc 94 20 09 ca ff e9 9e 45 4c 48 66 b2 8f 72 e3 87 9b 0f e1 c6 24 5d f7 da fd 8b e4 84 5e f0 84 22 84 49 26 12 63 8e 65 cc 0b db e6 6d b7 dd 16 51 f5 3d 1c 58 e9 85 24 f1 61 fd 32 af 1c 57 39 ef f2 df 5c 80 90 0c e6 66 14 eb 9c 1b 37 ec 27 6c 5f 6c 0b 5c 74 90 30 e6 c6 05 c7 65 92 2a e6 fe cd 79 60 a4 8c 71 b1 12 a2 c6 43 95 d8 fe 57 e5 57 e2 d7 73 ae 54 6e ef ff ef c8 7a 3c 72 6e 3f 3e 30 6e 1e a6 66 16 a8 39 94 de 52 0e 8b 4d 29 48 49 08 56 75 b7 ab c3 43 ef de ff 1c a6 67 16 e0 40 47 23 7e 3f ff 3a 7c e1 f0 6b 28 4b cb c4 9f 16 bc 43 6d b0 37 bb ba f1 62 e3 29 6c 6c ae c2 e1 ce 26 25 14 b8 7b dc 02 7c 69 d2 8a 00 25 26 0f 37 a2 da f4 3f 4e 6c c6 cf 66 af c5 7b ca 66 aa 6e 69 8c 21 da e9 71 2a 82 d4 6a b1 e0 ce 8a b9 2a ec d3 dc Data Ascii: pf% ELHfr$]^"I&cemQ=X$a2W9\f7'l_l\t0ey`qCWWsTnz<rn?>0nf9RM)HIVuCg@G#~?:\|k(KCm7b)ll&%{\|i%&7?Nlf{fni!qj*
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: f6 bb f1 50 25 c6 5b e4 38 c8 fb c5 45 3c b0 36 87 72 f1 1f 4d bb 19 8b f7 84 23 44 83 5d d3 87 2a 72 6e e2 1a 4c cf 5f 5a f1 cc 67 46 02 21 ca b8 9d 66 51 cd 50 d6 3f 45 2d dc 14 e1 37 b5 ab 3e 09 50 6e 92 d2 ae e3 78 c8 f1 c0 4c 88 32 4f b4 a3 19 4f 7d 28 09 51 e6 89 1e 86 14 51 18 09 51 12 a1 b4 d7 48 8c 32 af c9 4a 23 95 10 8d e7 f0 a4 70 98 0e e5 98 38 ec 84 28 0b fe a1 71 0b f0 9b b9 57 f9 29 d1 5d ed 75 58 b2 e5 f7 7e 4c 76 9f ff 01 cc cf 0e 34 ae 22 35 42 a3 cb 3c ef a5 db fd e7 27 2d 57 6e 47 4c b7 57 cc 51 07 1f 99 53 bc 84 28 df 7b ff d9 5d ea 75 e7 56 7f 0c e5 69 81 31 c1 cc df 61 20 fd e9 1b 1f 50 7f 0e e6 c2 7f fb 9e a7 f1 67 9f 42 d4 79 f9 e7 61 b3 78 09 e3 68 15 a2 24 44 89 a9 91 58 bd a5 6c 16 1e af 3d a4 de c3 58 ad 8c d9 9a a8 14 cf 4e Data Ascii: P%[8E<6rM#D]*rnL_ZgF!fQP?E-7>PnxL2OO}(QQQH2J#p8(qW)]uX~Lv4"5B<'-WnGLWQS({]uVi1a PgByaxh$DXl=XN
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: 2a c3 18 73 52 9f 78 6d 24 44 b9 88 e2 75 12 f8 24 21 b8 b0 62 22 a9 1a cd 29 b2 c3 dd 76 98 57 4d 52 d2 08 a1 92 8e 2a 57 1a 4d 5c 94 69 77 6a 2e c4 f8 3f d5 2b e6 fa e5 3b cc c6 ac ee c3 5c c4 91 a4 a1 9b 0c fb 7f 38 ac a3 21 44 b9 78 a4 cb 2f c7 13 aa 6c b8 50 d4 fd 3e 5c bb d4 27 fc d2 d5 91 44 28 c7 24 92 a1 7a 3c e3 a1 50 a9 d2 bf 83 e1 69 cc 9b 6e 9f f1 f4 e7 78 08 51 7e 9b f5 c9 31 8e 6d 80 8a cd 64 28 8a f4 81 7b ec 53 54 3c 72 73 81 1b 2b dc 74 21 91 c0 cd 0b dd 27 c3 d5 3d f3 ce fb 98 34 21 ca 31 c9 e8 55 a0 f1 65 5f 60 0c 64 92 12 7c 3f c7 b3 48 6a 52 73 bb 49 36 56 c6 be c7 7c b3 cf 72 0e e2 3c c7 cd 02 2e 26 8c 84 68 30 ac 8c aa 51 f6 57 23 21 ca f2 8c a4 31 2e 5e 42 94 f5 b8 a5 b5 1a 77 ee 79 06 33 b3 0a 14 b9 b9 b7 a3 51 fd 4e 37 f6 ff 9e Data Ascii: sRxm$Du$!b")vWMRWM\iwj.?+;\8!Dx/lP>\'D($z<PinxQ~1md({ST<rs+t!'=4!1Ue_`d\|?HjRsI6V\|r<.&h0QW#!1.^Bwy3QN7
2025-03-19 00:47:15 UTC	1369	IN	Data Raw: ca cd 79 a6 cf 1c 7c 05 cf 34 1c c7 9f 16 5c a7 4e 5b a7 7d fd 9e 5d 4f e1 e2 fc f1 fe c3 86 18 a7 f4 ae bd cf e1 2d df 01 a3 f3 73 4a 71 a2 ab 05 2b f3 2b d4 bb 78 3f 13 63 79 92 7c 65 a2 4a f4 df 8f 6c 40 87 db a9 4e 92 a7 b7 15 0f 53 22 21 3a 31 23 17 ff 75 e2 4d e5 1d 45 5b 96 6a d5 8b 0a c6 e3 fe 39 57 a0 d4 e4 25 15 2d 21 4a b2 95 f6 f2 73 f5 27 94 6b ff 84 8c 1c f4 78 3c 28 73 64 f9 09 d1 7d 1d 0d 28 4b cb c6 9e f6 3a 95 c7 cb 8b 26 e3 d7 73 af 40 8e 2d 2d 52 97 50 d7 13 4d 88 72 3c d0 f3 67 54 19 08 71 13 bd 94 18 7f 93 6a 20 8e 07 3a 46 28 55 9c 5c 90 d3 86 61 e2 5c 68 24 38 43 7d 93 73 28 09 4c 3e c7 85 3c df 47 1b 97 f3 28 37 8f b9 c8 66 be 19 33 94 e3 1b df c9 71 95 f3 9f 26 80 38 27 73 bc a5 7d ad c9 53 de 13 ca 65 9e 24 29 df c7 98 a1 74 c3 Data Ascii: y\|4\N[}]O-sJq++x?cy\|eJl@NS"!:1#uME[j9W%-!Js'kx<(sd}(K:&s@--RPMr<gTqj :F(U\a\h$8C}s(L><G(7f3q&8's}Se$)t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49697	104.18.161.117	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:15 UTC	706	OUT	GET /652a35b0d18b14276290b333/652a37d5763ab4f523ccf249_kucoin%20favicon.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: https://kucoinrxlogine.webflow.io/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:16 UTC	676	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:16 GMT Content-Type: image/png Content-Length: 1312 Connection: close x-amz-id-2: mtZJSIHBSNToDZAG2IaLaEGfaTXelEzwJuu4jtNCsiot5qz9Jf9PQAfyEfT+cxYlah37QUYSbBT4vmVQRr3ds9BUDaN4OZ2jUv6uwG3t83w= x-amz-request-id: 0SNFNTH80W35VSRJ Last-Modified: Sat, 14 Oct 2023 06:40:22 GMT ETag: "c1d7f1e816f43a77603a5204a7a1029a" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: .ytqWbU1iao9obXuA4dwoOCm8mNFt4RN CF-Cache-Status: HIT Age: 93240 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 9228f51ce9a941a3-EWR alt-svc: h3=":443"; ma=86400
2025-03-19 00:47:16 UTC	693	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 b5 49 44 41 54 58 47 c5 97 6b 4c 9b 55 18 c7 ff bd d1 42 0b 93 30 54 2e c5 6d b0 ab 9b 66 99 4e 1c 43 8c c8 bc 8c e0 14 34 33 ca e2 12 13 8d 9a 25 4b f6 85 c4 25 1a 3e 10 2f d1 e8 37 33 dc e6 c2 4c 16 18 2e 51 c6 50 d1 c4 39 13 65 97 0f 88 38 b7 39 81 72 71 63 d4 d2 2b 2d 2d 3e cf e9 79 a1 b4 6f a1 85 4d 7f 84 c0 39 a7 7d ff ff f3 9c e7 3c e7 bc 9a 29 02 92 86 ee d3 38 39 78 11 c3 1e a7 68 6b 34 1a f1 77 b1 28 12 39 69 e9 78 32 6f 35 ea 36 94 8a 36 23 0c f4 bb 1d 58 7b e2 63 58 0c 29 48 d3 19 a0 23 e1 Data Ascii: PNGIHDR szzsRGBgAMAapHYs+IDATXGkLUB0T.mfNC43%K%>/73L.QP9e89rqc+-->yoM9}<)89xhk4w(9ix2o566#X{cX)H#
2025-03-19 00:47:16 UTC	619	IN	Data Raw: fd 3e 51 0b ec 3b eb f0 f2 ca 4d 74 d8 4c c2 a4 d5 e1 ce e6 77 b1 a7 eb 24 ee 6f fb 04 dd 63 23 22 42 6a 24 6d e0 9b a1 2b d3 33 e7 ed fa 1a 55 c1 ca fc d5 74 90 e9 50 bf b1 1c cb 2d b7 89 cf 59 f4 29 68 fd ab 07 d7 7d 2e 98 e9 94 8d 47 d2 06 1c 54 f7 39 b8 5c c7 38 ca 46 12 8e 84 8d 30 3c ce 45 8b 7f e6 22 69 03 35 77 ad c3 a9 47 77 89 4a 98 46 27 e8 47 bd 3f e1 c7 6b fd 62 ec fd 9e 33 b8 e8 18 15 a2 63 b4 34 e5 39 2b c4 29 eb 9d 0c 88 71 35 54 4b f1 38 cd 72 ff fa 32 bc b1 ae 58 f6 c4 d2 39 fc 27 9e f8 f6 08 ac 74 a9 f8 c7 ef a5 2c 0f 22 9d 42 cd c9 e6 9a f4 63 a0 7a df f4 11 ff 70 c7 41 5c 75 da 91 a2 9b 1d 2d 26 e1 08 74 db ff 96 ff 85 e1 d9 b5 53 24 06 28 12 99 5c 03 e8 ba a5 88 db 22 c4 99 57 57 6d a6 7c 51 8f 42 c2 06 9e 3f dd 82 2f 6d bf cb 56 18 Data Ascii: >Q;MtLw$oc#"Bj$m+3UtP-Y)h}.GT9\8F0<E"i5wGwJF'G?kb3c49+)q5TK8r2X9't,"BczpA\u-&tS$(\"WWm\|QB?/mV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49698	104.18.161.117	443	3528	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-19 00:47:16 UTC	460	OUT	GET /652a35b0d18b14276290b333/652a37d5763ab4f523ccf249_kucoin%20favicon.png HTTP/1.1 Host: cdn.prod.website-files.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-19 00:47:16 UTC	676	IN	HTTP/1.1 200 OK Date: Wed, 19 Mar 2025 00:47:16 GMT Content-Type: image/png Content-Length: 1312 Connection: close x-amz-id-2: mtZJSIHBSNToDZAG2IaLaEGfaTXelEzwJuu4jtNCsiot5qz9Jf9PQAfyEfT+cxYlah37QUYSbBT4vmVQRr3ds9BUDaN4OZ2jUv6uwG3t83w= x-amz-request-id: 0SNFNTH80W35VSRJ Last-Modified: Sat, 14 Oct 2023 06:40:22 GMT ETag: "c1d7f1e816f43a77603a5204a7a1029a" x-amz-server-side-encryption: AES256 Cache-Control: max-age=31536000, must-revalidate x-amz-version-id: .ytqWbU1iao9obXuA4dwoOCm8mNFt4RN CF-Cache-Status: HIT Age: 93241 Accept-Ranges: bytes Access-Control-Allow-Origin: * Server: cloudflare CF-RAY: 9228f5223e854261-EWR alt-svc: h3=":443"; ma=86400
2025-03-19 00:47:16 UTC	693	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 04 b5 49 44 41 54 58 47 c5 97 6b 4c 9b 55 18 c7 ff bd d1 42 0b 93 30 54 2e c5 6d b0 ab 9b 66 99 4e 1c 43 8c c8 bc 8c e0 14 34 33 ca e2 12 13 8d 9a 25 4b f6 85 c4 25 1a 3e 10 2f d1 e8 37 33 dc e6 c2 4c 16 18 2e 51 c6 50 d1 c4 39 13 65 97 0f 88 38 b7 39 81 72 71 63 d4 d2 2b 2d 2d 3e cf e9 79 a1 b4 6f a1 85 4d 7f 84 c0 39 a7 7d ff ff f3 9c e7 3c e7 bc 9a 29 02 92 86 ee d3 38 39 78 11 c3 1e a7 68 6b 34 1a f1 77 b1 28 12 39 69 e9 78 32 6f 35 ea 36 94 8a 36 23 0c f4 bb 1d 58 7b e2 63 58 0c 29 48 d3 19 a0 23 e1 Data Ascii: PNGIHDR szzsRGBgAMAapHYs+IDATXGkLUB0T.mfNC43%K%>/73L.QP9e89rqc+-->yoM9}<)89xhk4w(9ix2o566#X{cX)H#
2025-03-19 00:47:16 UTC	619	IN	Data Raw: fd 3e 51 0b ec 3b eb f0 f2 ca 4d 74 d8 4c c2 a4 d5 e1 ce e6 77 b1 a7 eb 24 ee 6f fb 04 dd 63 23 22 42 6a 24 6d e0 9b a1 2b d3 33 e7 ed fa 1a 55 c1 ca fc d5 74 90 e9 50 bf b1 1c cb 2d b7 89 cf 59 f4 29 68 fd ab 07 d7 7d 2e 98 e9 94 8d 47 d2 06 1c 54 f7 39 b8 5c c7 38 ca 46 12 8e 84 8d 30 3c ce 45 8b 7f e6 22 69 03 35 77 ad c3 a9 47 77 89 4a 98 46 27 e8 47 bd 3f e1 c7 6b fd 62 ec fd 9e 33 b8 e8 18 15 a2 63 b4 34 e5 39 2b c4 29 eb 9d 0c 88 71 35 54 4b f1 38 cd 72 ff fa 32 bc b1 ae 58 f6 c4 d2 39 fc 27 9e f8 f6 08 ac 74 a9 f8 c7 ef a5 2c 0f 22 9d 42 cd c9 e6 9a f4 63 a0 7a df f4 11 ff 70 c7 41 5c 75 da 91 a2 9b 1d 2d 26 e1 08 74 db ff 96 ff 85 e1 d9 b5 53 24 06 28 12 99 5c 03 e8 ba a5 88 db 22 c4 99 57 57 6d a6 7c 51 8f 42 c2 06 9e 3f dd 82 2f 6d bf cb 56 18 Data Ascii: >Q;MtLw$oc#"Bj$m+3UtP-Y)h}.GT9\8F0<E"i5wGwJF'G?kb3c49+)q5TK8r2X9't,"BczpA\u-&tS$(\"WWm\|QB?/mV

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	20:47:05
Start date:	18/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff75da30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	20:47:05
Start date:	18/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,1997121478770627715,10133272766910537313,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2060 /prefetch:3
Imagebase:	0x7ff75da30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	20:47:12
Start date:	18/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://kucoinrxlogine.webflow.io/"
Imagebase:	0x7ff75da30000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://kucoinrxlogine.webflow.io/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5644, Parent PID: 5684

General

File Activities

File Opened

Windows Analysis Report
https://kucoinrxlogine.webflow.io/